Over a decade of work has gone into securing the BGP routing control plane. Through all this, there has been an oft repeated refrain, "It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane." We describe what may be the first deployment of data plane enforcement of RPKI-based control plane validation. OpenFlow switches providing an exchange fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers.
Computer systems administrators, as a part of their job function, must monitor event logs generated by their systems for signs of failure, impending failure, or security breaches. Many of these systems produce well-defined output that can be easily filtered for important events. Many others, however, are inordinately complex, a situation increasingly common with the advent of multi-tier systems aimed at Internet commerce. Event logs are very often the only system-level output produced by servers, and thus represent the only common denominator across vendors and solutions. This paper will establish the position that event log messages have shortfalls as an interface for effectively managing such systems, and that a fundamentally different approach is required to improve the situation.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.