March 22, 2002 Simple Protocols, Complex Behavior (Simple Components, Complex Systems) Lixia Zhang UCLA Computer Science Department.

Slides:



Advertisements
Similar presentations
04/12/2001ecs289k, spring ecs298k: BGP Routing Protocol (2) lecture #4 Dr. S. Felix Wu Computer Science Department University of California, Davis.
Advertisements

Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.
Delayed Internet Routing Convergence due to Flap Dampening Z. Morley Mao Ramesh Govindan, Randy Katz, George Varghese
BGP route propagation between neighboring domains Renata Teixeira Laboratoire LIP6 – CNRS University Pierre et Marie Curie – Paris 6 with Steve Uhlig (Delft.
Internet Routing Instability Craig Labovitz, G. Robert Malan, Farham Jahanian University of Michigan Presented By Krishnanand M Kamath.
Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.
BGP Multiple Origin AS (MOAS) Conflict Analysis Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia.
1 Experimental Study of Internet Stability and Wide-Area Backbone Failure Craig Labovitz, Abha Ahuja Merit Network, Inc Presented by Changchun Zou.
Internet Routing Instability
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
DSN 2003 A Study of Packet Delivery Performance during Routing Convergence Dan Pei, Lan Wang, Lixia Zhang, UCLA Dan Massey, USC/ISI S. Felix Wu, UC Davis.
Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Network Resilience: Exploring Cascading Failures Vishal Misra Columbia University in the City of New York Joint work with Ed Coffman, Zihui Ge and Don.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Improving BGP Convergence Through Consistency Assertions Dan Pei, Lan Wang, Lixia Zhang UCLA Xiaoliang Zhao, Daniel Massey, Allison Mankin, USC/ISI S.
CS Summer 2003 Quiz 1 A1) IGP (IS-IS, OSPF) BGP A2) Stub Transit. because it is adverting AS2’s routes to AS1 and vice versa. A3) Traffic discarded.
10/21/2003DSOM'2003, Heidelberg, Germany1 Visual-based Anomaly Detection for BGP Origin AS Change (OASC) Soon-Tee Teoh 1, Kwan-Liu Ma 1, S. Felix Wu 1,
Internet Routing Instability Labovitz et al. Sigcomm 1997 Largely adopted from Ion Stoica’s slide at UCB.
BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.
Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.
Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),
10/17/2002RAID 2002, Zurich1 ELISHA: A Visual-Based Anomaly Detection System Soon-Tee Teoh, Kwan-Liu Ma S. Felix Wu University of California, Davis Dan.
Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.
02/06/2006ecs236 winter Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
A a secure peering. RIB table dump by attributes in order to save space. References 1. RouteViews, 2. RIPE,
03/19/2001ICMP Traceback Working Group, IETF'50, Minneapolis, MN 1 Intention-Driven iTrace S. Felix “Last Minutes” Wu UC Davis
Root cause analysis of BGP routing dynamics Matt Caesar, Lakshmi Subramanian, Randy H. Katz.
DARPA NMS PI Meeting November 14, 2002 Understanding BGP in Action Dan Massey USC/ISI.
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
Authors Renata Teixeira, Aman Shaikh and Jennifer Rexford(AT&T), Tim Griffin(Intel) Presenter : Farrukh Shahzad.
Advertising Equal Cost Multi-Path Routes in BGP Manav Bhatia Samsung India Software Operations, Bangalore – India July 17, th IETF - Vienna draft-ecmp-routes-in-bgp-00.txt.
Interconnectivity Density Compare number of AS’s to average AS path length A uniform density model would predict an increasing AS Path length (“Radius”)
CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.
Understanding and Limiting BGP Instabilities Zhi-Li Zhang Jaideep Chandrashekar Kuai Xu
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.
BGP topics to be discussed in the next few weeks: –Excessive route update –Routing instability –BGP policy issues –BGP route slow convergence problem –Interaction.
Routing Convergence Dan Massey Colorado State University.
T. S. Eugene Ngeugeneng at cs.rice.edu Rice University1 COMP/ELEC 429/556 Introduction to Computer Networks Inter-domain routing Some slides used with.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6600: Internet Protocols Informal Quiz #08: SOLUTIONS Shivkumar Kalyanaraman: GOOGLE: “Shiv.
By, Matt Guidry Yashas Shankar.  Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.  The withdraws have an effect.
02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
BGP Routing Stability of Popular Destinations Jennifer Rexford, Jia Wang, Zhen Xiao, and Yin Zhang AT&T Labs—Research Florham Park, NJ All flaps are not.
1 Investigating occurrence of duplicate updates in BGP announcements Jong Han Park 1, Dan Jen 1, Mohit Lad 2, Shane Amante 3, Danny McPherson 4, Lixia.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Introducing Confederations.
1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.
BGP Routing Stability of Popular Destinations
Jian Wu (University of Michigan)
Evolution Towards Global Routing Scalability
BGP supplement Abhigyan Sharma.
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
BGP Multiple Origin AS (MOAS) Conflict Analysis
COS 561: Advanced Computer Networks
Identifying problematic inter-domain routing issues
An Analysis of BGP Multiple Origin AS (MOAS) Conflicts
COS 561: Advanced Computer Networks
BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)
Presentation transcript:

March 22, 2002 Simple Protocols, Complex Behavior (Simple Components, Complex Systems) Lixia Zhang UCLA Computer Science Department

l Work under DARPA's "Fault Tolerant Networking" program l Joint research project n UCLA: Lan Wang, Dan Pei n USC/ISI: Dan Massey, Allison Mankin n NCSU: Xiaoliang Zhao n UC Davis: Felix Wu l Data analysis by Lan Wang, Dan Pei, Xiaoliang Zhao

Building a More Resilient Internet l Goal: build against attacks N times worse than 9/11 or Code Red l How: n Identify fundamental pieces in the infrastructure  The current project focusing on the routing infrastructure n Assess how well each of them currently can resist faults/attacks n Build more and stronger fences to protect each l One specific case study n BGP: assessment of how well it stands against network attacks and failures now, what works and what to be improved

BGP Resilience during Code Red Attack l Renesys report, “ Global BGP routing instability during the Code Red attacks ”, showed n the correlation between the large attack traffic spikes due to the attack and BGP routing message spikes on 9/18/01 n evidence of possibly large scale BGP route changes? l Exactly how well or poorly did BGP behave as a routing protocol, and why ? n Is BGP indeed in trouble facing virus attacks? n What insight about the routing protocol design can be inferred from the collected BGP data on 9/18?

Data and Methodology l BGP update messages collected at RIPE NCC from 9/10/01 to 9/30/01 The same data set as collected by Renesys report n 3 US peers: AT&T, Verio, Global Crossing n 8 peers in Europe n 1 in Japan l Methodology n Categorize BGP advertisements n Infer the causes of each class of BGP advertisements

BGP Message Classification (1)

What Our Analysis Shows l A substantial percentage of the BGP messages during the worm attack were not about route changes n BGP initial table exchanges: 40.2% on 9/18/2001 n Duplicate advertisements: 5% on 9/18/2001 l BGP updates that might indicate route changes: n Implicit withdraws: 37.6% on 9/18 l BGP updates that indicate route changes: n New Announcements: 8.8% on 9/18 n Withdraws: 8.3% on 9/18 (roughly the same as during normal days)

What Our Analysis Shows 40.2% A substantial percentage of the BGP messages during the worm attack were not about route changes 37.6% 8.8% 8.3%

A Closer Look at the Changes l (40.2%) BGP table exchanges  BGP session restarts l (37.6%) Implicit withdraws n ~ 25% have unchanged ASPATH attribute  Most of them wouldn’t be propagated by the receiver (e.g. changes in MED attribute)  Possible causes: internal network dynamics n slow convergence n topology change l (~17%) Explicit route announcement and withdraws n Reachability and/or route changes l (~5%) Duplicate announcements

How to Infer the Causes? All the BGP sessions restarted during the worm attack period (total 32 restarts)  Synchronized session restarts on other days too Largely an artifact of the monitoring point  Cern peering with NCC: 550,000 announcements due to session restart  Cern peering with RRC04: 0 BGP Session Restarts  BGP table exchanges (40.2% of total BGP announcements on 9/18)

Implicit Withdraws (37.6% on 9/18) Type 1: same ASPATH as the previous announcement (25%) Type 2: otherwise

Type 1 Implicit Withdraw Two US peers have high percentage of Type 1 Implicit Withdraws.

Type 2 Implicit Withdraw (28.9% on 9/18) l The European peers have more Type 2 Implicit Withdraws than US peers. l Causes: largely slow convergence? n more quantitative analysis coming.

And mostly came from edges AnnouncementsWithdraws PrefixCountPrefixCount / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / /23928 There were indeed certain reachability changes

Evidence:one example of slow convergence 09/18/ :04:23 AS3549 originated prefix /24 09/18/ :04:37 AS1103 announced aspath /18/ :05:10 AS3549 withdrew /24 09/18/ :05:36 AS1103 announced aspath /18/ :06:34 AS1103 announced aspath /18/ :07:02 AS1103 sent withdrawal to /24

About 30% of the total advertisements from AT&T were duplicate Duplicate Advertisements: One extreme Example: AT&T How to Infer the Causes (2)

What Insights Does This Give Us? l BGP as a routing protocol stood well during the worm attack n It also stood up well during other major topological incidents, such as cable cuts, Baltimore tunnel fire, even 9/11 event.

What Insights Does This Give Us (II)? l BGP design needs improvement for unforeseen future faults/attacks n BGP peering must work well not just on good days, but behave well even on rainy days n BGP should keep local changes local in order to be a more resilient global routing protocol n BGP fast convergence solution should be deployed to remove the "amplifier" effect of the slow route convergence under stressful conditions  "Improving BGP Convergence Through Consistency Assertions", D. Pei, et al, INFOCOM 2002 l BGP implementation tradeoffs must be made in view of the system performance as a whole

Other Lessons Learned l What's interesting vs what's the challenge n Be careful of measurement artifacts n Raw data alone does not necessarily tell what is going on, let alone why l Be careful of the distinction between the properties of a protocol and the behavior due to a particular implementation and/or configuration n E.g. high duplicate updates from one service provider, uncontrolled flapping from another l Challenge: Understand the dynamics of what the data means for the protocol in action

What to Carry Away l Large systems: intrinsically complex external behavior l Large systems: potentially large numbers of unexpected events and couplings l Research challenge: building large scale systems that are resilient to unexpected failures

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.