Detecting BGP configuration faults with static analysis

The Internet is composed of many independent autonomous systems (ASes) that exchange reachability information to destinations using the Border Gateway Protocol (BGP). Network operators in each AS configure BGP routers to control the routes that are learned, selected, and announced to other routers. Faults in BGP configuration can cause forwarding loops, packet loss, and unintended paths between hosts, each of which constitutes a failure of the Internet routing infrastructure. This paper describes the design and implementation of rcc, the router configuration checker, a tool that finds faults in BGP configurations using static analysis. rcc detects faults by checking constraints that are based on a high-level correctness specification. rcc detects two broad classes of faults: route validity faults, where routers may learn routes that do not correspond to usable paths, and path visibility faults, where routers may fail to learn routes for paths that exist in the network. rcc enables network operators to test and debug configurations before deploying them in an operational network, improving on the status quo where most faults are detected only during operation. rcc has been downloaded by more than sixty-five network operators to date, some of whom have shared their configurations with us. We analyze network-wide configurations from 17 different ASes to detect a wide variety of faults and use these findings to motivate improvements to the Internet routing infrastructure.

[1]  B. Briscoe Internet Engineering Task Force , 1995 .

[2]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[3]  Ravishanker Chandra,et al.  BGP Route Reflection An alternative to full mesh IBGP , 1996, RFC.

[4]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[5]  Rohit Dube,et al.  A comparison of scaling techniques for BGP , 1999, CCRV.

[6]  Gordon T. Wilfong,et al.  An analysis of BGP convergence properties , 1999, SIGCOMM '99.

[7]  Deborah Estrin,et al.  Persistent route oscillations in inter-domain routing , 2000, Comput. Networks.

[8]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[9]  W. Norton,et al.  Internet Service Providers and Peering , 2001 .

[10]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[11]  Jennifer Rexford,et al.  Inherently safe backup routing with BGP , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[12]  Anja Feldmann,et al.  IP network configuration for intradomain traffic engineering , 2001, IEEE Netw..

[13]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[14]  G. Wilfong,et al.  On the correctness of IBGP configuration , 2002, SIGCOMM '02.

[15]  F. Bruce Shepherd,et al.  Route oscillations in I-BGP with route reflection , 2002, SIGCOMM 2002.

[16]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[17]  Timothy G. Griffin,et al.  On the correctness of IBGP configuration , 2002, SIGCOMM.

[18]  Carl A. Gunter,et al.  Formal verification of standards for distance vector routing protocols , 2002, JACM.

[19]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM 2002.

[20]  T. Anderson,et al.  Quantifying the Causes of Path Inflation , 2003, SIGCOMM 2003.

[21]  Nick Feamster,et al.  Towards a logic for wide-area Internet routing , 2003, FDNA '03.

[22]  Ratul Mahajan,et al.  The causes of path inflation , 2003, SIGCOMM '03.

[23]  Dawson R. Engler,et al.  Some Lessons from Using Static Analysis and Software Model Checking for Bug Finding , 2003, SoftMC@CAV.

[24]  Nick Feamster,et al.  BorderGuard: detecting cold potatoes from peers , 2004, IMC '04.

[25]  Nick Feamster,et al.  A model of BGP routing for network engineering , 2004, SIGMETRICS '04/Performance '04.

[26]  Nick Feamster,et al.  Practical verification techniques for wide-area routing , 2004, Comput. Commun. Rev..

[27]  Dawson R. Engler,et al.  Model Checking Large Network Protocol Implementations , 2004, NSDI.

[28]  Albert G. Greenberg,et al.  The cutting EDGE of IP router configuration , 2004, Comput. Commun. Rev..

[29]  Dawson R. Engler,et al.  A framework for model checking network protocols , 2004 .

[30]  Nick Feamster,et al.  Stable Policy Routing with Provider Independence , 2005 .

[31]  Nick Feamster,et al.  Design and implementation of a routing control platform , 2005, NSDI.

[32]  Nick Feamster,et al.  An empirical study of "bogon" route advertisements , 2005, CCRV.