Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quantitative Analysis of BGP Route Leaks Benjamin Wijchers Benno Overeinder.

Published byJames Robinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Quantitative Analysis of BGP Route Leaks Benjamin Wijchers Benno Overeinder."— Presentation transcript:

1 http://www.nlnetlabs.nl/ Quantitative Analysis of BGP Route Leaks Benjamin Wijchers Benno Overeinder

2 http://www.nlnetlabs.nl/ NLnet Labs The Problem With Route Leaks Route leaks are not route hijacks (in my definition) –route hijack: originate prefixes you do not “own” –route leaks: forward BGP announcements you shouldn’t according policies Route leaks not easy to detect Potential security risk –examples Belarusian and Iceland traffic misdirection

3 http://www.nlnetlabs.nl/ NLnet Labs Business Relations and Route Leaks ASes have business relationship –Client pays provider –Provider provides transit –Peers share client routes Routing should reflect business relations –But in practice not always the case Route leak

4 http://www.nlnetlabs.nl/ NLnet Labs The Valley Free Rule Relations between ASes: –Customer-provider –Peer-peer –Siblings Valley Free Rule: –C2P( * ) – P2P ( 1|0 ) – P2C ( * )

5 http://www.nlnetlabs.nl/ NLnet Labs The Valley Free Rule

6 http://www.nlnetlabs.nl/ NLnet Labs Origins of Route Leaks Misconfiguration Malicious –Man in the middle Intentional –Indirect peering IXP Research / Educational –Complex relations Find characteristics for categorizing

7 http://www.nlnetlabs.nl/ NLnet Labs Why Analyse Them? Counter-measures planned –part of ongoing IETF SIDR WG activities –discussions in the context of BGPSEC Traffic routes incorrectly causing: –ASes paying for transit of other ASes clients –Potentially slower connections –Potential hijacking of data (mitm) Not much statistics available

8 http://www.nlnetlabs.nl/ NLnet Labs Previous Work Jared Mauch –Detection without relation data –Not much statistics List of route leaks General counts

9 http://www.nlnetlabs.nl/ NLnet Labs Detecting Valleys Relations between ASes –Non-disclosure agreement –Inferred relations BGP data dumps to investigate –RIPE Remote Route Collector –RouteViews ASPATH attribute –Shows path of ASes traversed

10 http://www.nlnetlabs.nl/ NLnet Labs Relation Inferences Lixin Gao –Valley free rule Ricardo Oliveira et al (UCLA) –Every non-tier-1 AS is (indirect) client (or peer) of tier-1 Matthew Lucky et al (CAIDA) 1.C2P to reach global connectivity 2.Peering clique at top of topology 3.No cycles of C2P links CAIDA chosen for project –Validation of relations –No valley freeness used in inference

11 http://www.nlnetlabs.nl/ NLnet Labs Methodology CAIDA relationship data –Combined with siblings data BGP MRT files from –RIPE RIS RRC00 –Routeviews WIDE –Routeviews Oregon Custom BGPdump Detecting valleys

12 http://www.nlnetlabs.nl/ NLnet Labs Methodology (2) All valleys in database with –violation type e.g. P2C-C2P –AS Leak triplet leaked from, leaker and receiver –duration check updates for same AS & prefix

13 http://www.nlnetlabs.nl/ NLnet Labs About the results Current results from 1 month from RIPE, Oregon and WIDE –~4% of routes investigated valley –Over 36 000 000 valley announces detected

14 http://www.nlnetlabs.nl/ NLnet Labs Distribution of Violation Types Top left area are no real valleys P2P-P2P occurs most frequently

15 http://www.nlnetlabs.nl/ NLnet Labs Distribution of Durations Peaks at <2 seconds and 17-32 seconds –Default MRAI Cisco: 30 seconds –Probably unintentional

16 http://www.nlnetlabs.nl/ NLnet Labs Most Frequent Leak Triplets Duration > 1 minute ~12% of valleys found in top 10 Next challenge –categorize in classes

17 http://www.nlnetlabs.nl/ NLnet Labs Geography of Most Frequent Leaks

18 http://www.nlnetlabs.nl/ NLnet Labs Top Leaks Further Investigated WIDE appears to provide transit for peer APNIC APAN, WIDE and APNIC are all research ASes –who commonly have “special” relationships Likely intentional behaviour

19 http://www.nlnetlabs.nl/ NLnet Labs Top Leaks Further Investigated Both AS12880 and AS48159 from Iran –possible merge -> sibling –cannot say for certain with data available WHOIS AS12880 no mention of AS48159 –WHOIS AS48159 mentions AS12880 as default route

20 http://www.nlnetlabs.nl/ NLnet Labs Top Leaks Further Investigated Different policies IPv4 and IPv6 –mp-import: afi ipv6.unicast from AS6939 action pref=150; accept ANY –mp-import: afi ipv4.unicast from AS6939 action pref=150; accept AS-HURRICANE

21 http://www.nlnetlabs.nl/ NLnet Labs Conclusion Most route leaks are peer routes propagated to other peers ~65% valleys are very short-lived (< minute) –but ~6% very persistent (> day) About 12% AS triplets reoccur frequently in found route leaks –most of them “special” relations –not enough knowledge to define others

22 http://www.nlnetlabs.nl/ NLnet Labs Future Work Broader date range –monthly reports, history with less storage Separate relation data IPv4/IPv6 RPSL data usage for automatic detection of complex relations

23 http://www.nlnetlabs.nl/ NLnet Labs Questions Acknowledgments –Jared Mauch –Stella Vouteva

Download ppt "Quantitative Analysis of BGP Route Leaks Benjamin Wijchers Benno Overeinder."

Similar presentations

Routing Basics.

Routing Basics.
Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.
A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡

A Study of BGP Origin AS Changes and Partial Connectivity Ratul Mahajan David Wetherall Tom Anderson University of Washington Asta Networks † † ‡ † ‡ ‡
CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.

CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.
1/27 Evaluating Potential Routing Diversity for Internet Failure Recovery *Chengchen Hu, + Kai Chen, + Yan Chen, *Bin Liu *Tsinghua University, + Northwestern.

1/27 Evaluating Potential Routing Diversity for Internet Failure Recovery *Chengchen Hu, + Kai Chen, + Yan Chen, *Bin Liu *Tsinghua University, + Northwestern.
Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.

Dongkee LEE 1 Understanding BGP Misconfiguration Ratul Mahajan, David Wetherall, Tom Anderson.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
Inferring Autonomous System Relationships in the Internet Lixin Gao Dept. of Electrical and Computer Engineering University of Massachusetts, Amherst

Inferring Autonomous System Relationships in the Internet Lixin Gao Dept. of Electrical and Computer Engineering University of Massachusetts, Amherst
Inferring Autonomous System Relationships in the Internet Lixin Gao.

Inferring Autonomous System Relationships in the Internet Lixin Gao.
Announcement  Slides and reference materials available at  Slides and reference materials available.

Announcement  Slides and reference materials available at  Slides and reference materials available.
1 Internet Path Inflation Xenofontas Dimitropoulos.

1 Internet Path Inflation Xenofontas Dimitropoulos.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.

Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.
BGP in 2009 Geoff Huston APNIC May 2009. Conventional BGP Wisdom IAB Workshop on Inter-Domain routing in October 2006 – RFC 4984: “routing scalability.

BGP in 2009 Geoff Huston APNIC May Conventional BGP Wisdom IAB Workshop on Inter-Domain routing in October 2006 – RFC 4984: “routing scalability.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

Similar presentations

Ads by Google