Source Prefix Filtering in ROFL
Source: Columbia University
Traditional firewalls have the ability to allow or block traffic based on source address as well as destination address and port number. The authors' original ROFL scheme implements firewalling by layering it on top of routing; however, the original proposal focused just on destination address and port number. Doing route selection based in part on source addresses is a form of policy routing, which has started to receive increased amounts of attention. In this paper, they extend the original ROFL (ROuting as the Firewall Layer) scheme by including source prefix constraints in route announcement. They present algorithms for route propagation and packet forwarding, and demonstrate the correctness of these algorithms using rigorous proofs.