BGP Sessions Research Articles

The Multiple Benefits of a Secure Transport for BGP

BGP distributes prefixes advertised by Autonomous Systems (ASes) and computes the best paths between them. It is the only routing protocol used to exchange interdomain routes on the Internet. Since its original definition in the late 1980s, BGP uses TCP. To prevent attacks, BGP has been extended with features such as TCP-MD5, TCP-AO, GTSM and data-plane filters. However, these ad hoc solutions were introduced gradually as the Internet grew. In parallel, TLS was standardized to secure end-to-end data-plane communications. Today, a large proportion of the Internet traffic is secured using TLS. Surprisingly, BGP still does not use TLS despite its adequate security features to establish BGP sessions. In this paper, we make the case for using a secure transport with BGP. This can be achieved with TLS combined with TCP-AO or by replacing TCP by QUIC. This protects the BGP stream using established secure transport protocols. In addition, we show that a secure transport using X.509 certificates enables BGP routers to be securely and automatically configured from these certificates. We extend the open-source BIRD BGP daemon to support TLS with TCP-AO and QUIC, to handle such certificates and demonstrate several use cases that benefit from the secure and automated capabilities enabled by our proposal.

ICE: A memory-efficient BGP route collecting engine

Since their deployment, BGP route collectors have played a fundamental role in investigating and detecting routing accidents and hijack attempts. However, an increasing number of detection techniques designed for real-time environments show that the lack of interactivity of route collectors represents a limitation to their efficacy, together with the small amount of sources from which data is collected. Both issues stem from the current implementation of route collectors, which relies on single-threaded and general-purpose routing suites to establish BGP sessions and collect data. With this implementation any interactive operation impacts on the collection process and the number of sessions that can be established is limited by memory usage, which is not optimized for route collecting purposes. In this paper we present ICE, a multi-threaded and memory-efficient BGP collecting engine which allows route collectors to overcome the above mentioned limitations. The multi-threaded environment allows us to solve the lack of interactiveness, allowing concurrent read/write operations. Memory efficiency has been obtained thanks to the design of a variant of the Liv-Zempel compression algorithms specifically tailored to operate within a BGP real-time collecting environment. The proposed technique exploits the high degree of repetitiveness characterizing BGP data and reduces the ICE memory usage by as much as 30%.

Architecture for MPLS L3 VPN Deployment in Service Provider Network

Now a days in Service Provider’s core network we do not use IP forwarding rather we go for MPLS because it gives more efficient switching of packets. MPLS is the combination of layer-3 routing and layer-2 switching because every network prefix is assigned a particular Label. In this paper I am going to do testing and implement scalability over MPLS L3 VPN. This testing and implementation are to proof the scalability is the one important thing when design MPLS L3 VPN technology. This Topology of MPLS L3 VPN also provides the secure tunnel between two customer sites. By this implementation we show that there is a transparent tunneling over SP network. We are also avoiding the BGP implementation In SP core. So we call it as BGP free core. This implementation also saves the routing table space on provider routers. We have used the concept of Route Reflector (RR) to avoid more BGP sessions and to make it more scalable.

MAF-SAM: An effective method to perceive data plane threats of inter domain routing system

The BGP-based inter-domain routing system plays an important role in the Internet. However, the BGP has some design flaws, which result in many serious security problems for the inter-domain routing system. Recently there has been a new kind of LDoS attack against BGP sessions from data plane. Compared to traditional control plane threats, such as prefix hijacking, the new attack, BGP-LDoS exploits the vulnerability of adaptive mechanism of BGP and would trigger a wild range of cascading failure in inter domain routing system. Unfortunately, existing methods are difficult to detect this threat. To end this, we propose a method based on adaptive fusion of multi features to perceive security threats of inter domain routing system. Several statistics attributes of BGP routing information are firstly chosen to be security features. Then we establish a normal state sub-model for each security features and fuse them together to describe the normal state of the system by linear weighting. Since the fusion model represents the system security state very well, we can obtain the threat probability by computing the deviation of security features from their normal values. The experimental results show that the method can perceive not only control plane threats but also data plane threats of inter domain routing system.

Spurious routes in public BGP data

Researchers depend on public BGP data to understand the structure and evolution of the AS topology, as well as the operational security and resiliency of BGP. BGP data is provided voluntarily by network operators who establish BGP sessions with route collectors that record this data. In this paper, we show how trivial it is for a single vantage point (VP) to introduce thousands of spurious routes into the collection by providing examples of five VPs that did so. We explore the impact these misbehaving VPs had on AS relationship inference, showing these misbehaving VPs introduced thousands of AS links that did not exist, and caused relationship inferences for links that did exist to be corrupted. We evaluate methods to automatically identify misbehaving VPs, although we find the result unsatisfying because the limitations of real-world BGP practices and AS relationship inference algorithms produce signatures similar to those created by misbehaving VPs. The most recent misbehaving VP we discovered added thousands of spurious routes for nine consecutive months until 8 November 2012. This misbehaving VP barely impacts (0.1%) our validation of our AS relationship inferences, but this number may be misleading since most of our validation data relies on BGP and RPSL which validates only existing links, rather than asserting the non-existence of links. We have only a few assertions of non-existent routes, all received via our public-facing website that allows operators to provide validation data through our interactive feedback mechanism. We only discovered this misbehavior because two independent operators corrected some inferences, and we noticed that the spurious routes all came from the same VP. This event highlights the limitations of even the best available topology data, and provides additional evidence that comprehensive ground truth validation from operators is essential to scientific research on Internet topology.

Impact analysis of BGP sessions for prioritization of maintenance operations

When a limited number of network operators have to manage a large number of maintenance tasks, they often lose the sense of what is more important and end up focusing their time on lower-priority issues. As a result, operators may react slowly to critical tasks, increasing network downtime and maintenance costs. We propose a system that estimates the relative importance of different maintenance tasks. According to this estimation, network operators can prioritize their reaction, for example, by spending more time on avoiding disruption caused by high-impact tasks. In particular, we focus on configuration tasks related to BGP sessions. BGP sessions are frequently modified for maintenance operations, such as policy changes, router upgrades, and the addition of peers. These maintenance operations cause route changes, often leading to a huge amount of data loss. The proposed system estimates this amount of data loss by simulating the behavior of BGP. We implement the proposed system and estimate the impact of 372 sessions in a nationwide ISP network. We observe sessions with a wide range of impact, from those with nearly zero impact, to those that can result in 1000GB of data loss if not properly protected. We also observe that these measures change over time, often in unpredictable ways (e.g., from 50GB to 0 over a month period). According to this observation, we suggest that network operators perform periodic audits with the proposed system and classify sessions by highlighting those with a large impact. Operators can then prioritize the level of responses to the classified sessions accordingly and significantly reduce maintenance costs (i.e., by giving priority to the advanced protection of sessions with a large impact).

Detecting Network-Wide and Router-Specific Misconfigurations Through Data Mining

Recent studies have shown that router misconfigurations are common and can have dramatic consequences to the operations of a network. Misconfigurations can compromise the security of an entire network or even cause global disruptions to Internet connectivity. Several solutions have been proposed. They can detect a number of problems in real configuration files. However, these solutions share a common limitation: they are based on rules which need to be known beforehand. Violations of these rules are deemed misconfigurations. As policies typically differ among networks, these approaches are limited in the scope of mistakes they can detect. In this paper, we address the problem of router misconfigurations using data mining. We apply association rules mining to the configuration files of routers across an administrative domain to discover local, network-specific policies. Deviations from these local policies are potential misconfigurations. We have evaluated our scheme on configuration files from a large state-wide network provider, a large university campus and a high-performance research network. In this evaluation, we focused on three aspects of the configurations: user accounts, interfaces and BGP sessions. User accounts specify the users that can access the router and define the authorized commands. Interfaces are the ports used by routers to connect to different networks. Each interface may support a number of services and run various routing protocols. BGP sessions are the connections with neighboring autonomous systems (AS). BGP sessions implement the routing policies which select the routes that are filtered and the ones that are advertised to the BGP neighbors. We included the routing policies in our study. The results are promising. We discovered a number of errors that were confirmed and corrected by the network administrators. These errors would have been difficult to detect with current predefined rule-based approaches.

Avoiding disruptions during maintenance operations on BGP sessions

This paper presents a solution aimed at avoiding losses of connectivity when an eBGP peering link is shut down by an operator for a maintenance. Currently, shutting down an eBGP session can lead to transient losses of connectivity even though alternate path are available at the borders of the network. This is very unfortunate as ISPs face more and more stringent service level agreements, and maintenance operations are predictable operations, so that there is time to adapt to the change and preserve the respect of the service level agreement.

Network-Wide Prediction of BGP Routes

This paper presents provably correct algorithms for computing the outcome of the BGP route-selection process for each router in a network, without simulating the complex details of BGP message passing. The algorithms require only static inputs that can be easily obtained from the routers: the BGP routes learned from neighboring domains, the import policies configured on the BGP sessions, and the internal topology. Solving the problem would be easy if the route-selection process were deterministic and every router received all candidate BGP routes. However, two important features of BGP-the Multiple Exit Discriminator (MED) attribute and route reflectors-violate these properties. After presenting a simple route-prediction algorithm for networks that do not use these features, we present algorithms that capture the effects of the MED attribute and route reflectors in isolation. Then, we explain why the interaction between these two features precludes efficient route prediction. These two features also create difficulties for the operation of BGP itself, leading us to suggest improvements to BGP that achieve the same goals as MED and route reflection without introducing the negative side effects