Inter-domain Routing Protocol Research Articles

DRRS-BC: Decentralized Routing Registration System Based on Blockchain

The border gateway protocol (BGP) has become the indispensible infrastructure of the Internet as a typical inter-domain routing protocol. However, it is vulnerable to misconfigurations and malicious attacks since BGP does not provide enough authentication mechanism to the route advertisement. As a result, it has brought about many security incidents with huge economic losses. Exiting solutions to the routing security problem such as S-BGP, So-BGP, Ps-BGP, and RPKI, are based on the Public Key Infrastructure and face a high security risk from the centralized structure. In this paper, we propose the decentralized blockchain-based route registration framework-decentralized route registration system based on blockchain (DRRS-BC). In DRRS-BC, we produce a global transaction ledge by the information of address prefixes and autonomous system numbers between multiple organizations and ASs, which is maintained by all blockchain nodes and further used for authentication. By applying blockchain, DRRS-BC perfectly solves the problems of identity authentication, behavior authentication as well as the promotion and deployment problem rather than depending on the authentication center. Moreover, it resists to prefix and subprefix hijacking attacks and meets the performance and security requirements of route registration.

Inter-domain routing in integrated LTE and WLAN networks

The integrated LTE and WLAN Networks provide flexibility to use the Internet in Rural areas of India where their network infrastructure is not available. The research article focus to provide Internet service to the rural area end-users with a certain level of defined QoS as per ITU and TRAI guidelines. The selection of the best-suited routing protocol may have the capacity to help to achieve our objective. In the integrated network, it is much common to use a diverse variety of inter-domain routing protocol for forwarding packets by routing table updates. These tables are part of the memory of routers that help to forward packets from source to destination using their routing algorithms so that more users may experience QoS. This paper evaluates the performance of Bellman BGPv4, Inter OSPFv2, and Inter RIPv2 in terms of Routing Overhead for the integrated networks under a virtual QualNet 9.1 network simulator scenario.

A hybrid computing approach to improve convergence time for scalable network

Border Gateway Protocol (BGP) is a widely used routing protocol in the new era for the inter-communication between the multiple autonomous systems and it has been largely on the internet in all categories of the scalable network. In the event of failure, the BGP as an inter-domain routing protocol shows slow convergence, which results in high considerable delay in several internet/web applications. The minimum route advertisement interval (MRAI) timers are mostly used by network operators to reduce the issues occurring at the time of increasing convergence time. Many researchers have been working on variation in MRAI timer and effect of it on scalability and network convergence. The increasing size of a network leads to an increase in the value of MRAI timers. Hence, keeping the value of MRAI timers optimum results in reducing the issue of slow convergence for the scalable network. The proposed system (FAPSO) reduces the problem of convergence time by incorporating fuzzy logic into Particle Swarm Optimization (PSO) algorithm for the scalable network. In comparison with the static value of MRAI timer i.e., 30 s, FAPSO is a suitable algorithm that gives the optimal value of convergence time for the scalable network.

RDTD: A Tool for Detecting Internet Routing Disruptions at AS-Level

Anomalous events such as link failure, misconfiguration, and Denial of Service attacks can affect the Internet inter-domain routing protocol. This effect can range from small to large-scale impact. While large-scale events can be detected using one or multiple global monitoring points, small-scale events need monitoring at the Autonomous System (AS) level. This paper presents a Real-time Detection Tool for Internet routing protocol Disruptions (RDTD) at AS-level. RDTD is a black-box statistical approach that detects disruptions based on observing changes in the underlying behaviour of a series of inter-domain routing updates rather than information contained in inter-domain routing updates. The RDTD can be connected to a designated AS to detect disruptions at that AS or to one of the collectors at public vantage points to detect the Internet routing disruptions from the public vantage-point’s view. The evaluation of the detection tool has been made through replaying route traffic related to one of the most well-known events within a controlled testbed. Our evaluation shows the ability of the detection tool to detect route leak in near real-time without requiring a long history of data. RDTD can also detect hidden anomalous behaviour in the underlying traffic that may pass without detection.

A novel routing verification approach based on blockchain for inter-domain routing in smart metropolitan area networks

In recent years, with the continuous expansion of metropolitan area networks, the routing security problem has become more and more serious. In particular, promise-violating attack to inter-domain routing protocol is one of the most difficult attacks to defend, which always leads to serious consequences, such as maliciously attracting traffic and disrupting the network. To deal with such attack, current research generally adopts routing verification. However, it can only detect attacks violating a specific routing policy triggered by one malicious node, and no research has yet solved the problem caused by multiple collusion nodes. In this paper, we propose BRVM, a blockchain-based routing verification model, to address the issue that violating the shortest AS Path policy. The main idea of BRVM is to construct a route proof chain to verify whether a route violates the policy with the help of the blockchain technology. The precondition that avoiding the collusion attack is that the proportion of the malicious verification nodes is lower than the fault tolerance rate of the consensus algorithm. Then, we prove the correctness of BRVM in theory, and implement a prototype based on Quagga and Hyperledger Fabric. Some experiments on this prototype show that BRVM can indeed solve the promise-violating problem caused by multiple collusion nodes, and about 15.5% faster in performance compared with SPIDeR.

ANALYSIS OF BORDER GATEWAY PROTOCOL, ITS TYPES AND MEASURES TO AVOID RISK

This is the age of digital communication. The process involves sending messages from one end of the network to other end using the internet, extranets and the Internet of Things (IOT) Technologies. Initially, the internet is a small community. But today internet becomes a global community as thousands of different administrative entities own and operate the internet. The process of transferring data across the network is known as routing. The process of routing is performed by using routers. Routers use certain protocols to achieve this task. The Broader Gateway Protocol (BGP) is an interdomain routing protocol that is used to connect two different autonomous systems. The autonomous system is collection of network that runs under a single administrative entity. This paper includes analysis and important techniques of border gateway protocol, types of BGP, its attributes, security threats and measures to avoid risks.

Enhanced secure communication over inter-domain routing in heterogeneous wireless networks based on analysis of BGP anomalies using soft computing techniques

Heterogeneous wireless networks play an important role in next-generation worldwide internet with seamless connectivity. Mobile network operators continue to grow their subscriber bases and move further toward being internet service providers, instead of basic voice and data service providers. The next-generation wireless technology is intended to support high-quality broadband performance and multimedia applications without any disturbance. In connection with that, the inter-domain routing is taking a significant role in heterogeneous wireless networks. Border Gateway Routing Protocol (BGP) is an inter-domain routing protocol. The performance of BGP is degraded by three vulnerabilities such as physical attacks on infrastructure, attacks on data and control messages by third party. The proposed work mainly focuses on the third category that attacks on control messages, by injecting false control messages into BGP routing information which creates false origin AS and tampered AS path. BGP Internet protocol (IP) prefix attack is the major threat to internet-based information routing systems. The consequences of this attack can damage IP address-based systems and cause routing instability on the internet. So each BGP speaker (router) and autonomous system in the BGP routing process must need to verify and validate the authentication before initiating the network communication. With respect to this problem, a large amount of BGP security-related researches are revealed. Till now, BGP security aspects remain vulnerable and their security algorithms have maximum computation cost and communication cost and create more memory overhead. A new quantum key distribution algorithm incorporated with inter-domain routing protocol BGP in the proposed work is named Quantum Security Enhanced-BGP (QSE-BGP). The proposed QSE-BGP scheme provides secure secret sharing and mutual authentication process in BGP routing for less computation cost, authentication delay and reduced memory overhead. The overall QSE-BGP performance is increased as or into 50% than existing work.

On the Feasibility of Inter-Domain Routing via a Small Broker Set

The Internet is a gigantic distributed system where the end-to-end (E2E) quality-of-service (QoS) plays an important role. Yet the current inter-domain routing protocol, namely, the Border Gateway Protocol (BGP), cannot provide E2E QoS guarantees. The main reason is that an autonomous system (AS) can only receive guarantees from its first-hop ASes via service level agreements (SLAs). But beyond the first-hop, QoS along the path from a source AS to a destination AS is not within the source AS's control regime. This makes it difficult to provide high quality-of-experience services to many Internet users even when many content providers are willing to pay for such high quality E2E guarantees. In this paper, we investigate the feasibility of providing high QoS-guaranteed E2E transit services by utilizing a (small) set of ASes/IXPs to serve as “ brokers ” to provide supervision, control and resource negotiation. Finding an optimal set of ASes as brokers can be formulated as a Maximum Coverage with $B-$ dominating path Guarantee (MCBG) problem, and we show that it is in fact NP-hard. To address this problem, we design a $(\frac{1{-}e^{-\!1}}{2}){-}$ approximation algorithm and also an efficient heuristic algorithm when additional constraints (e.g., the path length) are considered. We further analyze the APX-hardness of the MCBG problem to reveal the existence of the best approximation ratio. Based on the current Internet topology, we demonstrate that it is indeed feasible to provide high QoS guarantees for most E2E connections with only a small broker set: with only 0.19, 1.9 or 6.8 percent ASes/IXPs serving as brokers, 53.13, 85.41 or 99.29 percent of all global E2E connections can receive high QoS-guaranteed services. Finally, we provide an economic model to study the behaviours of ASes when cooperating our brokerage scheme with the BGP protocol, and show that there are incentives to form and maintain such a brokerage coalition.

Impact of MRAI Timer on BGP Updates and Convergence Time

<p>BGP is a vital routing protocol for the communication amongst autonomous systems in the internet and has been broadly applied in all categories of large scale network. The inter-domain routing protocol (BGP) shows slow convergence, which effects on many internet applications due to its high convergence delay. The network operators broadly use different MRAI timers in BGP routers to deal with the issue of growing convergence time of the network. The variation in MRAI timer and its impact on network convergence and update messages has been broadly studied over the years. The increasing size of autonomous systems leads to rise in number of MRAI timers. Hence, the optimum use of MRAI timers can decrease the problem of slow convergence and necessity of huge number of MRAI timers. The proposed system uses the ckle minimum route advertisement interval timer (FMRAI) for fast update of routing table, which leads to reduce the convergence time of a network. In comparison with static MRAI timer of 30s the FMRAI timer leads to better result in terms of convergence time and number of update messages.</p>

Reviewing a Historical Internet Vulnerability: Why Isn't BGP More Secure and What Can We Do About it?

The Border Gateway Protocol (BGP) plays a crucial role in today’s communications as it is the inter-domain routing protocol that holds together the Internet, providing the path for IP packets to flow between networks across the globe operated by different providers. Although the first version of BGP was published in 1989 and its lack of security mechanisms has been known since then, BGP remains vulnerable to attacks that can cause large scale outages or can be used for other malicious purposes on the Internet, such as traffic sniffing or spam sending. Moreover, the lack of security has not prevented the surge of new applications that run on top of the Internet, making tampering with BGP increasingly attractive. As an example, BGP hijacking was used to steal at least $83,000 worth of cryptocurrency in 2014, and again more recently in April 2018. Thus, securing BGP is key to increasing the overall security of the Internet ecosystem. This paper offers a historical review of the different ideas put forward to secure inter-domain routing and what happened to these ideas along the way, noting if they were implemented and are in use, the impact they had on other proposals, and other characteristics explaining the difficulty of securing BGP. This study analyzes 10 BGP extensions focused on BGP availability, 7 BGP extensions and best practices focused on securing BGP communication and routing information, and 11 security proposals coming from the research and industry communities. It examines where the ideas came from, the implicit trust delegation and the residual vulnerabilities of proposals. Even though performance and incentives of specific security solutions have been largely discussed, most proposals have not even been implemented, limiting the overall security improvement of BGP. Reviewing the full life cycle of the proposed ideas, the trusted actors and mechanisms and their requirements gives insight into why adoptions rate are so limited. In fact, there is a remarkable lack of consensus on what needs to be secured or validated, and the approach to be taken, preventing solutions to get critical support to move their deployment forward. Additionally, no BGP security mechanism, even the most narrow one, has been easily implemented and deployed. However, there are security best practices that certainly improve local and overall BGP security. Since no solution comes without costs and all proposal have opponents in network operation community, it may be possible that secure routing should be provided as a separate service from routing, and other entities could offer such solutions.

A Secure Link State Routing Protocol for NDN

The Named-data Link State Routing protocol (NLSR) is a protocol for intra-domain routing in Named Data Networking (NDN). It is an application level protocol similar to many IP routing protocols, but NLSR uses NDN’s interest/data packets to disseminate routing updates, directly benefiting from NDN’s built-in data authenticity. The NLSR design, which was first developed in 2013 and deployed on the NDN test bed in August 2014, has undergone significant changes. Following an application-driven design approach, NLSR’s development helped drive the development of the trust/security functionality of NDN libraries as well as a number of features in NDN’s forwarding daemon and ChronoSync. In this paper, we describe the current design and implementation of NLSR, with emphasis on those features that differentiate it from an IP-based link state routing protocol: 1) naming: a hierarchical naming scheme for routers, keys, and routing updates; 2) security: a hierarchical trust model for routing within a single administrative domain; 3) routing information dissemination: using ChronoSync to disseminate routing updates; and 4) multipath routing: a simple way to calculate and rank multiple forwarding options. Although NLSR is designed in the context of a single domain, its design patterns may offer a useful reference for future development of inter-domain routing protocols.

I-Seismograph: Observing, Measuring, and Analyzing Internet Earthquakes

Disruptive events, such as large-scale power outages, undersea cable cuts, or security attacks, could have an impact on the Internet and cause the Internet to deviate from its normal state of operation, which we also refer to as an “Internet earthquake.” As the Internet is a large, complex moving target, unfortunately little research has been done to define, observe, quantify, and analyze such impact on the Internet, whether it is during a past event period or in real time. In this paper, we devise an Internet seismograph, or I-seismograph , to fill this gap. Since routing is the most basic function of the Internet and the Border Gateway Protocol (BGP) is the de facto standard inter-domain routing protocol, we focus on BGP to observe, measure, and analyze the Internet earthquakes. After defining what an impact to BGP entails, we describe how I-seismograph observes and measures the impact, exemplify its usage during both old and recent disruptive events, and further validate its accuracy and convergency. Finally, we show that I-seismograph can further be used to help analyze what happened to BGP while BGP experienced an impact, including which autonomous systems (AS) were affected most or which AS paths or path segments surged significantly in BGP updates during an Internet earthquake.

SIMULASI INTERKONEKSI ANTARA AUTONOMOUS SYSTEM (AS) MENGGUNAKAN BORDER GATEWAY PROTOCOL (BGP)

An autonomous system (AS) is the collection of networks having the same set of routing policies. Each AS has administrative control to its own inter-domain routing policy. Computer networks consisting of a bunch of AS's with different routing will not be able to interconnecttion one another. This is causes communication in the network to be inhibited. For that we need a protocol that can connect each different AS. Border Gateway Protocol (BGP) is an inter-domain routing protocol i.e. between different AS that is used to exchange routing information between them. In a typical inter-network (and in the Internet) each autonomous system designates one or more routers that run BGP software. BGP routers in each AS are linked to those in one or more other AS. The ability to exchange table routing information between Autonomous System (AS) is one of the advantages BGP. BGP implements routing policies based a set of attributes accompanying each route used to pick the “shortest” path across multiple ASs, along with one or more routing policies. BGP uses an algorithm which cannot be classified as a pure "Distance Vector", or pure "Link State". It is a path vector routing protocol as it defines a route as a collection of a number of AS that is passes through from source AS to destination AS. This paper discusses the implementation of the BGP routing protocol in the network that have different AS in order to interconnect. Its application using Packet Tracer 7.0 software for prototyping and simulating network. So that later can be applied to the actual network. Based on experiments that have been carried out, the BGP routing protocol can connect two routers that have different autonomous system.

EIR: Edge-aware inter-domain routing protocol for the future mobile internet

This work describes a clean-slate inter-domain routing protocol designed to meet the needs of the future mobile Internet. In particular, we describe the edge-aware inter-domain routing (EIR) protocol which provides new abstractions, such as aggregated-nodes (aNodes) and virtual-links (vLinks) for expressing network topologies and edge network properties necessary to address mobility related routing scenarios which are inadequately supported by the border gateway protocol (BGP) in use today. Specific use-cases addressed by EIR include emerging mobility service scenarios such as multi-homing across WiFi and cellular, multipath routing over several access networks, and anycast access from mobile devices to replicated cloud services. It is shown that EIR can be used to realize efficient routing strategies for the mobility use-cases under consideration, while also providing support for a range of inter-domain routing policies currently associated with BGP. Simulation results for protocol overhead are presented for a global-scale CAIDA topology, leading to an identification of parameters necessary to obtain a good balance between overhead and routing table convergence time. A Click-based proof-of-concept implementation of EIR on the ORBIT testbed is described and used to validate performance and functionality for selected mobility use-cases, including mobile data services with open WiFi access points and mobile platforms such as buses operating in an urban area.

On-demand Interdomain Path Building Protocol

Ill structured interdomain routing protocol makes interdomain route selection uncontrollable. To solve this problem, an on-demand interdomain path building protocol(OIPBP) is proposed in this paper. The main characteristic of OIPBP is that routers can lay control over the path selection process of their downstream nodes and customize the routes according to their own requirements. In order to achieve this goal, we extend BGP by adding more policies options into routing advertisements, and the inserted policies can be referred by the intermediate nodes when selecting paths. We verify OIPBP has good performance by experiments.

A Survey on Approaches to Reduce BGP Interdomain Routing Convergence Delay on the Internet

The Internet interdomain routing protocol (border gateway protocol) exhibits slow convergence. Many Internet applications suffer from the effects of its high convergence delay. In this paper, we provide an overview of the state-of-the-art methods on efforts to improve interdomain routing performance. We classified these efforts into five kinds of approaches: 1) speeding up updates; 2) limiting path exploration; 3) efficient policy configuration; 4) multipath; and 5) centralized control of the network. We detailed how each approach addresses the slow convergence problem. The goal of this paper is to provide the researchers a deep understanding on what has been done to improve Internet convergence time. We also discuss why, despite the existence of these efforts, the issue remains open.

BGP Anomaly Detection Techniques: A Survey

The border gateway protocol (BGP) is the Internet’s default inter-domain routing protocol that manages connectivity among autonomous systems (ASes). Over the past two decades many anomalies of BGP have been identified that threaten its stability and reliability. This survey discusses and classifies these anomalies and discusses the 20 most significant techniques used to identify them. Our classification is based on the broad category of approach, BGP features used to identify the anomaly, effectiveness in identifying the anomaly and effectiveness in identifying which AS was the location of the event that caused the anomaly. We also discuss a number of key requirements for the next generation of BGP anomaly detection techniques.

Compatibility of Border Meeting of Two Layers Protocol (BGP Version 4) With IPV6

This paper deals with issues, which network designers, would have to deal with once IPV6, which is the layer 3 Internet Protocol of the future comes into mass existence. IPV6 will have compatibility issues with most of the existing routing protocols especially with Border Gateway Protocol (BGPV4), which is a layer 7 protocol on which the backbone of the Internet runs. BGP Version 4 is an interdomain routing protocol. The primary function of BGP is to provide and exchange network reachability information between Autonomous Systems (AS). In this paper, we have dealt with only one problem out of the many, which we believe will arise, once both BGPV4 and IPV6 co-exist. We, in our crest to explore the issues of compatibility between the two different protocols, have observed that a lot of research has gone into IPV6, but none whatsoever is been followed up on modifying BGPV4 in accordance to IPV6. The reason for this could probably be that since IPV6, is still at a nascent stage of implementation in real world, the grave problems are yet to be dealt with as far as routing protocols are concerned. We believe since IPV6‟s implementation is inevitable, the issues raised in this paper will have to be dealt with at some point in the future and the solution proposed is a step in that direction.

Private and Verifiable Interdomain Routing Decisions

Existing secure interdomain routing protocols can verify validity properties about individual routes, such as whether they correspond to a real network path. It is often useful to verify more complex properties relating to the route decision procedure -- for example, whether the chosen route was the best one available, or whether it was consistent with the network's peering agreements. However, this is difficult to do without knowing a network's routing policy and full routing state, which are not normally disclosed. In this paper, we show how a network can allow its peers to verify a number of nontrivial properties of its interdomain routing decisions without revealing any additional information. If all the properties hold, the peers learn nothing beyond what the interdomain routing protocol already reveals; if a property does not hold, at least one peer can detect this and prove the violation. We present SPIDeR, a practical system that applies this approach to the Border Gateway Protocol, and we report results from an experimental evaluation to demonstrate that SPIDeR has a reasonable overhead.

A Program Logic for Verifying Secure Routing Protocols

The Internet, as it stands today, is highly vulnerable to attacks. However, little has been done to understand and verify the formal security guarantees of proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In this paper, we develop a sound program logic for SANDLog-a declarative specification language for secure routing protocols for verifying properties of these protocols. We prove invariant properties of SANDLog programs that run in an adversarial environment. As a step towards automated verification, we implement a verification condition generator (VCGen) to automatically extract proof obligations. VCGen is integrated into a compiler for SANDLog that can generate executable protocol implementations; and thus, both verification and empirical evaluation of secure routing protocols can be carried out in this unified framework. To validate our framework, we encoded several proposed secure routing mechanisms in SANDLog, verified variants of path authenticity properties by manually discharging the generated verification conditions in Coq, and generated executable code based on SANDLog specification and ran the code in simulation.