Presentation is loading. Please wait.

Presentation is loading. Please wait.

02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.

Published byTyrone Smith Modified over 9 years ago

Similar presentations

Presentation on theme: "02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security."— Presentation transcript:

1 02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security Technology (EMIST) USC Information Sciences Institute  University of California, Berkeley  University of California, Davis  Penn State University Purdue University  International Computer Science Institute  Stanford Research Institute (SRI)  Network Associates  SPARTA

2 02/01/2006USC/ISI2 Research Objectives Realistic Internet routing experiments on Dynamics (i.e., faults, failures, & attacks) with configurable parameters Study, analyze, evaluate, & validate hypothesis/principles related to Internet routing and its security

3 02/01/2006USC/ISI3 Problems in Understanding the Problems Inter-Domain Routing is very hard and complex to understand…

4 02/01/2006USC/ISI4 The “Internet” as February 1, 2006 21319Autonomous Systems 177300IP Address Prefixes announced http://bgp.potaroo.net/cidr/

5 02/01/2006USC/ISI5 Problems in Understanding the Problems Inter-Domain Routing is very hard and complex to understand… It is really not just scalability though… –Policy/configuration –Implementation

6 02/01/2006USC/ISI6 Simulation versus Emulation Simulation  large-scale but might abstracting away low level characteristics. Emulation  experimenting realistic implementations and observing the “unexpected” –Implementation differences –Analyzing/interpreting the interactions –May help in accomplishing better simulation tasks in BGP.

7 02/01/2006USC/ISI7 Interactions/Dynamics Failures/faults/attacks Mobility/configuration/policy changes Cross-layer interactions EGP versus IGP

8 02/01/2006USC/ISI8 Problems in Understanding the Problems Inter-Domain Routing is very hard and complex to understand… It is really not just scalability though… –Policy/configuration –Implementation And, industry is introducing new BGP features..

9 02/01/2006USC/ISI9 Route Flap Damping (RFC 2439)

10 02/01/2006USC/ISI10 Differential Damping Penalty CISCO 12000 AS65001 CISCO 2600 AS65002 Zebra/Linux AS65006 IBM 2210 AS65003 IBM 2210 AS65004 CISCO 2514 AS65005

11 02/01/2006USC/ISI11 Penalty: 0 Penalty 1: 0 Penalty 2: 0 Prefix: 169.237/16

12 02/01/2006USC/ISI12 Penalty: ??? Penalty 1: 1000 Penalty 2: 1000 Prefix: 169.237/16

13 02/01/2006USC/ISI13 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Prefix: 169.237/16 artificial delay X initial difference

14 02/01/2006USC/ISI14 Penalty: 2000 -/+ X > 750 Penalty 1: 1000 Penalty 2: 1000 -/x < 2000 Prefix: 169.237/16

15 02/01/2006USC/ISI15 Outbound Route Filter (ORF) Internet draft, under implementation in Cisco “ defines a BGP-based mechanism that allows a BGP speaker to send to its BGP peer a set of Outbound Route Filters (ORFs). The peer would then apply these filters, in addition to its locally configured outbound filters (if any), to constrain/filter its outbound routing updates to the speaker. ” If the peer damps a path, sends ORF to the downstream peer. So, the peer won’t receive further updates until the path is reused.

16 02/01/2006USC/ISI16 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Prefix: 169.237/16 ORF

17 02/01/2006USC/ISI17 A Little Dampening Story SSFNetZebraCisco per prefix + per peerper prefix + per peer + per AS path

18 02/01/2006USC/ISI18 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Withdraw 169.237/16

19 02/01/2006USC/ISI19 SSFNet Simulator “Bugs” Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 Withdraw 169.237/16 Missing!!

20 02/01/2006USC/ISI20 SSFNET SSFNET + WD CISCO

21 02/01/2006USC/ISI21 SSFNET SSFNET + WD CISCO

22 02/01/2006USC/ISI22 ICDCS’2005 Best Paper Award SSFNET SSFNET + WD CISCO

23 02/01/2006USC/ISI23 Problems or Issues Damping implementation MRAI timer The Single Router AS Assumption Route Withdraw ORF

24 02/01/2006USC/ISI24 Collecting the Results in 2005 show IP BGP … selected prefixes per router per 1 second 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours -- 168KB) updates -- MRT

25 02/01/2006USC/ISI25 AS-101 AS-112 AS-117 AS-114 AS-113 AS-121

26 02/01/2006USC/ISI26 AS 101 Multi homing ===================================================== Wed Sep 28 02:26:00 PDT 2005 ===================================================== Paths: (3 available, best #3, table Default-IP-Routing-Table) Advertised to non peer-group peers: 101.0.0.1 101.0.0.2 112.0.0.2 114.0.0.2 114 113 121 114.0.0.2 from 114.0.0.2 (114.0.0.2) Origin IGP, localpref 100, valid, external Last update: Wed Sep 28 02:13:28 2005 112 117 112.0.0.2 from 112.0.0.2 (112.0.0.2) Origin IGP, localpref 100, valid, external Dampinfo: penalty 543, flapped 1 times in 00:13:05 Last update: Wed Sep 28 02:25:39 2005 113 121 113.0.0.2 from 113.0.0.2 (113.0.0.2) Origin IGP, localpref 100, valid, external, best Last update: Wed Sep 28 02:13:11 2005

27 02/01/2006USC/ISI27 117112101113121 114 AS-117 announced AS-121 withdrawn OASC

28 02/01/2006USC/ISI28 Creation and Evolution of BGP modeling SSFNet: Current Understand of The BGP Model DETER All BGP information are available Conflicts  Anomalies

29 02/01/2006USC/ISI29 Observation Point Data ORV/RIPE –Relatively incomplete in understanding the behavior

30 02/01/2006USC/ISI30 On Explaining and Model-Building the ModelAnomaly Detection Anomaly Analysis and Explanation

31 02/01/2006USC/ISI31 Creation and BGP model What are the event ? –Event  changes in BGP table Cause by : –OP Configuration –BGP peers –Other means, OSPF redistribute route –Event results BGP update messages How are the event related ?

32 02/01/2006USC/ISI32 BGP Behavior BGP Update Redistribute Policy / local pref Y N Operator OSPF Done Update

33 02/01/2006USC/ISI33 Mapping TIME 2D AS Topology via project to Z=0 Announce Withdraw Time 60 Time 30 Time 0

34 02/01/2006USC/ISI34 BGP Events: Causality and Correlation Causality Relationship among each individual BGP event (across different routers/ASes) –Critical to simply understand/correlate BGP behavior –Discovery new types of relationships (or filter/correct false causality in experiments) –Important for generating/replaying realistic BGP events Using emulation to verify the causality –Maybe also with commercial routers (e.g., Juniper)

35 02/01/2006USC/ISI35 Plan for the June 2006 Demo One “very interesting” defense tested.. –in a stealthy mode… Event correlation “realistic” and “comprehensive” BGP model –Many interesting examples and comparisons Still in development (not sure yet) –Using the model to examine real BGP data –What patterns should we expect from the observation points?

Download ppt "02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security."

Similar presentations

Delayed Internet Routing Convergence due to Flap Dampening Z. Morley Mao Ramesh Govindan, Randy Katz, George Varghese

Delayed Internet Routing Convergence due to Flap Dampening Z. Morley Mao Ramesh Govindan, Randy Katz, George Varghese
Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment The 2nd International Workshop on Security in Distributed Computing Systems,

Performing BGP Experiments on a Semi-Realistic Internet Testbed Environment The 2nd International Workshop on Security in Distributed Computing Systems,
Advanced Computer Networks cs538, Fall UIUC Klara Nahrstedt Lecture 7, September 16, 2014 Based on M. Caesar, J. Rexford, “BGP Routing Policies.

Advanced Computer Networks cs538, Fall UIUC Klara Nahrstedt Lecture 7, September 16, 2014 Based on M. Caesar, J. Rexford, “BGP Routing Policies.
Advanced Networks 1. Delayed Internet Routing Convergence 2. The Impact of Internet Policy and Topology on Delayed Routing Convergence.

Advanced Networks 1. Delayed Internet Routing Convergence 2. The Impact of Internet Policy and Topology on Delayed Routing Convergence.
CS 672 1 Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.

CS Summer 2003 CS672: MPLS Architecture, Applications and Fault-Tolerance.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.

1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Improving BGP Convergence Through Consistency Assertions Dan Pei, Lan Wang, Lixia Zhang UCLA Xiaoliang Zhao, Daniel Massey, Allison Mankin, USC/ISI S.

Improving BGP Convergence Through Consistency Assertions Dan Pei, Lan Wang, Lixia Zhang UCLA Xiaoliang Zhao, Daniel Massey, Allison Mankin, USC/ISI S.
1 Policy-Based Path-Vector Routing Reading: Sections 4.3.3 COS 461: Computer Networks Spring 2006 (MW 1:30-2:50 in Friend 109) Jennifer Rexford Teaching.

1 Policy-Based Path-Vector Routing Reading: Sections COS 461: Computer Networks Spring 2006 (MW 1:30-2:50 in Friend 109) Jennifer Rexford Teaching.
BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.

BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.
More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.
10/17/2002RAID 2002, Zurich1 ELISHA: A Visual-Based Anomaly Detection System Soon-Tee Teoh, Kwan-Liu Ma S. Felix Wu University of California, Davis Dan.

10/17/2002RAID 2002, Zurich1 ELISHA: A Visual-Based Anomaly Detection System Soon-Tee Teoh, Kwan-Liu Ma S. Felix Wu University of California, Davis Dan.
02/06/2006ecs236 winter 20061 Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.

02/06/2006ecs236 winter Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.
1 Interdomain Routing Policy Reading: Sections 4.3.3 plus optional reading COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford.

1 Interdomain Routing Policy Reading: Sections plus optional reading COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford.

Similar presentations

Ads by Google