[quagga-users 14119] Re: BGP DDoS Mitigation Extension
pavel.odintsov at gmail.com
Thu Aug 20 20:31:19 BST 2015
Brilliant idea. Do you have details of this approach? Do you have any
support from vendors side?
On Thu, Aug 20, 2015 at 10:15 PM, Harley Green <harley.s.green at gmail.com> wrote:
> Hi All,
> I'm working on an extension to BGP that can be used to exchange information
> about active network attacks by piggy-backing on normal NLRI advertisements
> in BGP. Validation of the alerts are based on existing BGP peer trust at
> least as much/little as is already present in BGP, because alerts about
> attacks are only generated by speakers that would be announcing information
> about the NLRI in the first place. Think Flowspec, but without having to
> introduce new SAFI and without relying on all peers to support the extension
> to still yield benefits of attack mitigation.
> I've been doing development in quagga for sometime on a variety of private
> projects but now have an opportunity to publicly release some of the
> enhancements I've made and work with the community. At this time we have a
> working prototype of the proposed extension implemented as a branch from the
> main quagga repository and have confirmed its functionality with unmodified
> versions of quagga. We also have a significant sponsor that can provide some
> funding and influence to aid in the development and adoption of this
> concept, as well as some partners in the network device vendor community.
> We are looking for partners from the Quagga community that are interested in
> participating in any of the following opportunities:
> - Co-Author/Review draft extension specification
> - Participate in early adoption/deployment (potential for funding available
> here): There are a lot of options with varying levels of involvement here
> including a passive instance of a BGP listener running the extension that
> would just report network attack alerts received from other BGP speakers all
> the way to active deployments that generate alerts and respond using traffic
> shaping to mitigate reported malicious traffic. We can even provide the
> hardware to run instances of this extension.
> I appreciate your time to consider this and would be happy to address
> specific concerns or interest offline, simply reply to my direct email.
> Thank you,
> Harley Green
> Quagga-users mailing list
> Quagga-users at lists.quagga.net
Sincerely yours, Pavel Odintsov
More information about the Quagga-users