Routing Experiments Chen-Nee Chuah, Sonia Fahmy, Denys Ma,

Slides:



Advertisements
Similar presentations
Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment The 2nd International Workshop on Security in Distributed Computing Systems,
Advertisements

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
CISCO NETWORKING ACADEMY Chabot College ELEC Routed and Routing Protocols.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts – Chapter.
1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
10/21/2003DSOM'2003, Heidelberg, Germany1 Visual-based Anomaly Detection for BGP Origin AS Change (OASC) Soon-Tee Teoh 1, Kwan-Liu Ma 1, S. Felix Wu 1,
More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.
10/17/2002RAID 2002, Zurich1 ELISHA: A Visual-Based Anomaly Detection System Soon-Tee Teoh, Kwan-Liu Ma S. Felix Wu University of California, Davis Dan.
Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.
02/06/2006ecs236 winter Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.
RD-CSY /09 Distance Vector Routing Protocols.
March 22, 2002 Simple Protocols, Complex Behavior (Simple Components, Complex Systems) Lixia Zhang UCLA Computer Science Department.
1 Sonia Fahmy Ness Shroff Students: Roman Chertov Rupak Sanjel Center for Education and Research in Information Assurance and Security (CERIAS) Purdue.
Chapter 27 Q and A Victor Norman IS333 Spring 2015.
Lecture Week 3 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.
1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen
Fundamentals of Networking Discovery 2, Chapter 6 Routing.
OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.
Dynamic Routing Protocols  Function(s) of Dynamic Routing Protocols: – Dynamically share information between routers (Discover remote networks). – Automatically.
Information-Centric Networks04a-1 Week 4 / Paper 1 Open issues in Interdomain Routing: a survey –Marcelo Yannuzzi, Xavier Masip-Bruin, Olivier Bonaventure.
Routing and Routing Protocols Routing Protocols Overview.
IP is a Network Layer Protocol Physical 1 Network DataLink 1 Transport Application Session Presentation Network Physical 1 DataLink 1 Physical 2 DataLink.
Introduction to Dynamic Routing Protocol
Chapter 9. Implementing Scalability Features in Your Internetwork.
SEP: Sensibility analysis of BGP convergence and scalability using network simulation Sensibility analysis of BGP convergence and scalability using network.
BGP routing table entry for /16, version Paths: (4 available, best #1) Advertised to peer-groups: AS4544-AGG-CUSTOMER-FULL
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.
Inter-Domain Routing Trends Geoff Huston APNIC March 2007.
Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.
On Understanding of Transient Interdomain Routing Failures Feng Wang, Lixin Gao, Jia Wang, and Jian Qiu Department of Electrical and Computer Engineering.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 06_a Routing Protocols: RIP, OSPF, BGP Instructor: Dr. Li-Chuan Chen Date: 10/06/2003 Based in part upon.
By, Matt Guidry Yashas Shankar.  Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.  The withdraws have an effect.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.
Distance Vector Routing Protocols Dynamic Routing.
02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.
Eliminating Packet Loss Caused by BGP Convergence Nate Kushman Srikanth Kandula, Dina Katabi, and Bruce Maggs.
IP Routing Principles. Network-Layer Protocol Operations Each router provides network layer (routing) services X Y A B C Application Presentation Session.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Prefix Origin Validation State Extended Community draft-pmohapat-sidr-origin-validation-signaling-00.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—7-1 Optimizing BGP Scalability Using BGP Route Dampening.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
BGP Basics BGP uses TCP (port 179) BGP Established unicast-based connection to each of its BGP- speaking peers. BGP allowing the TCP layer to handle such.
Lec4: Introduction to Dynamic Routing Protocol
Introduction to Dynamic Routing Protocol
Working at a Small-to-Medium Business or ISP – Chapter 6
CS 3700 Networks and Distributed Systems
Connecting an Enterprise Network to an ISP Network
Boarder Gateway Protocol (BGP)
CS 3700 Networks and Distributed Systems
Jian Wu (University of Michigan)
Measuring BGP Geoff Huston.
BGP supplement Abhigyan Sharma.
Introduction to Dynamic Routing Protocol
Juniper Networks IPv6 Implementation
شبکه هاي کامپيوتري فصل پنجم: لايه شبکه (NetworkLayer)
Cours BGP-MPLS-IPV6-QOS
Introduction to Dynamic Routing Protocol
Dynamic Routing and OSPF
BGP Multiple Origin AS (MOAS) Conflict Analysis
An Analysis of BGP Multiple Origin AS (MOAS) Conflicts
Working at a Small-to-Medium Business or ISP – Chapter 6
2005 – A BGP Year in Review February 2006 Geoff Huston
Computer Networks Protocols
Presentation transcript:

Routing Experiments Chen-Nee Chuah, Sonia Fahmy, Denys Ma, Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security Technology (EMIST) USC Information Sciences Institute  University of California, Berkeley  University of California, Davis  Penn State University Purdue University  International Computer Science Institute  Stanford Research Institute (SRI)  Network Associates  SPARTA Routing Experiments Chen-Nee Chuah, Sonia Fahmy, Denys Ma, Patrick McDaniel, Sandy Murphy, Soon-Tee Teoh, Shih-Ming Tseng, S. Felix Wu, Fan Zhao, Ke Zhang 09/28/2005 Newport Beach, California

Newport Beach, California Research Objectives Realistic Internet routing experiments with configurable parameters Study, analyze, evaluate, & validate hypothesis/principles related to Internet routing and its security 09/28/2005 Newport Beach, California

The “Internet” as September 26, 2005 http://bgp.potaroo.net/cidr/ 20464 Autonomous Systems ??? BGP Routers 167138 IP Address Prefixes announced 09/28/2005 Newport Beach, California

Simulation versus Emulation Simulation  large-scale but might abstracting away low level characteristics. Emulation  experimenting realistic implementations and observing the “unexpected” Implementation differences Analyzing/interpreting the interactions May help in accomplishing better simulation tasks in BGP. 09/28/2005 Newport Beach, California

A Little Dampening Story SSFNet Zebra Cisco per prefix + per peer per prefix + per peer + per AS path 09/28/2005 Newport Beach, California

MRAI Timer Minimum Route Advertisement Interval Default: 30 seconds  convergence Adaptive MRAI timer (RPI, Globecom’04) 30 seconds  5 seconds  0 seconds 09/28/2005 Newport Beach, California

Interactions/Dynamics Failures/faults/attacks Mobility/configuration/policy changes Cross-layer interactions EGP versus IGP 09/28/2005 Newport Beach, California

Routing Experiments on DETER in 2005 BGP + P2P BGP + OSPF BGP + intention-driven iTrace + DDoS BGP + Network Mobility + OASC We have enjoyed very much many very frustrating and then exciting moments. 09/28/2005 Newport Beach, California

Newport Beach, California 09/28/2005 Newport Beach, California

Newport Beach, California AS-117 AS-112 AS-121 AS-113 AS-101 AS-114 09/28/2005 Newport Beach, California

Collecting the Results in 2004 show IP BGP … 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours -- 168KB) ~29 MB uncompressed routing table snapshot per router per 3 minutes 09/28/2005 Newport Beach, California

Collecting the Results in 2005 show IP BGP … updates -- MRT 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours -- 168KB) selected prefixes per router per 1 second 09/28/2005 Newport Beach, California

Newport Beach, California AS-117 AS-112 AS-121 AS-113 AS-101 AS-114 09/28/2005 Newport Beach, California

Newport Beach, California AS-117 AS-121 AS-112 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California

Newport Beach, California AS-117 122.0.0.0/8 AS-112 AS-121 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California

Newport Beach, California AS-117 122.0.0.0/8 mobility AS-112 AS-121 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California

Newport Beach, California AS-117 122.0.0.0/8 mobility AS-112 AS-121 AS-113 AS-114 AS-101 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 122.0.0.0/8 09/28/2005 Newport Beach, California

Newport Beach, California AS-121  AS-117 Very comment in Internet operations One Transition of 122.0.0.0/8 AS-121  withdraw Tw AS-117  announce Ta Tw  Ta prefix unreachable Ta  Tw multi-homing, OASC convergence and instability multiple instances in a short period of time 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 Routing dynamics occurred! 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 AS-117 announced AS-121 withdrawn OASC 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 AS-117 announced AS-121 withdrawn OASC 09/28/2005 Newport Beach, California

Newport Beach, California AS 101 Multi homing ===================================================== Wed Sep 28 02:26:00 PDT 2005 =====================================================   Paths: (3 available, best #3, table Default-IP-Routing-Table)   Advertised to non peer-group peers:   101.0.0.1 101.0.0.2 112.0.0.2 114.0.0.2   114 113 121     114.0.0.2 from 114.0.0.2 (114.0.0.2)       Origin IGP, localpref 100, valid, external       Last update: Wed Sep 28 02:13:28 2005   112 117     112.0.0.2 from 112.0.0.2 (112.0.0.2)       Origin IGP, localpref 100, valid, external       Dampinfo: penalty 543, flapped 1 times in 00:13:05       Last update: Wed Sep 28 02:25:39 2005   113 121     113.0.0.2 from 113.0.0.2 (113.0.0.2)       Origin IGP, localpref 100, valid, external, best       Last update: Wed Sep 28 02:13:11 2005 09/28/2005 Newport Beach, California

Newport Beach, California AS 101 Multi homing ===================================================== Wed Sep 28 02:26:00 PDT 2005 =====================================================   Paths: (3 available, best #3, table Default-IP-Routing-Table)   Advertised to non peer-group peers:   101.0.0.1 101.0.0.2 112.0.0.2 114.0.0.2   114 113 121     114.0.0.2 from 114.0.0.2 (114.0.0.2)       Origin IGP, localpref 100, valid, external       Last update: Wed Sep 28 02:13:28 2005   112 117     112.0.0.2 from 112.0.0.2 (112.0.0.2)       Origin IGP, localpref 100, valid, external       Dampinfo: penalty 543, flapped 1 times in 00:13:05       Last update: Wed Sep 28 02:25:39 2005   113 121      113.0.0.2 from 113.0.0.2 (113.0.0.2)       Origin IGP, localpref 100, valid, external, best       Last update: Wed Sep 28 02:13:11 2005 09/28/2005 Newport Beach, California

Newport Beach, California AS 113 only one available route ===================================================== Wed Sep 28 02:26:00 PDT 2005 =====================================================   Paths: (3 available, best #1, table Default-IP-Routing-Table)   Advertised to non peer-group peers:   113.0.0.1 115.0.0.1 123.0.0.2   121     121.0.0.2 from 121.0.0.2 (121.0.0.2)       Origin IGP, metric 0, localpref 100, valid, external, best       Last update: Wed Sep 28 02:12:49 2005   114 101 112 117, (history entry)     115.0.0.1 from 115.0.0.1 (114.0.0.2)       Origin IGP, localpref 100, external       Dampinfo: penalty 545, flapped 1 times in 00:13:02       Last update: Wed Sep 28 02:04:16 2005   101 112 117, (history entry)     113.0.0.1 from 113.0.0.1 (101.0.0.3)       Origin IGP, localpref 100, external       Dampinfo: penalty 545, flapped 1 times in 00:13:02       Last update: Wed Sep 28 02:04:13 2005 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 AS-121 withdrawn AS-117 announced AS-121 withdrawn AS-117 withdrawn OASC 09/28/2005 Newport Beach, California

Newport Beach, California 117 112 101 113 121 114 AS-117 announced AS-117 withdrawn 09/28/2005 Newport Beach, California

Newport Beach, California AS 112 got the best route from AS101 ===================================================== Wed Sep 28 02:26:00 PDT 2005 =====================================================   Paths: (2 available, best #1, table Default-IP-Routing-Table)   Advertised to non peer-group peers:   112.0.0.1 119.0.0.2   117     117.0.0.2 from 117.0.0.2 (117.0.0.2)       Origin IGP, metric 0, localpref 100, valid, external, best       Last update: Wed Sep 28 02:25:25 2005   101 113 121     112.0.0.1 from 112.0.0.1 (101.0.0.3)       Origin IGP, localpref 100, valid, external       Last update: Wed Sep 28 02:13:39 2005 ================================================= 09/28/2005 Newport Beach, California

Newport Beach, California Intensive Mobility 09/28/2005 Newport Beach, California

Newport Beach, California Intensive Mobility 09/28/2005 Newport Beach, California

BGP Events: Causality and Correlation Causality Relationship among each individual BGP event (across different routers/ASes) Critical to simply understand/correlate BGP behavior Discovery new types of relationships (or filter/correct false causality in experiments) Important for generating/replaying realistic BGP events Using emulation to verify the causality Maybe also with commercial routers (e.g., Juniper) 09/28/2005 Newport Beach, California

Intention-Driven iTrace on BGP using BGP as a global signaling mechanism 09/28/2005 Newport Beach, California

Intention-Driven iTrace on BGP 09/28/2005 Newport Beach, California

BGP Routing Update Visualization 09/28/2005 Newport Beach, California

Newport Beach, California Per-RT-Snapshot OASC 09/28/2005 Newport Beach, California

Newport Beach, California Per-Update OASC 09/28/2005 Newport Beach, California

Newport Beach, California Experience Designing/running experiments on DETER is a relatively productive process. 1~2 weeks Explaining the “events” has been really fun for us Lots of anomalies due to different root causes DETER offers a nice platform to replay for the purpose of investigation A challenging issue  link with Route View and other PREDICT data 09/28/2005 Newport Beach, California

Newport Beach, California Acknowledgements Thank the DETER operational team, even on Saturday when we were crying!! Thank the EMIST Routing colleagues at: 09/28/2005 Newport Beach, California