Utilizing Semantic Policies for Secure BGP Route Dissemination
September 27, 2007
Policies in BGP are expressed as routing configurations that determine how route information is shared among neighbors to control traffic flows across networks. This process is limited in its expressibility, time consuming and error prone which can lead to configurations where policies are violated or there are unintended consequences that are difficult to detect and resolve. In this paper, we propose an alternate mechanism for policy based networking that relies on using additional semantic information associated with routes expressed in an OWL ontology. Policies are expressed using SWRL to provide fine-grained control where the routers can reason over their routes and determine how they need to be exchanged. In this paper, we focus on security related BGP policies and show how our framework can be used in implementing them. Additional contextual information such as affiliations and route restrictions are incorporated and polices specified which can be reasoned over to infer the correct configurations that need to be applied which is easy to deploy, manage and verify for consistency.
Downloads: 1883 downloads