poster

Free access

Enforcing RPKI-based routing policy on the data plane at an internet exchange

Authors:

Randy BushAuthors Info & Claims

HotSDN '14: Proceedings of the third workshop on Hot topics in software defined networking

Pages 211 - 212

https://doi.org/10.1145/2620728.2620769

Published: 22 August 2014 Publication History

PDF eReader

Abstract

Over a decade of work has gone into securing the BGP routing control plane. Through all this, there has been an oft repeated refrain, "It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane." We describe what may be the first deployment of data plane enforcement of RPKI-based control plane validation. OpenFlow switches providing an exchange fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.

References

[1]

G. Huston, R. Loomans, and G. Michaelson, "A Profile for Resource Certificate Repository Structure," RFC 6481 (Proposed Standard), Internet Engineering Task Force, Feb. 2012. {Online}. Available: http://www.ietf.org/rfc/rfc6481.txt

Google Scholar

[2]

R. Bush and R. Austein, "The Resource Public Key Infrastructure (RPKI) to Router Protocol," RFC 6810 (Proposed Standard), Internet Engineering Task Force, Jan. 2013. {Online}. Available: http://www.ietf.org/rfc/rfc6810.txt

Google Scholar

[3]

P. Mohapatra, J. Scudder, D. Ward, R. Bush, and R. Austein, "BGP Prefix Origin Validation," RFC 6811 (Proposed Standard), Internet Engineering Task Force, Jan. 2013. {Online}. Available: http://www.ietf.org/rfc/rfc6811.txt

Google Scholar

[4]

(2008, March) Youtube hijacking: A RIPE NCC RIS case study. {Online}. Available: http://www.ripe.net/ internet-coordination/news/industry-developments/ youtube-hijacking-a-ripe-ncc-ris-case-study

Google Scholar

[5]

M. Jager. (2012) Securing IXP connectivity. {Online}. Available: http://conference.apnic.net/_data/assets/pdf_file/0018/ 50706/apnic34-mike-jager-securing-ixp-connectivity 1346119861.pdf

Google Scholar

[6]

D. Pemberton. NZ scores first OpenFlow controlled connection to an IX. {Online}. Available: http://list.waikato.ac.nz/pipermail/nznog/ 2012-December/019635.html

Google Scholar

[7]

J. P. Stringer, Q. Fu, C. Lorier, R. Nelson, and C. E. Rothenberg, "Cardigan: Deploying a distributed routing fabric," in HotSDN 2013 (Poster session), August 2013. {Online}. Available: http://conferences. sigcomm.org/sigcomm/2013/papers/hotsdn/p169.pdf

Digital Library

Google Scholar

[8]

Quagga project. {Online}. Available: http://www.nongnu.org/quagga/

Google Scholar

[9]

GitHub: Quagga with RPKI-RTR prefix origin validation support. {Online}. Available: https://github.com/rtrlib/quagga-rtrlib

Google Scholar

[10]

M. Fincham. (2014, February) Rpki, nznog 2014. {Online}. Available: http://hotplate.co.nz/archive/nznog/2014/rpki

Google Scholar

Cited By

View all

Wu YWang YDeJulius JAbboud RWoitel MOsadchyy BRichardson K(2023)Comp-RPKI: A Decentralized Protocol for Full Route Origin Validation2023 9th International Conference on Big Data Computing and Communications (BigCom)10.1109/BIGCOM61073.2023.00048(301-308)Online publication date: 4-Aug-2023
https://doi.org/10.1109/BIGCOM61073.2023.00048
Kim DAndalibi VCamp J(2021)Protecting IoT Devices through Localized Detection of BGP Hijacks for Individual Things2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00045(260-267)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00045
Baldin IRuth PWang CChase J(2018)The Future of Multi-Clouds: A Survey of Essential Architectural Elements2018 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC)10.1109/MoNeTeC.2018.8572139(1-13)Online publication date: Oct-2018
https://doi.org/10.1109/MoNeTeC.2018.8572139
Show More Cited By

Index Terms

Enforcing RPKI-based routing policy on the data plane at an internet exchange
1. Networks
  1. Network protocols
    1. Network layer protocols
      1. Routing protocols

Recommendations

Policy-based BGP-control architecture for inter-AS routing adjustment

Unexpected temporal and spatial changes of interdomain routing paths often lead to the necessity of on-demand routing adjustment among independently managed ASs. For resolving this problem, we have developed a BGP-control architecture called Virtual ...
Performance of SDN Routing in Comparison with Legacy Routing Protocols
CYBERC '15: Proceedings of the 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery

Legacy routing protocols such as OSPF and BGP have been developed very comprehensive, but its rigid complex system has been difficult to adapt to the fast growing Internet. The emergence of Software Defined Network (SDN) has brought hope for the ...
Dynamics of hot-potato routing in IP networks

Despite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...

Comments

Information & Contributors

Information

Published In

HotSDN '14: Proceedings of the third workshop on Hot topics in software defined networking

August 2014

252 pages

ISBN:9781450329897

DOI:10.1145/2620728

Program Chairs:
Aditya Akella
University of Wisconsin-Madison, USA
,
Albert Greenberg
Microsoft, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 August 2014

Check for updates

Author Tags

Qualifiers

Poster

Conference

SIGCOMM'14

Sponsor:

SIGCOMM

SIGCOMM'14: ACM SIGCOMM 2014 Conference

August 22, 2014

Illinois, Chicago, USA

Acceptance Rates

HotSDN '14 Paper Acceptance Rate 50 of 114 submissions, 44%;

Overall Acceptance Rate 88 of 198 submissions, 44%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
534
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)8

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wu YWang YDeJulius JAbboud RWoitel MOsadchyy BRichardson K(2023)Comp-RPKI: A Decentralized Protocol for Full Route Origin Validation2023 9th International Conference on Big Data Computing and Communications (BigCom)10.1109/BIGCOM61073.2023.00048(301-308)Online publication date: 4-Aug-2023
https://doi.org/10.1109/BIGCOM61073.2023.00048
Kim DAndalibi VCamp J(2021)Protecting IoT Devices through Localized Detection of BGP Hijacks for Individual Things2021 IEEE Security and Privacy Workshops (SPW)10.1109/SPW53761.2021.00045(260-267)Online publication date: May-2021
https://doi.org/10.1109/SPW53761.2021.00045
Baldin IRuth PWang CChase J(2018)The Future of Multi-Clouds: A Survey of Essential Architectural Elements2018 International Scientific and Technical Conference Modern Computer Network Technologies (MoNeTeC)10.1109/MoNeTeC.2018.8572139(1-13)Online publication date: Oct-2018
https://doi.org/10.1109/MoNeTeC.2018.8572139
Gupta AMacDavid RBirkner RCanini MFeamster NRexford JVanbever LArgyraki KIsaacs R(2016)An industrial-scale software defined Internet exchange pointProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation10.5555/2930611.2930612(1-14)Online publication date: 16-Mar-2016
https://dl.acm.org/doi/10.5555/2930611.2930612
Hari ALakshman TZegura EFord BSnoeren A(2016)The Internet BlockchainProceedings of the 15th ACM Workshop on Hot Topics in Networks10.1145/3005745.3005771(204-210)Online publication date: 9-Nov-2016
https://dl.acm.org/doi/10.1145/3005745.3005771
Gupta AFeamster NVanbever LGodfrey BCasado M(2016)Authorizing Network Control at Software Defined Internet Exchange PointsProceedings of the Symposium on SDN Research10.1145/2890955.2890956(1-6)Online publication date: 14-Mar-2016
https://dl.acm.org/doi/10.1145/2890955.2890956
Chung JOwen HClark R(2016)SDX architectures: A qualitative analysisSoutheastCon 201610.1109/SECON.2016.7506749(1-8)Online publication date: Mar-2016
https://doi.org/10.1109/SECON.2016.7506749
Alsmadi IZarour M(2016)Empirical Evidences in Software-Defined Network Security: A Systematic Literature ReviewInformation Fusion for Cyber-Security Analytics10.1007/978-3-319-44257-0_11(253-295)Online publication date: 22-Oct-2016
https://doi.org/10.1007/978-3-319-44257-0_11
Technical Working Group B(undefined)Interconnection and Traffic Exchange on the InternetSSRN Electronic Journal10.2139/ssrn.2701492
https://doi.org/10.2139/ssrn.2701492

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Policy-based BGP-control architecture for inter-AS routing adjustment

Performance of SDN Routing in Comparison with Legacy Routing Protocols

Dynamics of hot-potato routing in IP networks