02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.

Slides:

Advertisements

Similar presentations

Delayed Internet Routing Convergence due to Flap Dampening Z. Morley Mao Ramesh Govindan, Randy Katz, George Varghese

Advertisements

Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment The 2nd International Workshop on Security in Distributed Computing Systems,

Advanced Computer Networks cs538, Fall UIUC Klara Nahrstedt Lecture 7, September 16, 2014 Based on M. Caesar, J. Rexford, “BGP Routing Policies.

Advanced Networks 1. Delayed Internet Routing Convergence 2. The Impact of Internet Policy and Topology on Delayed Routing Convergence.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Improving BGP Convergence Through Consistency Assertions Dan Pei, Lan Wang, Lixia Zhang UCLA Xiaoliang Zhao, Daniel Massey, Allison Mankin, USC/ISI S.

1 Policy-Based Path-Vector Routing Reading: Sections COS 461: Computer Networks Spring 2006 (MW 1:30-2:50 in Friend 109) Jennifer Rexford Teaching.

BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

10/17/2002RAID 2002, Zurich1 ELISHA: A Visual-Based Anomaly Detection System Soon-Tee Teoh, Kwan-Liu Ma S. Felix Wu University of California, Davis Dan.

02/06/2006ecs236 winter Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.

1 Interdomain Routing Policy Reading: Sections plus optional reading COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-3 Debrief.

OSPF To route, a router needs to do the following: Know the destination address Identify the sources it can learn from Discover possible.

Computer Networks Layering and Routing Dina Katabi

1 © 2000, Cisco Systems, Inc. Session # Presentation_ID Border Gateway Protocol.

EQ-BGP: an efficient interdomain QoS routing protocol Andrzej Bęben Institute of Telecommunications Warsaw University of Technology,

Information-Centric Networks04a-1 Week 4 / Paper 1 Open issues in Interdomain Routing: a survey –Marcelo Yannuzzi, Xavier Masip-Bruin, Olivier Bonaventure.

Feldmann Ne X tworking’03 June 23-25,2003, Chania, Crete, Greece The First COST-IST(EU)-NSF(USA) Workshop on EXCHANGES & TRENDS IN N ETWORKING 1 Networking:

Inter-domain Routing Simulation by SSFNet Wang Lijun Tsinghua University Jul 3, 2006.

Interior Gateway Protocol. Introduction An IGP (Interior Gateway Protocol) is a protocol for exchanging routing information between gateways (hosts with.

1 GIRO: Geographically Informed Inter-domain Routing Ricardo Oliveira, Mohit Lad, Beichuan Zhang, Lixia Zhang.

Lecture 4: BGP Presentations Lab information H/W update.

Chapter 9. Implementing Scalability Features in Your Internetwork.

6.829 BGP Recitation Rob Beverly September 29, 2006.

A Case Study in Understanding OSPFv2 and BGP4 Interactions Using Efficient Experiment Design David Bauer†, Murat Yuksel‡, Christopher Carothers† and Shivkumar.

SEP: Sensibility analysis of BGP convergence and scalability using network simulation Sensibility analysis of BGP convergence and scalability using network.

BGP routing table entry for /16, version Paths: (4 available, best #1) Advertised to peer-groups: AS4544-AGG-CUSTOMER-FULL

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

By, Matt Guidry Yashas Shankar.  Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.  The withdraws have an effect.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Introduction to Dynamic Routing Protocol Routing Protocols and Concepts.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-5 Debrief.

© 2002, Cisco Systems, Inc. All rights reserved..

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Prefix Origin Validation State Extended Community draft-pmohapat-sidr-origin-validation-signaling-00.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.

Michael Schapira, Princeton University Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks

1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.

Working at a Small-to-Medium Business or ISP – Chapter 6

Connecting an Enterprise Network to an ISP Network

Implementing Cisco IP Routing (ROUTE) v1.0

Boarder Gateway Protocol (BGP)

BGP 1. BGP Overview 2. Multihoming 3. Configuring BGP.

Border Gateway Protocol

COS 561: Advanced Computer Networks

BGP supplement Abhigyan Sharma.

Lixin Gao ECE Dept. UMASS, Amherst

BGP Overview BGP concepts and operation.

Cours BGP-MPLS-IPV6-QOS

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

An Analysis of BGP Multiple Origin AS (MOAS) Conflicts

Working at a Small-to-Medium Business or ISP – Chapter 6

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

Routing Experiments Chen-Nee Chuah, Sonia Fahmy, Denys Ma,

BGP Instability Jennifer Rexford

Presentation transcript:

02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security Technology (EMIST) USC Information Sciences Institute  University of California, Berkeley  University of California, Davis  Penn State University Purdue University  International Computer Science Institute  Stanford Research Institute (SRI)  Network Associates  SPARTA

02/01/2006USC/ISI2 Research Objectives Realistic Internet routing experiments on Dynamics (i.e., faults, failures, & attacks) with configurable parameters Study, analyze, evaluate, & validate hypothesis/principles related to Internet routing and its security

02/01/2006USC/ISI3 Problems in Understanding the Problems Inter-Domain Routing is very hard and complex to understand…

02/01/2006USC/ISI4 The “Internet” as February 1, Autonomous Systems IP Address Prefixes announced

02/01/2006USC/ISI5 Problems in Understanding the Problems Inter-Domain Routing is very hard and complex to understand… It is really not just scalability though… –Policy/configuration –Implementation

02/01/2006USC/ISI6 Simulation versus Emulation Simulation  large-scale but might abstracting away low level characteristics. Emulation  experimenting realistic implementations and observing the “unexpected” –Implementation differences –Analyzing/interpreting the interactions –May help in accomplishing better simulation tasks in BGP.

02/01/2006USC/ISI7 Interactions/Dynamics Failures/faults/attacks Mobility/configuration/policy changes Cross-layer interactions EGP versus IGP

02/01/2006USC/ISI8 Problems in Understanding the Problems Inter-Domain Routing is very hard and complex to understand… It is really not just scalability though… –Policy/configuration –Implementation And, industry is introducing new BGP features..

02/01/2006USC/ISI9 Route Flap Damping (RFC 2439)

02/01/2006USC/ISI10 Differential Damping Penalty CISCO AS65001 CISCO 2600 AS65002 Zebra/Linux AS65006 IBM 2210 AS65003 IBM 2210 AS65004 CISCO 2514 AS65005

02/01/2006USC/ISI11 Penalty: 0 Penalty 1: 0 Penalty 2: 0 Prefix: /16

02/01/2006USC/ISI12 Penalty: ??? Penalty 1: 1000 Penalty 2: 1000 Prefix: /16

02/01/2006USC/ISI13 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Prefix: /16 artificial delay X initial difference

02/01/2006USC/ISI14 Penalty: /+ X > 750 Penalty 1: 1000 Penalty 2: /x < 2000 Prefix: /16

02/01/2006USC/ISI15 Outbound Route Filter (ORF) Internet draft, under implementation in Cisco “ defines a BGP-based mechanism that allows a BGP speaker to send to its BGP peer a set of Outbound Route Filters (ORFs). The peer would then apply these filters, in addition to its locally configured outbound filters (if any), to constrain/filter its outbound routing updates to the speaker. ” If the peer damps a path, sends ORF to the downstream peer. So, the peer won’t receive further updates until the path is reused.

02/01/2006USC/ISI16 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Prefix: /16 ORF

02/01/2006USC/ISI17 A Little Dampening Story SSFNetZebraCisco per prefix + per peerper prefix + per peer + per AS path

02/01/2006USC/ISI18 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Withdraw /16

02/01/2006USC/ISI19 SSFNet Simulator “Bugs” Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Withdraw /16 Missing!!

02/01/2006USC/ISI20 SSFNET SSFNET + WD CISCO

02/01/2006USC/ISI21 SSFNET SSFNET + WD CISCO

02/01/2006USC/ISI22 ICDCS’2005 Best Paper Award SSFNET SSFNET + WD CISCO

02/01/2006USC/ISI23 Problems or Issues Damping implementation MRAI timer The Single Router AS Assumption Route Withdraw ORF

02/01/2006USC/ISI24 Collecting the Results in 2005 show IP BGP … selected prefixes per router per 1 second 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours KB) updates -- MRT

02/01/2006USC/ISI25 AS-101 AS-112 AS-117 AS-114 AS-113 AS-121

02/01/2006USC/ISI26 AS 101 Multi homing ===================================================== Wed Sep 28 02:26:00 PDT 2005 ===================================================== Paths: (3 available, best #3, table Default-IP-Routing-Table) Advertised to non peer-group peers: from ( ) Origin IGP, localpref 100, valid, external Last update: Wed Sep 28 02:13: from ( ) Origin IGP, localpref 100, valid, external Dampinfo: penalty 543, flapped 1 times in 00:13:05 Last update: Wed Sep 28 02:25: from ( ) Origin IGP, localpref 100, valid, external, best Last update: Wed Sep 28 02:13:

02/01/2006USC/ISI AS-117 announced AS-121 withdrawn OASC

02/01/2006USC/ISI28 Creation and Evolution of BGP modeling SSFNet: Current Understand of The BGP Model DETER All BGP information are available Conflicts  Anomalies

02/01/2006USC/ISI29 Observation Point Data ORV/RIPE –Relatively incomplete in understanding the behavior

02/01/2006USC/ISI30 On Explaining and Model-Building the ModelAnomaly Detection Anomaly Analysis and Explanation

02/01/2006USC/ISI31 Creation and BGP model What are the event ? –Event  changes in BGP table Cause by : –OP Configuration –BGP peers –Other means, OSPF redistribute route –Event results BGP update messages How are the event related ?

02/01/2006USC/ISI32 BGP Behavior BGP Update Redistribute Policy / local pref Y N Operator OSPF Done Update

02/01/2006USC/ISI33 Mapping TIME 2D AS Topology via project to Z=0 Announce Withdraw Time 60 Time 30 Time 0

02/01/2006USC/ISI34 BGP Events: Causality and Correlation Causality Relationship among each individual BGP event (across different routers/ASes) –Critical to simply understand/correlate BGP behavior –Discovery new types of relationships (or filter/correct false causality in experiments) –Important for generating/replaying realistic BGP events Using emulation to verify the causality –Maybe also with commercial routers (e.g., Juniper)

02/01/2006USC/ISI35 Plan for the June 2006 Demo One “very interesting” defense tested.. –in a stealthy mode… Event correlation “realistic” and “comprehensive” BGP model –Many interesting examples and comparisons Still in development (not sure yet) –Using the model to examine real BGP data –What patterns should we expect from the observation points?