skip to main content
10.1145/3472305.3472315acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
short-paper

Hunting BGP zombies in the wild

Published:24 July 2021Publication History

ABSTRACT

As the key component of Internet's inter-domain routing, BGP is expected to work flawlessly. However, a recent study has revealed the presence of BGP zombies: Withdrawn prefixes that are still active in routing tables and that can cause routing issues. That study used experimental prefixes with scheduled withdrawals (BGP beacons). In this study we aim at detecting BGP zombies for any prefixes announced on the Internet. To that end we study characteristics of withdrawn messages, and devise a method to differentiate withdraw messages corresponding to local topological changes to those standing for prefixes withdrawn by their origin AS. Based on this classification we study the occurrence of zombies in the wild in six years of BGP data. We find over 6.5 millions zombies, among those we confirm that 94% report incoherent states and caused 468 potential routing loops. Our study also reveals that noisy prefixes, long AS paths, and ASes announcing a large number of prefixes are more prone to zombies.

References

  1. zombie-hunter: Tool for analyzing BGP data and find BGP zombies. https://github.com/pora49494/zombie-hunter.Google ScholarGoogle Scholar
  2. S. Cho, R. Fontugne, K. Cho, A. Dainotti, and P. Gill. Bgp hijacking classification. 2019.Google ScholarGoogle ScholarCross RefCross Ref
  3. L. Cittadini, W. Mühlbauer, S. Uhlig, R. Bush, P. Francois, and O. Maennel. Evolution of internet address space deaggregation: myths and reality. IEEE Journal on Selected Areas in Communications, 28(8):1238--1249, 2010.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Fabrikant, U. Syed, and J. Rexford. There's something about mrai: Timing diversity can exponentially worsen bgp convergence. In 2011 Proceedings IEEE INFOCOM, pages 2975--2983. IEEE, 2011.Google ScholarGoogle ScholarCross RefCross Ref
  5. R. Fontugne, E. Bautista, C. Petrie, Y. Nomura, P. Abry, P. Goncalves, K. Fukuda, and E. Aben. BGP Zombies: an analysis of beacons stuck routes. In Passive and Active Measurement (PAM'20), pages 197--209, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  6. A. García-Martínez and M. Bagnulo. Measuring bgp route propagation times. IEEE Communications Letters, 23(12):2432--2436, 2019.Google ScholarGoogle ScholarCross RefCross Ref
  7. Google. Peering. https://peering.google.com/#/options/peering, (Accessed on June 2020).Google ScholarGoogle Scholar
  8. C. Gray, C. Mosig, R. Bush, C. Pelsser, M. Roughan, T. C. Schmidt, and M. Wählisch. BGP Beacons, Network Tomography, and Bayesian Computation to Locate Route Flap Damping. In Proc. of ACM Internet Measurement Conference (IMC), New York, 2020. ACM. Accepted for publication.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. I.-D. R. (idr) mailing list. TCP & BGP: Some don't send terminate BGP when holdtimer expired, because TCP recv window is 0. https://mailarchive.ietf.org/arch/msg/idr/L9nWFBpW0Tci0c9DGfMoqC1j_sA/, 2020.Google ScholarGoogle Scholar
  10. T. Kitabatake, R. Fontugne, and H. Esaki. BLT: A Taxonomy and Classification Tool for Mining BGP Update Messages. In 2018 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), April 2018.Google ScholarGoogle Scholar
  11. Z. M. Mao, R. Bush, T. G. Griffin, and M. Roughan. Bgp beacons. In Proceedings of the 3rd ACM SIGCOMM Conference on Internet Measurement, IMC '03, page 1--14, New York, NY, USA, 2003. Association for Computing Machinery.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Z. M. Mao, R. Govindan, G. Varghese, and R. H. Katz. Route flap damping exacerbates internet routing convergence. In Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, pages 221--233, 2002.Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. P. Małachowski. Zombie routes, PLNOG Q3. https://www.slideshare.net/atendesoftware/bgp-zombie-routes, 2020.Google ScholarGoogle Scholar
  14. J. Naab, P. Sattler, J. Jelten, O. Gasser, and G. Carle. Prefix top lists: Gaining insights with prefixes from domain-based top lists on dns deployment. In Proceedings of the Internet Measurement Conference, IMC '19, page 351--357, New York, NY, USA, 2019. Association for Computing Machinery.Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. RIPE NCC. Current RIS Routing Beacons. https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris/current-ris-routing-beacons, (Accessed on June 2020).Google ScholarGoogle Scholar
  16. P. Sermpezis, V. Kotronis, P. Gigis, X. Dimitropoulos, D. Cicalese, A. King, and A. Dainotti. Artemis: Neutralizing bgp hijacking within a minute. IEEE/ACM Transactions on Networking, 26(6):2471--2486, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. J. Snijders and B. Cartwright-Cox. Border Gateway Protocol 4 (BGP-4) Send Hold Timer. Internet-Draft draft-spaghetti-idr-bgp-sendholdtimer-00, Internet Engineering Task Force, Apr. 2021. Work in Progress.Google ScholarGoogle Scholar
  18. P.-A. Vervier, O. Thonnard, and M. Dacier. Mind your blocks: On the stealthiness of malicious bgp hijacks. In NDSS, 2015.Google ScholarGoogle ScholarCross RefCross Ref
  19. C. Villamizar, R. Chandra, and R. Govindan. Bgp route flap damping. RFC 2439, RFC Editor, November 1998.Google ScholarGoogle Scholar
  1. Hunting BGP zombies in the wild

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      ANRW '21: Proceedings of the Applied Networking Research Workshop
      July 2021
      98 pages
      ISBN:9781450386180
      DOI:10.1145/3472305

      Copyright © 2021 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 24 July 2021

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • short-paper

      Acceptance Rates

      ANRW '21 Paper Acceptance Rate16of28submissions,57%Overall Acceptance Rate34of58submissions,59%

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader