Download Solutions

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts
no text concepts found
Transcript 
Solutions to Homework Problems
1.
d. All of the above.
2.
When an AS originates an IP prefix in BGP it is announcing that prefix onto the Internet. When an AS
is allocated an IP prefix, it has been delegated a set of IP addresses to use on the Internet by an RIR or
ISP.
3.
BGP route attributes allow ASs to communicate reachability (e.g., AS path attribute) and policy
information for a set of IP prefixes.
4.
Mutual trust.
5.
In route hijacking an AS originates a prefix without authority. BGP provide no method to authenticate
which ASN may originate an IP prefix. In a routed wide area MITM attack the route attributes of a BGP
announcement are manipulated to redirect traffic through an AS as well as hijack the associated prefix.
BGP provides no method to authenticate either circumstance.
6.
The primary vulnerability of the Internet routing system is a lack of means to authenticate the ASNs,
network prefixes, and route attributes provided by others.
7.
RPKI
8.
AS network operators
9.
The Internet routing system grows on a daily basis. The number of ASs in the Internet has also increased
linearly over time. No single entity can administer punishment for abuse of the Internet. The financial
cost is high.
10.
Filtering has both a business cost and computational cost associated with it.
11.
Everyone must do it and do it with an equally strict level of scrutiny.
12.
There is an intensive amount of manual labor required to create and maintain these filters.
13.
The key difference is that it uses the X.509 certificate system to provide cryptographic assurance only of
the association between 1) an ASN and the IP prefixes it has been allocated and 2) an ASN and the IP
prefixes it is authorized to originate.
14.
RPKI was proposed as one technical solution to secure Internet routing. It uses cryptography to provide
assurance of the association between:
1) An ASN and the IP prefixes it has been allocated.
2) An ASN and the IP prefixes it is authorized to originate.
15.
Route Origin Authorizations (ROAs)
16.
BGP does not provide a mechanism to authenticate the route attributes associated with the
announcements of an AS.
5
17.
Communication is an inherently insecure process.
18.
Network: 30.31.48.0/20 (or more specific), AS Path: 50
19.
Consider the network diagram and BGP route announcement from Router 50 of AS50 below. AS10 is a
multihomed AS. Assuming no local preferences are set, for every AS, draw the path that AS would
select to reach 30.31.51.10 beginning with the AS router and ending with the Midtrest webserver.
AS 20
1.2.3.0/24
R20
1.1.1.0/30
R10
AS 40
www.midtrest.com
AS 10
4.4.4.0/30
2.2.2.0/30
R30
5.5.5.0/30
7.7.7.0/30
30.31.51.10
3.3.3.0/30
R40
8.8.8.0/30
30.31.32.0/19
AS 30
AS 50
9.9.9.0/30
R50
10.10.10.0/30
AS 70
R70
Network: 30.31.48.0/20
AS-Path: 50-70-40
6
Network: 30.31.32.0/19
AS-Path: 40
Related documents
Prefix/Suffix Meaning Word
Prefix/Suffix Meaning Word
Photo of Prefix Hand held lesson - regis-edtc-605-Spring-2011
Photo of Prefix Hand held lesson - regis-edtc-605-Spring-2011
NEGATIVE PREFIXES MEANING
NEGATIVE PREFIXES MEANING
Internet Traffic Engineering
Internet Traffic Engineering
Teaching Vocabulary - American TESOL Institute
Teaching Vocabulary - American TESOL Institute
SI Units
SI Units
Sorting Prefixes - Pages and Chapters
Sorting Prefixes - Pages and Chapters
Context Clues
Context Clues
Fundations Prefixes
Fundations Prefixes
25routing
25routing
Single External Disruption - EECS
Single External Disruption - EECS
Presentation (PowerPoint File)
Presentation (PowerPoint File)
document
document
BGP - Pages
BGP - Pages
ROB: Route Optimization Assisted by BGP
ROB: Route Optimization Assisted by BGP
Experimental Study of Internet Stability and Wide
Experimental Study of Internet Stability and Wide
ppt
ppt
Power of Layering
Power of Layering
Brain-Slug: a BGP-Only SDN for Large-Scale Data
Brain-Slug: a BGP-Only SDN for Large-Scale Data
Measuring BGP - Geoff Huston
Measuring BGP - Geoff Huston
Data link layer (error detection/correction, multiple access protocols)
Data link layer (error detection/correction, multiple access protocols)
PPT - Computer Science at Rutgers
PPT - Computer Science at Rutgers