Using semantic policies to manage border gateway route exchanges
Tuesday, April 29, 2008, 10:00am
Policies in BGP are implemented as routing configurations that determine how route information is shared among neighbors to control traffic flows across networks. This process is generally template driven, device centric, limited in its expressibility, time consuming and error prone which can lead to configurations where policies are violated or there are unintended consequences that are difficult to detect and resolve. In this work, we propose an alternate mechanism for policy based networking that relies on using additional semantic information associated with routes expressed in an OWL ontology. Policies are expressed using SWRL to provide fine-grained control where by the routers can reason over their routes and determine how they need to be exchanged. In this paper, we focus on security related BGP policies and show how our framework can be used in implementing them. Additional contextual information such as affiliations and route restrictions are incorporated into our policy specifications which can then be reasoned over to infer the correct configurations that need to be applied, resulting in a process which is easy to deploy, manage and verify for consistency.