ATM peer group leader attack and mitigation

The private network to network interface (PNNI) provides routing and signalling functions in an asynchronous transfer mode (ATM) network. The routing function is based on a logical hierarchical structure to reduce the complexity for a majority of the routing nodes. The hierarchy comprises groups of nodes. Each group contains one or more logical group nodes (LGNs) which summarize routing information about their children and send (or flow) it to other LGNs. Each group also contains zero or one peer group leaders (PGL). The principal function of the PGL is the flooding of summary routing information from logical group members (LGM) to the next higher level of the hierarchy. The PGL also flows summary information it receives from the next higher level to other logical nodes. If the connectivity information in the PGL´s table changes due to malfunction or malicious action, portions of the network can be isolated from each other. When the change is due to malfunction, the normal processes for electing a new PGL will quickly remedy the problem. This paper suggests physical and logical changes to the ATM architecture to improve fault tolerance and security. The recommendations made are aimed at the peer group structure. Additional physical and logical links are recommended between logical groups to minimize the damage due to routing corruption by any single node. Also, logical procedures to recognize and remove a corrupted PGL from its position are also presented. Shadow PGL(s) are recommended to provide a fast smooth transition from one PGL to the next. A shadow PGL will also serve the purpose of providing cross checks on the information flow by the PGL and will enhance network security