88 Zhao

Information about 88 Zhao

Published on October 29, 2007

Author: Cinderella

Source: authorstream.com

Content

An Analysis of BGP Multiple Origin AS (MOAS) Conflicts:  An Analysis of BGP Multiple Origin AS (MOAS) Conflicts Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia Zhang, UCLA IMW2001, November 1, 2001 Outline:  Outline Introduction of BGP Multiple Origin AS (MOAS) conflicts analysis Summary and recent work Border Gateway Protocol 4 (BGP-4):  Border Gateway Protocol 4 (BGP-4) To exchange inter-domain routing information Defined in RFC 1771, deployed since 1995 to support CIDR Path Vector Routing Protocol Includes the path information to the destination Loop detection Eliminates count-to-infinity problem, but still converge slowly [Labovitz97] More flexibility for local policy design BGP operational environment:  BGP operational environment Autonomous System (AS): a set of routers under a single technical administration e.g., AS4: ISI, AS3561: Cable & Wireless, etc. Each AS, the originator, advertises its own networks to its neighboring ASs, the neighboring ASs will propagate those advertisements to the rest of the Internet “I tell you, you tell your friends, and so on” A BGP route lists a prefix (destination) and the path of ASs to reach that prefix e.g., R=(p, <AS1, AS2, AS3>), and AS3 is the origin AS for the prefix p, AS2 provides the transit service for p. BGP route updates and MOAS conflicts:  BGP route updates and MOAS conflicts 128.9.0.0/16 nets AS 4 AS 226 AS X AS Y AS Z MOAS conflict ! Motivation:  Motivation It is recommended [RFC 1930] that each prefix should be originated by a single AS with a few possible exceptions However recommendation not followed in practice We want to answer the question that “what are the reasons for MOAS conflicts and what are the impacts?” Data talks... Measurement Data Collection:  Measurement Data Collection Data collected from the Oregon Route Views Peers with >50 routers from >40 different ASes. Our analysis uses data [11/08/9707/18/01] (1279 days total) At a randomly selected moment, The Route Views server observed 1364 MOAS conflicts The views from 3 individual ISPs showed 30, 12 and 228 MOAS conflicts More than 38000 MOAS conflicts observed during this time period. Example MOAS Data:  Example MOAS Data Conflict# prefix start date end date days origin ASs 7 12.0.0.0/8 01/28/98 02/01/98 5 7018+1757 02/03/98 04/14/98 68 7018+1757 04/16/98 04/26/98 11 7018+1757 05/12/98 05/12/98 1 7018+1290 total lifetime for conflict #7 = 85 days ... 234 128.9.0.0/16 09/25/98 10/09/98 15 226+4 12/01/98 02/04/99 63 226+4 02/06/99 04/26/99 78 226+4 04/28/99 08/04/99 94 226+4 08/07/99 09/01/00 352 226+4 09/03/00 11/13/00 68 226+4 11/15/00 11/21/00 7 226+4 11/23/00 11/30/00 8 226+4 12/02/00 12/12/00 11 226+4 12/14/00 12/26/00 13 226+4 12/28/00 07/15/01 190 226+4 07/17/01 - 2 226+4 total lifetime for conflict #234 = 901 days (total 38225 MOAS conflicts) MOAS Conflicts Do Exist:  MOAS Conflicts Do Exist Max: 11842 (11357 from a single AS) Max: 10226 (9177 from a single AS) Histogram of MOAS Conflict Lifetime:  Histogram of MOAS Conflict Lifetime Total # of days a prefix experienced MOAS conflict # of MOAS conflicts Distribution of MOAS Conflicts over Prefix Lengths:  Distribution of MOAS Conflicts over Prefix Lengths ratio of # MOAS entries over total routing entries for the same prefix length Classification of MOAS conflicts:  Given a MOAS conflict for prefix p and two associated AS paths: asp1=(x1,x2,…xn) and asp2=(y1,y2,…ym) Classified into three categories: OrginTranAS: xn=yj (j<m) SplitView: xi=yj (i<n, j<m) DistinctPaths: xiyj (1 i  n, 1 j  m) Classification of MOAS conflicts PSI.net event Valid Causes of MOAS Conflicts (1):  Exchange point addresses E.g.: 198.32.136.0/24 was originated by ASes 2914, 3561, 4006, 6079, 6453, 6461 and 7018. Few instances: 30 out of 38225 are identified as EP addresses Lifetime: 1226 days out of 1279 days for 198.32.138.0/24 AS sets typically only 12 prefixes out of 100K prefixes end with AS sets, and these AS sets were consistent with others Anycast addresses Valid Causes of MOAS Conflicts (1) Valid Causes of MOAS Conflicts (2):  Multi-homing without BGP Private AS number Substitution Valid Causes of MOAS Conflicts (2) 128.9/16 Path: 11422,4 128.9/16 Path: 226 131.179/16 Path: 64512 131.179/16 Path: X 131.179/16 Path:Y 128.9/16 131.179/16 AS 64512 AS Y AS X AS 4 AS 11422 AS 226 Static route or IGP route 128.9/16 Path: 4 Invalid Causes of MOAS Conflicts:  Invalid Causes of MOAS Conflicts Operational faults led to large spikes of MOAS conflicts 04/07/1998: one AS originated 12593 prefixes, out of which 11357 were MOAS conflicts 04/10/2001: another AS originated 9180 prefixes, out of which 9177 were MOAS conflicts There are many smaller scale examples of falsely originated routes Errors Intentional traffic hijacking Summary:  Summary MOAS conflicts exist today Some due to operational need; some due to faults Blind acceptance of MOAS could be dangerous An open door for traffic hijacking A solution for determining MOAS validity is under development For more info about FNIISC project: http://fniisc.nge.isi.edu Recent Work: MOAS Solutions:  Recent Work: MOAS Solutions Proposal 1: using BGP community attribute Proposal 2: DNS-based solution Solutions presented to NANOG 23 BGP-Based Solution :  BGP-Based Solution Define a new community attribute Listing all the ASes allowed to originate a prefix Attach this MOAS community-attribute to BGP route announcement Enable BGP routers to detect faults and attacks At least in most cases, we hope! Comm. Attribute Implementation Example:  Comm. Attribute Implementation Example router bgp 59 neighbor 1.2.3.4 remote-as 52 neighbor 1.2.3.4 send-community neighbor 1.2.3.4 route-map setcommunity out route-map setcommunity match ip address 18.0.0.0/8 set community 59:MOAS 58:MOAS additive Example configuration: AS58 AS59 18.0.0.0/8 AS52 Another Proposal: DNS-based Solution:  Another Proposal: DNS-based Solution Put the MOAS list in a new DNS Resource Record ftp://psg.com/pub/dnsind/draft-bates-bgp4-nlri-orig-verif-00.txt by Bates, Li, Rekhter, Bush, 1998 Enhanced DNS service

Related presentations


Other presentations created by Cinderella

Interactions of Life Communities
01. 01. 2008
0 views

Interactions of Life Communities

MDTherapySpEd Grant
23. 11. 2007
0 views

MDTherapySpEd Grant

MRB cables jan 4 2005
28. 11. 2007
0 views

MRB cables jan 4 2005

Panel for Down Syndrome
29. 11. 2007
0 views

Panel for Down Syndrome

Standardized Recipes
05. 12. 2007
0 views

Standardized Recipes

TMTAstrometry
05. 11. 2007
0 views

TMTAstrometry

Jesus 1 The Word Was God
01. 10. 2007
0 views

Jesus 1 The Word Was God

Chapter 08
12. 11. 2007
0 views

Chapter 08

kotake
14. 11. 2007
0 views

kotake

Analytical Thinking
19. 11. 2007
0 views

Analytical Thinking

BESFranz02 28 02
18. 12. 2007
0 views

BESFranz02 28 02

6 communism and cold war
19. 12. 2007
0 views

6 communism and cold war

HSTeventsweb
05. 11. 2007
0 views

HSTeventsweb

Science and Christianity
23. 12. 2007
0 views

Science and Christianity

grouppresentation
25. 12. 2007
0 views

grouppresentation

Health Politics Case 5 Maioni
31. 12. 2007
0 views

Health Politics Case 5 Maioni

Womens political
07. 01. 2008
0 views

Womens political

01 overview
15. 11. 2007
0 views

01 overview

Project Eastwood
05. 11. 2007
0 views

Project Eastwood

post ww ii presidents
28. 12. 2007
0 views

post ww ii presidents

noble
12. 12. 2007
0 views

noble

gmcase
24. 02. 2008
0 views

gmcase

Nov2001 BorsesD MPEG7
27. 02. 2008
0 views

Nov2001 BorsesD MPEG7

burkett sura
04. 01. 2008
0 views

burkett sura

news 20071122225647
05. 03. 2008
0 views

news 20071122225647

presentation koch Friesen2004b
11. 03. 2008
0 views

presentation koch Friesen2004b

GTL Presentation V1 5
14. 03. 2008
0 views

GTL Presentation V1 5

itu id16112004
27. 03. 2008
0 views

itu id16112004

wp 18 e
30. 03. 2008
0 views

wp 18 e

Economic Update AFIAA May2007
13. 04. 2008
0 views

Economic Update AFIAA May2007

CGF98 talk
07. 11. 2007
0 views

CGF98 talk

noutati
10. 12. 2007
0 views

noutati

powerpointSBH
05. 11. 2007
0 views

powerpointSBH

061109 Bio
18. 12. 2007
0 views

061109 Bio

create
03. 10. 2007
0 views

create

produkt11
04. 01. 2008
0 views

produkt11

Slovenia Theory04
03. 01. 2008
0 views

Slovenia Theory04