origin Validation RPKIROAOrigin ASValidation Origin AS path Validation

  • Slides: 12
Download presentation

origin Validation • RPKI/ROAによるOrigin ASの、Validation • 今回の事例では? Origin ASは正しいので残

origin Validation • RPKI/ROAによるOrigin ASの、Validation • 今回の事例では? Origin ASは正しいので残

path Validation • BGP UPDATEメッセージ中のNLRIの改竄を防ぐ技術 • 一つの想定例 AS 64496 Update: 192. 0/24 ASPATH: 64496

path Validation • BGP UPDATEメッセージ中のNLRIの改竄を防ぐ技術 • 一つの想定例 AS 64496 Update: 192. 0/24 ASPATH: 64496 AS 64497 Update: 192. 0/24 ASPATH: 64496 64497 AS 64498 Update: 192. 0/24 ASPATH: 64496 64497 64498

path Validation • BGP UPDATEメッセージ中のNLRIの改竄を防ぐ技術 • 一つの想定例 BGPSECでは? AS 64496 Update: 192. 0/24 ASPATH:

path Validation • BGP UPDATEメッセージ中のNLRIの改竄を防ぐ技術 • 一つの想定例 BGPSECでは? AS 64496 Update: 192. 0/24 ASPATH: 64497 署名 署名 Update: 192. 0/24 壊れた署名 ASPATH: 64496 AS 64497 このUpdateお かしい! AS 64498

path validation Update: 192. 0/24 ASPATH: 64497 AS 64496 Update: 192. 0/24 ASPATH: 64496

path validation Update: 192. 0/24 ASPATH: 64497 AS 64496 Update: 192. 0/24 ASPATH: 64496 署名 AS 64497 Update: 192. 0/24 ASPATH: 64496 署名 署名 Update: 192. 0/24 ASPATH: 64498 署名 Update: 192. 0/24 ASPATH: 64497 署名 Update: 192. 0/24 AS 64498 ASPATH: 64496 AS-PATHは意図通りなので残念 署名

IRR あの日 4000000 3500000 3000000 2500000 2000000 1500000 1000000 500000 0 19 20 21

IRR あの日 4000000 3500000 3000000 2500000 2000000 1500000 1000000 500000 0 19 20 21 22 23 24 25 26 27 28 29 30 31 1 2 3 4 5 6 7 8 9 10

ROA with Max-length • ROAのMax-LengthをDFZに流れるlength例えば 12とか16とかなら? ROA: 192. 0/16 -20 AS 64496 このUpdateお かしい!

ROA with Max-length • ROAのMax-LengthをDFZに流れるlength例えば 12とか16とかなら? ROA: 192. 0/16 -20 AS 64496 このUpdateお かしい! AS 64500 Update OK Update: 192. 0/24 AS 64496 Update: 192. 0/20 AS 64496 AS 64499 Update: 192. 0/24 AS 64496 理想論? このUpdateお かしい! AS 64497 Update: 192. 0/24 AS 64496 AS 64498 Update: 192. 0/24 AS 64496 このUpdateお かしい!

ROA with Max-length • でも、相手がValidationを導入していたら・・・ ROA: 192. 0/16 -20 AS 64496 Update OK Invalid!

ROA with Max-length • でも、相手がValidationを導入していたら・・・ ROA: 192. 0/16 -20 AS 64496 Update OK Invalid! AS 64500 Update: 192. 0/20 AS 64496 AS 64499 AS 64497 Update: 192. 0/24 AS 64496 AS 64498 完全DFZのピアと個別ピアでCA分ける?

ROA with Max-length • 細かくしたい人はMax. Lenに 24って書くよなぁ ROA: 192. 0/16 -24 AS 64496 Update

ROA with Max-length • 細かくしたい人はMax. Lenに 24って書くよなぁ ROA: 192. 0/16 -24 AS 64496 Update OK AS 64500 Update OK Update: 192. 0/24 AS 64496 Update: 192. 0/20 AS 64496 AS 64499 Update: 192. 0/24 AS 64496 Update OK AS 64497 Update: 192. 0/24 AS 64496 Update OK AS 64498 Update: 192. 0/24 AS 64496

Chapter 8 Path Testing Path testing Path testingChapter 8 Path Testing Path testing Path testing
Directed Path Directed Path Agenda Directed Path AboutDirected Path Directed Path Agenda Directed Path About
Origin of Life Origin of Universe Origin ofOrigin of Life Origin of Universe Origin of
Validation What is Validation Validation is a processValidation What is Validation Validation is a process
Radiopharmaceutical Production Equipment Validation STOP Equipment Validation ValidationRadiopharmaceutical Production Equipment Validation STOP Equipment Validation Validation
VALIDATION METHODOLOGY VALIDATION Validation is defined as theVALIDATION METHODOLOGY VALIDATION Validation is defined as the
Radiopharmaceutical Production Equipment Validation STOP Equipment Validation ValidationRadiopharmaceutical Production Equipment Validation STOP Equipment Validation Validation
AS Level ICT Data entry Validation Validation ValidationAS Level ICT Data entry Validation Validation Validation
Requirements Validation Requirements Management Requirements Validation Validation VerificationRequirements Validation Requirements Management Requirements Validation Validation Verification
QUALIFICATION VALIDATION QUALIFICATION VALIDATION Introduction Validation is anQUALIFICATION VALIDATION QUALIFICATION VALIDATION Introduction Validation is an
PPT Validation CONTENTS A Menu Check Validation ValidationPPT Validation CONTENTS A Menu Check Validation Validation