Start your scheming now for SUNDAY'S WRITE-A-THON! • May 2, 2021Theme: Arts and Recreation!

Difference between revisions of "Border Gateway Protocol/Operations"

From Citizendium
Jump to: navigation, search
(Outlining advanced. Should references go here, in annotated bibliography, or both?)
 
(Refs here, in annotated bibliography, or both?)
Line 1: Line 1:
*Routing policy consistency
+
==Routing policy consistency==
**RPSL
+
===RPSL===
**Routing registry
+
===Routing registry===
  
*Defense against infrastructure attack <ref name=ISPsecNANOG>{{citation
+
==Defense against infrastructure attack==
| title = ISP Security - Real World Techniques (Version 1.0)
+
In the public Internet, there are attacks both against enterprises that use BGP, typically for multihoming and traffic engineering, and against ISPs, for whom BGP is utterly essential.  
| first1 = Brian W.  | last1 = Gemberling | first2 =Christopher L. | last2=Morrow | first3 = Barry R. | last3 = Greene
+
===Unicast RPF (uRPF)===
| url = http://www.nanog.org/mtg-0110/ppt/greene.ppt}}</ref>
+
Unicast reverse path forwarding is a widely used technique, an evolution of [[access control list]]s that were harder to maintain and imposed much higher router overhead.<ref name=uRPF>{{citation
**Unicast RPF (uRPF) <ref name=uRPF>{{citation
+
 
  | url = http://tools.ietf.org/rfc/rfc3704.txt
 
  | url = http://tools.ietf.org/rfc/rfc3704.txt
 
  | title = RFC 3704: Ingress Filtering for Multihomed Networks
 
  | title = RFC 3704: Ingress Filtering for Multihomed Networks
  | authors = Baker F., Savola P.
+
  | last1 = Baker | first1= F.| last2 = Savola | first2 = P.
}}<ref>
+
}}</ref>
**Blackhole route injection into iBGP <ref name=ISPsecNANOG24-35>{{citation
+
 
  | title = ISP Security - Real World Techniques (Version 1.0)
+
===Blackhole route injection into iBGP===
 +
Once a specific IP address or range of addresses is shown to be under attack, blackhole route injection is a way to quarantine the attack traffic. It will make the target unusual at the cost of making it unreachable. When the attack traffic is isolated, however, the operator can apply much more powerful diagnostics to circumvent it, and ideally trace it back to its source and defeat it there. In the public Internet, it will usually take cooperation among autonomous systems to defeat an attack. <ref name=ISPsec2436>{{citation
 +
  | title = ISP Security: Real World Techniques (Version 1.0)
 
  | first1 = Brian W.  | last1 = Gemberling | first2 =Christopher L. | last2=Morrow | first3 = Barry R. | last3 = Greene
 
  | first1 = Brian W.  | last1 = Gemberling | first2 =Christopher L. | last2=Morrow | first3 = Barry R. | last3 = Greene
  | url = http://www.nanog.org/mtg-0110/ppt/greene.ppt}}
+
  | url = http://www.nanog.org/mtg-0110/ppt/greene.ppt
  | pages = 24-36</ref>
+
  | pages = 24-36}}</ref>
**Sinkholes
+
 
 +
 
 +
===Sinkholes===
 +
===Network intrusion analysis===
 +
 
  
*Statistical monitoring for attacks
+
==Statistical monitoring for attacks==
 +
Internal router metrics from SNMP, external from NetView or equivalent
  
 
==References==
 
==References==
 
{{reflist}}
 
{{reflist}}

Revision as of 15:27, 4 May 2008

Routing policy consistency

RPSL

Routing registry

Defense against infrastructure attack

In the public Internet, there are attacks both against enterprises that use BGP, typically for multihoming and traffic engineering, and against ISPs, for whom BGP is utterly essential.

Unicast RPF (uRPF)

Unicast reverse path forwarding is a widely used technique, an evolution of access control lists that were harder to maintain and imposed much higher router overhead.[1]

Blackhole route injection into iBGP

Once a specific IP address or range of addresses is shown to be under attack, blackhole route injection is a way to quarantine the attack traffic. It will make the target unusual at the cost of making it unreachable. When the attack traffic is isolated, however, the operator can apply much more powerful diagnostics to circumvent it, and ideally trace it back to its source and defeat it there. In the public Internet, it will usually take cooperation among autonomous systems to defeat an attack. [2]


Sinkholes

Network intrusion analysis

Statistical monitoring for attacks

Internal router metrics from SNMP, external from NetView or equivalent

References

  1. Baker, F. & P. Savola, RFC 3704: Ingress Filtering for Multihomed Networks
  2. Gemberling, Brian W.; Christopher L. Morrow & Barry R. Greene, ISP Security: Real World Techniques (Version 1.0), at 24-36