BGP Route Leak Prevention Based on BGPsec

2018 
Border Gateway Protocol (BGP) is the inter-domain routing protocol in the global Internet. While its critical vulnerability due to lacking of verification causes many risks such as prefix hijacking, path tampering and route leak. It has been a number of effective solutions proposed for prefix hijacking and path tampering. But route leak is difficult to be detected, because it only violates the outbound route policy. In this paper, we use the RouteViews to capture the BGP Update messages in the Internet and analyze the network routes which may leaked. On the basis of analyzing some advantages and disadvantages of the related works, we propose three security mechanisms against the error configuration and malicious attack causing route leak. These mechanisms make use of the BGPsec encryption and signature mechanism to protect the Autonomous System (AS) business relationship and to defense route leak. Finally, we verify the feasibility and effectiveness of the proposed security mechanisms by simulations with Quagga.
    • Correction
    • Source
    • Cite
    • Save
    • Machine Reading By IdeaReader
    12
    References
    2
    Citations
    NaN
    KQI
    []