A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡

Slides:

Advertisements

Similar presentations

NOPEER Route Attribute Propose a well-known transitive advisory scope attribute Applied by originating AS to route prefixes Interpretable as advice to.

Advertisements

1 BGP Policy Atoms Yehuda Afek Omer Ben-Shalom Anat Bremler-Barr Tel-Aviv University.

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

Internet Routing Instability Craig Labovitz, G. Robert Malan, Farham Jahanian University of Michigan Presented By Krishnanand M Kamath.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Routing: Exterior Gateway Protocols and Autonomous Systems Chapter 15.

1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc Presented by Changchun Zou.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

Swinog-7, 22nd october 2003 BGP filtering André Chapuis,

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

2006 – (Almost another) BGP Year in Review A BRIEF update to the 2005 report 18 October 2006 IAB Routing Workshop Geoff Huston APNIC.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Quantitative Analysis of BGP Route Leaks Benjamin Wijchers Benno Overeinder.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

University of Massachusetts at Amherst 1 Flooding Attacks by Exploiting Persistent Forwarding Loops Jianhong Xia, Lixin Gao and Teng Fei University of.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Analysis of BGP Routing Tables

Internet Routing Instability Labovitz et al. Sigcomm 1997 Largely adopted from Ion Stoica’s slide at UCB.

BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.

Border Gateway Protocol(BGP) L.Subramanian 23 rd October, 2001.

Computer Networks Layering and Routing Dina Katabi

1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

1 Interdomain Routing (BGP) By Behzad Akbari Fall 2008 These slides are based on the slides of Ion Stoica (UCB) and Shivkumar (RPI)

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

Skeeve Stevens APNIC 29, Kuala Lumpur Alternative criteria for subsequent IPv6 allocations Prop-083v002.

Lecture 4: BGP Presentations Lab information H/W update.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

Inter-Domain Routing Trends Geoff Huston APNIC March 2007.

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

BGP topics to be discussed in the next few weeks: –Excessive route update –Routing instability –BGP policy issues –BGP route slow convergence problem –Interaction.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.

1 To Insert AS Origin field into APNIC IP address database Xing Li Shuang Zhu CERNET

1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.

02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

CSCI-1680 Network Layer: Inter-domain Routing Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, Rodrigo Fonseca John Jannotti.

Information-Centric Networks Section # 4.2: Routing Issues Instructor: George Xylomenos Department: Informatics.

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.

1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.

BGP Validation Russ White Rule11.us.

Connecting an Enterprise Network to an ISP Network

The BGP Visibility Scanner

Auto-Detecting Hijacked Prefixes?

Auto-Detecting Hijacked Prefixes?

An Analysis of BGP Convergence Properties

Goals of soBGP Verify the origin of advertisements

COS 561: Advanced Computer Networks

Chapter 4: Access Control Lists (ACLs)

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COMP/ELEC 429/556 Introduction to Computer Networks

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

BGP Instability Jennifer Rexford

Presentation transcript:

A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡ †

2 Goals Long-Term: What is the extent and impact of configuration errors in BGP? ≫ incorrect origin AS, partial connectivity, pvt. ASN, pvt. address space, looping AS-paths, …… This talk: ≫ Origin AS Changes ≫ Partial Connectivity CSE:

3 Origin AS Changes Why does the origin for a prefix change? ≫ How many changes are short-lived? ≫ How many changes are a result of misconfiguration? ≫ How many changes lead to reachability problems? Easy ways to detect misconfigured origins? ≫ Multiple origins for a prefix misses subset space hijack increasingly common practice ≫ IRR’s are they accurate?

4 IRR: Simple Way to Detect Incorrect Origins? BGP Table Snapshot: Sep 28, 2001 Verified using RADB, RIPE, APNIC, ARIN

5 Origin Changes: Methodology Use BGP snapshots archived by Route Views Identify prefixes that are not announced by the same origin(s) throughout the day ≫ includes prefixes not present in all snapshots Attribute a cause to every origin change Caveat: would miss origin changes that come and go between snapshots

6 Classification of Origin Changes Long-lived: Changes that seem permanent Fluctuating: Short-lived changes with correct origins Conflicting: Short-lived changes with potentially incorrect origins

7 Glossary for Short-Lived Changes

More than 2% of the prefixes experience a change 2. Less than a third of changes are long-lived 3. Weekly pattern in the number of changes seen Weekend

% of long-lived changes persist beyond a week 2. Most action is in more-specifics (added,deleted)

10 9/11, As Seen by Origin Changes 11-Sep

11 Self Deaggregation causes more origin changes than failures

12 Deaggregation in general, and extra last hop in particular, causes most changes

13 Consulting the IRR when you see conflicts does not help

14 Some Examples of Misconfigurations Small AS’s announce /8’s (61.0/8, 62.0/8,...) An AS in Romania originated routes for most of Romania but NO reachability problems AS’s accept their own deaggregated address space adverts, and pass them on Not all origin misconfigurations cause reachability problems. How to figure out which ones do?

15 Reachability Test 1. Download the current BGP table 2. Identify the announcements with new origins 3. Divide the AS’s into two sets ≫ converts: AS’s that believe the new origin ≫ loyals: AS’s that believe the old origin 4. Use public looking glass servers to check if one set can reach the prefix while the other cannot

16 Reachability Test: Possible Results Pass ≫ both sets can reach the prefix, or ≫ both get blocked at the same place in the network Inconclusive ≫ both sets cannot reach the prefix, and get blocked at different places in the network Fail ≫ one set can reach the prefix, while the other cannot

17 Reachability Test: Initial Results

18 Partial Connectivity Advertised address space not reachable from all places in the Internet Causes: ≫ convergence delays ≫ route flap damping ≫ policy filtering (prefix length, commercial relationships) Failures do not lead to partial connectivity

19 Partial Connectivity: Methodology 1. Identify partially connected address space (!= prefix) from the BGP table 2. Consult BGP snapshots 15 minutes before and after to identify partial connectivity due to convergence delays 3. Correlate against partial connectivity across days to differentiate between route flap damping and filtering based partial connectivity 4. Verify using public looking glasses to guard against restrictive export policies and default pointing

20 Partial Connectivity: Results Expressed as %age of advertised address space: ≫ convergence: % ≫ route flap damping: % ≫ filtering: 0.7%

21 Most partially connected prefixes are /24’s Most partially connected address space is due to /16’s

22 Conclusions More than 2% of the prefixes experience an origin change during the day Less than a third of the changes are long-lived Only a small fraction of the changes lead to reachability problems 0.7% of address space is partially connected Feedback: