BGP Communities: A measurement study
|
|
- Adrian Lynch
- 5 years ago
- Views:
Transcription
1 BGP Communities: A measurement Amsterdam Florian Streibelt 1, Franziska Lichtblau 1, Robert Beverly 2, Cristel Pelsser 3, Georgios Smaragdakis 4, Randy Bush 5, Anja Feldmann 1 Oct Max Planck Institute for Informatics (MPII), 2 Naval Postgraduate School (NPS), 3 University of Strasbourg, 4 TU Berlin (TUB), 5 Internet Initiative Jaan (IIJ)
2 BGB-Communities: A weaon for the Internet! RIPE 77 / Amsterdam
3 Introduction
4 BGP Community usage is increasing 70k 40k # Unique ASes in Communities # Unique Communities 7B 4B 20k 2B 10k 1B 5k 3k 2k # Absolute Communities # BGP table entries 0.5B 0.3B 0.2B Year Increasing usage warrants a closer look. 2
5 BGP Community usage is increasing 70k 40k # Unique ASes in Communities # Unique Communities 7B 4B 20k 2B 10k 1B 5k 0.5B 3k 2k # Absolute Communities # BGP table entries 0.3B 0.2B Year Increasing usage warrants a closer look. 2
6 BGP Communities Otional Attribute in BGP message (32 bit field) Defined in RFC 1997 By convention written ASN:VALUE ASN can be both sender or intended reciient It s u to the eers to agree uon values used 3
7 BGP Large Communities Defined by RFC 8092 (usage recommendations ins RFC 8195) 12 byte attribute Enable networks with 4-byte ASNs to use communities The first 4 byte contain the ASN of the global administrator 4
8 BGP Large Communities Sorry... as we only found a very small number of occurrences 1 we could not conduct any meaningful measurements, yet individual large communities by 51 global administrators over the whole month of Aril 2018 at all available route collectors at RIPE/RIS, Routeviews, Isolario and PCH 4
9 BGP Communities: Usage Informational Communities (Passive Semantics) Location tagging RTT tagging Action Communities (Active Semantics) Remote triggered blackholing Path reending Local ref/med Selective announcements Without documentation, you can not tell if a community is active or assive! 5
10 What This Talk Is About Given the increasing oularity of BGP communities and the ability to trigger actions as well as relay information, the first question that comes to the mind of an Internet measurement researcher is... 6
11 What This Talk Is About What could ossibly go wrong? 6
12 Proagation behavior 7
13 Proagation behavior 14% of transit roviders roagate received communities (2.2k of 15.5k) Ratio seems small, but AS grah is highly connected RFC 1997: Communities as a transitive otional attribute RFC 7454: Scrub own, forward foreign communities Still many eole do not exect communities to roagate that widely. 7
14 Potential (for) misuse Proagated communities might trigger actions multile AS-hos away No way of knowing if intended or not, e.g., for traffic management But are there also unintended consequences? Our assessment is that there is a high risk for attacks! 8
15 Observations
16 Dataset BGP udates and table dums of Aril 2018 from ublicly available BGP Collector Projects: RIPE RIS, Routeviews, Isolario, PCH. BGP messages bn IPv4 refixes 967,499 IPv6 refixes 84,953 Collectors 194 AS eers 2,133 Communities 63,797 More than 75% of all BGP announcements have at least one BGP community set, 5,659 ASes are using communities. 9
17 BGP Community Proagation Observations Fraction of communities (ECDF) AS ho count 10% of communities have a AS ho count of more than six More than 50% of communities traverse more than four ASes Longest community roagation observed: 11 AS hos 10
18 BGP Community Proagation Observations Fraction of communities (ECDF) AS ho count 10% of communities have a AS ho count of more than six More than 50% of communities traverse more than four ASes Longest community roagation observed: 11 AS hos 10
19 BGP Community Proagation Observations Fraction of communities (ECDF) AS ho count 10% of communities have a AS ho count of more than six More than 50% of communities traverse more than four ASes Longest community roagation observed: 11 AS hos 10
20 BGP Community Proagation Behavior AS3 AS1 AS2 AS4 11
21 BGP Community Proagation Behavior AS3 AS1 AS2 AS4 AS1 announces refix 11
22 BGP Community Proagation Behavior AS3 AS1 3:123 AS2 3:123 3:123 AS4 AS1 announces refix, tagged with 3:123 11
23 BGP Community Proagation Behavior AS3 AS1 3:123 AS2 3:123 3:123 AS4 AS1 announces refix, tagged with 3:123 Community is intended for signaling towards AS3 11
24 BGP Community Proagation Behavior AS3 AS1 3:123 AS2 3:123 3:123 AS4 AS1 announces refix, tagged with 3:123 Community is intended for signaling towards AS3 AS4 also receives this announcement 11
25 BGP Community Proagation Behavior AS1 3:123 AS2 3:123 3:123 AS3 AS4 : 3, 2, 1 3:123 : 4, 2, 1 3:123 AS1 announces refix, tagged with 3:123 Community is intended for signaling towards AS3 AS4 also receives this announcement 11
26 BGP Community Proagation Behavior AS1 3:123 AS2 3:123 3:123 AS3 AS4 "on ath" : 3, 2, 1 3:123 : 4, 2, 1 3:123 AS1 announces refix, tagged with 3:123 Community is intended for signaling towards AS3 AS4 also receives this announcement 11
27 BGP Community Proagation Behavior AS1 3:123 AS2 3:123 3:123 AS3 AS4 "on ath" : 3, 2, 1 3:123 "off ath" : 4, 2, 1 3:123 AS1 announces refix, tagged with 3:123 Community is intended for signaling towards AS3 AS4 also receives this announcement Off-ath: ASN from community is not on the observed AS-ath at AS4. 11
28 On-ath versus off-ath 1.2 % communities observed off-ath on-ath Blackholing communities (e.g., :666) leaking off ath But AS imlementing RTBH SHOULD add NO ADVERTISE or NO EXPORT (RFC7999) Suggests ASes not imlementing RTBH do not filter. 12
29 Exeriments
30 Exerimental setu Exeriments conducted in a lab environment Validated on the Internet Scenarios Remote Triggered Blackholing (RTBH) Traffic redirection attack...for others see our aer. 13
31 RTBH: how it works AS3 AS4 AS2 AS5 AS1 14
32 RTBH: how it works BGP announcements AS3 AS4 AS1 AS2 AS5 14
33 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS1 AS2 AS5 14
34 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS announces BH-refix to ustream 2:666 AS2 AS5 AS1 AS1 sends, tagged 2:666 14
35 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS announces BH-refix to ustream 2:666 AS2 AS5 AS1 AS1 sends, tagged 2:666 AS2 continues announcing 14
36 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS announces BH-refix to ustream 2:666 AS2 AS5 AS1 AS1 sends, tagged 2:666 AS2 continues announcing 14
37 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS announces BH-refix to ustream Provider blackholes refix 2:666 AS1 AS2 X AS5 AS1 sends, tagged 2:666 AS2 continues announcing 14
38 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS announces BH-refix to ustream Provider blackholes refix 2:666 AS1 AS2 X AS5 AS1 sends, tagged 2:666 AS2 continues announcing Traffic to is droed at AS2 14
39 RTBH: how it works Traffic flow BGP announcements AS3 AS4 AS announces BH-refix to ustream Provider blackholes refix 2:666 AS1 AS2 X AS5 AS1 sends, tagged 2:666 AS2 continues announcing Traffic to is droed at AS2 Safeguards: Provider should check customer refix before acceting RTBH Customer may only blackhole own refixes Different olicies for Customers/Peers On receiving RTBH, add NO ADVERTISE or NO EXPORT (RFC7999) 14
40 RTBH: how it should not work AS2 BGP announcements AS3 AS4 AS1 15
41 RTBH: how it should not work AS2 Traffic flow BGP announcements AS3 AS4 AS1 AS1 announces 15
42 RTBH: how it should not work AS2 Attacker Community Target Traffic flow BGP announcements AS3 AS4 AS1 Attackee AS1 announces 15
43 RTBH: how it should not work AS2 Attacker AS3:666 Community Target AS3 Traffic flow BGP announcements AS4 AS1 Attackee AS1 announces AS2 tags with AS3:666 15
44 RTBH: how it should not work AS2 AS1 Attacker AS3:666 Attackee Community Target AS3 X Traffic flow BGP announcements AS4 AS1 announces AS2 tags with AS3:666 Traffic to is droed at AS3 15
45 RTBH: how it should not work AS2 AS1 Attacker AS3:666 Attackee Community Target AS3 X Traffic flow BGP announcements AS4 AS1 announces AS2 tags with AS3:666 Traffic to is droed at AS3 AS on backu ath adds RTBH-community Provider blackholes refix Not only traffic traversing AS2 is droed 15
46 RTBH: how it should not work (with hijack) AS2 AS1 Attacker AS3:666 Attackee Community Target AS3 X Traffic flow BGP announcements AS4 AS1 announces AS2 hijacks, with AS3:666 Traffic to is droed at AS3 Hijacker announces RTBH Prefix filters circumvented due to misconfiguration Provider blackholes refix 16
47 RTBH: Attack confirmed Attack confirmed to work on the Internet, works multi ho and is hard to sot Triggering RTBH is ossible for attackers because, e.g.,: BH refix is more secific, acceted via excetion Providers check BH community before refix filters 2 NO ADVERTISE or NO EXPORT often is ignored / not set Problem: No validation for origin of community 2 we found configuration guides with that bug 17
48 Traffic redirection attack AS4 AS5 AS1 AS2 AS6 AS3 18
49 Traffic redirection attack AS1 AS2 AS4 AS5 AS6 AS3 BGP Announcements 18
50 Traffic redirection attack AS1 AS2 AS4 AS5 AS6 AS Paths at AS6: : 5, 4, 2, 1 : 3, 2, 1 AS3 Trafficflow BGP Announcements 18
51 Traffic redirection attack AS1 AS2 Attackee Attacker Trafficflow BGP Announcements AS4 AS5 AS6 AS3 Community Target AS Paths at AS6: : 5, 4, 2, 1 : 3, 2, 1 18
52 Traffic redirection attack AS4 AS5 AS1 AS2 AS6 Attackee Attacker AS3 AS3:3x Trafficflow Community Target BGP Announcements AS Paths at AS6: : 5, 4, 2, 1 : 3, 3, 3, 2, 1 Attacker AS2 uses community to add ath-reending in AS3 18
53 Traffic redirection attack AS4 AS5 AS1 AS2 AS6 Attackee Attacker AS3 AS3:3x Trafficflow Community Target BGP Announcements AS Paths at AS6: : 5, 4, 2, 1 : 3, 3, 3, 2, 1 Attacker AS2 uses community to add ath-reending in AS3 AS6 routes traffic towards refix via AS5, AS4 18
54 Traffic redirection attack AS4 AS5 AS1 AS2 AS6 Attackee Attacker AS3 AS3:3x Trafficflow Community Target BGP Announcements AS Paths at AS6: : 5, 4, 2, 1 : 3, 3, 3, 2, 1 Attacker AS2 uses community to add ath-reending in AS3 AS6 routes traffic towards refix via AS5, AS4 18
55 Traffic redirection attack AS4 </> AS1 AS2 AS6 Attackee Attacker AS3 AS3:3x Trafficflow Community Target BGP Announcements AS5 AS Paths at AS6: : 5, 4, 2, 1 : 3, 3, 3, 2, 1 Attacker AS2 uses community to add ath-reending in AS3 AS6 routes traffic towards refix via AS5, AS4 Network ta? 18
56 Traffic redirection attack AS4 AS5 AS1 AS2 AS6 Attackee Attacker AS3 AS3:3x Trafficflow Community Target BGP Announcements AS Paths at AS6: : 5, 4, 2, 1 : 3, 3, 3, 2, 1 Attacker AS2 uses community to add ath-reending in AS3 AS6 routes traffic towards refix via AS5, AS4 Network ta? Slow/Congested link?... 18
57 Discussion: What now?
58 BGP Communities Shortcomings Summarized Notation of ASN:value is just convention No defined semantics: values can mean anything Used both for signaling and triggering of actions No crytograhic rotection Attribution is imossible Large Communities have, in rincile, similar limitations 19
59 20
60 BGP Communities: The Problem BGP Communities as they are used are not necessarily broken Secure usage requires good oerational knowledge and diligence 21
61 BGP Communities: The Problem BGP Communities as they are used are not necessarily broken Secure usage requires good oerational knowledge and diligence While eole in this room robably know what they are doing: Based on exerience we do not rely on that globally... Do we need less fragile rotocols and mechanisms? 21
62 Recommendations Filter incoming Informational Communities for your ASN Publish community documentation, to enable others to filter Monitor and log received communities to track abuse Talk to your Downstreams, so they filter Action Communities for your ASN on ingress if neccessary Provide a looking glass (that shows communties!) 22
63 Discussion: Authenticity Communities can be modified, added, removed by every AS No attribution is ossible No crytograhic rotection Still oerators rely on their correctness Large communities artially imrove the situation How can we achieve authenticity, or at least attribution? 23
64 Discussion: Transitivity Communities can hel in debugging Easy, low overhead communication channel Widely in use, but often only 1-2 hos But: High risk of being abused! Are fully transitive communities still worth the clear risk? 24
65 Discussion: Monitoring There is no global state in BGP Route collectors only see the end-result Inferring modifications between origin-as and collector: almost imossible The meaning of a articular community can not be known No universal way for attribution of changes Monitoring communities to detect abuse is extremely difficult. 25
66 Discussion: Standards There are limited standardized communities Many AS do not imlement these Is the lack of standardized communities a roblem? Are standards doing harm, by heling attackers? Security by obscurity never works Standardization is necessary. 26
67 Discussion: Documentation There is no easy way to find meaning of a community: Some ASes document in the whois Some ASes document on their website Some ASes rovide documentation only to customers Some ASes do not rovide any documentation Documentation is limited and fragmented. 27
68 Summary But: Communities are widely in use Foundation of many olicies Relies heavily on mutual trust in caabilities No authenticity/security in lace Attribution is imossible Hard to detect attacks While our refix hijacks were reorted, no one reorted our community attacks It s unknown if there are other unnoticed attacks. 28
69 Get the rerint at: htts://eole.mi-inf.mg.de/~fstreibelt/rerint/ communities-imc2018.df Published at ACM IMC 2018 htts://conferences.sigcomm.org/imc/2018/ 29
70 30
71 Contact: Florian Streibelt Images: Unicorn illustrations: Telegram stickers by Darya Ogneva: htts://tlgrm.eu/stickers/borntobeaunicorn The Sanish Inquisition: by Miki Montllo htt://miquelmontllo.blogsot.com/2013/10/ the-sanish-inquisition-wallaer.html 31
BGP Communities: Even more Worms in the Routing Can
BGP Communities: Even more Worms in the Routing Can Florian Streibelt Max Planck Institute for Informatics Anja Feldmann Max Planck Institute for Informatics Franziska Lichtblau Max Planck Institute for
More informationIllegitimate Source IP Addresses At Internet Exchange Points
Illegitimate Source IP Addresses At Internet Exchange Points @ DENOG8, Darmstadt Franziska Lichtblau, Florian Streibelt, Philipp Richter, Anja Feldmann 23.11.2016 Internet Network Architectures, TU Berlin
More informationOngoing stories in Inter-domain routing. (Some of them)
Ongoing stories in Inter-domain routing (Some of them) Pierre.Francois@imdea.org Recommendation for a smooth afternoon Talks given to ISPs, router vendors, and one CDN No rocket science maybe not in your
More informationBGP Path visibility issues.
BGP Path visibility issues Pierre.Francois@UCLouvain.be ToC ibgp draft-ietf-idr-add-aths Why doing Add-aths draft-ietf-idr-add-aths-guidelines (draft-uttaro-idr-add-aths-guidelines) Why only a small subset
More informationRecord Route IP Traceback: Combating DoS Attacks and the Variants
Record Route IP Traceback: Combating DoS Attacks and the Variants Abdullah Yasin Nur, Mehmet Engin Tozal University of Louisiana at Lafayette, Lafayette, LA, US ayasinnur@louisiana.edu, metozal@louisiana.edu
More informationhttps://spoofer.caida.org/
Software Systems for Surveying Spoofing Susceptibility Matthew Luckie, Ken Keys, Ryan Koga, Bradley Huffaker, Robert Beverly, kc claffy https://spoofer.caida.org/ DDoS PI meeting, March 9 2017 www.caida.o
More informationSoftware Systems for Surveying Spoofing Susceptibility
Software Systems for Surveying Spoofing Susceptibility Matthew Luckie, Ken Keys, Ryan Koga, Bradley Huffaker, Robert Beverly, kc claffy https://spoofer.caida.org/ AusNOG 2016, September 2nd 2016 www.caida.o
More informationHardening IPv6 Network Devices
Hardening IPv6 Network Devices ISP Workshos These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (htt://creativecommons.org/licenses/by-nc/4.0/) Last
More informationBGP Routing Table Report
BGP Routing Table Report View of the routing table between 2006-2016 Objective Analyse changes in global routing table between 2006 to 2016 Analysis is along: 1. Top 5 well connected ASNs 2. Growth of
More informationControl plane and data plane. Computing systems now. Glacial process of innovation made worse by standards process. Computing systems once upon a time
Classical work Architecture A A A Intro to SDN A A Oerating A Secialized Packet A A Oerating Secialized Packet A A A Oerating A Secialized Packet A A Oerating A Secialized Packet Oerating Secialized Packet
More informationA Measurement Study of Internet Bottlenecks
A Measurement Study of Internet Bottlenecks Ningning Hu, Li (Erran) Li y, Zhuoqing Morley Mao z, Peter Steenkiste and Jia Wang x Carnegie Mellon University, Email: fhnn, rsg@cs.cmu.edu y Bell Laboratories,
More informationAaron Johnson*, Rob Jansen, Nicholas Hopper, Aaron Segal, and Paul Syverson PeerFlow: Secure Load Balancing in Tor
Proceedings on Privacy Enhancing Technologies ; 2017 (2):74 94 Aaron Johnson*, Rob Jansen, Nicholas Hoer, Aaron Segal, and Paul Syverson PeerFlow: Secure Load Balancing in Tor Abstract: We resent PeerFlow,
More informationInferring BGP Blackholing in the Internet
Inferring BGP Blackholing in the Internet Vasileios Giotsas, Georgios Smaragdakis, Christoph Dietzel, Philipp Richter, Anja Feldmann, and Arthur Berger TU Berlin CAIDA MIT DE-CIX Akamai DDoS A&acks are
More informationBGP Add-Paths. Pierre Francois Institute IMDEA Networks
BGP Add-Paths Pierre Francois Institute IMDEA Networks Pierre.Francois@imdea.org ToC Data-lane evolution : BGP PIC Control-lane evolution : BGP Add-aths BGP PIC Sub-second data-lane convergence Fast switchover
More informationhas been retired This version of the software Sage Timberline Office Get Started Document Management 9.8 NOTICE
This version of the software has been retired Sage Timberline Office Get Started Document Management 9.8 NOTICE This document and the Sage Timberline Office software may be used only in accordance with
More informationResilient Availability and Bandwidth-aware Multipath Provisioning for Media Transfer Over the Internet
Resilient Availability and Bandwidth-aware Multiath Provisioning for Media Transfer Over the Internet Sahel Sahhaf, Wouter Tavernier, Didier Colle, Mario Pickavet Ghent University - iminds Email: sahel.sahhaf@intec.ugent.be
More informationSoftware Systems for Surveying Spoofing Susceptibility
Software Systems for Surveying Spoofing Susceptibility Matthew Luckie, Ken Keys, Ryan Koga, Bradley Huffaker, Robert Beverly, kc claffy https://spoofer.caida.org/ NANOG68, October 18th 2016 www.caida.o
More informationThe Scalability and Performance of Common Vector Solution to Generalized Label Continuity Constraint in Hybrid Optical/Packet Networks
The Scalability and Performance of Common Vector Solution to Generalized abel Continuity Constraint in Hybrid Otical/Pacet etwors Shujia Gong and Ban Jabbari {sgong, bjabbari}@gmuedu George Mason University
More informationComparing IS-IS and OSPF
Comaring IS-IS and OSPF ISP Workshos These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (htt://creativecommons.org/licenses/by-nc/4.0/) Last udated
More informationA Measurement Study of BGP Misconfiguration
A Measurement Study of BGP Misconfiguration Ratul Mahajan, David Wetherall, and Tom Anderson University of Washington Motivation Routing protocols are robust against failures Meaning fail-stop link and
More informationCollective responsibility for security and resilience of the global routing system
Collective responsibility for security and resilience of the global routing system Phil Roberts roberts@isoc.org Andrei Robachevsky www.internetsociety.org Let us look at the problem
More informationPeering at Peerings: On the Role of IXP Route Servers
Peering at Peerings: On the Role of IXP Route Servers Contact: Philipp Richter (prichter@inet.tu-berlin.de) Paper: net.t-labs.tu-berlin.de/~prichter/imc238-richtera.pdf Philipp Richter TU Berlin Nikolaos
More informationBGP Made Easy. John van Oppen NANOG PTC January 15th 2017
BGP Made Easy John van Oppen NANOG OTR @ PTC January 15th 2017 What is BGP Snarky answer: RFC-4271 BGP is an Exterior gateway protocol, the only one used on the public Internet and is used for inter-autonomous
More informationActive BGP Probing. Lorenzo Colitti. Roma Tre University RIPE NCC
Active BGP Probing Lorenzo Colitti Roma Tre University RIPE NCC Lorenzo Colitti. RIPE 50, 5 May 2005. colitti@dia.uniroma3.it lorenzo@ripe.net 1 Agenda Our techniques Primitives Applications Results Operational
More informationImplementation of RPKI and IRR filtering on the AMS-IX platform. Stavros Konstantaras NOC Engineer
Implementation of RPKI and IRR filtering on the AMS-IX platform Stavros Konstantaras NOC Engineer RIPE EDUCA 2018 Agenda AMS-IX Route Servers Architecture Features Filtering IRRdb RPKI BGP Communities
More informationStatistical Detection for Network Flooding Attacks
Statistical Detection for Network Flooding Attacks C. S. Chao, Y. S. Chen, and A.C. Liu Det. of Information Engineering, Feng Chia Univ., Taiwan 407, OC. Email: cschao@fcu.edu.tw Abstract In order to meet
More informationAn introduction to BGP security
An introduction to BGP security Marco d Itri @rfc1036 Seeweb s.r.l. Albanian Network Operators Group meeting - 14 November 2018 Internet: independent networks exchanging traffic The Internet
More informationCollective responsibility for security and resilience of the global routing system
Collective responsibility for security and resilience of the global routing system Andrei Robachevsky www.internetsociety.org Let us look at the problem first BGP is based on trust
More informationBGP Community Harvesting: Locating Peering Infrastructures
Community Harvesting: Locating Peering Infrastructures Vasileios Giotsas, Christoph Dietzel, Georgios Smaragdakis, Anja Feldmann, Arthur Berger, Emile Aben # TU Berlin CAIDA DE-CIX MIT Akamai # RIPE NCC
More informationIPv6 routing table Introduction 1. Impressions. An overview of the global IPv6 routing table. September 3, 2003 RIPE 46, Amsterdam
IPv6 routing table Introduction 1 Impressions An overview of the global IPv6 routing table Gert Döring, SpaceNet AG, Munich September 3, 2003 RIPE 46, Amsterdam IPv6 routing table Overview 2 Overview what
More informationDetecting Peering Infrastructure Outages
Detecting Peering Infrastructure Outages ENOG14, Minsk Vasileios Giotsas, Christoph Dietzel, Georgios Smaragdakis, Anja Feldmann, Arthur Berger, Emile Aben # TU Berlin CAIDA DE-CIX MIT Akamai # RIPE NCC
More informationThe real-time Internet routing observatory. Luca Sani RIPE Meeting 77 Amsterdam, NL October 15 th, 2018
The real-time Internet routing observatory Luca Sani RIPE Meeting 77 Amsterdam, NL October 15 th, 2018 Isolario project Objective: foster ASes to share their BGP data The more the ASes, the more the completeness
More informationBGP route filtering and advanced features
2015/07/23 23:33 1/13 BGP route filtering and advanced features BGP route filtering and advanced features Objective: Using the network configured in Module 6, use various configuration methods on BGP peerings
More informationBGP and inter-as economic relationships
BGP and inter-as economic relationships E. Gregori 1, A. Improta 2,1, L. Lenzini 2, L. Rossi 1, L. Sani 3 1 Institute of Informatics and Telematics, Italian National Research Council Pisa, Italy 2 Information
More informationA Study of Protocols for Low-Latency Video Transport over the Internet
A Study of Protocols for Low-Latency Video Transort over the Internet Ciro A. Noronha, Ph.D. Cobalt Digital Santa Clara, CA ciro.noronha@cobaltdigital.com Juliana W. Noronha University of California, Davis
More informationSecurity in inter-domain routing
DD2491 p2 2011 Security in inter-domain routing Olof Hagsand KTH CSC 1 Literature Practical BGP pages Chapter 9 See reading instructions Beware of BGP Attacks (Nordström, Dovrolis) Examples of attacks
More informationAUTOMATIC GENERATION OF HIGH THROUGHPUT ENERGY EFFICIENT STREAMING ARCHITECTURES FOR ARBITRARY FIXED PERMUTATIONS. Ren Chen and Viktor K.
inuts er clock cycle Streaming ermutation oututs er clock cycle AUTOMATIC GENERATION OF HIGH THROUGHPUT ENERGY EFFICIENT STREAMING ARCHITECTURES FOR ARBITRARY FIXED PERMUTATIONS Ren Chen and Viktor K.
More informationPrivacy Preserving Moving KNN Queries
Privacy Preserving Moving KNN Queries arxiv:4.76v [cs.db] 4 Ar Tanzima Hashem Lars Kulik Rui Zhang National ICT Australia, Deartment of Comuter Science and Software Engineering University of Melbourne,
More informationIntroduction. Keith Barker, CCIE #6783. YouTube - Keith6783.
Understanding, Implementing and troubleshooting BGP 01 Introduction http:// Instructor Introduction Keith Barker, CCIE #6783 CCIE Routing and Switching 2001 CCIE Security 2003 kbarker@ine.com YouTube -
More informationComparing IS-IS and OSPF
Comaring IS-IS and OSPF ISP Workshos Last udated 8 th Setember 2016 1 Comaring IS-IS and OSPF Both are Link State Routing Protocols using the Dijkstra SPF Algorithm So what s the difference then? And why
More informationProtecting Mobile Agents against Malicious Host Attacks Using Threat Diagnostic AND/OR Tree
Protecting Mobile Agents against Malicious Host Attacks Using Threat Diagnostic AND/OR Tree Magdy Saeb, Meer Hamza, Ashraf Soliman. Arab Academy for Science, Technology & Maritime Transort Comuter Engineering
More informationReview for Chapter 4 R1,R2,R3,R7,R10,R11,R16,R17,R19,R22,R24, R26,R30 P1,P2,P4,P7,P10,P11,P12,P14,P15,P16,P17,P22,P24,P29,P30
Review for Chapter 4 R1,R2,R3,R7,R10,R11,R16,R17,R19,R22,R24, R26,R30 P1,P2,P4,P7,P10,P11,P12,P14,P15,P16,P17,P22,P24,P29,P30 R1. Let s review some of the terminology used in this textbook. Recall that
More informationMeasuring RPKI Route Origin Validation in the Wild
Master Thesis Measuring RPKI Route Origin Validation in the Wild Andreas Reuter Matr. 4569130 Supervisor: Prof. Dr. Matthias Wählisch Institute of Computer Science, Freie Universität Berlin, Germany January
More informationSingle Versus Multi-hop Wireless Reprogramming in Sensor Networks
Purdue University Purdue e-pubs ECE Technical Reorts Electrical and Comuter Engineering 2-3-28 Single Versus Multi-ho Wireless Rerogramming in Sensor Networks Rajesh Krishna Panta Purdue Universitiy, ranta@urdue.edu
More informationIPv6 routing table Introduction 1. Impressions. An overview of the global IPv6 routing table. January 27th, 2004 RIPE 47, Amsterdam
IPv6 routing table Introduction 1 Impressions An overview of the global IPv6 routing table Gert Döring, SpaceNet AG, Munich January 27th, 2004 RIPE 47, Amsterdam IPv6 routing table Overview 2 Overview
More informationRAPTOR: Routing Attacks on Privacy in Tor. Yixin Sun. Princeton University. Acknowledgment for Slides. Joint work with
RAPTOR: Routing Attacks on Privacy in Tor Yixin Sun Princeton University Joint work with Annie Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, Prateek Mittal Acknowledgment for Slides
More informationAn Indexing Framework for Structured P2P Systems
An Indexing Framework for Structured P2P Systems Adina Crainiceanu Prakash Linga Ashwin Machanavajjhala Johannes Gehrke Carl Lagoze Jayavel Shanmugasundaram Deartment of Comuter Science, Cornell University
More informationInteractive Collector Engine. Luca Sani
Interactive Collector Engine Luca Sani luca.sani@iit.cnr.it BGP route collectors Route collectors (RCs) are devices which collects BGP routing data from co-operating ASes A route collector Maintains a
More informationUnderstanding BGP Miscounfiguration
Understanding Archana P Student of Department of Electrical & Computer Engineering Missouri University of Science and Technology appgqb@mst.edu 16 Feb 2017 Introduction Background Misconfiguration Outline
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department of Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Chair for Network Architectures and
More informationPREDICTING LINKS IN LARGE COAUTHORSHIP NETWORKS
PREDICTING LINKS IN LARGE COAUTHORSHIP NETWORKS Kevin Miller, Vivian Lin, and Rui Zhang Grou ID: 5 1. INTRODUCTION The roblem we are trying to solve is redicting future links or recovering missing links
More informationEDGE: A ROUTING ALGORITHM FOR MAXIMIZING THROUGHPUT AND MINIMIZING DELAY IN WIRELESS SENSOR NETWORKS
EDGE: A ROUTING ALGORITHM FOR MAXIMIZING THROUGHPUT AND MINIMIZING DELAY IN WIRELESS SENSOR NETWORKS Shuang Li, Alvin Lim, Santosh Kulkarni and Cong Liu Auburn University, Comuter Science and Software
More informationBGP. Autonomous system (AS) BGP version 4
BGP Border Gateway Protocol (an introduction) dr. C. P. J. Koymans Informatics Institute University of Amsterdam March 11, 2008 General ideas behind BGP Background Providers, Customers and Peers External
More informationRouting and router security in an operator environment
DD2495 p4 2011 Routing and router security in an operator environment Olof Hagsand KTH CSC 1 Router lab objectives A network operator (eg ISP) needs to secure itself, its customers and its neighbors from
More informationA strategy for IPv6 adoption
A strategy for IPv6 adoption Lorenzo Colitti lorenzo@google.com Why IPv6? When the day comes that users only have IPv6, Google needs to be there If we can serve our users better over IPv6, we will IPv6
More informationBGP. Autonomous system (AS) BGP version 4
BGP Border Gateway Protocol (an introduction) Karst Koymans Informatics Institute University of Amsterdam (version 1.5, 2011/03/06 13:35:28) Monday, March 7, 2011 General ideas behind BGP Background Providers,
More informationIPv6 Module 7 BGP Route Filtering and Advanced Features
IPv6 Module 7 BGP Route Filtering and Advanced Features Objective: Using the network configured in Module 6, use various configuration methods on BGP peerings to demonstrate neighbour filtering and more
More informationControl Plane Protection
Control Plane Protection Preventing accidentally on purpose We really talking about making sure routers do what we expect. Making sure the route decision stays under our control. Layer 2 Attacks ARP injections
More informationJumpstarting BGP Security. Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira
Jumpstarting BGP Security Yossi Gilad Joint work with: Avichai Cohen, Amir Herzberg, and Michael Schapira Prefix hijacking Victim Path: 111 AS X AS 111 Boston University BGP Ad. AS 666 Data flow 2 Prefix
More informationSensitivity Analysis for an Optimal Routing Policy in an Ad Hoc Wireless Network
1 Sensitivity Analysis for an Otimal Routing Policy in an Ad Hoc Wireless Network Tara Javidi and Demosthenis Teneketzis Deartment of Electrical Engineering and Comuter Science University of Michigan Ann
More informationA Multi-Perspective Analysis of Carrier-Grade NAT Deployment
A Multi-Perspective Analysis of Carrier-Grade NAT Deployment Philipp Richter, Florian Wohlfart, Narseo Vallina-Rodriguez, Mark Allman, Randy Bush, Anja Feldmann, Christian Kreibich, Nicholas Weaver, and
More informationNew Techniques for Making Transport Protocols Robust to Corruption-Based Loss
New Techniques for Making Transort Protocols Robust to Corrution-Based Loss Wesley M. Eddy NASA GRC / Verizon weddy@grc.nasa.gov Shawn Ostermann Ohio University ostermann@eecs.ohiou.edu Mark Allman ICSI
More informationProblem. BGP is a rumour mill.
Problem BGP is a rumour mill. We want to give it a bit more authorita We think we have a model AusNOG-03 2009 IP ADDRESS AND ASN CERTIFICATION TO IMPROVE ROUTING SECURITY George Michaelson APNIC R&D ggm@apnic.net
More informationVardah and routing aftermath
Vardah and routing aftermath Sept 2017 HKNOG 5.0 Hong Kong Anurag Bhatia Hurricane Electric (AS6939) Vardah Cyclone - Dec 2016 What is Vardah? A major cyclone impacting South Asia including India, Sri
More informationDetecting routing anomalies using RIPE Atlas
Detecting routing anomalies using RIPE Atlas Todor Yakimov Graduate School of Informatics University of Amsterdam Wednesday, February 5, 2014 Todor Yakimov (UvA) Detecting routing anomalies using RIPE
More information4-Byte AS Numbers. The view from the Old BGP world. Geoff Huston February 2007 APNIC
4-Byte AS Numbers The view from the Old BGP world Geoff Huston February 2007 APNIC AS Number Consumption AS Number Consumption IANA Pool You are here Projections Total AS Count Advertised AS Count Unadvertised
More informationMANRS: Mutually Agreed Norms for Routing Security Routing is at Risk Let s secure it together!
15 October 2018 Internet2 Technology Exchange MANRS: Mutually Agreed Norms for Routing Security Routing is at Risk Let s secure it together! Kevin Meynell Manager, Technical & Operational Engagement meynell@isoc.org
More informationThe Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery
The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery Evan Cooke *, Michael Bailey *, Farnam Jahanian *, Richard Mortier *University of Michigan Microsoft Research - 1 - NSDI 2006
More informationBGP Route Hijacking - What Can Be Done Today?
BGP Route Hijacking - What Can Be Done Today? Version 1.2 Barry Raveendran Greene Principle Architect Carrier, Enterprise & Security bgreene@akamai.com @Akamai BGP - the Core Protocol that Glues all of
More informationModule 3 BGP route filtering and advanced features
ISP/IXP Networking Workshop Lab Module 3 BGP route filtering and advanced features Objective: Using the network configured in Module 2, use various configuration methods on BGP peerings to demonstrate
More informationRouting Security We can do better!
Routing Security We can do better! And how MANRS can help Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 90 60 Hijack Leak 30 0 1/5/17 1/16/17 1/27/17
More informationHow Secure are. BGP Security Protocols? Sharon Goldberg Microsoft Research & Boston University. Michael Schapira. Pete Hummon AT&T Research
How Secure are NANOG 49, San Francisco Tuesday June 15 2010 BGP Security Protocols? Sharon Goldberg Microsoft Research & Boston University Michael Schapira Princeton University Yale & Berkeley Pete Huon
More informationThis version of the software
Sage Estimating (SQL) (formerly Sage Timberline Estimating) SQL Server Guide Version 16.11 This is a ublication of Sage Software, Inc. 2015 The Sage Grou lc or its licensors. All rights reserved. Sage,
More informationImproving Trust Estimates in Planning Domains with Rare Failure Events
Imroving Trust Estimates in Planning Domains with Rare Failure Events Colin M. Potts and Kurt D. Krebsbach Det. of Mathematics and Comuter Science Lawrence University Aleton, Wisconsin 54911 USA {colin.m.otts,
More informationMANRS. Mutually Agreed Norms for Routing Security. Aftab Siddiqui
MANRS Mutually Agreed Norms for Routing Security Aftab Siddiqui siddiqui@isoc.org The Problem A Routing Security Overview 2 Routing Incidents are Increasing In 2017 alone, 14,000 routing outages or attacks
More informationResource Certification. Alex Band, Product Manager DENIC Technical Meeting
Resource Certification Alex Band, Product Manager DENIC Technical Meeting Internet Routing Routing is non-hierarchical, open and free Freedom comes at a price: - You can announce any address block on your
More informationExperience with SPM in IPv6
Experience with SPM in IPv6 Mingjiang Ye, Jianping Wu, and Miao Zhang Department of Computer Science, Tsinghua University, Beijing, 100084, P.R. China yemingjiang@csnet1.cs.tsinghua.edu.cn {zm,jianping}@cernet.edu.cn
More informationBGP Route Leaks Analysis
BGP Route Leaks Analysis Benjamin Wijchers Faculty of Exact Sciences, department of Computer Science Vrije Universiteit Amsterdam December 3, 2014 Supervisors: Dr. Benno Overeinder (NLnetLabs) Dr. Paola
More informationα i k (βi k ) Request ratio of rank-k chunks (a specific chunk) at node v i g i k Size of set Ck S i Cache size of node v i
ing Hierarchical Caches in Content-Centric Networs Zixiao Jia,PengZhang,JiweiHuang,ChuangLin, and John C. S. Lui Tsinghua National Laboratory for Information Science and Technology Det. of Comuter Science
More informationInternet-Draft Intended status: Standards Track July 4, 2014 Expires: January 5, 2015
Network Working Group M. Lepinski, Ed. Internet-Draft BBN Intended status: Standards Track July 4, 2014 Expires: January 5, 2015 Abstract BGPSEC Protocol Specification draft-ietf-sidr-bgpsec-protocol-09
More informationBGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)
BGP Border Gateway Protocol (an introduction) Karst Koymans Informatics Institute University of Amsterdam (version 310, 2014/03/11 10:50:06) Monday, March 10, 2014 General ideas behind BGP Background Providers,
More informationWhat is an Internet exchange Point (IXP)?
What is an IXP? What is an Internet exchange Point (IXP)? The Internet is an interconnection of networks Each controlled by separate entities Generally called Internet Service Providers (ISPs) Grouped
More informationMultihoming Complex Cases & Caveats
Multihoming Complex Cases & Caveats ISP Workshops Last updated 6 October 2011 Complex Cases & Caveats p Complex Cases n Multiple Transits n Multi-exit backbone n Disconnected Backbone n IDC Multihoming
More informationSage Document Management Version 17.1
Sage Document Management Version 17.1 User's Guide This is a ublication of Sage Software, Inc. 2017 The Sage Grou lc or its licensors. All rights reserved. Sage, Sage logos, and Sage roduct and service
More informationEquality-Based Translation Validator for LLVM
Equality-Based Translation Validator for LLVM Michael Ste, Ross Tate, and Sorin Lerner University of California, San Diego {mste,rtate,lerner@cs.ucsd.edu Abstract. We udated our Peggy tool, reviously resented
More informationMANRS. Mutually Agreed Norms for Routing Security. Jan Žorž
MANRS Mutually Agreed Norms for Routing Security Jan Žorž The Problem A Routing Security Overview 2 No Day Without an Incident http://bgpstream.com/ 3 Routing Incidents Cause Real World
More informationPractical everyday BGP filtering with AS_PATH filters: Peer Locking
Practical everyday BGP filtering with AS_PATH filters: Peer Locking job@ntt.net Disclaimer: ISPs and their ASNs used in this talk are examples for discussion purpose only. NTT does not admit or deny any
More informationModule 16 An Internet Exchange Point
ISP Workshop Lab Module 16 An Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 12 and 13, and the Exchange Points Presentation
More informationVirtualized PE for BGP/MPLS L3-VPN using Open-Source Software
Virtualized PE for BGP/MPLS L3-VPN using Oen-Source Software NANOG 74 (October 2018) Bilal Anwer, Robert Bays, Vijay Goalakrishnan, Bo Han, Dewi Morgan, Patrick Ruddy, Aman Shaikh, Susheela Vaidya, Chengwei
More informationInterdomain routing CSCI 466: Networks Keith Vertanen Fall 2011
Interdomain routing CSCI 466: Networks Keith Vertanen Fall 2011 Overview Business relationships between ASes Interdomain routing using BGP Advertisements Routing policy Integration with intradomain routing
More informationSkip List Based Authenticated Data Structure in DAS Paradigm
009 Eighth International Conference on Grid and Cooerative Comuting Ski List Based Authenticated Data Structure in DAS Paradigm Jieing Wang,, Xiaoyong Du,. Key Laboratory of Data Engineering and Knowledge
More informationModule 10 An IPv6 Internet Exchange Point
ISP/IXP Networking Workshop Lab Module 10 An IPv6 Internet Exchange Point Objective: To investigate methods for connecting to an Internet Exchange Point. Prerequisites: Modules 1 to 4, and the Exchange
More informationBGP Origin Validation
BGP Origin Validation ISP Workshops These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Last updated
More informationOn the Characteristics of BGP Multiple Origin AS Conflicts
1 On the Characteristics of BGP Multiple Origin AS Conflicts Kwan-Wu Chin School of Electrical, Computer and Telecommunications Engineering University of Wollongong Northfields Avenue, NSW, Australia kwanwu@uow.edu.au
More informationLARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF
LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF MODULE 05 MULTIPROTOCOL LABEL SWITCHING (MPLS) AND LABEL DISTRIBUTION PROTOCOL (LDP) 1 by Xantaro IP Routing In IP networks, each router makes an independent
More informationThe Impact of Router Outages on the AS-Level Internet
The Impact of Router Outages on the AS-Level Internet Matthew Luckie* - University of Waikato Robert Beverly - Naval Postgraduate School *work started while at CAIDA, UC San Diego SIGCOMM 2017, August
More informationBGP Add-Paths. Hundreds of proposals hiding behind one...
BGP Add-Paths Hundreds of roosals hiding behind one... Pierre.Francois@UCLouvain.be ToC draft-ietf-idr-add-aths Why doing Add-aths draft-ietf-idr-add-aths-guidelines (draft-uttaro-idr-add-aths-guidelines)
More informationBGP Policy violations in the data-plane
BGP Policy violations in the data-plane Pierre Francois, Institute IMDEA Networks Paolo Lucente, PMACCT pierre.francois@imdea.org paolo@pmacct.net Agenda Two well-known facts about routing... leading to
More informationThe Origin of BGP Duplicates
David Hauweele, Bruno Quoitin, Cristel Pelsser, Randy Bush To cite this version: David Hauweele, Bruno Quoitin, Cristel Pelsser, Randy Bush. The Origin of BGP Duplicates. CoRes 2016, May 2016, Bayonne,
More informationDecentralized Internet Resource Trust Infrastructure
Decentralized Internet Resource Trust Infrastructure Bingyang Liu, Fei Yang, Marcelo Bagnulo, Zhiwei Yan, and Qiong Sun Huawei UC3M CNNIC China Telecom 1 Critical Internet Trust Infrastructures are Centralized
More information