Presentation is loading. Please wait.

Presentation is loading. Please wait.

Everybody Leaks Alexander Azimov.

Published byOddbjørg Magnussen Modified over 6 years ago

Similar presentations

Presentation on theme: "Everybody Leaks Alexander Azimov."— Presentation transcript:

1 Everybody Leaks Alexander Azimov

2 Route Leaks Abnormal subpath: Provider -> Customer -> Provider
Provider -> Customer -> Peering Peering -> Customer -> Provider Peering -> Peering -> Peering Amount? We define route leak as announces that have abnormal subpath: provide-customer-provider, etc. What are the main features of route leaks? They increase latency, make your infrastructure vulnerable and undetectable from origin AS. But what about amount of such incidents?

3 New Abnormal Paths Monthly
This a graph describes amount of different abnormal paths we have detected during last few months. AS you can see, we detect about two thousand of route leaks each month and we are still isn’t satisfied about opportunities of our detector. But as far as I conern most part of the community still believe that problem is far away and don’t affect them at all.

4 There problem is far away…
Let us see. This is route leaks for RIPE NCC AS. This shot-term death leaks – when customer announces full table from one provider to another.

5 Leak Distribution But death leaks are rare, and they cover only 1% of all cases. The most common error is made not by customer AS, but by transit AS. It is made by using global prefix list for its customers, without paying attention to the origin of the announce. As a result, if customer stops announcing some part if its prefixes to this provider it will take alternative route. For a example from announce customer’s prefix from one provider to peers or also to other providers. If you are customer of such AS, you wouldn’t be able to redirect traffic from this AS in all cases, even if this provider experiencing stable packet loss. It just highlight that there is major misunderstanding how transit AS should work.

6 Strange leaks are very strange
And now strange leaks. By strange leak we define all leaks that we couldn’t simply explain. They don’t look like some common mistake - leaker and victim are not related to each other. In this issue were leaked all and only Google prefixes. I don’t think MIT could affect Google, but I could guarantee that this incident strongly affected latency to all Google services in Russian region. Target Leak of Google’s prefixes

7 30% of leaks are long-term and unnoticed!
Route Leak Dynamics The incident with Google lasted for a day. Despite the fact that most of routing incidents are short-term there are 30% of leaks that are stable. What does this mean? This just demonstrate that I are fully unnoticed. 30% of leaks are long-term and unnoticed!

8 What could be done? Outbound prefix filtering;
Inbound prefix filtering or prefix limit; Collaboration, more collaboration! Announce isn’t end of story, you need to monitor it; So what could be done? First of all there are some common receipts such as prefix filtering or prefix limit. But at the same time community must understand that routing incidents are not related only to some well known hijacks that took place few years ago. It is about your prefixes and it is happening now.

9 Monitoring announces Raw data RIPE & Routeviews – thank you! Renesys
BGPMon Radar by Qrator If you want to monitor your prefixes you can use raw data from RIPE & Routeviews and I’d like to thank them for this opportunity. There are also several projects, not all of them are free, that could provide you notifications related to routing incidents.

10 Questions? radar.qrator.net

Download ppt "Everybody Leaks Alexander Azimov."

Similar presentations

Attention (your target market) !. Are you (their problem) ?

Attention (your target market) !. Are you (their problem) ?
Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.

Comparing IPv4 and IPv6 from the perspective of BGP dynamic activity Geoff Huston APNIC February 2012.
Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Swinog-7, 22nd october 2003 BGP filtering André Chapuis,

Swinog-7, 22nd october 2003 BGP filtering André Chapuis,
Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.

Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
NOC Lessons Learned TEIN2 and CERNET Xing Li 2007-01-22.

NOC Lessons Learned TEIN2 and CERNET Xing Li
Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.

Scaling IXPs Scalable Infrastructure Workshop. Objectives  To explain scaling options within the IXP  To introduce the Internet Routing Registry at.
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
1 SENSS Security Service for the Internet Jelena Mirkovic USC Information Sciences Institute Joint work with Minlan Yu (USC), Ying Zhang.

1 SENSS Security Service for the Internet Jelena Mirkovic USC Information Sciences Institute Joint work with Minlan Yu (USC), Ying Zhang.
MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.

MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.
BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.

BGP operations and security draft-jdurand-bgp-security-02.txt Jerome Durand Gert Doering Ivan Pepelnjak.
RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

RIPE NCC IRR training 4 February 2011 Zurich, Switzerland IPv6 Golden Networks Jeroen Massar Things to watch.

Similar presentations

Ads by Google