When you buy a car, you don’t painstakingly buy each individual part. You'd buy the entire vehicle – engine, transmission, body and all – from a single manufacturer.
Network disaggregation, on the other hand, represents the opposite. It's like buying the engine from one company, the transmission from another, then choosing the body style that best suits your needs and so on.
This separation of hardware and software, often referred to as "white box" networking, gives network operators unprecedented freedom. They can mix and match components from different vendors, choosing the best-in-class hardware and software for their specific needs. This flexibility translates to cost-saving opportunities as operators use lower-cost, commercially available hardware instead of relying on expensive, proprietary systems.
Disaggregation also encourages the development of new and improved network operating systems that run on various hardware platforms. This competitive environment drives faster advancements in network technology, which leads to more efficient, scalable and cost-effective solutions for everyone.
With that said, network disaggregation also introduces new security challenges. The increased complexity of managing diverse hardware and software components creates more attack surfaces. Integrating and securing components from different vendors requires careful planning and rigorous testing to prevent interoperability issues and potential vulnerabilities. Additionally, the reliance on open-source software can expose networks to potential security flaws if not properly maintained and updated.
An answer to those challenges is RtBrick.
RtBrick has developed carrier routing software that runs on off-the-shelf hardware. It has applied the same approach to networks that the huge “cloud-natives” have used to build and operate their web-scale IT services.
Recently, RtBrick added support for several new internet peering security features, including BGP RPKI, TCP-AO for BGP and LDP, BGP Flowspec, SFLow and GTSM. The purpose of these tools is to enhance the security of peering and edge routers, which allows operators to better protect their networks from malicious actors while benefiting from the cost-efficiency of disaggregated systems.
BGP Flowspec protects networks from DDoS attacks.
Resource Public Key Infrastructure, or RPKI, allows network owners to validate and secure the critical route updates, or Border Gateway (News - Alert) Protocol (BGP) announcements, and prevent route hijacking or misconfiguration.
TCP Authentication Option, or TCP-AO, enhances the security and authenticity of TCP segments exchanged during BGP and LDP sessions. It adds support for the latest security mechanisms and is stronger than legacy mechanisms such as TCP MD5.
sFlow, or "sampled flow," samples packets from routers and sends them to a central collector for analysis, to identify abnormal traffic patterns and potential attacks.
Generalized TTL Security Mechanism, or GTSM, prevents a remote intruder from hijacking a route using a mechanism that also protects it from CPU-utilization based attacks.
With RtBrick’s disaggregated routing software, an operator can enhance the security of their disaggregated routers that connect to other ISPs, known as Peering Routers, as well as edge service PE Routers.
“As ISPs battle consumer and regulatory pressure to secure their networks against sophisticated attacks, they need robust security tools,” said Hannes Gredler, Chief Technology Officer at RtBrick. “Adding this latest feature-set will allow ISPs to take advantage of the cost-points and flexibility of network disaggregation to provide Internet peering while effectively securing their key infrastructure.”
Edited by
Alex Passett
