Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

Slides:

Advertisements

Similar presentations

Introduction to IP Routing Geoff Huston. Routing How do packets get from A to B in the Internet? A B Internet.

Advertisements

Multihoming and Multi-path Routing

Network Operations Research Nick Feamster

RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 6: Multiarea OSPF Scaling Networks.

A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡

A Quick and Dirty Guide to BGP attacks Or “How to 0wn the Backbone in your Spare Time”

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

2006 – (Almost another) BGP Year in Review A BRIEF update to the 2005 report 18 October 2006 IAB Routing Workshop Geoff Huston APNIC.

Information-Centric Networks04c-1 Week 4 / Paper 3 A Survey of BGP Security Issues and Solutions –Kevin Butler, Toni Farley, Patrick McDaniel, and Jennifer.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Border Gateway Protocol (BGP). 2 Contents  Internet connectivity and BGP  connectivity services, AS relationships  BGP Basics  BGP sessions, BGP.

Best Practices for ISPs

1 Internet Path Inflation Xenofontas Dimitropoulos.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.

Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Protecting the BGP Routes to Top Level DNS Servers NANOG-25, June 11, 2002 UCLA Lan Wang Dan Pei Lixia Zhang USC/ISI Xiaoliang Zhao Dan Massey Allison.

Economic Incentives in Internet Routing Jennifer Rexford Princeton University

Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research Joint work with Lixin Gao.

Measuring ISP topologies with Rocketfuel Ratul Mahajan Neil Spring David Wetherall University of Washington ACM SIGCOMM 2002.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-3 Debrief.

1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.

Information-Centric Networks07b-1 Week 7 / Paper 2 NIRA: A New Inter-Domain Routing Architecture –Xiaowei Yang, David Clark, Arthur W. Berger –IEEE/ACM.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

TCOM 515 Lecture 6.

Information-Centric Networks04a-1 Week 4 / Paper 1 Open issues in Interdomain Routing: a survey –Marcelo Yannuzzi, Xavier Masip-Bruin, Olivier Bonaventure.

© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking BGP, Flooding, Multicast routing.

Interconnectivity Density Compare number of AS’s to average AS path length A uniform density model would predict an increasing AS Path length (“Radius”)

1 Controlling IP Spoofing via Inter-Domain Packet Filters Zhenhai Duan Department of Computer Science Florida State University.

CS 268: Computer Networking L-3 BGP. 2 Outline BGP ASes, Policies BGP Attributes BGP Path Selection iBGP.

How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)

BCNET Conference April 29, 2009 Andree Toonk BGPmon.net Prefix hijacking! Do you know who's routing your network? Andree Toonk

Addressing Issues David Conrad Internet Software Consortium.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

Detection of Routing Loops and Analysis of Its Causes Sue Moon Dept. of Computer Science KAIST Joint work with Urs Hengartner, Ashwin Sridharan, Richard.

Detecting Attacks on Internet Infrastructure and Monitoring of Service Restoration in Real Time Andy Ogielski FCC Workshop on Cyber Security 30 September.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—3-1 Implementing a Scalable Multiarea Network OSPF- Based Solution Lab 3-5 Debrief.

Information-Centric Networks Section # 4.2: Routing Issues Instructor: George Xylomenos Department: Informatics.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

1 Auto-Detecting Hijacked Prefixes? Routing SIG 7 Sep 2005 APNIC20, Hanoi, Vietnam Geoff Huston.

Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

HLP: A Next Generation Interdomain Routing Protocol Lakshminarayanan Subramanian, Matthew Caesar, Cheng Tien Ee, Mark Handley, Morley Mao, Scott Shenker,

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Forwarding Packets in a Transit AS.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

BGP security some slides borrowed from Jen Rexford (Princeton U)

BGP Validation Russ White Rule11.us.

Connecting an Enterprise Network to an ISP Network

Auto-Detecting Hijacked Prefixes?

Auto-Detecting Hijacked Prefixes?

Goals of soBGP Verify the origin of advertisements

Implementing a Scalable Multiarea Network OSPF-Based Solution

Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.

COS 561: Advanced Computer Networks

Jessica Yu ANS Communication Inc. Feb. 9th, 1998

COS 561: Advanced Computer Networks

Why don’t we have a Secure and Trusted Inter-Domain Routing System?

An Analysis of BGP Multiple Origin AS (MOAS) Conflicts

COS 561: Advanced Computer Networks

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

Improving global routing security and resilience

FIRST How can MANRS actions prevent incidents .

Presentation transcript:

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main point –BGP misconfiguration can disrupt Internet connectivity –How often does it occur? Why does it occur? –Observation from multiple vantage points – prefixes misconfigured each day –Users are affected by very few of them

Information-Centric Networks04b-2 Introduction Focus on two types of misconfiguration –Accidental injection of routes into BGP tables –Accidental export of routes in violation of policy Goals of the study –How often are misconfigurations? –What is their impact on connectivity and load? –Why do they occur? –How can they be reduced? Observation study –23 vantage points during 21 days –Use of simple heuristics to identify errors –Polling of operators to verify causes

Information-Centric Networks04b-3 Misconfiguration Focus on two types of BGP misconfiguration –Origin misconfiguration: erroneous injection in BGP tables Failure to summarize prefixes Announcing someone else’s address space Propagation of private prefixes –Export misconfiguration: advertisement of policy violating routes –There are many other types of misconfiguration These are externally visible and clearly against policy Adverse impacts of misconfiguration –Increase of routing load due to unnecessary updates –Partial or global connectivity disruption –Routing policy violations

Information-Centric Networks04b-4 Methodology Analysis of data from the RouteViews BGP listener –45% of new routes last for less than a day –30% of new routes last for more than 7 days –Inference: misconfigurations last for less than a day Requires verification by operator polling –Result: a lower bound on actual misconfigurations Origin misconfiguration analysis –Examination of new routes (not reappearing ones) Self deaggregation: possible aggregation error Related origin: possible backup route Foreign origin: possible address hijacking –Look for routes that disappear quickly More likely to be an error that was noticed

Information-Centric Networks04b-5 Methodology Export misconfiguration analysis –Paths are normally valley free Up to the core, through the core and down to the destination –We can only infer the AS relationships via BGP tables –Result: a lower bound on actual misconfigurations –Types of misconfiguration Provider->AS->Provider Provider->AS->Peer Peer->AS->Provider Peer->AS->Peer Verification: to operator and connectivity testing – s often bounced due to erroneous data in registries –Test reachability of suspect AS’s from multiple vantage points

Information-Centric Networks04b-6 Results Origin misconfiguration –Short lived routes were clustered into incidents Sets of prefixes from the same AS that appear/disappear together –Up to 72% of new routes seen in a day are misconfigurations Extrapolation from the answers for incidents Connectivity tests matched well with responses –13% of the incidents impact connectivity Some of the connectivity problems were not noticed by operators! Extrapolation: 25 incidents per day disrupt connectivity –50% of misconfigurations last less than 10 minutes 80% less than an hour, 90% less than 10 hours Connectivity disruptions are fixed sooner

Information-Centric Networks04b-7 Results Export misconfiguration –Segments with policy violations were clustered into incidents –Most incidents do not affect connectivity, only load –Provider->AS->Provider is the most common violation Followed by Provider->AS->Peer –Impact on load is normally low But it can even double load in some incidents

Information-Centric Networks04b-8 Causes Classification of human errors –Slips: errors in executing a correct plan –Mistakes: correct execution of an erroneous plan Origin misconfigurations –Mistakes Initialization bugs: bug in a specific vendor’s product Reliance on upstream filtering: response to attacks of load balancing Old configuration: unsaved changes or backup routers –Slips Redistribution: of internal routes Community: incorrect scoping of routes Hijack: of addresses prefixes (attack or typing error) Forgotten filter: error in filtering Incorrect summary: larger or smaller address blocks

Information-Centric Networks04b-9 Causes Export misconfigurations –Mistakes Prefix based configuration: a backup path leads to transit violations Old configuration: as in origin misconfigurations Initialization bug: as in origin misconfigurations –Slips Bad ACL or route map: obvious Typo: obvious Forgotten filter: as in origin misconfigurations Community: as in origin misconfigurations

Information-Centric Networks04b-10 Discussion What can we do to reduce misconfigurations? User interface design –Many CLIs are problematic and should be improved –Often operators do not really understand the CLI High-level languages and checking –Router configuration is a very low level task –At least high level configuration checking would be good Database consistency and replication –Registries are very outdated, leading to errors Protocol extensions –Secure BGP guards against hijacks –Better error reporting would reveal many other errors