News Archive (1999-2012) | 2013-current at LinuxGizmos | IoT & Embedded News Portal |    About   

Linux-based route server battles BGP attacks

Oct 23, 2009 — by Eric Brown — from the LinuxDevices Archive — 44 views

IP Infusion announced a Linux-based networking server package based on its ZebOS carrier-grade middleware. The ZebOS Internet Route Server enables service providers to remotely view, monitor, filter, and track networking routes, identifying and avoiding Border Gateway Protocol (BGP) hijacking and other denial-of-service attacks, says the Access subsidiary.

Designed to manage routing information exchange, the ZebOS Internet Route Server is also paired with support for anti-BGP hijacking, says IP Infusion. BGP hijacking is said to exploit the framework of the BGP Internet routing protocol to propagate illegal routing information. Once such information is propagated, traffic can be re-directed to the offending gateway, thereby causing a "black hole" and disruption of services, says the San Jose-based Access subsidiary.

The ZebOS Internet Route Server is based on IP Infusion's ZebOS middleware, shown in blue.

The ZebOS Internet Route Server is available as a fully configured server, that can be used for route-viewing, monitoring, and policy controlled route transmission in the control plane, says IP Infusion. The software is said to create a BGP view for multiple clients that enables network operators to easily group BGP peers and then assign unified policies for inbound and outbound traffic.

ZebOS Internet Route Server features are said to include:

  • BGP passive speaker for receiving all BGP routes via a route reflector or route server
  • Route validation check for validating BGP routes using anti-BGP hijacking function
  • Logging of detected status changes of BGP routes, sending syslog message with prefix and status information
  • Route history function, saving memory image of all BGP routes periodically or manually
  • BGP route scan, with BGP route update and IRR (Internet Routing Registry) database update occurring asynchronously, periodically triggering the validation check of BGP routes
  • Best match prefix search of the IRR database by changing the prefix length upon querying the IRR database
  • IRR database client for storing route information locally retrieved from the public IRR database in the Internet

The ZebOS Internet Route Server is based on IP Infusion's Linux-based ZebOS Network Platform, a Layer 2 and Layer 3, carrier-class routing and switching software suite said to support provider edge, metro access/aggregation, and mobile backhaul equipment, as well as data center switches and enterprise switches and routers.

Designed for Next Generation Network (NGN) IP packet-switched networks, ZebOS supports Red Hat and Wind River Linux, as well as VxWorks. It was demonstrated running with MontaVista Linux back in 2002.

ZebOS was last rev'd to version 7.7 in February, in a release that was said to have shipped in June. ZebOS 7.7 adds support for OpenSAF high-availability (HA) standards, as well as Provider Backbone Bridge-Traffic Engineering (PBB-TE), a technology aimed at large carrier Ethernet networks.


Japanese mobile software firm Access acquired IP Infusion in April 2006, and the subsidiary has provided technology for Access' NetFront IP Connect home gateway middleware. NetFront IP Connect is related to Access' NetFront browser, which is part of the LiMo-compatible Access Linux Platform (ALP) mobile Linux stack. ALP 3.0 in turn forms the basis of the Else Intuition UI stack announced yesterday at the annual Access Day event along with a LiMo-ready Else smartphone prototype (pictured at right).

Stated Koichi Narasaki, president and CEO, IP Infusion, "As global Internet traffic moves across different, autonomous systems, it is extremely important to ensure that the routes are properly monitored, managed and filtered among provider peers. With our innovative ZebOS Internet Route Server, IP Infusion now offers scalable services for BGP monitoring, tracking and filtering of various routes at Internet exchanges."

Availability

IP Infusion did not reveal pricing or availability for ZebOS Internet Route Server, but is offering private demonstrations at SuperComm 2009, which closes today Chicago. More information on the server may be found here.


This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.