PPT-BGP FLOWSPEC OVERVIEW

DISTRIBUTED DENIAL OF SERVICE DDOS ATTACKS IPSIDS Enterprise or IDC Service Provider Network Router DDoS attack traffic consumes SP network capacity DDoS attacks are launched from compromised systems bots. unmedu Stephanie Forrest University of New Mexico Santa Fe Institute forrestcsunmedu Jennifer Rexford Princeton University jrexcsprincetonedu Abstract The Internets interdomain routing protocol BGP is vulnerable to a number of damaging attacks which Michael . Schapira. (Yale University . and . UC Berkeley). Joint work with . Yaping. Zhu . and . Jennifer Rexford . (Princeton University). Once Upon a Time… . Internet Inter-Network Routing:. . PE. . draft-fang-l3vpn-virtual-pe-04. Luyuan Fang . David . Ward . Rex . Fernando . IP Routing: BGP Configuration Guide, Cisco IOS XE Release 3S 1 7KH%*3*UDFHIXO6KXWGRZQIHDWXUHUHGXFHVRUHOLPLQDWHVWKHORVVRILQERXQGRU BGP. . Part -. II. CCNP Network Route . BGP. . Part -. II. BGP ROUTE REDISTRIBUTION. Scenario:. R1 R2, R3 in AS 1000 with IP addresses of 192.168.10.1 and loopback 1.1.1.1, 192.168.10.2 & loopback 2.2.2.2 and. Sylvia Ratnasamy. http://inst.eecs.berkeley.edu/~ee122. /. Material thanks to Ion . Stoica. , Scott . Shenker. , Jennifer Rexford, and many other colleagues. BGP: The story so far. Destinations are IP prefixes (12.0.0.0/8). draft-decraene-idr-reserved-extended-communities-00. Bruno Decraene France Telecom - Orange. Pierre Francois UCL . The need:. To get a reserved non-transitive BGP community. draft-ietf-grow-bgp-gshut. PE. . draft-fang-l3vpn. -data-center-interconnect-01. L. Fang . R. Fernando . D. . Rao. . S. Boutros . draft-ni-l3vpn-pm-bgp-ext-00. Hui Ni, . Shunwan Zhuan, . Zhenbin Li. Huawei Technologies. IETF 87, Berlin, Germany. Solution Suggested in . [. draft. -dong-l3vpn-pm-framework. ]. Basic Idea: . Create a . some slides borrowed from Jen Rexford (Princeton U). How does BGP work. AS-level (autonomous system, collection of networks under single administrative org). Relationships (usually private info). Customer/provider (customers pay to providers). Geoff Huston. APNIC. What’s . a . “more specific”?. A prefix advertisement that refines a “covering” advertisement. 10.0.0.0/8. 10.1.0.0/16. Why advertise a more specific?. I. : . To redirect packets to a different network: “. BMP(BGP Monitoring Protocol) Testing by JANOGers BMP Test Results 16 Sep 2014 Joint Test Members and their Motivation BIGLOBE An ISP in Japan which has about 3 million subscribers. We have several Large . Scale . DDoS. Attacks Update. CF Chui – Solutions Architect, Arbor Networks. Sept . 2014. Worldwide Infrastructure . Security Report (WISR) Q2 . 2014 Update. The Arbor ATLAS Initiative: Internet Trends. Ajay Chhabria. Ajay Lele. Kevin Wang. Brocade. Giles Heron. Cisco. Setup Creation. BGP. BGP IPv4/IPv6 Routes. BGP-LS. Application Peer. OpenConfig. PCEP. PCE initiated LSPs. PCC initiated LSPs (Delegation).