DARPA NMS PI Meeting November 14, 2002 Understanding BGP in Action Dan Massey USC/ISI
Some Open Questions l How well is BGP performing in the Internet? n Where does BGP design or operation excel? n Are there potential breaking points n Are we close to any breaking points? n What lessons do this imply for protocol design? l Combine analysis with measurement and simulation to answer the above questions.
Measurement l Essential contributions of real measurement: n Component interactions are not understood and are only fully captured in the real system n Policies can be complex and have surprising impact. l Limitations on real measurement n Measurement artifacts can bias results n No vantage point (or collection of points) is representative of the “Internet”. n Easy to get lost in interesting data, but objective is results leading to insight and understanding. n Property of protocol vs property of implementation.
Classification of BGP Updates Measurement Artifacts Routing Changes
A Closer Look at the Route Changes Actual path changes Updates with no path change
Some Implications l Measurement artifacts illustrate the potential breaking points of hard connections. n Requires understanding of TCP and BGP. Related Packet Design announcement last week. l SPATH (same path) updates consume cycles but convey varying degree of useful data. n On some days, set of DoD prefixes < 0.02% of Internet) contributed over 90% of SPATH updates. n Represents a valid policy, but is it useful/desirable? n Lesson: keep changes local if possible
What’s Else is Hiding in These Updates? Internet c.gtld-servers.net rrc00 monitor originates route to /24 l Invalid BGP routes exist in everyone’s table. n One example observed on 4/16/01 took out a gTLD (com/net/org) name server. ISPs announce new path 3 lasted 20 minutes 1 lasted 3 hours
But DNS Routes Are Also Predictable ISP1 Root servers gTLD servers
Theoretical Limitations l Bush, Griffin, and Mao illustrate the challenge n Top node sends one announce/withdraw. n Only 5 nodes in network. n No other events occur. n 52 different update sequences can result n See Bush, et.al in October 2002 NANOG. l Now scale to Internet size and add multiple events! Annouce/withdraw Monitor may see any of 52 different sequences
Simulation l Large scale systems with diverse components have intrinsically complex external behavior. n Potentially large numbers of unexpected events and couplings between diverse elements. l Use simulation to model and test scale changes. n X. Zhao, et. al exploits scale to an advantage n Hard to hide to valid data. n More understanding needed, but challenge of simulation scale n Additional challenge of reflecting component complexity.
Some Recent References l Our recent work: n Observation and Analysis of BGP Behavior under Stress, 2nd ACM SIGCOMM Internet Measurement Workshop, November nd ACM SIGCOMM Internet Measurement Workshop n Protecting the Routes to Top Level DNS Servers, NANOG 25, June 11, 2002.NANOG 25 n Improving BGP Convergence Through Consistency Assertions, Presented at INFOCOM, June 23-27, 2002.INFOCOM n Detection of Invalid Routing Annoucements in the Internet, Presented at DSN, June 23-26, 2002.DSN l October NANOG l SIGCOMM Internet Measurement Workshop
Questions?