BGP Origin Validation and Threat Mitigation Using Route Server

Abstract

BGP, the inter-domain routing protocol of the Internet, was designed long ago without considering security. In the last decade, the Internet started to experience a growing number of «routing incidents». These incidents can be the result of malicious attacks, but more often they are due to operational mistakes, or «misconfigurations» made by some network operator.Because of the forwarding mechanisms of BGP, it is easy for a single operational mistake to propagate and cause problems to a lot of networks, resulting in intercepting or «blackholing» other networks traffic.In order to address this, through this project I have implemented a centralized network management system to handle above route navigation issue. To achieve this task, I have integrate RPKI (Resource Public Key Infrastructure) to my quagga route engine to get valid route entries from internet route registries and also I have integrated SNMP base system to notify Network Engineer if the original path has changed.Although, I have implemented centralized monitoring system to easily manage all functions in the route server as well as some additional features to get valuable information via the web console.Finally, this product will be an intelligent gateway device for the both incoming and outgoing traffic in a company.