1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005

ECE Internetwork Security 2 Agenda BGP Overview Security Issues of BGP Proposed Security Solutions for BGP Introduction to the Lab

ECE Internetwork Security 3 BGP Overview Border Gateway Protocol (BGP)  Provides inter-domain routing between Autonomous Systems (ASes)  BGP Neighbors exchange Reachability information by using Route Advertisements  Uses Path Vector Routing to prevent loops – Route Advertisements include the AS-Path – BGP routers will not forward a received advertisement if their AS number is in the AS-Path  Application layer protocol that relies on TCP to provide reliable transport layer services  Supports Policy Based Routing

ECE Internetwork Security 4 BGP Overview Autonomous Systems  A set of routers that fall under a single management authority  Can use various interior routing systems  Develop relationships with other Autonomous Systems – Peering Connections and Transit Connections  Have at least one BGP router (or BGP Speaker) which serves as the gateway to the internet

ECE Internetwork Security 5 BGP Overview Autonomous Systems Tiers and Connections BIG ISP Transit Connection Peer Connection Transit Connection Tier 1 Tier 2

ECE Internetwork Security 6 BGP Overview Exterior Border Gateway Protocol (EBGP)  Used between BGP Speakers in separate ASes  EBGP Routers exchange reach-ability information only with neighbor ASes with whom they are willing to carry traffic Interior BGP (IBGP)  Used between BGP speakers in ASes which have multiple BGP routers (gateways to other ASes)  Purpose is to maintain a common view of current reach- ability information

ECE Internetwork Security 7 BGP Overview BGP Message Types  OPEN—sent immediately after a TCP session is initiated  UPDATE—used to exchange routing information – Route Advertisements – Route Withdrawals  KEEPALIVE—used to maintain the TCP Connection  NOTIFICATION—used to report errors (closes the connection)

ECE Internetwork Security 8 BGP Overview BGP Path Selection Process  Supports Policy Based Routing  Algorithm includes the following attributes (in relative order) 1.Weight 2.Local Preference 3.Use route originated by current router 4.Shortest AS_Path 5.Lowest Origin type (internal, external, incomplete) 6.Multi-Exit Discriminator  Many other BGP Attributes

ECE Internetwork Security 9

10

ECE Internetwork Security 11 BGP Overview

ECE Internetwork Security 12 BGP Overview BGP is the only protocol that provides inter-domain routing for the internet It is a critical piece of the Internet’s infrastructure

ECE Internetwork Security 13 Security Issues of BGP Communication between peers is not protected from eavesdropping  Modification can be prevented by using TCP MD5 “signatures” Subject to all lower layer vulnerabilities DOS/DDOS Attacks  Can be used to target TCP Port 179 used by BGP  Potential to close connections  Potential to result in dropped Update messages Attacks may come from trusted routers that have been compromised  Smaller ISPs with poor security provide good targets  Mesh connected design means gaining access to any BGP speaker can have a significant impact on the Internet

ECE Internetwork Security 14 Security Issues of BGP Easy to Inject False Advertisements  Bad Configuration (BGP is hard!)  Malicious Attacks – TCP Spoofing (Can be used to close TCP connection) – Hijack TCP Sesssion – Can result in a Denial of Service Attack based on flood of BGP Update messages to withdraw routes and then advertise new routes No authentication within BGP

ECE Internetwork Security 15 Proposed Security Solutions for BGP Secure-BGP and Secure Origin BGP  Both use PKI (public-key cryptography) to verify the source of advertisements – Verify that the originating AS has the authority to advertise certain IP networks – Limit the effects of a compromise to one AS

ECE Internetwork Security 16 Proposed Security Solutions for BGP Secure-BGP  Uses out of band certificates  Each AS on the path must go to a certificate site to verify the source of the route Secure Origin BGP  Uses in band certificates  Each AS along the path adds its signature to the update message

ECE Internetwork Security 17 Proposed Security Solutions for BGP Secure-BGP and Secure Origin BGP  Both have severe routing overheads – May increase routing overhead by 800%  For either protocol to be effective, every AS must adopt it  No consensus, so neither protocol has experienced widespread adoption

ECE Internetwork Security 18 Introduction to the Lab Introduction to BGP Provide opportunity to get hands on BGP  Observe BGP traffic  Observe BGP configurations  Configure a BGP router  Conduct 2 Practical Exercises

ECE Internetwork Security 19 Introduction to the Lab

ECE Internetwork Security 20 Introduction to the Lab

ECE Internetwork Security 21 Screenshot#1

ECE Internetwork Security 22 Introduction to the Lab Observe BGP Router Information using the show ip bgp command BGP table version is 80, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> / i *> / i *> / i *> / i * / i *> i * i i

ECE Internetwork Security 23 Introduction to the Lab Observe BGP Neighbor information using the Show BGP Neighbors command BGP neighbor is , remote AS 64515, internal link BGP version 4, remote router ID BGP state = Established, up for 11w2d Last read 00:00:14, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Received messages, 0 notifications, 0 in queue Sent messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Default minimum time between advertisement runs is 5 seconds

ECE Internetwork Security 24 Introduction to the Lab Section 1.5 Scenario

ECE Internetwork Security 25 Introduction to the Lab Section 3 Scenario

ECE Internetwork Security 26 Questions?