Route leak detection using real-time analytics on local BGP information

A route leak can be defined as a security gap that occurs due to the infringement of the routing policies that any two Autonomous Systems (ASes) have agreed upon. Route leaks are seemingly simple, but hard to resolve since the ASes keep their routing policies confidential. Indeed, the traditional palliatives, such as the utilization of route filters, are no longer used by a large number of ASes, given the high administrative burden that they entail. Other alternatives, like BGP monitoring tools, not only require third party information gathered at multiple vantage points, but also they become impotent in many cases, due to their limited view of the interdomain routing state. In this paper, we propose a different approach, which allows to autonomously detect the occurrence of route leaks by solely inspecting the BGP information available at the AS. Our main contributions can be summarized as follows. First, we propose a self-contained Route Leak Detection (RLD) technique, which is based on real-time analytics on the Route Information Bases (RIBs) of the border routers of an AS. Second, we introduce Benign Fool Back (BFB), "a harmless bluff" that can substantially improve the success rate of the RLD technique. Third, we show through exhaustive simulations that our technique can detect route leak incidents in various scenarios with high success rate. In addition, our solution has the following practical advantages: a) no reliance on third party information (e.g., on vantage points); b) no changes required to control-plane protocols (e.g., to BGP); and c) allows non-invasive integration (e.g., using SDN).

[1]  Yasir Saleem,et al.  Network Simulator NS-2 , 2015 .

[2]  Stephen T. Kent,et al.  A Profile for Route Origin Authorizations (ROAs) , 2012, RFC.

[3]  Stephen T. Kent,et al.  An Infrastructure to Support Secure Internet Routing , 2012, RFC.

[4]  Anja Feldmann,et al.  Anatomy of a large european IXP , 2012, SIGCOMM '12.

[5]  Brian Dickson Route Leaks -- Requirements for Detection and Prevention thereof , 2012 .

[6]  It Informatics,et al.  Border Gateway Protocol , 2013 .

[7]  Dmitri V. Krioukov,et al.  AS relationships: inference and validation , 2006, CCRV.

[8]  Xavier Masip-Bruin,et al.  Route leak identification: A step toward making inter-domain routing more reliable , 2014, 2014 10th International Conference on the Design of Reliable Communication Networks (DRCN).

[9]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[10]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[11]  Randy H. Katz,et al.  Characterizing the Internet hierarchy from multiple vantage points , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[12]  Marek Chrobak,et al.  Sampling large Internet topologies for simulation purposes , 2007, Comput. Networks.