BGP eye: a new visualization tool for real-time detection and analysis of BGP anomalies

Owing to the inter-domain aspects of BGP routing, it is difficult to correlate information across multiple domains in order to analyze the root cause of the routing outages. We present BGP Eye, a tool for visualization-aided root-cause analysis of BGP anomalies. In contrast to previous approaches, BGP Eye performs real-time analysis of BGP anomalies through hierarchical analysis. First, BGP updates are clustered to obtain BGP events that are more representative of an anomaly. These events are then correlated across all border routers to ascertain the extent of the anomaly. Furthermore, BGP Eye provides both the capability to analyze BGP anomalies from an Internet-Centric View through multiple vantage points as well as from a Home-Centric View of a particular Autonomous System. We present the capability for scalable and real-time root-cause analysis provided by BGP Eye through the analysis of two very different anomalies. First, we provide an Internet-Centric view from AS568 of the routing outages during the spread of the Slammer Worm on January 25th, 2003. Second, we provide a Home-Centric view from AS6458 of the routing outages caused by the inadvertent prefix hijacking by AS9121 on December 24th, 2004.

[1]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[2]  Daniel Massey,et al.  An algorithmic approach to identifying link failures , 2004, 10th IEEE Pacific Rim International Symposium on Dependable Computing, 2004. Proceedings..

[3]  Ramesh Govindan,et al.  The temporal and topological characteristics of BGP path changes , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[4]  Daniel Massey,et al.  Link-Rank: a graphical tool for capturing BGP routing dynamics , 2004, 2004 IEEE/IFIP Network Operations and Management Symposium (IEEE Cat. No.04CH37507).

[5]  Chris North,et al.  Home-centric visualization of network traffic for security administration , 2004, VizSEC/DMSEC '04.

[6]  Jia Wang,et al.  Finding a needle in a haystack: pinpointing significant BGP routing changes in an IP network , 2005, NSDI.

[7]  Stefan Savage,et al.  The Spread of the Sapphire/Slammer Worm , 2003 .

[8]  Susan Hares,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[9]  Kwan-Liu Ma,et al.  Case study: Interactive visualization for Internet security , 2002, IEEE Visualization, 2002. VIS 2002..

[10]  Farnam Jahanian,et al.  Origins of Internet routing instability , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[11]  Matthew C. Caesar,et al.  Towards Localizing Root Causes of BGP Dynamics , 2003 .

[12]  Sandra L. Murphy,et al.  BGP Security Vulnerabilities Analysis , 2006, RFC.

[13]  Cengiz Alaettinoglu,et al.  Making Sense of BGP , 2004 .

[14]  Cengiz Alaettinoglu,et al.  Internet routing anomaly detection and visualization , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[15]  Hsu-Chun Yen,et al.  A new force-directed graph drawing method based on edge-edge repulsion , 2005, Ninth International Conference on Information Visualisation (IV'05).

[16]  Yin Zhang,et al.  BGP routing stability of popular destinations , 2002, IMW '02.

[17]  Anja Feldmann,et al.  Locating internet routing instabilities , 2004, SIGCOMM '04.

[18]  Anja Feldmann,et al.  Realistic BGP traffic for test labs , 2002, SIGCOMM.

[19]  Farnam Jahanian,et al.  Internet routing instability , 1997, SIGCOMM '97.

[20]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[21]  Jaideep Chandrashekar,et al.  A first step toward understanding inter-domain routing dynamics , 2005, MineNet '05.

[22]  Chen-Nee Chuah,et al.  The impact of BGP dynamics on intra-domain traffic , 2004, SIGMETRICS '04/Performance '04.