首页|Mitigating BGP Route Leaks With Attributes and Communities: A Stopgap Solution for Path Plausibility
Mitigating BGP Route Leaks With Attributes and Communities: A Stopgap Solution for Path Plausibility
扫码查看
点击上方二维码区域,可以放大扫码查看
原文链接
NETL
NSTL
Wiley
The Border Gateway Protocol (BGP) is known to have serious security vulnerabilities. One of these vulnerabilities is BGP route leaks. A BGP route leak describes the propagation of route announcements beyond their intended scope, violating the Gao-Rexford model. Route leaks may lead to traffic misdirection, causing performance issues and potential security risks, often due to mistakes and misconfiguration. Several potential solutions have been published and are currently greatly discussed within the Internet Engineering Task Force (IETF) but have yet to be widely implemented. One approach is the Autonomous System Provider Authorization (ASPA). In addition to these new approaches, there are also efforts to use existing BGP functionalities to detect and prevent route leaks. In this paper, we implement the Down Only (DO) Community and Only to Customer (OTC) Attribute approaches, using them isolated and in conjunction with ASPA. Our research indicates that implementing a DO/OTC deployment strategy focusing on well-interconnected ASes could significantly reduce route leaks. Specifically, we observed mitigation of over 98% of all route leaks when DO and OTC were deployed by the top 5% of the most connected ASes. We show that combining DO/OTC and ASPA can greatly enhance ASPA's route leak prevention capabilities.
autonomous system provider authorizationborder gateway protocoldown onlyonly to customerpath plausibilityrouting security
Nils Hoeger、Nils Rodday、Gabi Dreo Rodosek
展开 >
Research Institute CODE, Universitaet der Bundeswehr München, Bavaria, Germany
NETL
NSTL
Wiley
