Routing Experiments Chen-Nee Chuah, Sonia Fahmy, Denys Ma, Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security Technology (EMIST) USC Information Sciences Institute University of California, Berkeley University of California, Davis Penn State University Purdue University International Computer Science Institute Stanford Research Institute (SRI) Network Associates SPARTA Routing Experiments Chen-Nee Chuah, Sonia Fahmy, Denys Ma, Patrick McDaniel, Sandy Murphy, Soon-Tee Teoh, Shih-Ming Tseng, S. Felix Wu, Fan Zhao, Ke Zhang 09/28/2005 Newport Beach, California
Newport Beach, California Research Objectives Realistic Internet routing experiments with configurable parameters Study, analyze, evaluate, & validate hypothesis/principles related to Internet routing and its security 09/28/2005 Newport Beach, California
The “Internet” as September 26, 2005 http://bgp.potaroo.net/cidr/ 20464 Autonomous Systems ??? BGP Routers 167138 IP Address Prefixes announced 09/28/2005 Newport Beach, California
Simulation versus Emulation Simulation large-scale but might abstracting away low level characteristics. Emulation experimenting realistic implementations and observing the “unexpected” Implementation differences Analyzing/interpreting the interactions May help in accomplishing better simulation tasks in BGP. 09/28/2005 Newport Beach, California
A Little Dampening Story SSFNet Zebra Cisco per prefix + per peer per prefix + per peer + per AS path 09/28/2005 Newport Beach, California
MRAI Timer Minimum Route Advertisement Interval Default: 30 seconds convergence Adaptive MRAI timer (RPI, Globecom’04) 30 seconds 5 seconds 0 seconds 09/28/2005 Newport Beach, California
Interactions/Dynamics Failures/faults/attacks Mobility/configuration/policy changes Cross-layer interactions EGP versus IGP 09/28/2005 Newport Beach, California
Routing Experiments on DETER in 2005 BGP + P2P BGP + OSPF BGP + intention-driven iTrace + DDoS BGP + Network Mobility + OASC We have enjoyed very much many very frustrating and then exciting moments. 09/28/2005 Newport Beach, California
Newport Beach, California 09/28/2005 Newport Beach, California
Newport Beach, California AS-117 AS-112 AS-121 AS-113 AS-101 AS-114 09/28/2005 Newport Beach, California
Collecting the Results in 2004 show IP BGP … 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours -- 168KB) ~29 MB uncompressed routing table snapshot per router per 3 minutes 09/28/2005 Newport Beach, California
Collecting the Results in 2005 show IP BGP … updates -- MRT 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours -- 168KB) selected prefixes per router per 1 second 09/28/2005 Newport Beach, California
Newport Beach, California AS-117 AS-112 AS-121 AS-113 AS-101 AS-114 09/28/2005 Newport Beach, California
Newport Beach, California AS-117 AS-121 AS-112 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California
Newport Beach, California AS-117 122.0.0.0/8 AS-112 AS-121 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California
Newport Beach, California AS-117 122.0.0.0/8 mobility AS-112 AS-121 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California
Newport Beach, California AS-117 122.0.0.0/8 mobility AS-112 AS-121 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 122.0.0.0/8 09/28/2005 Newport Beach, California
Newport Beach, California AS-121 AS-117 Very comment in Internet operations One Transition of 122.0.0.0/8 AS-121 withdraw Tw AS-117 announce Ta Tw Ta prefix unreachable Ta Tw multi-homing, OASC convergence and instability multiple instances in a short period of time 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 Routing dynamics occurred! 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 AS-117 announced AS-121 withdrawn OASC 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 AS-117 announced AS-121 withdrawn OASC 09/28/2005 Newport Beach, California
Newport Beach, California AS 101 Multi homing ===================================================== Wed Sep 28 02:26:00 PDT 2005 ===================================================== Paths: (3 available, best #3, table Default-IP-Routing-Table) Advertised to non peer-group peers: 101.0.0.1 101.0.0.2 112.0.0.2 114.0.0.2 114 113 121 114.0.0.2 from 114.0.0.2 (114.0.0.2) Origin IGP, localpref 100, valid, external Last update: Wed Sep 28 02:13:28 2005 112 117 112.0.0.2 from 112.0.0.2 (112.0.0.2) Origin IGP, localpref 100, valid, external Dampinfo: penalty 543, flapped 1 times in 00:13:05 Last update: Wed Sep 28 02:25:39 2005 113 121 113.0.0.2 from 113.0.0.2 (113.0.0.2) Origin IGP, localpref 100, valid, external, best Last update: Wed Sep 28 02:13:11 2005 09/28/2005 Newport Beach, California
Newport Beach, California AS 101 Multi homing ===================================================== Wed Sep 28 02:26:00 PDT 2005 ===================================================== Paths: (3 available, best #3, table Default-IP-Routing-Table) Advertised to non peer-group peers: 101.0.0.1 101.0.0.2 112.0.0.2 114.0.0.2 114 113 121 114.0.0.2 from 114.0.0.2 (114.0.0.2) Origin IGP, localpref 100, valid, external Last update: Wed Sep 28 02:13:28 2005 112 117 112.0.0.2 from 112.0.0.2 (112.0.0.2) Origin IGP, localpref 100, valid, external Dampinfo: penalty 543, flapped 1 times in 00:13:05 Last update: Wed Sep 28 02:25:39 2005 113 121 113.0.0.2 from 113.0.0.2 (113.0.0.2) Origin IGP, localpref 100, valid, external, best Last update: Wed Sep 28 02:13:11 2005 09/28/2005 Newport Beach, California
Newport Beach, California AS 113 only one available route ===================================================== Wed Sep 28 02:26:00 PDT 2005 ===================================================== Paths: (3 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 113.0.0.1 115.0.0.1 123.0.0.2 121 121.0.0.2 from 121.0.0.2 (121.0.0.2) Origin IGP, metric 0, localpref 100, valid, external, best Last update: Wed Sep 28 02:12:49 2005 114 101 112 117, (history entry) 115.0.0.1 from 115.0.0.1 (114.0.0.2) Origin IGP, localpref 100, external Dampinfo: penalty 545, flapped 1 times in 00:13:02 Last update: Wed Sep 28 02:04:16 2005 101 112 117, (history entry) 113.0.0.1 from 113.0.0.1 (101.0.0.3) Origin IGP, localpref 100, external Dampinfo: penalty 545, flapped 1 times in 00:13:02 Last update: Wed Sep 28 02:04:13 2005 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 AS-121 withdrawn AS-117 announced AS-121 withdrawn AS-117 withdrawn OASC 09/28/2005 Newport Beach, California
Newport Beach, California 117 112 101 113 121 114 AS-117 announced AS-117 withdrawn 09/28/2005 Newport Beach, California
Newport Beach, California AS 112 got the best route from AS101 ===================================================== Wed Sep 28 02:26:00 PDT 2005 ===================================================== Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to non peer-group peers: 112.0.0.1 119.0.0.2 117 117.0.0.2 from 117.0.0.2 (117.0.0.2) Origin IGP, metric 0, localpref 100, valid, external, best Last update: Wed Sep 28 02:25:25 2005 101 113 121 112.0.0.1 from 112.0.0.1 (101.0.0.3) Origin IGP, localpref 100, valid, external Last update: Wed Sep 28 02:13:39 2005 ================================================= 09/28/2005 Newport Beach, California
Newport Beach, California Intensive Mobility 09/28/2005 Newport Beach, California
Newport Beach, California Intensive Mobility 09/28/2005 Newport Beach, California
BGP Events: Causality and Correlation Causality Relationship among each individual BGP event (across different routers/ASes) Critical to simply understand/correlate BGP behavior Discovery new types of relationships (or filter/correct false causality in experiments) Important for generating/replaying realistic BGP events Using emulation to verify the causality Maybe also with commercial routers (e.g., Juniper) 09/28/2005 Newport Beach, California
Intention-Driven iTrace on BGP using BGP as a global signaling mechanism 09/28/2005 Newport Beach, California
Intention-Driven iTrace on BGP 09/28/2005 Newport Beach, California
BGP Routing Update Visualization 09/28/2005 Newport Beach, California
Newport Beach, California Per-RT-Snapshot OASC 09/28/2005 Newport Beach, California
Newport Beach, California Per-Update OASC 09/28/2005 Newport Beach, California
Newport Beach, California Experience Designing/running experiments on DETER is a relatively productive process. 1~2 weeks Explaining the “events” has been really fun for us Lots of anomalies due to different root causes DETER offers a nice platform to replay for the purpose of investigation A challenging issue link with Route View and other PREDICT data 09/28/2005 Newport Beach, California
Newport Beach, California Acknowledgements Thank the DETER operational team, even on Saturday when we were crying!! Thank the EMIST Routing colleagues at: 09/28/2005 Newport Beach, California