To support heavy traffic on the Internet resulting from increased
data being sent from mobile phones and web-enabled
devices to telecommunications data centers, Internet Service
Providers (ISPs) have to peer with each other, which has led to
the emergence of Internet Exchange (IX) junctions or Internet
Exchange points (IXPs). These exchange points are used to hand
off traffic between service provider domains. As Internet traffic
moves across different autonomous systems, it is important to
ensure that routes are properly propagated through provider
peers while tracking and monitoring routes to ensure that bogus
and malicious information is not propagated.
The ZebOS® Internet Route Server Solution is designed to
address the need for a scalable, secure and low-cost server
which can be used for route-viewing and monitoring, as well
as for policy-controlled route propagation in the control plane.
The ZebOS Internet Route Server Solution features a Linux®-
based platform optimized for handling a large number of peers
and routes. The platform can be easily used for writing custom
applications for monitoring and viewing routes. In addition to
this, the ZebOS Internet Route Server Solution can be used for
virtualization and BGP Route Reflections.
The ZebOS Internet Route Server Solution has been developed
to simplify communications routing protocols between routers,
while at the same time mitigating any system-wide outages—
also known as black holing—that might be caused by a malicious
attack or operator error. This is also commonly known as
router hijacking.
Border Gateway Protocol (BGP) is one of most commonly used
protocols on the Internet. It depends heavily on the exchange
of information between routers. Although BGP route servers
operate very efficiently, they are vulnerable to attacks by malicious
hackers or to operator errors in the routing prefixes. This can
result in black holing, where the traffic is directed towards the
offending peer router away from the intended endpoint.
The ZebOS Internet Route Server Solution paired with support
for anti-BGP hijacking provides a filtering mechanism that is a
robust solution to mitigate the creation of these black holes.
Operator Requirements to Administer BGP Router
Operators usually want to get necessary information from
routing tables regarding an invalid route whenever invalid
routes are flagged, as outlined below:
- When did the route become invalid?
- Why is it an invalid route?
- Who announced it as invalid?
This enables administrators to fix any problems. BGP requires
a large amount of information to be exchanged periodically,
causing significant overhead. Usually, this is handled within
an Autonomous System utilizing route reflectors, as shown in
(Figure 1).
Figure 1
Expanding this concept to outside the AS when multiple ASs
interact at IXPs, it is possible to have a single route server
manage several route reflectors from various ASs, as shown in
(Figure 2).
Figure 2
Figure 3: ZebOS Internet Route Server Solution Architecture with Anti-Hijack Module
ZebOS Internet Route Server Solution Features
- BGP Passive Speaker
The ZebOS Internet Route Server can receive all BGP routes
by connecting this box to either a route reflector or route
server in the network.
- Route Validation Check
When the ZebOS Internet Route Server receives BGP route
updates, BGP checks the validation of all BGP routes by
using the anti-BGP hijacking function.
- Logging
When the ZebOS Internet Route Server detects the status
change of each BGP route, BGP can send the syslog message
with prefix information and status information.
- Route History
The ZebOS Internet Route Server can dump the memory
image of all BGP routes in the file either periodically or
manually. BGP can also show the past routing information
by parsing the memory image file.
- BGP Route Scan
BGP route update and IRR database update can occur
asynchronously. In order to eliminate a mismatch, BGP can
trigger the validation check of BGP routes periodically. In addition,
BGP can trigger the validation check of BGP routes
upon receiving the corresponding routing information from
the IRR database client.
- Best Match Prefix Search
The prefix length for a BGP route might be different from the
prefix length of the routing information in the IRR database.
In order to find the corresponding routing information from
the IRR database, BGP can search the best match prefix
from the IRR database by changing the prefix length upon
querying the IRR database.
- IRR Database Client
The IRR database client stores the route information locally
retrieved from the public IRR database in the Internet. BGP
communicates with this IRR database client in order to
check the validation of each BGP route. In order to avoid
traffic over the Internet caused by checking the validation of
each BGP route, the IRR database client is launched locally
and syncs up all routing information periodically.
Support and Professional Services
IP Infusion provides a comprehensive program of customer support and professional services. For additional information, please visit our Services and Support pages.
Additional Information and How to Buy
For more detailed information about IP Infusion products, pricing and availability click here or contact IP Infusion at 866-699-3267 (866-MY-ZEBOS).
|
