Inter-domain Routing Protocol Research Articles

Malicious Dropping Attack in the Internet: Impacts and Solution

The unprecedented growth of the Internet over the last years, and the expectation of an even faster increase in the numbers of users and networked systems, suggest that in the near future the Internet may become the single integrated communication media. However, as the dependence on the networking infrastructure grows, its security becomes a major concern, in light of the increased attempt to compromise the infrastructure. In particular, the routing operation is a highly visible target that must be shielded against a wide range of attacks. The current interdomain routing protocol, the Border Gateway Protocol (BGP), is limited in implementations of universal security. Because of this, it is vulnerable to many attacks at the Autonomous System (AS) to AS routing infrastructure. Initially, the major concern about BGP security is that malicious BGP routers can arbitrarily falsify BGP routing messages and spread incorrect routing information. Recently, some authors have pointed out another kind of attack, called malicious dropping attack that has not studied before. The malicious draping attack can result in data traffic being blackholed or trapped in a loop. However, the authors did not elaborate on how one can detect such attacks. In this paper, we discuss and analyse a method that can be used to detect malicious dropping attacks in the Internet. In this paper, we describe the formatting guidelines for IJCA Journal Submission.

Reducing burst packet loss through route-free forwarding

It is well known that today’s inter-domain routing protocol, Border Gateway Protocol (BGP), converges slowly during network failures. Due to the distribution nature of Internet routing decisions and the rate-limiting timer Minimum Route Advertisement Interval (MRAI) of BGP, unavoidable convergence latency is introduced in reaction to network changes. During the period of convergence temporarily routing table inconsistencies cause short-term routing blackholes and loops which result in widespread temporary burst packet loss. In this paper, we present ROute-Free Forwarding (ROFF) — a novel technique for packet delivering continuously during periods of convergence. With slightly modifications on IP packet header and BGP, route loops and blackholes can be avoided. Our preliminary evaluation demonstrates that ROFF succeeds in reducing the number of Autonomous Systems (ASes) which experience burst packet loss and the duration of packet loss.

Impact of routing parameters on route diversity and path inflation

Years after the initial development of the current routing protocols we still lack an understanding of the impact of various parameters on the routes chosen in today’s Internet. Network operators are struggling to optimize their routing, but the effectiveness of those efforts is limited. In this article, we study sensitivity of routing stretch and diversity metrics to factors such as policies, topology, IGP weights, etc. using statistical techniques. We confirm previous findings that routing policies and AS size (in number of routers) are the dominating factors. Surprisingly, we find that intra-domain factors only have marginal impact on global path properties. Moreover, we study path inflation by comparing against the paths that are shortest in terms of AS-level/router-level hops or geographic distances. Overall, the majority of routes incur reasonable stretch. From the experience with our Internet-scale simulations, we find it hard to globally optimize path selection with respect to the geographic length of the routes, as long as inter-domain routing protocols do not include an explicit notion of geographic distance in the routing information.

On the Stable Paths Problem

The Border Gateway Protocol (BGP) is the interdomain routing protocol used to exchange routing information between Autonomous Systems (ASes) in the internet today. While intradomain routing protocols such as RIP are basically distributed algorithms for solving shortest path problems, the graph theoretic problem that BGP is trying to solve is the stable paths problem (SPP). Unfortunately, unlike shortest path problems, it has been shown that instances of SPP can fail to have a solution, and so BGP can fail to converge. We define a fractional version of SPP and show that all instances of fractional SPP have solutions. We also show that there are polynomial time reductions from a number of well-known graph problems to SPP. For example, finding stable matchings in hypergraphic preference systems (a generalization of graph stable matchings to the case of hypergraphs) and computing kernels in directed graphs are both polynomial time reducible to SPP. These reductions remain valid in the fractional case. Thus the existence of a polynomial time algorithm for computing fractional solutions to SPP would imply polynomial time algorithms for fractional solutions to these other problems as well.

A Survey of BGP Security Issues and Solutions

As the Internet's de facto interdomain routing protocol, the Border Gateway Protocol (BGP) is the glue that holds the disparate parts of the Internet together. A major limitation of BGP is its failure to adequately address security. Recent high-profile outages and security analyses clearly indicate that the Internet routing infrastructure is highly vulnerable. Moreover, the design of BGP and the ubiquity of its deployment have frustrated past efforts at securing interdomain routing. This paper considers the current vulnerabilities of the interdomain routing system and surveys both research and standardization efforts relating to BGP security. We explore the limitations and advantages of proposed security extensions to BGP, and explain why no solution has yet struck an adequate balance between comprehensive security and deployment cost.

Identity-Based Secure Inter-Domain Routing Protocol

提出了一个采用基于身份密码体制的安全域间路由协议——基于身份域间路由协议(identity-based inter-domain routing,简称id²r).id²r协议包括密钥管理机制、源AS验证机制LAP(the longest assignment path)和AS_PATH真实性验证机制IDAPV(identity-based aggregate path verification).密钥管理机制采用一个分布式层次密钥分发协议(distributed and hierarchical key issuing,简称DHKI),以解决基于身份密码系统固有的密钥托管问题.LAP的基本思想是,任一发出前缀可达路由通告的自治系统都必须提供该前缀的分配路径及证明,只有提供前缀最长有效分配路径的自治系统才是该前缀的合法源AS.IDAPV采用基于身份的聚合签名体制,生成保证AS_PATH路径属性真实性的路由聚合证明.性能评估结果显示,基于2007年12月7日的RouteViews数据,id2r路由器仅额外消耗1.71Mbytes内存,是S-BGP的38%;更新报文长度明显短于S-BGP;当硬件实现密码算法时,收敛时间几乎接近于BGP.;The paper proposes a secure inter-domain routing protocol which adopts identity-based cryptographic system—id²r (identity-based inter-domain routing). id²r consists of a key management mechanism, an origin AS verification mechanism LAP (the longest assignment path), and an AS_PATH authenticity verification mechanism IDAPV (Identity-based Aggregate Path Verification). The key management mechanism adopts a distributed and hierarchical key issuing protocol DHKI (distributed and hierarchical key issuing) to solve the inherent key escrow problem in the identity-based cryptographic system. The basic idea of LAP is that all ASes must provide the assignment path and attestations of their announced prefixes, and for a prefix, the AS which provides the longest valid assignment path is its legitimate origin AS. With identity-based aggregate signature scheme, IDAPV generates a route aggregate attestation to guarantee the authenticity of AS_PATH. Performance evaluation results indicate that based on RouteViews data on December 7, 2007, an id2r router only consumes 1.71Mbytes additional memory, which is 38% of S-BGP router; id2r has shorter UPDATE message than S-BGP; convergence time of id2r with hardware implementation of cryptographic algorithm approximately equals BGP.

Resolving inter-domain routing policy disputes at run-time with scalability consideration

Thousands of autonomous systems (ASes) cooperate with each other to provide global Internet connectivity. The Border Gateway Protocol (BGP) is currently the only inter-domain routing protocol deployed on the Internet. It allows ASes to select and propagate routes based on flexible and locally defined policies. However, the flexibility and freedom of policies can lead to routing instability, even policy disputes among several ASes, causing inter-domain routing oscillations. Recent studies enforce global and local constraints on policies without freedom, or require expensive memory consumption and huge numbers of message exchanges. In this paper, we propose a run-time solution that operates with small overhead, guarantees safe convergence and preserves policy freedom and privacy as much as possible. The proposed scheme uses a distributed mechanism for detecting policy disputes and does this only when policy disputes exist. ASes dynamically compresses the dispute routes for safe convergence.

On Understanding Transient Interdomain Routing Failures

The convergence time of the interdomain routing protocol, BGP, can last as long as 30 minutes. Yet, routing behavior during BGP route convergence is poorly understood. During route convergence, an end-to-end Internet path can experience a transient loss of reachability. We refer to this loss of reachability as <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">transient</i> <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">routing</i> <i xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">failure</i> . Transient routing failures can lead to packet losses, and prolonged packet loss bursts can make the performance of applications such as Voice-over-IP and interactive games unacceptable. In this paper, we study how routing failures can occur in the Internet. With the aid of a formal model that captures transient failures of the interdomain routing protocol, we derive the sufficient conditions that transient routing failures could occur. We further study transient routing failures in typical BGP systems where commonly used routing policies are applied. Network administrators can apply our analysis to improve their network performance and stability.

Cyclops

In this paper we present Cyclops, a system that collects and displays information of AS-level connectivity extracted from looking glasses, route-servers and BGP tables and updates of hundreds of routers across the Internet. From an operational standpoint, Cyclops provides ISPs a view of how their connectivity is perceived from the outside, enabling a comparison between their observed connectivity and their intended connectivity. ISPs can use the tool to detect and diagnose BGP misconfigurations, route leakages or hijacks based on false AS path. From a research standpoint, Cyclops is able to provide a quick snapshot of the AS-level connectivity of each network, and provides mechanisms to infer the root cause of BGP (de)peerings, which is an important input to the study of AS-level topology models and inter-domain routing protocols.

Large-scale testing of the Internet's Border Gateway Protocol (BGP) via topological scale-down

The Internet is a critical communication infrastructure servicing billions of end-users world-wide. Ongoing studies of the Internet's operations show that data loss and increased latency are occurring due to weaknesses in its interdomain routing protocol, BGP. Many solutions have been proposed, but few have experienced widespread adoption. Both the delayed discovery of the protocol's shortcomings, and apathy for its proposed solutions, are partially due to inadequate testing practices. Internet interdomain routing technologies are not evaluated at appropriate scale. Better testing is suggested, which incorporates the specification of large-scale experimental topologies. This is necessary, as BGP performs the distributed operation of interdomain routing across the thousands of networks composing the Internet. However, only small to moderately sized topologies can be currently accommodated by today's testing platforms. A modeling methodology based on path preserving scale-down is proposed to extend the topological scale of interdomain routing experimentation. A given Internet topology is reduced in terms of its autonomous systems (ASes) using a combination of Gaussian elimination and several graphical heuristics. The interdomain routing paths generated by BGP on this reduced topology are also preserved. Path preservation keeps the length, composition, and ordering of these routing paths unchanged. When the routing paths guiding Internet traffic among ASes are preserved across the size reduction, the large-scale traffic engineering induced by BGP can be estimated at much lower scales. Internet data losses due to certain inappropriate interdomain routing behaviors can be identified. As an example, a persistent multiple origin autonomous system (MOAS) conflict is characterized over a topology containing 8826 ASes. It is shown that this problem's large-scale characterization can be obtained using scale-down models that are 70% smaller, and thus more accommodating to common testing platforms (e.g., simulation and networking testbeds).

Autonomous security for autonomous systems

The Internet's interdomain routing protocol, BGP, supports a complex network of Autonomous Systems which is vulnerable to a number of potentially crippling attacks. Several promising cryptography-based solutions have been proposed, but their adoption has been hindered by the need for community consensus, cooperation in a public key infrastructure (PKI), and a common security protocol. Rather than force centralized control in a distributed network, this paper examines distributed security methods that are amenable to incremental deployment. Typically, such methods are less comprehensive and not provably secure. The paper describes a distributed anomaly detection and response system that provides comparable security to cryptographic methods and has a more plausible adoption path. Specifically, the paper makes the following contributions: (1) it describes pretty good BGP (PGBGP), whose security is comparable (but not identical) to secure origin BGP; (2) it gives theoretical proofs on the effectiveness of PGBGP; (3) it reports simulation experiments on a snapshot of the Internet topology annotated with the business relationships between neighboring networks; (4) it quantifies the impact that known exploits could have on the Internet; and (5) it determines the minimum number of ASes that would have to adopt a distributed security solution to provide global protection against these exploits. Taken together these results explore the boundary between what can be achieved with provably secure centralized security mechanisms for BGP and more distributed approaches that respect the autonomous nature of the Internet.

An online scheme for the isolation of BGP misconfiguration errors

Being the primary interdomain routing protocol, border gateway protocol (BGP) is the singular means of path establishment across the Internet. Therefore, misconfiguration errors in BGP routers result in failure to establish paths which in turn can cause several networks to become unreachable. In this paper, we first analyze data from recent BGP tables to show that misconfiguration errors occur very frequently in the Internet today. We then show theoretically and using real-world events the impact of these errors on routing stability. A scheme for real-time isolation of large-scale BGP misconfiguration events is then proposed in this paper. Our methodology is based on statistical techniques and is evaluated using data from past wellknown misconfiguration events. We show the effectiveness of our method as compared to the current state-of-the-art.

Secure Interdomain Routing Registry

The current Internet has no secure way to validate the correctness of routing information. We propose a mechanism that supports secure validation of routing information in the interdomain routing protocol of the Internet. Our mechanism focuses on alleviating obstacles which previously prevent the complete and correct construction of the Internet routing information. In particular, we present a registry with authorized and verifiable search (RAVS) by which routing information can be constructed securely. We give an efficient RAVS scheme and prove its securities in the random oracle model. By our scheme, the routing information can be securely stored and tested without revealing contents of registry entries and search queries. Only legal autonomous systems (ASes) can construct valid registry entries and a single compromised AS can be detected. Our experiment shows that our RAVS scheme can be implemented efficiently and the incurred overhead, in terms of time and space, is acceptable in practice.

On interdomain routing security and pretty secure BGP (psBGP)

It is well known that the Border Gateway Protocol (BGP), the IETF standard interdomain routing protocol, is vulnerable to a variety of attacks, and that a single misconfigured or malicious BGP speaker could result in large-scale service disruption. In this paper, we present Pretty Secure BGP (psBGP) ---a proposal for securing BGP, including an architectural overview, design details for significant aspects, and preliminary security and operational analysis. psBGP differs from other security proposals (e.g., S-BGP and soBGP) in that it makes use of a single-level PKI for AS number authentication, a decentralized trust model for verifying the propriety of IP prefix origin, and a rating-based stepwise approach for AS_PATH (integrity) verification. psBGP trades off the strong security guarantees of S-BGP for presumed-simpler operation, e.g., using a PKI with a simple structure, with a small number of certificate types, and of manageable size. psBGP is designed to successfully defend against various (nonmalicious and malicious) threats from uncoordinated BGP speakers, and to be incrementally deployed with incremental benefits.

Quality-of-Service routing with path information aggregation

Most of the research proposals on Quality-of-Service (QoS) mechanisms have focused on providing guarantees in a single domain. Supporting QoS guarantees in the interdomain setting has been receiving more research attention recently. Most of the proposals for interdomain QoS routing has focused on a link-state protocol and/or a single QoS metric. Our proposal differs from the existing work in the literature in three major ways: (1) our approach is based on a distance-vector protocol, similar to BGP; the de facto interdomain routing protocol in the Internet, (2) we consider both bandwidth and delay simultaneously unlike the other studies which either considered one metric or made the decision on only one of metrics even when they disseminated more than one metric, and (3) we use a line segment to represent the domain level QoS information. To the best of our knowledge, our study is the first proposal in the literature that models the domains by a line segment for inter-domain QoS routing purposes under a distance-vector routing protocol to find a path that satisfy both bandwidth and delay requirements.

MIRO

The Internet consists of thousands of independent domains with different, and sometimes competing, business interests. However, the current interdomain routing protocol (BGP) limits each router to using a single route for each destination prefix, which may not satisfy the diverse requirements of end users. Recent proposals for source routing offer an alternative where end hosts or edge routers select the end-to-end paths. However, source routing leaves transit domains with very little control and introduces difficult scalability and security challenges. In this paper, we present a multi-path inter-domain routing protocol called MIRO that offers substantial flexiility, while giving transit domains control over the flow of traffic through their infrastructure and avoiding state explosion in disseminating reachability information. In MIRO, routers learn default routes through the existing BGP protocol, and arbitrary pairs of domains can negotiate the use of additional paths (bound to tunnels in the data plane) tailored to their special needs. MIRO retains the simplicity of BGP for most traffic, and remains backwards compatible with BGP to allow for incremental deployability. Experiments with Internet topology and routing data illustrate that MIRO offers tremendous flexibility for path selection with reasonable overhead.

Toward the design of robust interdomain routing protocols

The border gateway protocol, the interdomain routing protocol for the Internet, allows for a wide variety of routing policies that may interact in unintended and unstable ways. Recent work on BGP and related protocols has begun to incorporate formal protocol models, which have enabled rigorous descriptive analyses of BGP. More recently, such models have been used to give prescriptive guidelines for the design of new protocols. These guidelines include both sufficient conditions for good routing behavior and limitations on what can be achieved without coordination between routers. Here we review potential routing problems, various formal protocol models, and the design guidelines they have been used to prove.

HLP

It is well-known that BGP, the current inter-domain routing protocol, has many deficiencies. This paper describes a hybrid link-state and path-vector protocol called HLP as an alternative to BGP that has vastly better scalability, isolation and convergence properties. Using current BGP routing information, we show that HLP, in comparison to BGP, can reduce the churn-rate of route updates by a factor 400 as well as isolate the effect of routing events to a region 100 times smaller than that of BGP. For a majority of Internet routes, HLP guarantees worst-case linear-time convergence. We also describe a prototype implementation of HLP on top of the XORP router platform. HLP is not intended to be a finished and final proposal for a replacement for BGP, but is instead offered as a starting point for debates about the nature of the next-generation inter-domain routing protocol.

Advance lightpath provisioning in interdomain optical networks

In interconnected optical networks, users submit lightpath requests at the time they wish to establish the lightpath. The service provider consults the information gathered by the interdomain routing protocols for available resources. For each request, the network must decide immediately whether to accept or reject the request. In this model, there is always the uncertainty of whether the user will be able to establish the desired lightpath at the desired time or not. Furthermore, in the context of a number of applications, e.g., grid applications, users need to set up lightpaths in advance to perform their activities that are planned in advance. We propose a new interdomain routing protocol called Advance Optical Routing Border Gateway Protocol (AORBGP) and a scheme that allows the setup of interdomain lightpaths in advance. AORBGP allows gathering information about interdomain paths and availability of wavelengths in the future. The proposed advance lightpath setup scheme makes use of AORBGP to get information about available resources (i.e., wavelengths) required to process lightpath setup requests. One of the key innovations of the scheme is that it provides the user with alternatives, carefully selected, when his or her request cannot be accommodated because of resource shortages. Indeed, the scheme provides the user with options to set up a lightpath later than the requested start time or with shorter duration than the requested duration. We performed a set of simulations to evaluate the benefits of the proposed scheme and the effect of a number of parameters on the performance of AORBGP.

Stabilizing inter-domain routing in the Internet

This paper reports the first self-stabilizing Border Gateway Protocol (BGP). BGP is the standard inter-domain routing protocol in the Internet. Self-stabilization is a technique to tolerate arbitra...