We analyze the security of the BGP routing protocol, and identify a number of vulnerabilities in its design and the corresponding threats. We then present a set of proposed modifications to the protocol which minimize or eliminate the most significant threats. The innovation we introduce is the protection of the second-to-last information contained in the AS PATH attributes by digital signatures, and the use of techniques developed for detecting loops in path-finding protocols to verify the selected route's path information. With these techniques we are able to secure full path information in near constant space, and avoid the recursive protection mechanisms previously assumed necessary. 1 Introduction Inter-domain routing protocols are designed to perform policy-based routing in an internet of autonomous systems. An autonomous system (AS) is defined as a set of routers under a single technical administration, using an interior gateway protocol and common metrics to route packets wit...

Link vector algorithms (LVA) are introduced for the distributed maintenance of routing information in large networks and internets. According to an LVA, each router maintains a subset of the topology that corresponds to adjacent links and those links used by its neighbor routers in their preferred paths to known destinations. Based on that subset of topology information, the router derives its own preferred paths and communicates the corresponding link-state information to its neighbors. An update message contains a vector of updates; each such update specifies a link and its parameters. LVAs can be used for different types of routing. The correctness of LVAs is verified for arbitrary types of routing when correct and deterministic algorithms are used to select preferred paths at each router and each router is able to differentiate old updates from new. LVAs are shown to have better performance than the ideal link-state algorithm based on flooding and the distributed Bellman-Ford algor...

In this paper, we consider the problem of routing in an adversarial environment, where a sophisticated adversary has penetrated arbitrary parts of the routing infrastructure and attempts to disrupt routing. We present protocols that are able to route packets as long as at least one non-faulty path exists between the source and the destination. These protocols have low communication overhead, low processing requirements, low incremental cost, and fast fault detection. We also present extensions to the protocols that penalize adversarial routers by blocking their traffic.

An area-based link-vector algorithm (ALVA) is introduced for the distributed maintenance of routing information in very large internetworks. According to ALVA, destinations in an internetwork are aggregated in areas in multiple levels of hierarchy. Routers maintain a database that contains a subset of the topology at each level of the hierarchy. This subset corresponds to those links used in preferred paths to reach destinations (nodes inside the same immediate area or remote areas). ALVA is the first hierarchical routing algorithm based on link-state information that does not require complete topology information at each level in the hierarchy. The correctness of ALVA is verified. Simulation results are presented showing that ALVA outperformes OSPF in terms of communication and storage overhead. I. INTRODUCTION In the past, most work in distributed routing has proceeded in two directions: protocols based on distance-vector algorithms (DVA) and protocols based on link-state algorithm...

High-speed packet networks will begin to support services that need Quality-of-Service (QoS) guarantees. Guaranteeing QoS typically translates to reserving resources for the duration of a call. We propose a statedependent routing scheme that builds on any base stateindependent routing scheme, by routing flows which are blocked on their primary paths (as selected by the state-independent scheme) onto alternate paths in a manner that is guaranteed---under certain Poisson assumptions---to improve on the performance of the base state-independent scheme. Our scheme only requires each node to have state information of those links that are incident on it. Such a scheme is of value when either the base state-independent scheme is already in place and a complete overhaul of the routing algorithm is undesirable, or when the state (reserved flows) of a link changes fast enough that the timely update of state information is infeasible to all possible call-originators. The performance improvements ...

Abstract not found

A new family of routing algorithms for the distributed maintenance of routing information in large networks and internets is introduced. This family is called link vector algorithms (LVA), and is based on the selective diffusion of link-state information based on the distributed computation of preferred paths, rather than on the flooding of complete link-state information to all routers. According to LVA, each router maintains a subset of the topology that corresponds to the links used by its neighbor routers in their preferred paths to known destinations. Based on that subset of topology information, the router derives its own preferred paths and communicates the corresponding link-state information to its neighbors. An update message contains a vector of updates; each such update specifies a link and its parameters. LVAs can be used for different types of routing. The correctness of LVA is verified for arbitrary types of routing when correct and deterministic algorithms are used to s...

Global routing in the Internet continues to have scalability problems which underscore weaknesses in the design and implementation of the various TCP/IP Exterior Routing Protocols. This paper explores the historical design and development relative to the decision making process in the specification and implementation of Internet External Routing Protocols; and in particular discusses problems associated with provider-based address space allocation. Keywords--- Computer networks, Computer network management, Communication system routing, Clustering methods, Hierarchical Systems, Internetworking, Networks, Packet switching, Protocols I. Introduction "This interim solution in no way constrains the selection of the next generation addressing and routing technology." - RFC 1367, October 1992 [1] In 1977, Kleinrock and Kamoun [2] published a detailed discussion on hierarchical routing in large internetworks. In their landmark paper, Hierarchical Routing for Large Networks, Kleinrock and Ka...

Routing protocols based on the distribution of link-state information rely on sequence numbers to validate information that a router receives. A fundamental problem is to bound the sequence-number space. We propose a new sequence-number reset algorithm that needs neither periodic retransmissions nor age fields. It is based on a recursive query-response procedure and is designed to handle resource failures during operation. This new algorithm is applicable to routing protocols based on both flooding and selective distribution of link-state information. The correctness of the algorithm is verified in the context of selective dissemination of topology information, and its complexity analyzed. Because the reset algorithm does not use any aging, the distribution of new link-state information or the purging of old information is always done in a time proportional to the time it takes to traverse the network. 1 Introduction Disseminating link-state (topology) information reliably is essenti...

We describe our unifying architecture for multipoint-to-multipoint communications in ATM networks which meets the diverse requirement of group communications and permit a large degree of control on the multicast group. With an integrated use of a name space, the scheme allows scalable extension to large scale wide area multicast communications. We also enable flexible control on routeing architecture and group membership. We consider security service to be a fundamental element of the multicast communication. A framework of multicast authority and multicast coordination centre is used to provide the dynamic group management and membership support, with a integrated security mechanism for flexible group access. Implementation experience of this architecture on the XUNET wide area ATM testbed will also be discussed. 1 Introduction Multicast communication is an increasingly important service in today's networks. For ATM network, the ATM Forum has defined a rather rudimentary point-to-mul...