Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

Slides:

Advertisements

Similar presentations

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

Advertisements

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Routing: Exterior Gateway Protocols and Autonomous Systems Chapter 15.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

HLP: A Next Generation Interdomain Routing Protocol Lakshminarayanan Subramanian* Matthew Caesar* Cheng Tien Ee*, Mark Handley° Morley Maoª, Scott Shenker*

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

The Border Gateway Protocol (BGP) Sharad Jaiswal.

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

Inter-domain Routing security Problems Solutions.

Slide 1 Vitaly Shmatikov CS 378 Routing Security.

Lecture Week 3 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.

Border Gateway Protocol (BGP4) Rizwan Rehman, CCS, DU.

1 Securing BGP Large scale trust to build an Internet again Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

Lecture 4: BGP Presentations Lab information H/W update.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

Finding Vulnerable Network Gadgets in the Internet Topology Author: Nir Amar Supervisor: Dr. Gabi Nakibly Author: Nir Amar Supervisor: Dr. Gabi Nakibly.

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

BGP Man in the Middle Attack Jason Froehlich December 10, 2008.

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.

Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)

IP Routing Principles. Network-Layer Protocol Operations Each router provides network layer (routing) services X Y A B C Application Presentation Session.

1 APNIC Trial of Certification of IP Addresses and ASes RIPE October 2005 Geoff Huston.

Information-Centric Networks Section # 4.2: Routing Issues Instructor: George Xylomenos Department: Informatics.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.

BGP security some slides borrowed from Jen Rexford (Princeton U)

BGP Validation Russ White Rule11.us.

Border Gateway Protocol

Goals of soBGP Verify the origin of advertisements

COS 561: Advanced Computer Networks

Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.

Are We There Yet? On RPKI Deployment and Security

COS 561: Advanced Computer Networks

E : Internet Routing Lecture 5 Fundamentals of Routing Protocols

COS 561: Advanced Computer Networks

Improving reliability of IRR database

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

BGP Instability Jennifer Rexford

Presentation transcript:

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

BGP announcements Propagate throughout the network.

BGP announcements Which path gets picked depends on the advertised attributes.

Redundant Connectivity protects against link failures.

BGP Listens to Many Peers Each router receives multiple announcements for each destination. But: announcements are not authenticated. Anyone can announce (almost) any prefix. –Maliciously. –Accidentally. Frequent source of problems. Best case: more routing data than necessary. Usual case: blackholed traffic. Extreme case: redirect traffic for intercepting.

Black Holes Are Out of Sight If another AS advertises one of our prefixes, bad things happen: AS 1 C1C4 AS 6AS 5AS 4AS 2AS /1 6 legitimate /16 9 not legitimate!

Black Holes Are Out of Sight Our prefix becomes unreachable from the part of the net believing C4’s announcement. AS 1 C1C4 AS 6AS 5AS 4AS 2AS /1 6 legitimate /16 9 not legitimate!

BGP Chooses Among Many Paths Each router receives multiple announcements for each destination. Uses path attributes to select the best path. But: path attributes are not authenticated either. AS changing path attributes can disrupt routing. –Cause suboptimal paths to be taken. –Interfere with policy decisions. –Cause parts of the network to become unreachable.

BGP Is All About Policy The main goal of BGP is to arrive at routes that satisfy policy. ISPs need a way of checking that others are abiding by their advertised policies. The Internet Routing Registry (IRR) project aims to provide this global policy knowledge. But: –Private peering agreements are usually confidential. And of no interest to non-participants. –Updating the RRs is not done in real time. So the registry does not always reflect current policy. –There is still no way to check whether BGP updates received abide by the policies of all the intermediate ASes.

BGP Hides Information This is an effort to unhide the information. When something goes wrong, you are trying to infer what went wrong from what you are seeing in bgp data. Having a richer channel to convey that information will allow us to figure out whether what we are seeing is indeed an anomaly or it is according to what should be happening.

Enter IRV Internet Routing Verification: Each AS maintains a [distributed,replicated] Routing Verifier. An IRV is a repository for: –Current policy. –Current routing state. Other ASes may query the IRV, subject to access controls. AS1 IRV R AS3 BGP Routers R AS2 R R R R Query R R R

IRV Has Policy Data The main function of an IRV is to keep up-to-date policy data. Policies may be re-imported from the RRs in RPSL. New policies may be written in either RPSL or XML. Policies are stored in XML. –Schemata are still being worked on. Other ASes query the IRV to consult/verify policy information. –IRV has a query protocol. –Based in Xquery. The IRV becomes the canonical repository for an AS’s policy information.

IRV Has Current BGP Data The IRV keeps peering sessions with all its BGP routers: It maintains all the routes that the AS receives and announces (in XML, queriable subject to access control). It can also digest SNMP data from the routers. IRV AS1 BGP Routers R R R R R R R

IRV Has Configuration Data The IRV also maintains router configurations. Parts of the configuration can be automatically translated into policy. Parts of the configurations can be automatically generated from policy.

Origin Verification Any router can query the IRV responsible for an AS to verify that it is indeed originating a prefix. –Subsumes S-BGP Address Attestation. Even in the absence of rigid public key infrastructure, this can yield benefits. ISPs can verify that their announcements are reaching other parts of the net. AS S-BGP AS IRV

Path Verification Query IRVs in the ASes listed in the AS_PATH. Verify that each AS announced the prefix to the following AS in the AS_PATH. –Subsumes S-BGP Route Attestation. Verify that the attributes are consistent with policy. ISPs can also verify that their announcements are not being corrupted.

Paper at author = {Geoffrey Goodell and William Aiello and Timothy Griffin and John Ioannidis and Patrick McDaniel and Aviel Rubin}, title = {{Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing}}, booktitle = {{Symposium on Network and Distributed Systems Security}}, city = {San Diego, CA}, month = {February}, year = 2003 }

Summary IRV provides an asynchronous way to verify BGP data against policy, configuration, and current routing state. XML-based. No router modifications needed. Incremental deployment. Value increases as more ISPs adopt it.