Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

Published byMelina Robbins Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved."— Presentation transcript:

1 Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research ji@research.att.com Copyright © 2002 by John Ioannidis. All Rights Reserved.

2 BGP announcements Propagate throughout the network.

3 BGP announcements Which path gets picked depends on the advertised attributes.

4 Redundant Connectivity protects against link failures.

5 BGP Listens to Many Peers Each router receives multiple announcements for each destination. But: announcements are not authenticated. Anyone can announce (almost) any prefix. –Maliciously. –Accidentally. Frequent source of problems. Best case: more routing data than necessary. Usual case: blackholed traffic. Extreme case: redirect traffic for intercepting.

6 Black Holes Are Out of Sight If another AS advertises one of our prefixes, bad things happen: AS 1 C1C4 AS 6AS 5AS 4AS 2AS 3 128.59.0.0/1 6 legitimate 9 128.59.0.0/16 9 not legitimate!

7 Black Holes Are Out of Sight Our prefix becomes unreachable from the part of the net believing C4’s announcement. AS 1 C1C4 AS 6AS 5AS 4AS 2AS 3 128.59.0.0/1 6 legitimate 9 128.59.0.0/16 9 not legitimate!

8 BGP Chooses Among Many Paths Each router receives multiple announcements for each destination. Uses path attributes to select the best path. But: path attributes are not authenticated either. AS changing path attributes can disrupt routing. –Cause suboptimal paths to be taken. –Interfere with policy decisions. –Cause parts of the network to become unreachable.

9 BGP Is All About Policy The main goal of BGP is to arrive at routes that satisfy policy. ISPs need a way of checking that others are abiding by their advertised policies. The Internet Routing Registry (IRR) project aims to provide this global policy knowledge. But: –Private peering agreements are usually confidential. And of no interest to non-participants. –Updating the RRs is not done in real time. So the registry does not always reflect current policy. –There is still no way to check whether BGP updates received abide by the policies of all the intermediate ASes.

10 BGP Hides Information This is an effort to unhide the information. When something goes wrong, you are trying to infer what went wrong from what you are seeing in bgp data. Having a richer channel to convey that information will allow us to figure out whether what we are seeing is indeed an anomaly or it is according to what should be happening.

11 Enter IRV Internet Routing Verification: Each AS maintains a [distributed,replicated] Routing Verifier. An IRV is a repository for: –Current policy. –Current routing state. Other ASes may query the IRV, subject to access controls. AS1 IRV R AS3 BGP Routers R AS2 R R R R Query R R R

12 IRV Has Policy Data The main function of an IRV is to keep up-to-date policy data. Policies may be re-imported from the RRs in RPSL. New policies may be written in either RPSL or XML. Policies are stored in XML. –Schemata are still being worked on. Other ASes query the IRV to consult/verify policy information. –IRV has a query protocol. –Based in Xquery. The IRV becomes the canonical repository for an AS’s policy information.

13 IRV Has Current BGP Data The IRV keeps peering sessions with all its BGP routers: It maintains all the routes that the AS receives and announces (in XML, queriable subject to access control). It can also digest SNMP data from the routers. IRV AS1 BGP Routers R R R R R R R

14 IRV Has Configuration Data The IRV also maintains router configurations. Parts of the configuration can be automatically translated into policy. Parts of the configurations can be automatically generated from policy.

15 Origin Verification Any router can query the IRV responsible for an AS to verify that it is indeed originating a prefix. –Subsumes S-BGP Address Attestation. Even in the absence of rigid public key infrastructure, this can yield benefits. ISPs can verify that their announcements are reaching other parts of the net. AS 1 2 3 4 S-BGP AS 1 2 3 4 IRV

16 Path Verification Query IRVs in the ASes listed in the AS_PATH. Verify that each AS announced the prefix to the following AS in the AS_PATH. –Subsumes S-BGP Route Attestation. Verify that the attributes are consistent with policy. ISPs can also verify that their announcements are not being corrupted.

17 Paper at NDSS’03 @inproceedings{irv-ndss03, author = {Geoffrey Goodell and William Aiello and Timothy Griffin and John Ioannidis and Patrick McDaniel and Aviel Rubin}, title = {{Working Around BGP: An Incremental Approach to Improving Security and Accuracy of Interdomain Routing}}, booktitle = {{Symposium on Network and Distributed Systems Security}}, city = {San Diego, CA}, month = {February}, year = 2003 }

18 Summary IRV provides an asynchronous way to verify BGP data against policy, configuration, and current routing state. XML-based. No router modifications needed. Incremental deployment. Value increases as more ISPs adopt it.

Download ppt "Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved."

Similar presentations

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)
Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Routing: Exterior Gateway Protocols and Autonomous Systems Chapter 15.

Routing: Exterior Gateway Protocols and Autonomous Systems Chapter 15.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”

The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
HLP: A Next Generation Interdomain Routing Protocol Lakshminarayanan Subramanian* Matthew Caesar* Cheng Tien Ee*, Mark Handley° Morley Maoª, Scott Shenker*

HLP: A Next Generation Interdomain Routing Protocol Lakshminarayanan Subramanian* Matthew Caesar* Cheng Tien Ee*, Mark Handley° Morley Maoª, Scott Shenker*
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
The Border Gateway Protocol (BGP) Sharad Jaiswal.

The Border Gateway Protocol (BGP) Sharad Jaiswal.
MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Similar presentations

Ads by Google