arp sponge
play

ARP Sponge Niels Sijm Marco Wessel zaterdag 4 juli 2009 AMS-IX? - PowerPoint PPT Presentation

Dec 30, 2022 •300 likes •539 views

ARP Sponge Niels Sijm Marco Wessel zaterdag 4 juli 2009 AMS-IX? One of the largest IXP in the world by members, ports and traffic 317 Members, 580 ports, 675Gb/sec peak All in one L2 subnet. zaterdag 4 juli 2009 AMS-IX Set-up

  1. ARP Sponge Niels Sijm Marco Wessel zaterdag 4 juli 2009

  2. AMS-IX? • One of the largest IXP in the world by members, ports and traffic • 317 Members, 580 ports, 675Gb/sec peak • All in one L2 subnet. zaterdag 4 juli 2009

  3. AMS-IX Set-up • AMS-IXv3: • Big L2 subnet • Hub/spoke with backup network • VSRP for failover • No longer scalable. zaterdag 4 juli 2009

  4. AMS-IX Set-up • AMS-IXv4 • MPLS/VPLS • One network, redundancy replaces failover • Still one big L2 subnet for customers zaterdag 4 juli 2009

  5. ARP Sponge • ARP Sponge exists to decrease amount of ARP traffic on AMS-IX • Spoofs ARP replies when necessary zaterdag 4 juli 2009

  6. Research Question What differences are there between IPv4 and IPv6 as relating to the sponge and infrastructure, and is an IPv6 implementation necessary? zaterdag 4 juli 2009

  7. ARP Problems • ARP, needed for IPv4 over Ethernet • Resolves IP addresses into MAC addresses • Broadcast: ‘who is at this IP?’ • Must be processed by everyone who receives it • Too much ARP may cause CPU overload situations. zaterdag 4 juli 2009

  8. ARP Sponge • Too much ARP happens when nodes are unavailable (down, nonexistent) • ARP requests are repeated (in case they were lost), often by multiple requestors • ARP Sponge exists to notice this and reply in downed node’s stead. • Nodes are ‘happy’, so far as their ARP caches go zaterdag 4 juli 2009

  9. ARP Sponge • Start ‘sponging’ when too many requests are received in small amount of time • Stop ‘sponging’ when traffic is received from the real host • Gratuitous ARP, ARP request for other node, anything. zaterdag 4 juli 2009

  10. ARP Sponge Benefits • Nearly ten-fold reduction of ARP traffic seen on an average day: • 1450 ARPs/min with • 13902 ARPs/min without • Additionally, allows AMS-IX to see traffic for nonexistent nodes • Notably, BGP sessions with routers that no longer exist zaterdag 4 juli 2009

  11. IPv6 • Current Sponge only deals with IPv4 • What about IPv6? • IPv6 replaces ARP with ‘Neighbour Discovery’ • Part of ICMPv6 • Multicast instead of Broadcast • Also allows router discovery zaterdag 4 juli 2009

  12. Issues for IPv6 Sponge • IPv6 subnet is 64 bits large • 18446744073709551616 (2 64 ) potential addresses • Sponge must keep state for IP addresses to determine when to sponge • ‘limited’ memory capacity not enough zaterdag 4 juli 2009

  13. Issues for IPv6 Sponge • How to solve? • Use two lists: • White list of hosts known to exist (limited amount), filled by watching for traffic, can be seeded • Ring-buffer or timed-expiry for other addresses so old addresses expire automatically zaterdag 4 juli 2009

  14. IPv6 ND • ND consists primarily of: • Neighbour Solicitations and Advertisements • Functionally equivalent to ARP • multicast on Ethernet, using solicited-node address • Router Solicitations and Advertisements. zaterdag 4 juli 2009

  15. IPv6 ND • Solicited-node address: ff02::1:FFXX:XXXX • XX:XXXX replaced with last three octets of unicast address • IPv6 Multicast address maps to ethernet multicast address: 33:33:XX:XX:XX:XX • XX’es replaced with last 32 bits of multicast address zaterdag 4 juli 2009

  16. IPv6 ND • Example: 2001:7b8:200:2202:216:cbff:fe90:fe41 • Solicited-node address: ff02::1:ff90:fe41 • Multicast Ethernet address: 33:33:ff:90:fe:41 zaterdag 4 juli 2009

  17. IPv6 ND • This allows ‘selection at the gate’, or: don’t process irrelevant solicitations • MAC chips can be programmed for this • Keeps CPU utilization down in comparison to ARP zaterdag 4 juli 2009

  18. Group overlap • Multicast group addressing scheme on AMS-IX: • addresses are structured as 2001:7f8:1::a5xx:xxxx:yyyy • AS-numbers that end in the same two digits ‘overlap’: 2001:7f8:1::a500:1200:0001 and 2001:7f8:1::a512:3400:0001 result in 33:33:ff:00:00:01 • Average of 2.21 nodes per group, maximum 6 zaterdag 4 juli 2009

  19. Comparisons • Router CPU utilization ARP/ND, 10kpps ARP ARP ND ND ND host other host other group Juniper 5% 4% 100% 0% 69% Cisco 91% 55% 90% 55% 55% Linux 2% 1% 17% 0% 8% • Notes: • Juniper: FEB/FPC CPU; Cisco: main CPU • Cisco very busy handling packets in general, but nothing extra for irrelevant ND • Linux: used e1000 ethernet adapter which has ARP-offloading zaterdag 4 juli 2009

  20. Switch comparisons ARP L2 ARP VPLS ND L2 ND VPLS 42% 63% 40% 62% • Tested 10kpps ARP/ND in L2 environment vs. VPLS • Small difference between ND/ARP: processing in switch • VPLS increases line-card processing load evenly between ARP/ND zaterdag 4 juli 2009

  21. IPv6 Sponge Issue • 64-bit subnet means potentially very large neighbour cache for routers ‣ Attacker behind router starts ping sweep of peering subnet ‣ Router starts soliciting for neighbours (that don’t exist) ‣ ARP Sponge answers ‣ Neighbour cache fills up zaterdag 4 juli 2009

  22. Recommendation • Given: • Multicasting of Neighbour Solicitations with ‘selection at the gate’ • Potential to fill up neighbour caches • We recommend not implementing IPv6 Sponge daemon (yet) • If implementing for other reasons: use small lists to prevent cache problem zaterdag 4 juli 2009

  23. Thank you. Questions? zaterdag 4 juli 2009

Recommend

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a

Ret Retaine ined Sponge Sponge Most common retained surgical item that requires a re-operation Detection can be difficult and remote from the initial operation The sponge must be removed Primary problem is faulty OR

570 views • 26 slides
Treatment performance of practical-scale down-flow hanging sponge reactor using sixth-generation

Treatment performance of practical-scale down-flow hanging sponge reactor using sixth-generation

13 th IWA Specialized Conference on Small Water and Wastewater Systems, 14-16 September 2016, Athens, Greece Treatment performance of practical-scale down-flow hanging sponge reactor using sixth-generation sponge media Tsutomu Okubo*, Akinori

366 views • 33 slides
Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with

Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with

Sponge-based PRNGs A Provable Security Perspective Stefano Tessaro UCSB Base on joint work with Peter Gai (IST Austria) wr0ng Paris, April 30, 2017 The Sponge Construction [BDP V A08] M {0,1}* M 1 M 2 M L r-bit blocks: r 0 H (M)

820 views • 42 slides
Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1

Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1

Generic security of the Keyed Sponge Generic security of the Keyed Sponge based on joint work with Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 , ArcticCrypt Longyearbyen July 19, 2016 1 / 30 Joan Daemen 1 , 2 Elena Andreeva 3

602 views • 33 slides
Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics

Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics

Overview of the Sponge, Duplex and Farfalle constructions Gilles Van Assche 1 1 STMicroelectronics Summer school on real-world crypto and privacy ibenik, Croatia, June 2019 Based on joint work with Elena Andreeva, Guido Bertoni, Joan Daemen,

907 views • 88 slides
About the SKP Group About the SKP Group Integrated Business Model Ferro Alloys, Sponge

About the SKP Group About the SKP Group Integrated Business Model Ferro Alloys, Sponge

About the SKP Group About the SKP Group Integrated Business Model Ferro Alloys, Sponge Iron, Billets, TMT Bars, Stainless Steel, Power, Coal Mining. One of the largest producers of High Carbon Ferro Chrome, Silico Manganese,

638 views • 39 slides
Supplementary Material Compressible and recyclable monolithic g-C 3 N 4 /melamine sponge: A facile

Supplementary Material Compressible and recyclable monolithic g-C 3 N 4 /melamine sponge: A facile

Supplementary Material Compressible and recyclable monolithic g-C 3 N 4 /melamine sponge: A facile ultrasonic-coating approach and enhanced visible-light photocatalytic activity Ye Yang 1,2 , Qian Zhang 1* , Ruiyang Zhang 1 , Tao Ran 1 , Wenchao

594 views • 4 slides
LASER INDUCED POROUS GRAPHENE SPONGE Capstone Spring 2015

LASER INDUCED POROUS GRAPHENE SPONGE Capstone Spring 2015

LASER INDUCED POROUS GRAPHENE SPONGE Capstone Spring 2015 Amine Ouesla8 - Group Leader Eric Bailey - Deputy Leader Allen Chang - Treasurer

270 views • 25 slides
Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard

Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard

Sponge-Based Control-Flow Protection for IoT Devices Werner, Unterluggauer, Schaffenrath, Mangard 25th April 2018, London Graz University of Technology Motivation and Context Logical Attacks www.tugraz.at Exploit software and design bugs

616 views • 59 slides
Synthesis of Superconductor (2020/05/08 revised) Collect: Agate mortar (clean with sponge

Synthesis of Superconductor (2020/05/08 revised) Collect: Agate mortar (clean with sponge

Synthesis of Superconductor (2020/05/08 revised) Collect: Agate mortar (clean with sponge after use) Label one zip-lock bag with student ID and name (To collect the synthesized superconductors) Prepare: Plastic spatula x1 Mask

512 views • 14 slides
Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge

Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge

Modern Session Encryption David Wong outline 3. NOISE 2. STROBE 4. ??? 1. KECCAK Sponge Construction 00101 01001 01100 11001 01011 10101 0 0 0 0 f f f f f 0 0 0 0 absorbing squeezing Duplex Construction input

808 views • 60 slides
White Sponge Nevus: A Non-hereditery Presentation M.Seda Altop 1 , Ozge Ozdal 2 , C.Berk Ozer 2 ,

White Sponge Nevus: A Non-hereditery Presentation M.Seda Altop 1 , Ozge Ozdal 2 , C.Berk Ozer 2 ,

Case Report International Journal of Basic and Clinical Studies (IJBCS) 2014;3(2): 106-110 Altop MS et al. White Sponge Nevus: A Non-hereditery Presentation M.Seda Altop 1 , Ozge Ozdal 2 , C.Berk Ozer 2 , Meral Unur 3 Sule Ozturk Sar 4 , Nesimi

249 views • 5 slides
SAN ANTONIO CLIMATE READY Water Sponge/Carbon Sink City September 17, , 2019 Deborah

SAN ANTONIO CLIMATE READY Water Sponge/Carbon Sink City September 17, , 2019 Deborah

SAN ANTONIO CLIMATE READY Water Sponge/Carbon Sink City September 17, , 2019 Deborah Reid, Lissa Martinez, Brenden Shue, Technical Director CAAP Technical Trinity Committee University GEAA Member Intern Topics to be covered

329 views • 28 slides
The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO

The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO

Introduction Generalized Sponge Serial MDS PHOTON Security Conclusion The PHOTON Family of Lightweight Hash Functions Jian Guo, Thomas Peyrin, Axel Poschmann CRYPTO 2011, 15 August 2011 Introduction Generalized Sponge Serial MDS PHOTON

839 views • 35 slides
Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK

Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK

Beer-recovery attack Jean-Philippe Aumasson Dmitry Khovratovich K ECCAK SHA-3 candidate K ECCAK SHA-3 candidate Sponge with permutation K ECCAK - f [1600] K ECCAK SHA-3 candidate Sponge with permutation K ECCAK - f [1600] No external

730 views • 16 slides
STUDIO 2015.4.01 Abstract & Key Words ABSTRACT: The city

STUDIO 2015.4.01 Abstract & Key Words ABSTRACT: The city

Low Impact Development of City Wall-Canal System from Urban Segregator to Green Archival Linkage -----Sponge City RejuvenaEon Design

740 views • 41 slides
Alkylation of substituted phenols in DMF by MeI using TMGN ( bis -

Alkylation of substituted phenols in DMF by MeI using TMGN ( bis -

[a039] Alkylation of substituted phenols in DMF by MeI using TMGN ( bis - 1,1,8,8-(tetramethylguanidino)naphtalene) a proton sponge as base: a kinetics study by NMR spectroscopy. Cdric KEPKA, Mal PENHOAT, Didier BARBRY and Christian ROLANDO*

396 views • 11 slides
Synthesis of 5-BromoVerongamine, an Antibacterial Dibromotyrosine Metabolite from Pseudoceratina

Synthesis of 5-BromoVerongamine, an Antibacterial Dibromotyrosine Metabolite from Pseudoceratina

[c002] Synthesis of 5-BromoVerongamine, an Antibacterial Dibromotyrosine Metabolite from Pseudoceratina sponge Suresh K. Kottakota a , J. Jonathan Harburn a* , Anthony OShaughnessy a , Mark Gray a , Philppos Konstanidis a , Davis E. Yakubu a a

436 views • 7 slides
KENAI PENINSULAS TURQUOISE CARBON: PROSPECTS FOR FINANCE AND CONSERVATION PEAT AND

KENAI PENINSULAS TURQUOISE CARBON: PROSPECTS FOR FINANCE AND CONSERVATION PEAT AND

KENAI PENINSULAS TURQUOISE CARBON: PROSPECTS FOR FINANCE AND CONSERVATION PEAT AND PEATLANDS What is peat? Partially-decomposed plant material Oxygen-poor, waterlogged environments Sponge-like PEATMAN,

498 views • 23 slides
Understanding Structure- Function Relationships in Biological Glass Fibers Michael Porter

Understanding Structure- Function Relationships in Biological Glass Fibers Michael Porter

Understanding Structure- Function Relationships in Biological Glass Fibers Michael Porter Project Mentor: James Weaver Faculty Advisor: Dan Morse Structural Diversity of Siliceous Sponge Skeletal Elements (Spicules) Hexactinellids

548 views • 18 slides
Heringa (1) Heringa (1) Recent studies in Switzerland on forest and water show us the way

Heringa (1) Heringa (1) Recent studies in Switzerland on forest and water show us the way

Heringa (1) Heringa (1) Recent studies in Switzerland on forest and water show us the way how to protect our economic interests: Forests act as a sponge: they absorb the water during the rainy season and gradually release it during

915 views • 60 slides
Keccak and the SHA-3 Standardization Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van

Keccak and the SHA-3 Standardization Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van

Keccak and the SHA-3 Standardization Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors NIST , Gaithersburg, MD February 6, 2013 1 / 60 Outline 1 2 3 4 5 6 The beginning The sponge

908 views • 71 slides
Management 1 MetaMateria 870 Kaderly Columbus, OH 43228 614-340- 1690

Management 1 MetaMateria 870 Kaderly Columbus, OH 43228 614-340- 1690

Phosphorus Management 1 MetaMateria 870 Kaderly Columbus, OH 43228 614-340- 1690 metamateria.com Water Clean Up PO4 Sponge Removes Soluble Phosphorus Dissolved Reactive Phosphorus (DRP) BIO Lair Bacteria Multiplier BIO-Lair

556 views • 16 slides
On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1

On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1

On Keccak and SHA-3 Guido Bertoni 1 Joan Daemen 1 Michal Peeters 2 Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Icebreak 2013 Reykjavik, Iceland June 8, 2013 1 / 61 Outline 1 Origins 2 The sponge construction 3 Inside

1.12k views • 71 slides

More recommend