Abstract
Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.
Type
Publication
HotSDN 2014 (Poster session)
Cristel Pelsser
Critical embedded systems, Computer networking, Researcher, Professor
The focus of my research is on network operations, routing, Internet measurements, protocols and security.