Global Routing Instabilities Triggered by Code Red II and Nimda Worm Attacks

We analyze the large, long-lasting, widespread instabilities of the global BGP routing system observed during the Code Red II and Nimda worm attacks in July and September 2001, respectively. The identification and characterization of global routing instabilities employs heuristic spatio-temporal correlation analysis of multiple BGP message streams collected from over 150 autonomous systems’ border routers in the RIPE RIS project, and their correlation with the worm traffic is exposed by the analysis of TCP packet traces collected in several /16 networks during the worm attacks. We analyze router failure modes that can be triggered by such abnormal traffic and lead to destabilization of the BGP routing system. To further illustrate the occurrence of cascading routing failures we also present data on another type of global routing instabilities associated with common router misconfigurations generating malformed BGP update messages. Our results show previously unrecognized global routing failure modes, and suggest new research directions.

[1]  J M Carlson,et al.  Highly optimized tolerance: a mechanism for power laws in designed systems. , 1999, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[2]  kc claffy,et al.  Internet topology: connectivity of IP graphs , 2001, SPIE ITCom.

[3]  Kihong Park,et al.  On the relationship between file sizes, transport protocols, and self-similar network traffic , 1996, Proceedings of 1996 International Conference on Network Protocols (ICNP-96).

[4]  Ramesh Govindan,et al.  An analysis of Internet inter-domain topology and route stability , 1997, Proceedings of INFOCOM '97.

[5]  Farnam Jahanian,et al.  Origins of Internet routing instability , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[6]  Farnam Jahanian,et al.  Internet routing instability , 1997, SIGCOMM '97.

[7]  Geoff Huston,et al.  Analyzing the Internet's BGP Routing Table , 2001 .

[8]  Ramesh Govindan,et al.  An empirical study of router response to large BGP routing table load , 2002, IMW '02.

[9]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[10]  Aman Shaikh,et al.  Routing stability in congested networks: experimentation and analysis , 2000 .

[11]  Walter Willinger,et al.  The origin of power laws in Internet topologies revisited , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[12]  kc claffy,et al.  Analysis of RouteViews BGP data: policy atoms , 2001 .

[13]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[14]  Michalis Faloutsos,et al.  On power-law relationships of the Internet topology , 1999, SIGCOMM '99.

[15]  Doyle,et al.  Power laws, highly optimized tolerance, and generalized source coding , 2000, Physical review letters.

[16]  Sally Floyd,et al.  Wide area traffic: the failure of Poisson modeling , 1995, TNET.

[17]  Walter Willinger,et al.  Does AS size determine degree in as topology? , 2001, CCRV.

[18]  Walter Willinger,et al.  On the Self-Similar Nature of Ethernet Traffic ( extended version ) , 1995 .