Optimization of BGP Convergence and Prefix Security in IP/MPLS Networks

Multi-Protocol Label Switching-based networks are the backbone of the operation of the Internet, that communicates through the use of the Border Gateway Protocol which connects distinct networks, referred to as Autonomous Systems, together. As the technology matures, so does the challenges caused by the extreme growth rate of the Internet. The amount of BGP prefixes required to facilitate such an increase in connectivity introduces multiple new critical issues, such as with the scalability and the security of the aforementioned Border Gateway Protocol. Illustration of an implementation of an IP/MPLS core transmission network is formed through the introduction of the four main pillars of an Autonomous System: Multi-Protocol Label Switching, Border Gateway Protocol, Open Shortest Path First and the Resource Reservation Protocol. The symbiosis of these technologies is used to introduce the practicalities of operating an IP/MPLS-based ISP network with traffic engineering and fault-resilience at heart. The first research objective of this thesis is to determine whether the deployment of a new BGP feature, which is referred to as BGP Prefix Independent Convergence (PIC), within AS16086 would be a worthwhile endeavour. This BGP extension aims to reduce the convergence delay of BGP Prefixes inside of an IP/MPLS Core Transmission Network, thus improving the networks resilience against faults. Simultaneously, the second research objective was to research the available mechanisms considering the protection of BGP Prefixes, such as with the implementation of the Resource Public Key Infrastructure and the Artemis BGP Monitor for proactive and reactive security of BGP prefixes within AS16086. The future prospective deployment of BGPsec is discussed to form an outlook to the future of IP/MPLS network design. As the trust-based nature of BGP as a protocol has become a distinct vulnerability, thus necessitating the use of various technologies to secure the communications between the Autonomous Systems that form the network to end all networks, the Internet

Visualization techniques for routing protocols and router configurations

An autonomous system (AS) is a group of routers managed by a particular organization. Exterior gateway protocols (EGP) are used between AS\u27s Internal Gateway Protocols (IGP) is used within an AS. The most common protocols used with TCP/IP are RIP, OSPF (Open Shortest Path First), IGRP / Enhanced IGRP. The thesis revolves around OSPF protocol OSPF uses flooding to exchange link-state updates between routers. Any change in routing information is flooded to all routers in the network. Areas are introduced to put a boundary on the explosion of link-state updates. Flooding and calculation of the Dijkstra algorithm on a router is limited to changes within an area. Routers that belong to multiple areas, called area border routers (ABR), have the duty of disseminating routing information or routing changes between areas. Once information about routers is gathered there is no way to clearly visualize and manipulate it visually. The thesis was aimed at visualizing this kind of Router configuration information Visually using powerful tools and to be able to manipulate the figure generated. It also aimed visualizing bottleneck paths in the router configurations. The Powerful features of Java 3D were utilized for Visualization. We utilized the GMatrix class in the Java 3D API to store the router information. This was mapped onto a 3D Cylinder. Also due to the platform independence, robustness, scalability Java was the choice for such a development since routers would be cross platform

Issues in Routing Mechanism for Packets Forwarding: A Survey

Nowadays internet has become more popular to each and every one. It is very sensitive to nodes or links failure due to many known or unknown issues in the network connectivity. Routing is the important concept in wired and wireless network for packet transmission. During the packet transmission many times some of the problems occur, due to this packets are being lost or nodes not able to transmit the packets to the specific destination. This paper discusses various issues and approaches related to the routing mechanism. In this paper, we present a review and comparison of different routing algorithms and protocols proposed recently in order to address various issues. The main purpose of this study is to address issues for packet forwarding like network control management, load balancing, congestion control, convergence time and instability. We also focus on the impact of these issues on packet forwarding

Tree based reliable topology for distributing link state information

Finding paths that satisfy the performance requirements of applications according to link state information in a network is known as the Quality-of- Service (QoS) routing problem and has been extensively studied. However, distributing link state information may introduce a significant protocol overhead on network resources. In this thesis, the issue on how to update link state information efficiently and effectively is investigated. A theoretical framework is presented, and a high performance link state policy that is capable of minimizing the false blocking probability of connections under a given update rate constraint is proposed. Through theoretical analysis, it is shown that the proposed policy outperforms the current state of the art in terms of the update rate and higher scalability and reliability

Using Link Cuts to Attack Internet Routing

Attacks on the routing system, with the goal of diverting traffic past an enemy-controlled point for purposes of eavesdropping or connection-hijacking, have long been known. In principle, at least, these attacks can be countered by use of appropriate authentication techniques. We demonstrate a new attack, based on link-cutting, that cannot be countered in this fashion. Armed with a topology map and a list of already-compromised links and routers, an attacker can calculate which links to disable, in order to force selected traffic to pass the compromised elements. The calculations necessary to launch this attack are quite efficient; in our implementation, most runs took less than half a second, on databases of several hundred nodes. We also suggest a number of work-arounds, including one based on using intrusion detection systems to modify routing metrics

Securing the Internet Routing Infrastructure

The unprecedented growth of the Internet over the last years, and the expectation of an even faster increase in the numbers of users and networked systems, resulted in the Internet assuming its position as a mass communication medium. At the same time, the emergence of an increasingly large number of application areas and the evolution of the networking technology suggest that in the near future the Internet may become the single integrated communication infrastructure. However, as the dependence on the networking infrastructure grows, its security becomes a major concern, in light of the increased attempt to compromise the infrastructure. In particular, the routing operation is a highly visible target that must be shielded against a wide range of attacks. The injection of false routing information can easily degrade network performance, or even cause denial of service for a large number of hosts and networks over a long period of time. Different approaches have been proposed to secure the routing protocols, with a variety of countermeasures, which, nonetheless, have not eradicated the vulnerability of the routing infrastructure. In this article, we survey the up-to-date secure routing schemes that appeared over the last few years. Our critical point of view and thorough review of the literature are an attempt to identify directions for future research on an indeed difficult and still largely open problem

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks