BGP Extension to Support Inter-Domain Distributed Packets Filtering

To be trustworthy is an important characteristic of the next generation Internet. The routing system of the present Internet forwards packets only according to the destination IP address. Forged packets with spoofed source IP address will also be forwarded to the destination, which impairs the security of receiver and conceals the real identity of the sender. The trustworthy Internet requires the routing system not only forward packets correctly, but also validate the packets from the real sender. Inter-domain distributed packet filtering is an effective method to filter out spoofed packets. This paper proposes to extend BGP with route selection notice to provide filtering criteria. With the support, border routers can validate incoming packets and filter the spoofed packets form false autonomous systems. Simulation result indicates BGP route selection notice does not impair the routing function of BGP, and both proper design acceptable bandwidth cost and fast convergence may be achieved simultaneously.