RtBrick announced that it has added support for several new
Internet peering security features, including BGP RPKI, TCP-AO for BGP and LDP,
BGP Flowspec, SFLow and GTSM. These tools enhance the security of peering and
edge routers, enabling operators to protect their networks from malicious
actors while benefiting from the cost-efficiency of disaggregated systems.
-
BGP Flowspec: Protects networks from DDoS
(Distributed Denial of Service) attacks.
-
Resource Public Key
Infrastructure (RPKI): Allows network owners to validate and secure the
critical route updates, or Border Gateway Protocol (BGP) announcements, and
prevent route hijacking or misconfiguration.
-
TCP Authentication Option
(TCP-AO): Enhances the security and authenticity of TCP segments exchanged during
BGP and LDP sessions. It adds support for the latest security mechanisms and is
stronger than legacy mechanisms such as TCP MD5.
-
sFlow, or "sampled
flow": Samples packets from routers and sends them to a central collector for
analysis, to identify abnormal traffic patterns and potential attacks.
-
Generalized TTL Security
Mechanism (GTSM): Prevents a remote intruder from hijacking a route using
a mechanism that also protects it from CPU-utilization based attacks.
Network disaggregation separates the hardware
and software that is traditionally provided as a closed monolithic routing
system, enabling operators to pick and mix different vendors and use low-cost
hardware based on ‘off-the-shelf' networking silicon. Now, using RtBrick's
disaggregated routing software, an operator can enhance the security of their
disaggregated routers that connect to other ISPs, known as Peering Routers, as
well as edge service PE Routers.
"As ISPs battle consumer and regulatory pressure to secure their networks
against sophisticated attacks, they need robust security tools," said Hannes Gredler, CTO and founder at RtBrick. "Adding this latest feature-set will allow ISPs to take advantage
of the cost-points and flexibility of network disaggregation to provide
Internet peering while effectively securing their key infrastructure."
RtBrick's software has been deployed across a
wide range of operators, from Deutsche Telekom, Europe's largest telco, to
regional ISPs such as WOBCOM. RtBrick enabled WOBCOM to create a disaggregated multiservice
edge, in which it implemented the new BGP Flowspec security feature.
Watch RtBrick's BGP Flowspec in action and
see how it strengthens ISP networks against threats - here.