Beyond the Best: Real-Time Non-Invasive Collection of BGP Messages

Interdomain routing in the Internet has a large impact on network traffic and related economic issues. For this reason, BGP monitoring attracts both academic and industrial research interest. The most common solution for collecting BGP routing data is to establish BGP peerings between border routers and a route collector. The downside of this approach is that it only allows us to trace changes of routes selected as best by routers: this drawback hinders a wide range of analyses that need access to all BGP messages received by border routers. In this paper, we present an effective technique enabling fast, non-invasive and scalable collection of all BGP messages received by border routers. By selectively cloning BGP traffic and sending it to a remote monitor, we are able to collect BGP messages without establishing additional BGP peerings. Our technique does not require any new feature to be implemented by routers and we experimentally show that our approach incurs a negligible processing overhead at the border routers. Our prototype implementation is able to process and archive all BGP messages in near real-time on commodity hardware.

[1]  Guy Leduc,et al.  Combined intra- and inter-domain traffic engineering using hot-potato aware link weights optimization , 2008, SIGMETRICS '08.

[2]  Anja Feldmann,et al.  Locating internet routing instabilities , 2004, SIGCOMM 2004.

[3]  Giuseppe Di Battista,et al.  On the feasibility of static analysis for BGP convergence , 2009, 2009 IFIP/IEEE International Symposium on Integrated Network Management.

[4]  Giuseppe Di Battista,et al.  Tracking back the root cause of a path change in interdomain routing , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[5]  Matthew Roughan,et al.  IP forwarding anomalies and improving their detection using multiple data sources , 2004, NetT '04.

[6]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[7]  Anja Feldmann,et al.  Locating internet routing instabilities , 2004, SIGCOMM '04.

[8]  Manish Karir,et al.  MRT routing information export format , 2011 .

[9]  Nick Feamster,et al.  BorderGuard: detecting cold potatoes from peers , 2004, IMC '04.

[10]  Chen-Nee Chuah,et al.  Detecting BGP anomalies with wavelet , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[11]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[12]  Samuel Karlin,et al.  Maximum Packet Rates for Full - Duplex Ethernet , 2002 .

[13]  John G. Scudder,et al.  BGP Monitoring Protocol , 2008 .

[14]  Jeffrey Haas,et al.  Definitions of Managed Objects for BGP-4 , 2006, RFC.

[15]  David Meyer,et al.  The Generalized TTL Security Mechanism (GTSM) , 2004, RFC.

[16]  Geoff Huston,et al.  Analyzing the Internet's BGP Routing Table , 2001 .

[17]  Matthew Roughan,et al.  Where’s Waldo? practical searches for stability in iBGP , 2008, 2008 IEEE International Conference on Network Protocols.