Multipath TCP traffic diversion attacks and countermeasures
Ali Munir, Zhiyun Qian, et al.
ICNP 2017
The Internet routing system faces serious scalability challenges due to the growing number of IP prefixes that needs to be propagated throughout the network. Although IP prefixes are assigned hierarchically and roughly align with geographic regions, today's Border Gateway Protocol (BGP) and operational practices do not exploit opportunities to aggregate routing information. We present DRAGON, a distributed route-Aggregation technique whereby nodes analyze BGP routes across different prefixes to determine which of them can be filtered while respecting the routing policies for forwarding data-packets. DRAGON works with BGP, can be deployed incrementally, and offers incentives for Autonomous Systems (ASs) to upgrade their router software. We illustrate the design of DRAGON through a number of examples, prove its properties while developing a theoretical model of route aggregation, and evaluate its performance. Our experiments with realistic AS-level topologies, assignments of IP prefixes, and routing policies show that DRAGON reduces the number of prefixes in each AS by at least 70% with minimal stretch in the lengths of AS-paths traversed by data packets.
Ali Munir, Zhiyun Qian, et al.
ICNP 2017
Yongzheng Jia, Chuan Wu, et al.
IEEE/ACM TON
Geng Li, Y. Richard Yang, et al.
INFOCOM 2019
Chris X. Cai, Franck Le, et al.
ICDCS 2016