The BGP Visibility Scanner

Similar documents
The BGP Visibility Scanner

The BGP Visibility Scanner

Understanding the Reachability of IPv6 Limited Visibility Prefixes

UNIVERSIDAD CARLOS III DE MADRID TESIS DOCTORAL. A system for the Detection of Limited Visibility in BGP

IPv4/IPv6 BGP Routing Workshop. Organized by:

The Dark Oracle: Perspective-Aware Unused and Unreachable Address Discovery

The real-time Internet routing observatory. Luca Sani RIPE Meeting 77 Amsterdam, NL October 15 th, 2018

Feedback from RIPE NCC Registration Services. Alex Le Heux - RIPE NCC RIPE62, May 2011, Amsterdam

Update on Resource Certification. Geoff Huston, APNIC Mark Kosters, ARIN IEPG, March 2008

How Complete and Accurate is the Internet Routing Registry (IRR)?

Simple Multihoming. ISP Workshops. Last updated 9 th December 2015

Simple Multihoming. ISP Workshops. Last updated 25 September 2013

IPv6 routing table Introduction 1. Impressions. An overview of the global IPv6 routing table. January 27th, 2004 RIPE 47, Amsterdam

BGP Multihoming Techniques

BGP101. Howard C. Berkowitz. (703)

A Day in the Life of an Address. Bill Fenner AT&T Labs - Research IETF Routing Area Director

BGP Multihoming ISP/IXP Workshops

BGP Multihoming. ISP/IXP Workshops

BGP Multihoming Techniques


BGP Multihoming Techniques

BGP Multihoming Techniques

Routing Control at Peering Points. HKNOG 0.1 Raphael Ho

Interdomain Routing Reading: Sections P&D 4.3.{3,4}

BGP Multihoming Techniques

Simple Multihoming. ISP Workshops

Are We Growing Fast Enough?

Network Layer (Routing)

RIPE Labs Operator Tools, Ideas, Analysis

TTM AS-level Traceroutes

Active BGP Measurement with BGP-Mux. Ethan Katz-Bassett (USC) with testbed and some slides hijacked from Nick Feamster and Valas Valancius

BGP Multihoming Techniques

IPv4 Address Report. This report generated at 12-Mar :24 UTC. IANA Unallocated Address Pool Exhaustion: 03-Feb-2011

BGP Configuration for a Transit ISP

Internet Routing Table Analysis Update. Philip Smith MENOG 5, Beirut, 29th October 2009

IPv6 routing table Introduction 1. Impressions. An overview of the global IPv6 routing table. September 3, 2003 RIPE 46, Amsterdam

Feedback From RIPE NCC Registration Services. Andrea Cima 24 October 2017 RIPE 75

BGP and inter-as economic relationships

Measuring IPv6 Adoption in Africa

Interdomain Routing Reading: Sections K&R EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277)

A Measurement Study of BGP Misconfiguration

BGP Origin Validation (RPKI)

Module 16 An Internet Exchange Point

Problem. BGP is a rumour mill.

Multihoming Techniques. bdnog8 May 4 8, 2018 Jashore, Bangladesh.

The Contemporary Internet p. 3 Evolution of the Internet p. 5 Origins and Recent History of the Internet p. 5 From ARPANET to NSFNET p.

Investigating occurrence of duplicate updates in BGP announcements

IPv6 Module 16 An IPv6 Internet Exchange Point

Internet Routing Table Analysis Update. Philip Smith SANOG 9 Colombo, January 2007

BGP Routing Table Report

BGP Made Easy. John van Oppen NANOG PTC January 15th 2017

Implementation of RPKI and IRR filtering on the AMS-IX platform. Stavros Konstantaras NOC Engineer

the real-time Internet routing observatory Luca Sani

Current Policy Topics A World Wide View

DailyCatch: A Provider-centric View of Anycast Behaviour

Using BGP Communities

Update from the RIPE NCC

IPv6 Allocation and Policy Update. Global IPv6 Summit in China 2007 April 12, 2007 Guangliang Pan

Enhanced Feasible-Path Unicast Reverse Path Filtering draft-sriram-opsec-urpf-improvements-01

Are We Growing Fast Enough?

EE 122: Inter-domain routing Border Gateway Protocol (BGP)

PART III. Implementing Inter-Network Relationships with BGP

Have We Reached 1000 Prefixes Yet?

Routing and RFC AKA using BGP communities to influence routing

BGP Multihoming Techniques. Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India

Using BGP Communities

3/10/2011. Copyright Link Technologies, Inc.

Have We Reached 1000 Prefixes Yet?

EULER Project Path-Vector Routing Stability Analysis

BGP. Autonomous system (AS) BGP version 4

Routing in Geoff Huston Chief Scientist, APNIC

Understanding IPv6 Internet Background Radia6on

Preventing the unnecessary propagation of BGP withdraws

BGP. Autonomous system (AS) BGP version 4

BGP Attributes and Path Selection

Discovering Interdomain Prefix Propagation using Active Probing

BGP. Autonomous system (AS) BGP version 4

Security in inter-domain routing

Measuring RPKI Route Origin Validation in the Wild

A framework for BGP data analysis

PKI-An Operational Perspective. NANOG 38 ARIN XVIII October 10, 2006

Internet Routing Protocols Lecture 03 Inter-domain Routing

BGP Multihoming Techniques Philip Smith NANOG October 2005 Los Angeles

Collaborative Verification of Forward and Reverse Reachability in the Internet Data Plane

News from RIPE NCC, RIPE, and IPv6. Vesna Manojlovic, RIPE NCC ES.NOG / GORE 3, Madrid 11 May 2009

BGP Tutorial Part 3 Multihoming

Illegitimate Source IP Addresses At Internet Exchange Points

Understanding BGP Miscounfiguration

BGP Multihoming Techniques. Philip Smith APRICOT February 2009 Manila, Philippines

BGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)

BGP and the Internet

Sink Holes, Dark IP, and HoneyNets

Networking 101 ISP/IXP Workshops

BGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)

Inter-Domain Routing: BGP

Interdomain Routing. EE122 Fall 2011 Scott Shenker

Detecting routing anomalies using RIPE Atlas

An Analysis of ARIN NetHandles with OriginAS i Data and Analysis of RIR/IRR Registry Data

Border Gateway Protocol - BGP

Interdomain Routing and Connectivity

Transcription:

The BGP Visibility Scanner Andra Lutu 1,2, Marcelo Bagnulo 2 and Olaf Maennel 3 Institute IMDEA Networks 1, University Carlos III Madrid 2, Loughborough University 3

Problem Statement } The routing preferences are designed to accommodate various operational, economic, and political factors } Problem: } Only by configuring a routing policy, the origin AS cannot also ensure that it will achieve the anticipated results } The implementation of routing policies is a complicated process, involving subtle tuning operations that are errorprone } Operators need to complement their internal perspective on routing with the information retrieved from external sources 2

Internet Prefix Visibility } Prefix visibility as an expression of policy interaction } Not all the routes make it to every routing table (RT) in the interdomain } Limited Visibility Prefixes (LVPs) prefixes that are not in every RT } High Visibility Prefixes (HVPs) prefixes which are in almost all the RT } The BGP Visibility Scanner: } Analyze all BGP routing data from RouteViews and RIPE Routing Information Service (RIS) projects } All together there are 24 different RT collection points } More than 130 different ASes periodically dump their entire routing tables } Limited Visibility Prefixes (LVPs) } Intentional/Deliberate } Inflicted by third parties } Unintentional/Accidental 3

Next } Data manipulation methodology } Study case: example of applying the methodology } Characteristics of the prefixes with limited visibility } Presenting the tool and its capabilities } Use cases 4

The BGP Visibility Scanner Raw data GRTs Visibility Scanner Algorithm RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons Label LVPs - HVPs for t in {08h00, 16h00} do prefs[t].getvisibledegree() prefs[t].reminternalprefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then else labels[ip].append(lv) labels[ip].append(hv) Remove Transient for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient 5

The BGP Visibility Scanner Raw data RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 6

The BGP Visibility Scanner Raw data GRTs RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons 7

} Example: sampling time 23.10.2012 } Global Routing Table - contains almost all the prefixes injected in the interdomain } 129 GRTs from RIPE RIS and RouteViews } 9/129 ASes in LACNIC } 14/129 in APNIC } 37/129 in ARIN } 68/129 in RIPE NCC } Polishing the full routing tables for our study } No bogons/martians present } Discard 500 bogon prefixes } No MOAS prefixes } Filter out approx. 4,500 MOAS prefixes Get GRTs BGP visibility scanner Size filter Minimum 400.000 routes Eliminate duplicate routing feeds GRTs Clean GRTs Remove prefixes: MOAS Bogons 8

BGP Visibility Scanner Ø We find that not all the GRTs identified contain all the prefixes injected in the interdomain Ø Expression of policies which may have backfired Ø Sample from 23.10.2012 08h00 9

The BGP Visibility Scanner Raw data GRTs Visibility Scanner Algorithm RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons Label LVPs - HVPs for t in {08h00, 16h00} do prefs[t].getvisibledegree() prefs[t].reminternalprefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then else labels[ip].append(lv) labels[ip].append(hv) 10

} Filter internal routes } Not considering prefixes only present in 1 RT with an AS-Path of length 1 } 23.10.2012: filter out 10.500 internal routes BGP visibility scanner Visibility Scanner Algorithm } Labeling Mechanism each prefix gets a visibility label based on the 95% minimum visibility threshold rule } HV high visibility if present in more than 95% of routing tables } LV limited visibility if present in less than 95% of routing tables Label LVPs - HVPs for t in {08h00, 16h00} do prefs[t].getvisibledegree() prefs[t].reminternalprefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then else labels[ip].append(lv) labels[ip].append(hv) 11

The BGP Visibility Scanner Raw data GRTs Visibility Scanner Algorithm RIS-RouteViews Download all the available routing feeds twice per day, at 08h00 16h00 Get GRTs Size filter Minimum 400.000 routes Eliminate duplicate routing feeds Clean GRTs Remove prefixes: MOAS Bogons Label LVPs - HVPs for t in {08h00, 16h00} do prefs[t].getvisibledegree() prefs[t].reminternalprefs() for ip in prefs[t] do if visibility(ip, t) < floor(95%*nr_monitors[t])) then else labels[ip].append(lv) labels[ip].append(hv) Remove Transient for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient 12

} Label Prevalence Sieve rule of prevalence for the visibility labels tagged on each prefix } Filter transient routes } Filter the prefixes that are not consistently appearing in the two samples analyzed } Discard 7,800 prefixes } A total of 512.000 prefixes identified } 415.576 High-Visibility prefixes (HVPs) } 98.253 Limited-Visibility prefixes (LVPs) Remove Transient BGP visibility scanner Visibility Scanner Algorithm for ip in prefs[day] do if HV in labels[ip] then labels[ip] = HV else if length(labels[ip]) == 2 then labels[ip] = LV else labels[ip] = transient 13

Dark Prefixes } Dark Prefixes (DP) are the LV prefixes that are not covered by any HV prefix HVP HVP HVP LVP LVP DP LVP DP LVP LVP } This would constitute address space that may not be globally reachable (in the absence of a default route) } In 2012.10.23 there were ~2.400 dark prefixes in the LV prefix set 14

Prefix visibility distribution on prefix length 15

AS-Path length Ø The per set mean AS-Path length (no prepending considered): Ø LV prefixes 3.02 Ø Mode = 2 Ø HV prefixes 4.16 Ø Mode = 4 Ø Dark prefixes 3.75 Ø Mode = 4 16

Prefix visibility as of 23.10.2012 } Visibility distribution: # of LV prefixes present in n monitors, where n = 1, 129 } Low sensitivity to the visibility threshold included in the Labeling Mechanism 17

Prefix Label Stability in 2012.10 18

Origin ASes for the LV prefixes } Identified 3.570 different ASes originating the LV prefixes identified on 2012.10.23: } 14% in LACNIC (~493 ASes) } 30.5% in APNIC (~1.081 ASes) } 30.1% in RIPE (~1.068 ASes) } 22.4% in APNIC (~795 ASes) } 1.1% in AFRINIC (~42 ASes) 19

What are these prefixes? } We are looking to explain this phenomena: } Is it something the origin AS intended or is it something that the AS is suffering? } All the results of this study are made available online visibility.it.uc3m.es } Up to date information on LV announced by each AS } Check to see if your AS is originating LV prefixes } Retrieve those prefixes and see if there are any Dark Prefixes within that set } Please provide feedback! } Short form that you can fill in and send 20

How does it work? visibility.it.uc3m.es 21

How does it work? visibility.it.uc3m.es Fill in the AS number here 22

How does it work? visibility.it.uc3m.es } Example of output: 23

How does it work? visibility.it.uc3m.es } Example of output: Next step: fill in form! 24

How does it work? Submit!! 25

Use Cases } Different use case: } Intended Scoped Advertisements } Inject prefixes only to peers } Intended Scoped Advertisements: Content provider } Geographical scoping of prefix } Config errors: Large ISP } Outbound filters mistakes in configuration } Leaking routes to direct peers } Third-party inflicted: Internet root servers } Tackle problems rising from the interaction between Ases Blackholing due to lack of return path Blackholing due to no announcement 26

Use Cases Internet Root Servers } Observe two prefixes: p/24 -LVP and p/23 HVP } Blackholing due to lack return path: Root server (local anycast node) p/24 Peer 1 Peer 2 No return path p/24 (leak) 27

Use Cases Internet Root Rervers } Observe two prefixes: p/24 -LVP and p/23 HVP } Blackholing due to lack return path: Root server (local anycast node) p/24 Peer 1 Peer 2 No return path p/24 (leak) } No full transit at the IXP => tag with NO EXPORT Root server (local anycast node) p/24 + NO EXPORT p/24 Peer 1 Peer 2 28

Use Cases Internet Root Servers } Observe two prefixes: p/24 -LVP and p/23 HVP } Blackholing due to lack return path: Root server (local anycast node) p/24 Peer 1 Peer 2 No return path p/24 (leak) } No full transit at the IXP => tag with NO EXPORT Root server (local anycast node) p/24 + NO EXPORT p/24 Peer 1 Peer 2 29

Use Cases Internet Root Server } Blackholing due to no announcement Root server (local anycast node) p/24 + NO EXPORT *p/24 no_export p/24?? Peer Customer p/24 p/24 Transit Provider Root server (base-camp) 30

Use Cases Internet Root Server } Blackholing due to no announcement Root server (local anycast node) p/24 + NO EXPORT p/24 no_export p/23 Peer p/23 Customer p/24, p/23 Root server (base-camp) p/24 p/23 Transit Provider 31

Use Cases Internet Root Server } Blackholing due to no announcement Root server (local anycast node) p/24 + NO EXPORT p/24 no_export p/23 Peer p/23 Customer p/24, p/23 Root server (base-camp) p/24 p/23 Transit Provider 32

Conclusions 33

visibility.it.uc3m.es Questions? andra.lutu@imdea.org The paper (GI 13): The BGP Visibility Scanner marcelo@it.uc3m.es O.M.Maennel@lboro.ac.uk 34 NANOG 57 06/02/2013

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback