The BGP Visibility Scanner

Slides:

Advertisements

Similar presentations

Allocation vs Announcement A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston February 2004 (Supported by APNIC)

Advertisements

An Operational Perspective on BGP Security Geoff Huston February 2005.

Routing System Stability draft-dimitri-grow-rss-01.txt IETF71 - Philadelphia.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

10/6/116Watch Project 1 6Watch: Gauging the Global Rollout of IPv6 Dan Massey Dave Meyer Lixia Zhang Colorado State U. Oregon UCLA.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

Swinog-7, 22nd october 2003 BGP filtering André Chapuis,

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Best Practices for ISPs

1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.

BGP in 2009 Geoff Huston APNIC May Conventional BGP Wisdom IAB Workshop on Inter-Domain routing in October 2006 – RFC 4984: “routing scalability.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Allocations vs Announcements A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston May 2004 (Activity supported by.

Computer Networks Layering and Routing Dina Katabi

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

NOC Lessons Learned TEIN2 and CERNET Xing Li

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

TDTS21: Advanced Networking Lecture 7: Internet topology Based on slides from P. Gill and D. Choffnes Revised 2015 by N. Carlsson.

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,

By, Matt Guidry Yashas Shankar.  Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.  The withdraws have an effect.

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)

BLACKHOLE BGP Community for Blackholing T. King, C. Dietzel, J. Snijders, G. Doering, G. Hankins.

CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.

Information-Centric Networks Section # 4.2: Routing Issues Instructor: George Xylomenos Department: Informatics.

1 Agenda for Today’s Lecture The rationale for BGP’s design –What is interdomain routing and why do we need it? –Why does BGP look the way it does? How.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

Routing Table Status Report August 2005 Geoff Huston.

Tracking the Internet’s BGP Table Geoff Huston Telstra December 2000.

Michael Schapira, Princeton University Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks

1 Investigating occurrence of duplicate updates in BGP announcements Jong Han Park 1, Dan Jen 1, Mohit Lad 2, Shane Amante 3, Danny McPherson 4, Lixia.

Copyright (c) 2002 Japan Network Information Center Proposal for IPv6 Policy for Essential Infrastructure in the AP region Izumi Okutani IP Address Section.

BGP Routing Stability of Popular Destinations

BGP 1. BGP Overview 2. Multihoming 3. Configuring BGP.

Border Gateway Protocol

Desperately Seeking Default

COS 561: Advanced Computer Networks

Power Prefixes Prioritization for Smarter BGP Reconvergence

Interdomain Traffic Engineering with BGP

Everybody Leaks Alexander Azimov.

How do we decide where to deploy to next?

IP Addresses in 2016 Geoff Huston APNIC.

APNIC Trial of Certification of IP Addresses and ASes

COS 561: Advanced Computer Networks

Lessons Learned TEIN2 and CERNET

BGP Multiple Origin AS (MOAS) Conflict Analysis

COS 561: Advanced Computer Networks

IPv4 Address Lifetime Expectancy

IPv4 Address Lifetime Expectancy Revisited

Improving global routing security and resilience

Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny

BGP Instability Jennifer Rexford

Amreesh Phokeer Research Manager AfPIF-10, Mauritius

When Can We Start Dropping IPv4 on the DNS Root Servers?

Presentation transcript:

The BGP Visibility Scanner Andra Lutu1,2 , Marcelo Bagnulo2 and Olaf Maennel3 Institute IMDEA Networks1, University Carlos III Madrid2 , Loughborough University3

Problem Statement The routing preferences are designed to accommodate various operational, economic, and political factors Problem: Only by configuring a routing policy, the origin AS cannot also ensure that it will achieve the anticipated results The implementation of routing policies is a complicated process, involving subtle tuning operations that are error- prone Operators need to complement their internal perspective on routing with the information retrieved from external sources UKNOF 25 18 April 2013

Internet Prefix Visibility Prefix visibility as an expression of policy interaction Not all the routes make it to every routing table (RT) in the interdomain Limited Visibility Prefixes (LVPs) – prefixes that are not in every RT High Visibility Prefixes (HVPs) – prefixes which are in almost all the RT The BGP Visibility Scanner: Analyze all BGP routing data from RouteViews and RIPE Routing Information Service (RIS) projects All together there are 24 different RT collection points More than 130 different ASes periodically dump their entire routing tables Limited Visibility Prefixes (LVPs) Intentional/Deliberate Inflicted by third parties Unintentional/Accidental UKNOF 25 18 April 2013

Next… Data manipulation – methodology Study case: example of applying the methodology Characteristics of the prefixes with limited visibility Presenting the tool and its capabilities Use cases UKNOF 25 18 April 2013

The BGP Visibility Scanner RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons GRTs Visibility Scanner Algorithm for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) Remove Transient for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient Label LVPs - HVPs UKNOF 25 18 April 2013

The BGP Visibility Scanner RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data UKNOF 25 18 April 2013

The BGP Visibility Scanner RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Remove prefixes: MOAS Bogons GRTs Clean GRTs UKNOF 25 18 April 2013

BGP visibility scanner Example: sampling time 23.10.2012 Global Routing Table - contains almost all the prefixes injected in the interdomain 129 GRTs from RIPE RIS and RouteViews 9/129 ASes in LACNIC 14/129 in APNIC 37/129 in ARIN 68/129 in RIPE NCC Polishing the full routing tables for our study No bogons/martians present Discard 500 bogon prefixes No MOAS prefixes Filter out approx. 4,500 MOAS prefixes BGP visibility scanner GRTs Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons UKNOF 25 18 April 2013

BGP Visibility Scanner We find that not all the GRTs identified contain all the prefixes injected in the interdomain Expression of policies which may have backfired Sample from 23.10.2012 – 08h00 UKNOF 25 18 April 2013

The BGP Visibility Scanner RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons GRTs Visibility Scanner Algorithm Label LVPs - HVPs for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) UKNOF 25 18 April 2013

BGP visibility scanner Filter internal routes Not considering prefixes only present in 1 RT with an AS-Path of length 1 23.10.2012: filter out 10.500 internal routes Labeling Mechanism – each prefix gets a visibility label based on the 95% minimum visibility threshold rule HV – high visibility if present in more than 95% of routing tables LV – limited visibility if present in less than 95% of routing tables BGP visibility scanner Visibility Scanner Algorithm for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) Label LVPs - HVPs UKNOF 25 18 April 2013

The BGP Visibility Scanner RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons GRTs Visibility Scanner Algorithm for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) Remove Transient for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient Label LVPs - HVPs UKNOF 25 18 April 2013

BGP visibility scanner Label Prevalence Sieve – rule of prevalence for the visibility labels tagged on each prefix Filter transient routes Filter the prefixes that are not consistently appearing in the two samples analyzed Discard 7,800 prefixes A total of 512.000 prefixes identified 415.576 High-Visibility prefixes (HVPs) 98.253 Limited-Visibility prefixes (LVPs) BGP visibility scanner Visibility Scanner Algorithm for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient Remove Transient UKNOF 25 18 April 2013

Dark Prefixes Dark Prefixes (DP) are the LV prefixes that are not covered by any HV prefix This would constitute address space that may not be globally reachable (in the absence of a default route) In 2012.10.23 there were ~2.400 dark prefixes in the LV prefix set HVP HVP HVP LVP LVP DP LVP DP LVP LVP UKNOF 25 18 April 2013

Prefix visibility – distribution on prefix length UKNOF 25 18 April 2013

AS-Path length The per set mean AS-Path length (no prepending considered): LV prefixes – 3.02 Mode = 2 HV prefixes – 4.16 Mode = 4 Dark prefixes – 3.75 UKNOF 25 18 April 2013

Prefix visibility as of 23.10.2012 Visibility distribution: # of LV prefixes present in n monitors, where n = 1, … 129 Low sensitivity to the visibility threshold included in the Labeling Mechanism UKNOF 25 18 April 2013

Prefix Label Stability in 2012.10 UKNOF 25 18 April 2013

Origin ASes for the LV prefixes Identified 3.570 different ASes originating the LV prefixes identified on 2012.10.23: 14% in LACNIC (~493 ASes) 30.5% in APNIC (~1.081 ASes) 30.1% in RIPE (~1.068 ASes) 22.4% in APNIC (~795 ASes) 1.1% in AFRINIC (~42 ASes) UKNOF 25 18 April 2013

What are these prefixes? We are looking to explain this phenomena: Is it something the origin AS intended or is it something that the AS is suffering? All the results of this study are made available online visibility.it.uc3m.es Up to date information on LV announced by each AS Check to see if your AS is originating LV prefixes Retrieve those prefixes and see if there are any Dark Prefixes within that set Please provide feedback! Short form that you can fill in and send UKNOF 25 18 April 2013

How does it work? visibility.it.uc3m.es UKNOF 25 18 April 2013

How does it work? visibility.it.uc3m.es Fill in the AS number here UKNOF 25 18 April 2013

How does it work? visibility.it.uc3m.es Example of output: UKNOF 25 18 April 2013

How does it work? visibility.it.uc3m.es Example of output: Next step: fill in form! UKNOF 25 18 April 2013

How does it work? Submit!! UKNOF 25 18 April 2013

Use Cases Different use case: Intended Scoped Advertisements Inject prefixes only to peers Intended Scoped Advertisements: Content provider Geographical scoping of prefix Config errors: Large ISP Outbound filters mistakes in configuration Leaking routes to direct peers Third-party inflicted: Internet root servers Tackle problems rising from the interaction between Ases Blackholing due to lack of return path Blackholing due to no announcement UKNOF 25 18 April 2013

Use Cases – Internet Root Servers Observe two prefixes: p/24 -LVP and p/23 – HVP Blackholing due to lack return path: Root server (local anycast node) Peer 1 Peer 2 p/24 p/24 (leak) No return path UKNOF 25 18 April 2013

Use Cases – Internet Root Rervers Observe two prefixes: p/24 -LVP and p/23 – HVP Blackholing due to lack return path: No full transit at the IXP => tag with NO EXPORT Root server (local anycast node) Peer 1 Peer 2 p/24 p/24 (leak) No return path Root server (local anycast node) Peer 1 Peer 2 p/24 + NO EXPORT p/24 UKNOF 25 18 April 2013

Use Cases – Internet Root Servers Observe two prefixes: p/24 -LVP and p/23 – HVP Blackholing due to lack return path: No full transit at the IXP => tag with NO EXPORT Root server (local anycast node) Peer 1 Peer 2 p/24 p/24 (leak) No return path Problem solved ..? Root server (local anycast node) Peer 1 Peer 2 p/24 + NO EXPORT p/24 UKNOF 25 18 April 2013

Use Cases – Internet Root Server Blackholing due to no announcement *p/24 no_export p/24 p/24 + NO EXPORT ?? Root server (local anycast node) Peer Customer p/24 Transit Provider p/24 Root server (base-camp) UKNOF 25 18 April 2013

Use Cases – Internet Root Server Blackholing due to no announcement p/24 no_export p/23 p/24 + NO EXPORT p/23 Root server (local anycast node) Peer Customer p/24 , p/23 Transit Provider p/24 p/23 Root server (base-camp) UKNOF 25 18 April 2013

Use Cases – Internet Root Server Blackholing due to no announcement p/24 no_export p/23 p/24 + NO EXPORT p/23 Root server (local anycast node) Peer Customer p/24 , p/23 Transit Provider p/24 p/23 Root server (base-camp) UKNOF 25 18 April 2013

Conclusions UKNOF 25 18 April 2013

The BGP Visibility Scanner visibility.it.uc3m.es The paper (GI’13): The BGP Visibility Scanner Questions? andra.lutu@imdea.org marcelo@it.uc3m.es O.M.Maennel@lboro.ac.uk NANOG 57 06/02/2013