Securing BGP Bruce Maggs.

Slides:



Advertisements
Similar presentations
Improving Internet Availability. Some Problems Misconfiguration Miscoordination Efficiency –Market efficiency –Efficiency of end-to-end paths Scalability.
Advertisements

AGORA: A Market for Internet Connectivity Nick Feamster, Georgia Tech Ramesh Johari, Stanford Vijay Vazirani, Georgia Tech.
CS 4251: Computer Networking II Nick Feamster Spring 2008
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
INTERDOMAIN ROUTING POLICY COS 461: Computer Networks Spring 2010 (MW 3:00-4:20 in COS 105) Mike Freedman
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
INTERDOMAIN ROUTING POLICY READING: SECTIONS PLUS OPTIONAL READING COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman.
Interdomain Routing Policy COS 461: Computer Networks Spring 2011 Mike Freedman 1.
Interdomain Routing (Nick Feamster) February 4, 2008.
Computer Networks Layering and Routing Dina Katabi
Interdomain Routing David Andersen Spring 2007 Carnegie Mellon University.
APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Lecture 8 Page 1 Advanced Network Security Review of Networking Basics: Internet Architecture, Routing, and Naming Advanced Network Security Peter Reiher.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.
CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.
TDTS21: Advanced Networking Lecture 7: Internet topology Based on slides from P. Gill and D. Choffnes Revised 2015 by N. Carlsson.
David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)
BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
Vytautas Valancius, Nick Feamster, Akihiro Nakao, and Jennifer Rexford.
Detecting Attacks on Internet Infrastructure and Monitoring of Service Restoration in Real Time Andy Ogielski FCC Workshop on Cyber Security 30 September.
Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.
CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)
Routing in the Inernet Outcomes: –What are routing protocols used for Intra-ASs Routing in the Internet? –The Working Principle of RIP and OSPF –What is.
CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 16 PHILLIPA GILL - STONY BROOK U.
1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
Interdomain Routing Security Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
Border Gateway Protocol (BGP) (Bruce Maggs and Nick Feamster)
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
Inter-domain Routing Outline Border Gateway Protocol.
1 IPv6 Allocation and Policy Update Global IPv6 Summit in China 2007 April 12, 2007 Guangliang Pan.
BGP security some slides borrowed from Jen Rexford (Princeton U)
BGP Validation Russ White Rule11.us.
CS 3700 Networks and Distributed Systems
CS 3700 Networks and Distributed Systems
Auto-Detecting Hijacked Prefixes?
Auto-Detecting Hijacked Prefixes?
Border Gateway Protocol
Forwarding and Routing IP Packets
Interdomain Routing (Nick Feamster).
Interdomain Traffic Engineering with BGP
Addressing 2016 Geoff Huston APNIC.
CSCI-1680 Network Layer: Inter-domain Routing – Policy and Security
Are We There Yet? On RPKI Deployment and Security
Is Your Online Security Intelligent? Internet Performance Management
IPv4 Addresses.
COS 561: Advanced Computer Networks
IP Addresses in 2016 Geoff Huston APNIC.
Some Thoughts on Integrity in Routing
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COMP/ELEC 429/556 Introduction to Computer Networks
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
COS 461: Computer Networks
Securing BGP Bruce Maggs.
Improving global routing security and resilience
Fixing the Internet: Think Locally, Impact Globally
BGP Instability Jennifer Rexford
FIRST How can MANRS actions prevent incidents .
Border Gateway Protocol (BGP)
Amreesh Phokeer Research Manager AfPIF-10, Mauritius
Presentation transcript:

Securing BGP Bruce Maggs

BGP Primer Autonomous System Number 128.2/16 1239 9 Sprint AT&T 1239 144.223/16 AT&T 7018 12/8 Prefix of IP addresses 128.2/16 9 CMU 9 128.2/16 AS Path bmm.pc.cs.cmu.edu 128.2.205.42

BGP Details AS that owns a prefix “originates” an advertisement with only it’s AS number on path. AS advertises only its primary path to a prefix (the one it actually uses) to its neighbors Primary path for an IP address must be chosen from received advertisements with most specific (longest) prefix containing address, e.g., for 128.2.205.42, 128.2.205/24 is preferred over 128.2/16 Advertisement contains entire AS path to prevent cycles Router withdraws the advertisement if the path is no longer available

Problems with BGP Not secure – susceptible to route “hijacking” Routing policy determined primarily by economics, not performance Slow to converge (and not guaranteed) During convergence, endpoints can be disconnected even when valid routes exist

Who owns a prefix? Organizations are granted prefixes of addresses, e.g., 128.2/16, by regional Internet registries ARIN, RIPE NCC, APNIC, AFRINIC, LACNIC Source: http://www.apnic.net/about-APNIC/organization/history-of-apnic/history-of-the-regional-internet-registries Organizations also separately register AS numbers, but no linkage between AS numbers and prefixes.

Route Hijacking Any network can advertise that it knows a path to any prefix! No way to check if the path is legitimate. Highly specific advertisements (e.g., 128.2.205/24) will attract traffic. To mitigate risk, network operators manually create filters to limit what sorts of advertisements they will trust from their peers.

Why Hijack Routes? Steal some IP addresses temporarily, send SPAM until the addresses are blacklisted. Create a sinkhole to divert traffic away from a Web site, making it unavailable. Eavesdrop on traffic but ultimately pass it along.

The AS 7007 Incident On April 25, 1997, AS 7007 (MAI Network Services) leaked its entire routing table to AS 1790 Sprint with all prefixes broken down (probably due to a bug) to /24 with original AS paths stripped off. After MAI turned off their router, Sprint kept advertising the routes! See http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html

The Business Game and Depeering Cooperative competition (brinksmanship) Much more desirable to have your peer’s customers Much nicer to get paid for transit Peering “tiffs” are relatively common 31 Jul 2005: Level 3 Notifies Cogent of intent to disconnect. 16 Aug 2005: Cogent begins massive sales effort and mentions a 15 Sept. expected depeering date. 31 Aug 2005: Level 3 Notifies Cogent again of intent to disconnect (according to Level 3) 5 Oct 2005 9:50 UTC: Level 3 disconnects Cogent. Mass hysteria ensues up to, and including policymakers in Washington, D.C. 7 Oct 2005: Level 3 reconnects Cogent (slide from Nick Feamster) During the “outage”, Level 3 and Cogent’s singly homed customers could not reach each other. (~ 4% of the Internet’s prefixes were isolated from each other)

Depeering Continued Resolution… (slide from Nick Feamster) …but not before an attempt to steal customers! Cogent will offer any Level 3 customer, who is single homed to the Level 3 network on the date of this notice, one year of full Internet transit free of charge at the same bandwidth currently being supplied by Level 3. Cogent will provide this connectivity in over 1,000 locations throughout North America and Europe. As of 5:30 am EDT, October 5th, Level(3) terminated peering with Cogent without cause (as permitted under its peering agreement with Cogent) even though both Cogent and Level(3) remained in full compliance with the previously existing interconnection agreement. Cogent has left the peering circuits open in the hope that Level(3) will change its mind and allow traffic to be exchanged between our networks. We are extending a special offering to single homed Level 3 customers.

Pakistan Telecom v. YouTube Pakistan’s government ordered YouTube blocked to prevent viewing a video showing cartoons about Muhammad February 24, 2008, Pakistan’s state-owned ISP advertised YouTube’s address space 208.65.153.0/24 Route prefix was more specific than the genuine announcement 208.65.153.0/22 Upstream provider  PCCW Global (AS3491) forwarded announcement to rest of Internet Requests for YouTube world wide hijacked!

YouTube Availability Source: http://www.cnet.com/news/how-pakistan-knocked-youtube-offline-and-how-to-make-sure-it-never-happens-again/

China Telecom Incident China Telecom AS 23724 (a data center) normally originates 40 prefixes. April 8, 2010, originated ~37,000 prefixes not assigned to them for 15 minutes. About 10% of these prefixes propagated outside of the Chinese network. Prefixes included cnn.com, dell.com, and many other Web sites. Some traffic was diverted to China, passed through, and then went on to its destination!

Impacted Prefixes Source: http://www.bgpmon.net/chinese-isp-hijacked-10-of-the-internet/

Example Traceroute 1. <our host> 0.785ms # London 2. 195.66.248.229 1.752ms 3. 195.66.225.54 1.371ms 4. 202.97.52.101 399.707ms # China Telecom 5. 202.97.60.6 408.006ms 6. 202.97.53.121 432.204ms 7. 4.71.114.101 323.690ms # Level3 8. 4.68.18.254 357.566ms 9. 4.69.134.221 481.273ms 10. 4.69.132.14 506.159ms 11. 4.69.132.78 463.024ms 12. 4.71.170.78 449.416ms 13. 66.174.98.66 456.970ms # Verizon 14. 66.174.105.24 459.652ms [.. four more Verizon hops ..] 19. 69.83.32.3 508.757ms 20. <last hop> 516.006ms Source: http://research.dyn.com/2010/11/chinas-18-minute-mystery/

Secure BGP Still under development – not supported by routers yet. Aims to prevent Bogus origin AS Bogus AS_PATH (unauthorized insertions and deletions of ASNs in the path) All RIRs (Regional Internet Registries) now offer RPKI (Resource Public Key Infrastructure) services … but no single root of trust, RIRs could (accidentally) conflict

Secure BGP – How will it work? Route Origin Authorization (ROA) certificate authorizes AS to originate an advertisement for a prefix Each AS that adds its ASN to an AS PATH signs the resulting PATH before passing it on further. Eventually, routers may choose not to accept unsigned advertisements.

Caveats An AS may still choose not to route packets along the primary path that it advertises. An AS can still eavesdrop on any traffic that passes through it.