Huawei technologies co., ltd. (20240137338). BORDER GATEWAY PROTOCOL (BGP) FLOWSPEC ORIGINATION AUTHORIZATION USING ROUTE ORIGIN AUTHORIZATION (ROA) simplified abstract
Contents
- 1 BORDER GATEWAY PROTOCOL (BGP) FLOWSPEC ORIGINATION AUTHORIZATION USING ROUTE ORIGIN AUTHORIZATION (ROA)
- 1.1 Organization Name
- 1.2 Inventor(s)
- 1.3 BORDER GATEWAY PROTOCOL (BGP) FLOWSPEC ORIGINATION AUTHORIZATION USING ROUTE ORIGIN AUTHORIZATION (ROA) - A simplified explanation of the abstract
- 1.4 Simplified Explanation
- 1.5 Potential Applications
- 1.6 Problems Solved
- 1.7 Benefits
- 1.8 Potential Commercial Applications
- 1.9 Possible Prior Art
- 1.10 Original Abstract Submitted
BORDER GATEWAY PROTOCOL (BGP) FLOWSPEC ORIGINATION AUTHORIZATION USING ROUTE ORIGIN AUTHORIZATION (ROA)
Organization Name
Inventor(s)
Yingzhen Qu of Addison TX (US)
Alvaro Enrique Retana of Addison TX (US)
BORDER GATEWAY PROTOCOL (BGP) FLOWSPEC ORIGINATION AUTHORIZATION USING ROUTE ORIGIN AUTHORIZATION (ROA) - A simplified explanation of the abstract
This abstract first appeared for US patent application 20240137338 titled 'BORDER GATEWAY PROTOCOL (BGP) FLOWSPEC ORIGINATION AUTHORIZATION USING ROUTE ORIGIN AUTHORIZATION (ROA)
Simplified Explanation
The abstract describes a method for a network node in a receiving autonomous system to verify the authorization of a sending autonomous system to issue a Border Gateway Protocol (BGP) Flow Specification (Flowspec) for a specific prefix.
- The network node receives a BGP update message containing a Flowspec associated with a prefix from the sending AS.
- An out-of-band Flowspec AS authorization list is obtained by the network node, indicating which ASes are authorized to issue the Flowspec for the prefix.
- The network node checks if the sending AS is included in the out-of-band Flowspec AS authorization list for the prefix.
- If the sending AS is not on the list, the network node rejects the Flowspec.
Potential Applications
This technology can be applied in network security systems to ensure that only authorized ASes can issue Flowspecs for specific prefixes, preventing unauthorized traffic manipulation.
Problems Solved
1. Unauthorized issuance of BGP Flow Specifications by ASes. 2. Ensuring network stability and security by restricting the authorization to issue Flowspecs.
Benefits
1. Enhanced network security. 2. Prevention of malicious traffic manipulation. 3. Improved network performance and stability.
Potential Commercial Applications
Securing network infrastructures in data centers, internet service providers, and telecommunications companies.
Possible Prior Art
Prior art may include existing methods for BGP Flow Specification authorization and verification in network systems.
Unanswered Questions
How does this technology impact network performance and efficiency?
This technology can potentially improve network performance by preventing unauthorized traffic manipulation and ensuring the stability of BGP Flow Specifications.
What are the potential challenges in implementing this technology on a large scale network infrastructure?
One challenge could be the management of the out-of-band Flowspec AS authorization list for multiple prefixes and ASes in a complex network environment. Additionally, ensuring the timely update of authorization lists to reflect changes in network configurations could be a challenge.
Original Abstract Submitted
a method performed by a network node of a receiving autonomous system (as) for verifying that a sending as is authorized to issue a border gateway protocol (bgp) flow specification (flowspec). the network node receives a bgp update message from a sending as. the bgp update message includes a flowspec associated with a prefix of an as. the network node obtains an out-of-band flowspec as authorization list indicating autonomous systems (ases) that are authorized to issue the flowspec for the prefix of the as. the network node determines whether the sending as is included on the out-of-band flowspec as authorization list for the prefix of the as. the network node rejects the flowspec when the sending as is not on the out-of-band flowspec as authorization list for the prefix of the as.