Presentation is loading. Please wait.

Presentation is loading. Please wait.

The BGP Visibility Scanner

Published byCleopatra Owen Modified over 6 years ago

Similar presentations

Presentation on theme: "The BGP Visibility Scanner"— Presentation transcript:

1 The BGP Visibility Scanner
Andra Lutu1,2 , Marcelo Bagnulo2 and Olaf Maennel3 Institute IMDEA Networks1, University Carlos III Madrid2 , Loughborough University3

2 Problem Statement The routing preferences are designed to accommodate various operational, economic, and political factors Problem: Only by configuring a routing policy, the origin AS cannot also ensure that it will achieve the anticipated results The implementation of routing policies is a complicated process, involving subtle tuning operations that are error- prone Operators need to complement their internal perspective on routing with the information retrieved from external sources UKNOF 25 18 April 2013

3 Internet Prefix Visibility
Prefix visibility as an expression of policy interaction Not all the routes make it to every routing table (RT) in the interdomain Limited Visibility Prefixes (LVPs) – prefixes that are not in every RT High Visibility Prefixes (HVPs) – prefixes which are in almost all the RT The BGP Visibility Scanner: Analyze all BGP routing data from RouteViews and RIPE Routing Information Service (RIS) projects All together there are 24 different RT collection points More than 130 different ASes periodically dump their entire routing tables Limited Visibility Prefixes (LVPs) Intentional/Deliberate Inflicted by third parties Unintentional/Accidental UKNOF 25 18 April 2013

4 Next… Data manipulation – methodology
Study case: example of applying the methodology Characteristics of the prefixes with limited visibility Presenting the tool and its capabilities Use cases UKNOF 25 18 April 2013

5 The BGP Visibility Scanner
RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons GRTs Visibility Scanner Algorithm for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) Remove Transient for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient Label LVPs - HVPs UKNOF 25 18 April 2013

6 The BGP Visibility Scanner
RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data UKNOF 25 18 April 2013

7 The BGP Visibility Scanner
RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum routes Eliminate duplicate routing feeds Remove prefixes: MOAS Bogons GRTs Clean GRTs UKNOF 25 18 April 2013

8 BGP visibility scanner
Example: sampling time Global Routing Table - contains almost all the prefixes injected in the interdomain 129 GRTs from RIPE RIS and RouteViews 9/129 ASes in LACNIC 14/129 in APNIC 37/129 in ARIN 68/129 in RIPE NCC Polishing the full routing tables for our study No bogons/martians present Discard 500 bogon prefixes No MOAS prefixes Filter out approx. 4,500 MOAS prefixes BGP visibility scanner GRTs Get GRTs Size filter Minimum routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons UKNOF 25 18 April 2013

9 BGP Visibility Scanner
We find that not all the GRTs identified contain all the prefixes injected in the interdomain Expression of policies which may have backfired Sample from – 08h00 UKNOF 25 18 April 2013

10 The BGP Visibility Scanner
RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons GRTs Visibility Scanner Algorithm Label LVPs - HVPs for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) UKNOF 25 18 April 2013

11 BGP visibility scanner
Filter internal routes Not considering prefixes only present in 1 RT with an AS-Path of length 1 : filter out internal routes Labeling Mechanism – each prefix gets a visibility label based on the 95% minimum visibility threshold rule HV – high visibility if present in more than 95% of routing tables LV – limited visibility if present in less than 95% of routing tables BGP visibility scanner Visibility Scanner Algorithm for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) Label LVPs - HVPs UKNOF 25 18 April 2013

12 The BGP Visibility Scanner
RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Raw data Get GRTs Size filter Minimum routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons GRTs Visibility Scanner Algorithm for t in {08h00, 16h00} do prefs[t].getVisibleDegree() prefs[t].remInternalPrefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then labels[ip].append(LV) else labels[ip].append(HV) Remove Transient for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient Label LVPs - HVPs UKNOF 25 18 April 2013

13 BGP visibility scanner
Label Prevalence Sieve – rule of prevalence for the visibility labels tagged on each prefix Filter transient routes Filter the prefixes that are not consistently appearing in the two samples analyzed Discard 7,800 prefixes A total of prefixes identified High-Visibility prefixes (HVPs) Limited-Visibility prefixes (LVPs) BGP visibility scanner Visibility Scanner Algorithm for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient Remove Transient UKNOF 25 18 April 2013

14 Dark Prefixes Dark Prefixes (DP) are the LV prefixes that are not covered by any HV prefix This would constitute address space that may not be globally reachable (in the absence of a default route) In there were ~2.400 dark prefixes in the LV prefix set HVP HVP HVP LVP LVP DP LVP DP LVP LVP UKNOF 25 18 April 2013

15 Prefix visibility – distribution on prefix length
UKNOF 25 18 April 2013

16 AS-Path length The per set mean AS-Path length (no prepending considered): LV prefixes – 3.02 Mode = 2 HV prefixes – 4.16 Mode = 4 Dark prefixes – 3.75 UKNOF 25 18 April 2013

17 Prefix visibility as of 23.10.2012
Visibility distribution: # of LV prefixes present in n monitors, where n = 1, … 129 Low sensitivity to the visibility threshold included in the Labeling Mechanism UKNOF 25 18 April 2013

18 Prefix Label Stability in 2012.10
UKNOF 25 18 April 2013

19 Origin ASes for the LV prefixes
Identified different ASes originating the LV prefixes identified on : 14% in LACNIC (~493 ASes) 30.5% in APNIC (~1.081 ASes) 30.1% in RIPE (~1.068 ASes) 22.4% in APNIC (~795 ASes) 1.1% in AFRINIC (~42 ASes) UKNOF 25 18 April 2013

20 What are these prefixes?
We are looking to explain this phenomena: Is it something the origin AS intended or is it something that the AS is suffering? All the results of this study are made available online visibility.it.uc3m.es Up to date information on LV announced by each AS Check to see if your AS is originating LV prefixes Retrieve those prefixes and see if there are any Dark Prefixes within that set Please provide feedback! Short form that you can fill in and send UKNOF 25 18 April 2013

21 How does it work? visibility.it.uc3m.es UKNOF 25 18 April 2013

22 How does it work? visibility.it.uc3m.es Fill in the AS number here
UKNOF 25 18 April 2013

23 How does it work? visibility.it.uc3m.es Example of output: UKNOF 25
18 April 2013

24 How does it work? visibility.it.uc3m.es Example of output:
Next step: fill in form! UKNOF 25 18 April 2013

25 How does it work? Submit!! UKNOF 25 18 April 2013

26 Use Cases Different use case: Intended Scoped Advertisements
Inject prefixes only to peers Intended Scoped Advertisements: Content provider Geographical scoping of prefix Config errors: Large ISP Outbound filters mistakes in configuration Leaking routes to direct peers Third-party inflicted: Internet root servers Tackle problems rising from the interaction between Ases Blackholing due to lack of return path Blackholing due to no announcement UKNOF 25 18 April 2013

27 Use Cases – Internet Root Servers
Observe two prefixes: p/24 -LVP and p/23 – HVP Blackholing due to lack return path: Root server (local anycast node) Peer 1 Peer 2 p/24 p/24 (leak) No return path UKNOF 25 18 April 2013

28 Use Cases – Internet Root Rervers
Observe two prefixes: p/24 -LVP and p/23 – HVP Blackholing due to lack return path: No full transit at the IXP => tag with NO EXPORT Root server (local anycast node) Peer 1 Peer 2 p/24 p/24 (leak) No return path Root server (local anycast node) Peer 1 Peer 2 p/24 + NO EXPORT p/24 UKNOF 25 18 April 2013

29 Use Cases – Internet Root Servers
Observe two prefixes: p/24 -LVP and p/23 – HVP Blackholing due to lack return path: No full transit at the IXP => tag with NO EXPORT Root server (local anycast node) Peer 1 Peer 2 p/24 p/24 (leak) No return path Problem solved ..? Root server (local anycast node) Peer 1 Peer 2 p/24 + NO EXPORT p/24 UKNOF 25 18 April 2013

30 Use Cases – Internet Root Server
Blackholing due to no announcement *p/24 no_export p/24 p/24 + NO EXPORT ?? Root server (local anycast node) Peer Customer p/24 Transit Provider p/24 Root server (base-camp) UKNOF 25 18 April 2013

31 Use Cases – Internet Root Server
Blackholing due to no announcement p/24 no_export p/23 p/24 + NO EXPORT p/23 Root server (local anycast node) Peer Customer p/24 , p/23 Transit Provider p/24 p/23 Root server (base-camp) UKNOF 25 18 April 2013

32 Use Cases – Internet Root Server
Blackholing due to no announcement p/24 no_export p/23 p/24 + NO EXPORT p/23 Root server (local anycast node) Peer Customer p/24 , p/23 Transit Provider p/24 p/23 Root server (base-camp) UKNOF 25 18 April 2013

33 Conclusions UKNOF 25 18 April 2013

34 The BGP Visibility Scanner
visibility.it.uc3m.es The paper (GI’13): The BGP Visibility Scanner Questions? NANOG 57 06/02/2013

Download ppt "The BGP Visibility Scanner"

Similar presentations

Allocation vs Announcement A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston February 2004 (Supported by APNIC)

Allocation vs Announcement A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston February 2004 (Supported by APNIC)
An Operational Perspective on BGP Security Geoff Huston February 2005.

An Operational Perspective on BGP Security Geoff Huston February 2005.
Routing System Stability draft-dimitri-grow-rss-01.txt IETF71 - Philadelphia.

Routing System Stability draft-dimitri-grow-rss-01.txt IETF71 - Philadelphia.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
10/6/116Watch Project 1 6Watch: Gauging the Global Rollout of IPv6 Dan Massey Dave Meyer Lixia Zhang Colorado State U. Oregon UCLA.

10/6/116Watch Project 1 6Watch: Gauging the Global Rollout of IPv6 Dan Massey Dave Meyer Lixia Zhang Colorado State U. Oregon UCLA.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡

A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡
1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)
BGP.

BGP.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Swinog-7, 22nd october 2003 BGP filtering André Chapuis,

Swinog-7, 22nd october 2003 BGP filtering André Chapuis,
Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Best Practices for ISPs

Best Practices for ISPs
1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.

1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.
BGP in 2009 Geoff Huston APNIC May 2009. Conventional BGP Wisdom IAB Workshop on Inter-Domain routing in October 2006 – RFC 4984: “routing scalability.

BGP in 2009 Geoff Huston APNIC May Conventional BGP Wisdom IAB Workshop on Inter-Domain routing in October 2006 – RFC 4984: “routing scalability.
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.
Allocations vs Announcements A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston May 2004 (Activity supported by.

Allocations vs Announcements A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston May 2004 (Activity supported by.

Similar presentations

Ads by Google