Optimization to expand is-is leaf nodes during lfa computation
US-2015365271-A1 · Dec 17, 2015 · US
Border gateway protocol (BGP) security measures along autonomous system (AS) paths
US11212216B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11212216-B2 |
| Application number | US-202016829797-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 25, 2020 |
| Priority date | May 29, 2018 |
| Publication date | Dec 28, 2021 |
| Grant date | Dec 28, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems, methods, and devices of the various embodiments disclosed herein may provide Border Gateway Protocol (BGP) security measures along autonomous system (AS) paths. Various embodiments may provide transparency as to the local security measures implemented along an AS path. Various embodiments may enable routing along secure paths. Various embodiments may enable the selection of AS paths based on a comparison of the security implemented along the AS paths. Various embodiments may reduce the impact of BGP attacks.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of selecting a secure Border Gateway Protocol (BGP) path, comprising: receiving, at a computing device, a packet for routing to a route prefix; determining, by the computing device, any available paths to the route prefix and path lengths for the available paths, wherein the path length for each respective available path corresponds to a hop count to the route prefix for that respective available path; determining, by the computing device, a security cost for each available path based at least in part on any path security attributes associated with that respective available path; modifying, by the computing device, path lengths for the available paths according to their respective security costs by adjusting the hop count for each respective available path based on the respective security cost; selecting, by the computing device, a path for routing the packet from the available paths based at least in part on the modified path lengths; and routing, by the computing device, the packet to the route prefix along the selected path. 2. The method of claim 1 , wherein the security costs are values ranging from zero to one. 3. The method of claim 1 , wherein the path security attributes are attributes indicated in BGP update messages received for the available paths. 4. The method of claim 3 , wherein the path security attributes indicate one or more types of security applied by autonomous systems in the available paths. 5. The method of claim 1 , wherein selecting the path for routing the packet from the available paths based at least in part on the modified path lengths comprises using the path security attributes as a tie breaker between paths having matching modified path lengths. 6. A device, comprising: a processor configured with processor-executable instructions to perform operations comprising: receiving a packet for routing to a route prefix; determining any available paths to the route prefix and path lengths for the available paths, wherein the path length for each respective available path corresponds to a hop count to the route prefix for that respective available path; determining a security cost for each available path based at least in part on any path security attributes associated with that respective available path; modifying, by the computing device, path lengths for the available paths according to their respective security costs by adjusting the hop count for each respective available path based on the respective security cost; selecting a path for routing the packet from the available paths based at least in part on the modified path lengths; and routing the packet to the route prefix along the selected path. 7. The device of claim 6 , wherein the processor is configured with processor-executable instructions to perform operations such that the security costs are values ranging from zero to one. 8. The device of claim 6 , wherein the processor is configured with processor-executable instructions to perform operations such that the path security attributes are attributes indicated in Border Gateway Protocol (BGP) update messages received for the available paths. 9. The device of claim 8 , wherein the processor is configured with processor-executable instructions to perform operations such that the path security attributes indicate one or more types of security applied by autonomous systems in the available paths. 10. The device of claim 6 , wherein the processor is configured with processor-executable instructions to perform operations such that selecting the path for routing the packet from the available paths based at least in part on the modified path lengths comprises using the path security attributes as a tie breaker between paths having matching modified path lengths. 11. A non-transitory processor-readable storage medium having stored thereon processor-executable instructions configured to cause a processor to perform operations, comprising: receiving a packet for routing to a route prefix; determining any available paths to the route prefix and path lengths for the available paths, wherein the path length for each respective available path corresponds to a hop count to the route prefix for that respective available path; determining a security cost for each available path based at least in part on any path security attributes associated with that respective available path; modifying, by the computing device, path lengths for the available paths according to their respective security costs by adjusting the hop count for each respective available path based on the respective security cost; selecting a path for routing the packet from the available paths based at least in part on the modified path lengths; and routing the packet to the route prefix along the selected path. 12. The non-transitory processor-readable storage medium of claim 11 , wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the security costs are values ranging from zero to one. 13. The non-transitory processor-readable storage medium of claim 11 , wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the path security attributes are attributes indicated in Border Gateway Protocol (BGP) update messages received for the available paths. 14. The non-transitory processor-readable storage medium of claim 13 , wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that the path security attributes indicate one or more types of security applied by autonomous systems in the available paths. 15. The non-transitory processor-readable storage medium of claim 11 , wherein the stored processor-executable instructions are configured to cause a processor to perform operations such that selecting the path for routing the packet from the available paths based at least in part on the modified path lengths comprises using the path security attributes as a tie breaker between paths having matching modified path lengths.
Assignees
Inventors
Classifications
using M:N active or standby paths · CPC title
- H04L45/22Primary
Alternate routing · CPC title
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
using a combination of metrics · CPC title
Countermeasures against malicious traffic (countermeasures against attacks on cryptographic mechanisms H04L9/002) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11212216B2 cover?
- Systems, methods, and devices of the various embodiments disclosed herein may provide Border Gateway Protocol (BGP) security measures along autonomous system (AS) paths. Various embodiments may provide transparency as to the local security measures implemented along an AS path. Various embodiments may enable routing along secure paths. Various embodiments may enable the selection of AS paths ba…
- Who is the assignee on this patent?
- Charter Communications Operating Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L45/22. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).