Title :
Advanced Packet Filter Placement Strategies for Carrier-Grade IP-Networks
Author :
Tödtmann, Birger ; Rathgeb, Erwin P.
Author_Institution :
Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Essen
Abstract :
The deployment strategy of packet filters in large, carrier-grade IP networks has traditionally been to place filters on the administrative border of a network, where the boundaries between trusted and non-trusted network segments are well-known. In this paper, we present a refined algorithm for a more efficient packet filter placement that also incorporates interior network nodes, using a risk-based approach for the offline computation of virtual borders that are based on operator and adversary path prediction. It allows for a more flexible usage of network resources, also with respect to multi-vendor environments where operators may not be able to provide filter-capable nodes on the complete administrative border.
Keywords :
IP networks; filtering theory; advanced packet filter placement strategies; adversary path prediction; carrier-grade IP-networks; interior network nodes; offline computation; packet filters; virtual borders; Communication system control; Computer crime; Computer networks; Filtering; Filters; IP networks; Mathematics; Next generation networking; Protection; Routing;
Conference_Titel :
Advanced Information Networking and Applications Workshops, 2007, AINAW '07. 21st International Conference on
Conference_Location :
Niagara Falls, Ont.
Print_ISBN :
978-0-7695-2847-2
DOI :
10.1109/AINAW.2007.71
