A System for the Detection of Limited Visibility in BGP

The performance of the global routing system is vital to thousands of entities operating the Autonomous Systems (ASes) which make up the Internet. The Border Gateway Protocol (BGP) is currently responsible for the exchange of reachability information and the selection of paths according to their specified routing policies. BGP thus enables traffic to flow from any point to another connected to the Internet. The manner traffic flows is often influenced by entities in the Internet according to their preferences. The latter are implemented in the form of routing policies by tweaking BGP configurations. Routing policies are usually complex and aim to achieve a myriad goals, including technical, economic and political purposes. Additionally, individual network managers need to permanently adapt to the interdomain routing changes and, by engineering the Internet traffic, optimize the use of their network. Despite the flexibility offered, the implementation of routing policies is a complicated process in itself, involving fine-tuning operations. Thus, it is an error-prone task and operators might end up with faulty configurations that impact the efficacy of their strate- gies or, more importantly, their revenues. Withal, even when correctly defining legitimate routing policies, unforeseen interactions between ASes have been observed to cause important disruptions that affect the global routing system. The main reason behind this resides in the fact that the actual inter-domain routing is the result of the interplay of many routing policies from ASes across the Internet, possibly bringing about a different outcome than the one expected. In this thesis, we perform an extensive analysis of the intricacies emerging from the complex netting of routing policies at the interdomain level, in the context of the current operational status of the Internet. Abundant implications on the way traffic flows in the Internet arise from the convolution of routing policies at a global scale, at times resulting in ASes using suboptimal ill-favored paths or in the undetected propagation of configuration errors in the routing system. We argue here that monitoring prefix visibility at the interdomain level can be used to detect cases of faulty configurations or backfired routing policies, which disrupt the functionality of the routing system. We show that the lack of global prefix visibility can offer early warning signs for anomalous events which, despite their impact, often remain hidden from state of the art tools. Additionally, we show that such unintended Internet behavior not only degrades the efficacy of the routing policies implemented by operators, causing their traffic to follow ill-favored paths, but can also point out problems in the global connectivity of prefixes. We further observe that majority of prefixes suffering from limited visibility at the interdomain level is a set of more-specific prefixes, often used by network operators to fulfill binding traffic engineering needs. One important task achieved through the use of routing policies for traffic engineering is the control and optimization of the routing function in order to allow the ASes to engineer the incoming traffic. The advertisement of more-specific prefixes, also known as prefix deaggregation, provides network operators with a fine-grained method to control the interdomain ingress traffic, given that the longest-prefix match rule over-rides any other routing policy applied to the covering less specific prefixes. Nevertheless, however efficient, this traffic engineering tool comes with a cost, which is usually externalized to the entire Internet community. Prefix deaggregation is a known reason for the artificial inflation of the BGP routing table, which can further affect the scalability of the global routing system. Looking past the main motivation for deploying deaggregation in the first place, we identify and analyze here the economic impact of this type of strategy. We propose a general Internet model to analyze the effect that advertising more-specific prefixes has on the incoming transit traffic burstiness. We show that deaggregation combined with selective advertisements (further defined as strategic deaggregation) has a traffic stabilization side-effect, which translates into a decrease of the transit traffic bill. Next, we develop a methodology for Internet Service Providers (ISPs) to monitor general occurrences of deaggregation within their customer base. Furthermore, the ISPs can detect selective advertisements of deaggregated prefixes, and thus identify customers which may impact the business of their providers. We apply the proposed methodology on a complete set of data including routing, traffic, topological and billing information provided by an operational ISP and we discuss the obtained results.

[1]  Pablo Rodriguez,et al.  On economic heavy hitters: shapley value analysis of 95th-percentile pricing , 2010, IMC '10.

[2]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[3]  Anja Feldmann,et al.  Locating internet routing instabilities , 2004, SIGCOMM 2004.

[4]  Lixin Gao,et al.  On inferring and characterizing Internet routing policies , 2003, Journal of Communications and Networks.

[5]  Donald E. Knuth,et al.  The Art of Computer Programming: Volume 3: Sorting and Searching , 1998 .

[6]  Andra Lutu,et al.  An analysis of the economic impact of strategic deaggregation , 2015, Comput. Networks.

[7]  Wolfgang Mühlbauer,et al.  Evolution of Internet Address Space Deaggregation: Myths and Reality , 2010, IEEE Journal on Selected Areas in Communications.

[8]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[9]  Andra Lutu,et al.  The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior , 2016, IEEE/ACM Transactions on Networking.

[10]  Zhuoqing Morley Mao,et al.  Practical defenses against BGP prefix hijacking , 2007, CoNEXT '07.

[11]  Amogh Dhamdhere,et al.  An agent-based model for the evolution of the Internet ecosystem , 2009, 2009 First International Communication Systems and Networks and Workshops.

[12]  Michael Bailey,et al.  Shining Light on Dark Address Space , 2001 .

[13]  Jia Wang,et al.  Towards an accurate AS-level traceroute tool , 2003, SIGCOMM '03.

[14]  Geoff Huston,et al.  Analyzing the Internet's BGP Routing Table , 2001 .

[15]  Zhen Wu,et al.  An internet routing forensics framework for discovering rules of abnormal BGP events , 2005, CCRV.

[16]  Brice Augustin,et al.  Avoiding traceroute anomalies with Paris traceroute , 2006, IMC '06.

[17]  Andra Lutu,et al.  The BGP Visibility Scanner , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[18]  Nick Feamster,et al.  An empirical study of "bogon" route advertisements , 2005, CCRV.

[19]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[20]  Andra Lutu,et al.  Separating wheat from chaff: Winnowing unintended prefixes using machine learning , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[21]  Walter Willinger,et al.  10 Lessons from 10 Years of Measuring and Modeling the Internet's Autonomous Systems , 2011, IEEE Journal on Selected Areas in Communications.

[22]  Robert Tibshirani,et al.  The Elements of Statistical Learning: Data Mining, Inference, and Prediction, 2nd Edition , 2001, Springer Series in Statistics.

[23]  Farnam Jahanian,et al.  Internet inter-domain traffic , 2010, SIGCOMM '10.

[24]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[25]  Yin Zhang,et al.  BGP routing stability of popular destinations , 2002, IMW '02.

[26]  Lixin Gao,et al.  A measurement study on the impact of routing events on end-to-end internet path performance , 2006, SIGCOMM.

[27]  Joan Feigenbaum,et al.  Learning-based anomaly detection in BGP updates , 2005, MineNet '05.

[28]  Andra Lutu,et al.  An economic side-effect for prefix deaggregation , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[29]  Khalid El-Arini,et al.  Bayesian detection of router configuration anomalies , 2005, MineNet '05.

[30]  John S. Heidemann,et al.  Trinocular: understanding internet reliability through adaptive probing , 2013, SIGCOMM.

[31]  Ignacio Castro,et al.  CIPT: using tuangou to reduce IP transit costs , 2011, CoNEXT '11.

[32]  Wolfgang Mühlbauer,et al.  In search for an appropriate granularity to model routing policies , 2007, SIGCOMM 2007.

[33]  Marcelo Bagnulo,et al.  Understanding incentives for prefix aggregation in BGP , 2009, ReArch '09.

[34]  Geoff Huston,et al.  BGP Wedgies , 2005, RFC.

[35]  Aiko Pras,et al.  Gaussian traffic everywhere? , 2006, 2006 IEEE International Conference on Communications.

[36]  Andra Lutu,et al.  The aftermath of prefix deaggregation , 2013, Proceedings of the 2013 25th International Teletraffic Congress (ITC).

[37]  Walter Willinger,et al.  The origin of power laws in Internet topologies revisited , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[38]  Leo Breiman,et al.  Classification and Regression Trees , 1984 .

[39]  G. Huston,et al.  Interconnection, Peering and Settlements , 2003 .

[40]  Xenofontas A. Dimitropoulos,et al.  On the 95-Percentile Billing Method , 2009, PAM.

[41]  Vern Paxson,et al.  End-to-end routing behavior in the Internet , 1996, TNET.

[42]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[43]  Olaf Maennel,et al.  Internet optometry: assessing the broken glasses in internet reachability , 2009, IMC '09.

[44]  Olivier Bonaventure,et al.  Interdomain traffic engineering with BGP , 2003, IEEE Commun. Mag..

[45]  Beichuan Zhang,et al.  Concurrent prefix hijacks: occurrence and impacts , 2012, IMC '12.

[46]  Kamil Saraç,et al.  Analyzing Router Responsiveness to Active Measurement Probes , 2009, PAM.

[47]  Lixin Gao,et al.  On inferring autonomous system relationships in the Internet , 2000, Globecom '00 - IEEE. Global Telecommunications Conference. Conference Record (Cat. No.00CH37137).

[48]  Deborah Estrin,et al.  The impact of routing policy on Internet paths , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[49]  Randy Bush,et al.  From Paris to Tokyo: on the suitability of ping to measure latency , 2013, Internet Measurement Conference.

[50]  Olaf Maennel,et al.  Detecting unsafe BGP policies in a flexible world , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[51]  Renata Teixeira,et al.  NetDiagnoser: troubleshooting network unreachabilities using end-to-end probes and routing data , 2007, CoNEXT '07.

[52]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[53]  Jiawei Han,et al.  Data Mining: Concepts and Techniques , 2000 .

[54]  Daniel Massey,et al.  On Detection of Anomalous Routing Dynamics in BGP , 2004, NETWORKING.

[55]  Vasileios Giotsas,et al.  AS relationships, customer cones, and validation , 2013, Internet Measurement Conference.

[56]  Daniel Massey,et al.  Collecting the internet AS-level topology , 2005, CCRV.

[57]  Bradley Huffaker,et al.  Traceroute probe method and forward IP path inference , 2008, IMC '08.

[58]  Jennifer Rexford,et al.  BGP routing policies in ISP networks , 2005, IEEE Network.

[59]  Roch Guérin,et al.  Assessing IPv6 through web access a measurement study and its findings , 2011, CoNEXT '11.

[60]  Jia Wang,et al.  Finding a needle in a haystack: pinpointing significant BGP routing changes in an IP network , 2005, NSDI.

[61]  Matthew Roughan,et al.  Traffic Matrix Reloaded: Impact of Routing Changes , 2005, PAM.

[62]  Andra Lutu,et al.  Understanding the Reachability of IPv6 Limited Visibility Prefixes , 2014, PAM.

[63]  Kimberly C. Claffy,et al.  Measuring the deployment of IPv6: topology, routing and performance , 2012, IMC '12.

[64]  Angela L. Chiu,et al.  Overview and Principles of Internet Traffic Engineering , 2002, RFC.

[65]  Walter Willinger,et al.  An empirical approach to modeling inter-AS traffic matrices , 2005, IMC '05.

[66]  M. V. Wilkes,et al.  The Art of Computer Programming, Volume 3, Sorting and Searching , 1974 .

[67]  Amogh Dhamdhere,et al.  The Internet is flat: modeling the transition from a transit hierarchy to a peering mesh , 2010, CoNEXT.

[68]  Lixia Zhang,et al.  Cyclops: the AS-level connectivity observatory , 2008, CCRV.

[69]  Don Towsley,et al.  On characterizing BGP routing table growth , 2004, Comput. Networks.