Abstract
In the Internet, Autonomous Systems continuously exchange routing information via the BGP protocol: the large number of networks involved and the verbosity of BGP result in a huge stream of updates. Making sense of all those messages remains a challenge today. In this paper, we leverage the notion of “primary path” (i.e., the most used inter-domain path of a BGP router toward a destination prefix for a given time period), reinterpreting updates by grouping them in terms of primary paths unavailability periods, and illustrate how BGP dynamics analysis would benefit from working with primary paths.
Our contributions are as follows. First, through measurements, we validate the existence of primary paths: by analyzing BGP updates announced at the LINX RIS route collector spanning a three months period, we show that primary paths are consistently in use during the observation period. Second, we quantify the benefits of primary paths for BGP dynamics analysis on two use cases: Internet tomography and anomaly detection. For the latter, using three months of anomalous BGP events documented by BGPmon as reference, we show that primary paths could be used for detecting such events (hijacks and outages), testifying of the increased semantic they provide.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We are aware that this prefix was used in Czyz et al. [11]. We believe that the events are unrelated because they do not match either the involved parties, the time window, or the methodology described.
References
Al-Rousan, N.M., Trajković, L.: Machine learning models for classification of BGP anomalies. In: Proceedings of IEEE HPSR (2012)
Bahaa, A.M., Philip, B., Grenville, A.: BGP anomaly detection techniques: a survey. IEEE Commun. Surv. Tutor. 19, 377–396 (2016)
Bates, T., Smith, P., Huston, G.: CIDR Report. http://www.cidr-report.org/as2.0/. Accessed 2018
BGPmon.net: Public event reporting. https://bgpstream.com. Accessed 2018
Butler, K., McDaniel, P., Aiello, W.: Optimizing BGP security by exploiting path stability. In: Proceedings of ACM CCS (2006)
Caesar, M., Subramanian, L., Katz, R.H.: Root cause analysis of BGP dynamics. In: Proceedings of ACM IMC (2003)
Chang, D.F., Govindan, R., Heidemann, J.: The temporal and topological characteristics of BGP path changes. In: Proceedings of IEEE ICNP (2003)
Chen, M., Xu, M., Li, Q., Song, X., Yang, Y.: Detect and analyze large-scale BGP events by bi-clustering update visibility matrix. In: Proceedings of IEEE IPCCC (2015)
Comarela, G., Crovella, M.: Identifying and analyzing high impact routing events with PathMiner. In: Proceedings of ACM IMC (2014)
Craig, L., Robert, M.G., Jahanian, F.: Origins of internet routing instability. In: Proceedings of INFOCOMM (1999)
Czyz, J., Lady, K., Miller, S.G., Bailey, M., Kallitsis, M., Karir, M.: Understanding IPv6 internet background radiation. In: Proceedings of ACM IMC (2013)
Deshpande, S., Thottan, M., Ho, T.K., Sikda, B.: An online mechanism for BGP instability detection and analysis. IEEE Trans. Comput. 58, 1470–1484 (2009)
Elmokashfi, A., Kvalbein, A., Dovrolis, C.: BGP churn evolution: a perspective from the core. IEEE Trans. Netw. 20, 571–584 (2011)
Feldmann, A., Maennel, O., Mao, Z.M., Berger, A., Maggs, B.: Locating internet routing instabilities. ACM SIGCOMM Comput. Commun. Rev. 34, 205–218 (2004)
Haeberlen, A., Avramopoulos, I., Rexford, J., Druschel, P.: NetReview: detecting when interdomain routing goes wrong. In: Proceedings of NSDI (2009)
Holterbach, T., Vissicchio, S., Dainotti, A., Vanbever, L.: SWIFT: predictive fast reroute. In: ACM SIGCOMM (2017)
Javed, U., Cunha, I., Choffnes, D., Katz-Bassett, E., Anderson, T., Krishnamurthy, A.: PoiRoot: investigating the root cause of interdomain path changes. In: ACM SIGCOMM (2013)
Karlin, J., Forrest, S., Rexford, J.: Pretty good BGP: improving BGP by cautiously adopting routes. In: Proceedings of IEEE ICNP (2006)
Labovitz, C., Malan, G.R., Jahanian, F.: Internet routing instability. In: Proceedings of ACM SIGCOMM (1997)
Li, J., Guidero, M., Wu, Z., Purpus, E., Ehrenkranz, T.: BGP routing dynamics revisited. ACM SIGCOMM Comput. Commun. Rev. 37, 5–16 (2007)
Lutu, A., Bagnulo, M., Pelsser, C., Maennel, O., Cid-Sueiro, J.: The BGP visibility toolkit: detecting anomalous Internet routing behavior. Proc. IEEE/ACM Trans. Netw. 24, 1237–1250 (2016)
Mai, J., Yuan, L., Chuah, C.N.: Detecting BGP anomalies with wavelet. In: Proceedings of IEEE NOM (2008)
Oliveira, R., Zhang, B., Pei, D., Izhak-Ratzin, R., Zhang, L.: Quantifying path exploration in the internet. In: Proceedings of ACM IMC (2006)
Orsini, C., King, A., Giordano, D., Giotsas, V., Dainotti, A.: BGPStream: A Software framework for live and historical BGP data analysis. In: Proceedings of ACM IMC (2016)
Papadopoulos, S., Moustakas, K., Drosou, A., Tzovaras, D.: Border gateway protocol graph: detecting and visualising Internet routing anomalies. IET Inf. Secur. 10, 125–133 (2016)
Paxson, V.: End-to-end routing behavior in the Internet. ACM SIGCOMM Comput. Commun. Rev. 36, 41–56 (1996)
Prakash, B.A., Valler, N., Andersen, D., Faloutsos, M., Faloutsos, C.: BGP-lens: patterns and anomalies in internet routing updates. In: Proceedings of ACM SIGKDD (2009)
Qiu, J., Gao, L., Ranjan, S., Nucci, A.: Detecting bogus BGP route information: going beyond prefix hijacking. In: Proceedings of EAI SecureComm (2007)
Rekhter, Y., Li, T.: A Border Gateway Protocol 4 (BGP-4). RFC4271 (2006)
Rexford, J., Wang, J., Xiao, Z., Zhang, Y.: BGP routing stability of popular destinations. In: Proceedings of ACM SIGCOMM Workshop on Internet measurement (2002)
RIPE-NCC: Routing information service. https://www.ripe.net/ris. Accessed 2018
Theodoridis, G., Tsigkas, O., Tzovaras, D.: A novel unsupervised method for securing BGP against routing hijacks. Comput. Inf. Sci. III, 21–29 (2013)
de Urbina Cazenave, I.O., Köşlük, E., Ganiz, M.C.: An anomaly detection framework for BGP. In: Proceedings of INISTA (2011)
Villamizar, C., Chandra, R., Govindan, R.: BGP Route Flap Damping. RFC2439 (1998)
Walton, D., Retana, A., Chen, E., Scudder, J.: Advertisment of multiple Paths in BGP. RFC 7911 (2016)
Acknowledgments
We thank the anonymous reviewers whose valuable comments helped us improving the quality of this paper.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Green, T., Lambert, A., Pelsser, C., Rossi, D. (2018). Leveraging Inter-domain Stability for BGP Dynamics Analysis. In: Beverly, R., Smaragdakis, G., Feldmann, A. (eds) Passive and Active Measurement. PAM 2018. Lecture Notes in Computer Science(), vol 10771. Springer, Cham. https://doi.org/10.1007/978-3-319-76481-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-76481-8_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76480-1
Online ISBN: 978-3-319-76481-8
eBook Packages: Computer ScienceComputer Science (R0)