Source Prefix Filtering in ROFL

Hang Zhao; Maritza Lupe Johnson; Chi-Kin Chau; Steven Michael Bellovin

Source Prefix Filtering in ROFL
Zhao, Hang
Johnson, Maritza Lupe
Chau, Chi-Kin
Bellovin, Steven Michael
Technical reports
Computer Science
Permanent URL:
Columbia University Computer Science Technical Reports
Part Number:
Traditional firewalls have the ability to allow or block traffic based on source address as well as destination address and port number. Our original ROFL scheme implements firewalling by layering it on top of routing; however, the original proposal focused just on destination address and port number. Doing route selection based in part on source addresses is a form of policy routing, which has started to receive increased amounts of attention. In this paper, we extend the original ROFL (ROuting as the Firewall Layer) scheme by including source prefix constraints in route announcement. We present algorithms for route propagation and packet forwarding, and demonstrate the correctness of these algorithms using rigorous proofs. The new scheme not only accomplishes the complete set of filtering functionality provided by traditional firewalls, but also introduces a new direction for policy routing.
Computer science
Item views:
text | xml
Suggested Citation:
Hang Zhao, Maritza Lupe Johnson, Chi-Kin Chau, Steven Michael Bellovin, 2009, Source Prefix Filtering in ROFL, Columbia University Academic Commons, http://hdl.handle.net/10022/AC:P:9283.

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use | Copyright