Matthew Luckie
Abstract
Researchers depend on public BGP data to understand the structure and evolution of the AS topology, as well as the operational security and resiliency of BGP. BGP data is provided voluntarily by network operators who establish BGP sessions with route collectors that record this data. In this paper, we show how trivial it is for a single vantage point (VP) to introduce thousands of spurious routes into the collection by providing examples of five VPs that did so. We explore the impact these misbehaving VPs had on AS relationship inference, showing these misbehaving VPs introduced thousands of AS links that did not exist, and caused relationship inferences for links that did exist to be corrupted.
We evaluate methods to automatically identify misbehaving VPs, although we find the result unsatisfying because the limitations of real-world BGP practices and AS relationship inference algorithms produce signatures similar to those created by misbehaving VPs. The most recent misbehaving VP we discovered added thousands of spurious routes for nine consecutive months until 8 November 2012. This misbehaving VP barely impacts (0.1%) our validation of our AS relationship inferences, but this number may be misleading since most of our validation data relies on BGP and RPSL which validates only existing links, rather than asserting the non-existence of links. We have only a few assertions of non-existent routes, all received via our public-facing website that allows operators to provide validation data through our interactive feedback mechanism. We only discovered this misbehavior because two independent operators corrected some inferences, and we noticed that the spurious routes all came from the same VP. This event highlights the limitations of even the best available topology data, and provides additional evidence that comprehensive ground truth validation from operators is essential to scientific research on Internet topology.
- CAIDA's AS-rank project. http://as-rank.caida.org/.Google Scholar
- Internet Topology Collection. http://irl.cs.ucla.edu/topology/.Google Scholar
- RIPE (RIS). http://www.ripe.net/ris/.Google Scholar
- University of Oregon Route Views Project. http://www.routeviews.org/.Google Scholar
- B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Latapy, C. Magnien, and R. Teixeira. Avoiding traceroute anomalies with Paris traceroute. In IMC, Oct. 2006. Google ScholarDigital Library
- A. Dhamdhere and C. Dovrolis. Twelve years in the evolution of the Internet ecosystem. IEEE/ACM Transactions on Networking, 19(5), 2011. Google ScholarDigital Library
- X. Dimitropoulos, D. Krioukov, M. Fomenkov, B. Huffaker, Y. Hyun, and kc claffy. AS relationships: Inference and validation. CCR, 37(1):29--40, Jan. 2007. Google ScholarDigital Library
- B. Donnet, M. Luckie, P. Mérindol, and J.-J. Pansiot. Revealing MPLS tunnels obscured from traceroute. CCR, 42(2):87--93, Apr. 2012. Google ScholarDigital Library
- L. Gao. On inferring autonomous system relationships in the Internet. IEEE/ACM Transactions on Networking, 2001. Google ScholarDigital Library
- P. Gill, M. Schapira, and S. Goldberg. Let the market drive deployment: A strategy for transitioning to BGP security. In SIGCOMM, Aug. 2011. Google ScholarDigital Library
- P. Gill, M. Schapira, and S. Goldberg. A survey of interdomain routing policies. CCR, 44(1):29--34, Jan. 2014. Google ScholarDigital Library
- G. Huston. Exploring autonomous system numbers. The Internet Protocol Journal, 9(1):2--23, Mar. 2006.Google Scholar
- E. Katz-Bassett, C. Scott, D. R. Choffnes, Ítalo Cunha, V. Valancius, N. Feamster, H. V. Madhyastha, T. Anderson, and A. Krishnamurthy. LIFEGUARD: Practical repair of persistent route failures. In SIGCOMM, 2012. Google ScholarDigital Library
- M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang. PHAS: A prefix hijack alert system. In USENIX Security, Aug. 2006. Google ScholarDigital Library
- M. Luckie, A. Dhamdhere, k.c. claffy, and D. Murrell. Measured impact of crooked traceroute. CCR, 41(1):14--21, Jan. 2011. Google ScholarDigital Library
- M. Luckie, B. Huffaker, A. Dhamdhere, V. Giotsas, and k claffy. AS relationships, customer cones, and validation. In IMC, Oct. 2013. Google ScholarDigital Library
- W. Mühlbauer, S. Uhlig, B. Fu, M. Meulle, and O. Maennel. In search for an appropriate granularity to model routing policies. In SIGCOMM, Aug. 2007. Google ScholarDigital Library
- R. Oliveira, D. Pei, W. Willinger, B. Zhang, and L. Zhang. In search of the elusive ground truth: The Internet's AS-level connectivity structure. In SIGMETRICS, 2008. Google ScholarDigital Library
- R. Oliveira, B. Zhang, and L. Zhang. Observing the Evolution of Internet AS Topology. In SIGCOMM, Kyoto, Japan, Aug. 2007. Google ScholarDigital Library
- Y. Rekhter, T. Li, and S. Hares. A border gateway protocol 4 (BGP-4). RFC 4271.Google Scholar
- M. Roughan, W. Willinger, O. Maennel, D. Perouli, and R. Bush. 10 lessons from 10 years of measuring and modeling the Internet's autonomous systems. JSAC, 2011.Google Scholar
- R. Sherwood, A. Bender, and N. Spring. DisCarte: a disjunctive Internet cartographer. In SIGCOMM, Seattle, WA, USA, Aug. 2008. Google ScholarDigital Library
- W. Willinger, D. Alderson, and J. C. Doyle. Mathematics and the Internet: a source of enormous confusion and great potential. Notices of the American Mathematical Society, 56(5), May 2009.Google Scholar
- Y. Zhang, R. Oliveira, H. Zhang, and L. Zhang. Quantifying the pitfalls of traceroute in AS connectivity inference. In PAM, 2010. Google ScholarDigital Library
Index Terms
- Spurious routes in public BGP data
Recommendations
AS relationships, customer cones, and validation
IMC '13: Proceedings of the 2013 conference on Internet measurement conferenceBusiness relationships between ASes in the Internet are typically confidential, yet knowledge of them is essential to understand many aspects of Internet structure, performance, dynamics, and evolution. We present a new algorithm to infer these ...
AS relationships: inference and validation
Research on performance, robustness, and evolution of the global Internet is fundamentally handicapped without accurate and thorough knowledge of the nature and structure of the contractual relationships between Autonomous Systems (ASs). In this work we ...
Quantifying the BGP routes diversity inside a tier-1 network
NETWORKING'06: Proceedings of the 5th international IFIP-TC6 conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications SystemsMany large ISP networks today rely on route-reflection [1] to allow their iBGP to scale. Route-reflection was officially introduced to limit the number of iBGP sessions, compared to the $\frac{n\times(n-1)}{2}$ sessions required by an iBGP full-mesh. ...
Comments