Active BGP Probing - RIPE 82

1RIPE 50, 5 May 2005Lorenzo Colitti colitti@dia.uniroma3.it – lorenzo@ripe.net. .

Active BGP Probing

Lorenzo Colitti

Roma Tre University – RIPE NCC

2Lorenzo Colitti RIPE 50, 5 May 2005. . colitti@dia.uniroma3.it – lorenzo@ripe.net

Agenda

• Our techniques– Primitives

– Applications

– Results

• Operational impact– Why it is safe

– Why it is low-impact

– Why it doesn't hamper debugging

• Tests over IPv4?

Our Techniques

The Problem

• Point of view: an ISP– We want to know how other ASes treat our prefixes– Why?

• Predict the effect of network faults• Perform effective traffic engineering

• Develop peering strategies• Evaluate quality of upstreams• ...

• Existing BGP discovery methods are good at discovering topology but bad at discovering policy– We can look at RIS or ORV...

– ... but we can't find out how the world treats our prefixes

Can we do better?

• We would like to know:

– Where our announcements go• Trivial: just look at RIS or ORV

– Where our announcements could go: “feasibility”• What happens if a link fails and backups come up?• What are the margins for traffic engineering?

– How other ASes treat our prefixes• Do other ASes have preferences about how to reach us?

• How can we obtain this information?

Just to get an idea

Standard RIS query

33 10566 3320

6939 1930 6175 1299 5539 293 31103

6830 209652914 1853 3265 12779 8447 8763 3425 29686

3549 127933333 12859 559 1103 11537

51332575417

155 89

3 31 05 663 32 012 75

6939 179 65 2489514277 6435 29 14560 9 47161091 930 1 589 77580617554 08 374 84697 1 39 44129 9 91 12553 9 2 9368 0 254931 10312 702 2 60 75 42 4

6830 17 52 2096 5 86 6451 3 4 55556 233 54 9 469 130071 2 04214 525358 3 2571853 32 65127 798447876 3 472 5 17 57 934 25 110 3 17715250 0 32463 34429 686

11 5372138 5127 3 1 279 3 5 38533 33128 59895 47684 24971808455 117660 78 6 66 80790 559 2200 13110

9270 92 6425 16 54 17

Using our techniques

Feasibility

• “Where can our announcements go?”

• An AS-path is feasible for a prefix p if “the policies of the ASes in the Internet allow it to be announced”– Active (“best”) paths, backup paths, alternate paths

• A BGP peering is feasible for p if it's part of a feasible AS-path– That is, if it is possible, in some state of the Internet, for

the announcements for p to traverse it

Feasibility graph

33 10566 3320

6939 1930 6175 1299 5539 293 31103

6830 209652914 1853 3265 12779 8447 8763 3425 29686

3549 127933333 12859 559 1103 11537

51332575417

• Directed graph: nodes = ASes, arcs = feasible peerings

• Shows us only [a subset of] the portion of the Internet where our announcements can go

Active BGP probing

• Basic idea: inject updates into the network and observe results– Use a test prefix p to avoid disrupting production traffic

– Use RIS or ORV to see (and react to) results in real-time

– Use looking glasses and route servers to see steady state results

• Two primitives:– Withdrawal Observation

• Let BGP explore alternate paths

– AS-set Stuffing• Force BGP to take alternate paths by “prohibiting” certain ASes

Withdrawal Observation

• BGP explores many alternate paths before realizing a route has been withdrawn– An AS sends a withdrawal only if all its alternate paths

have been withdrawn

– Else it sends out an update for one of the alternate paths

• We can use this to discover alternate paths– Withdraw the test prefix p

– Record BGP paths seen during convergence process

– Merge paths to get a feasibility graph

• BGP does a lot of the work for us

Withdrawal observation: BGPlay

http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=84.205.89.0/24&start=2005-03-01+00:00&end=2005-03-01+00:10

AS-set Stuffing

• Prepend an AS-set containing arbitrary ASes Ai

– The AS-paths seen by the Internet end in Z {A1, A2, …, Ai}where Z is our AS number

• We say the ASes Ai are “prohibited”

– They will not receive or process the announcements

– They disappear from the Internet as far as p is concerned

• What this allows:– Topology discovery

– Path feasibility and policy discovery

– Measurements in “altered network state”

Topology discovery

• Announcing an AS-set containing ASes in active paths causes alternate paths to appear– So we find new ASes and peerings

• Simple algorithm to find out out a larger topology: “Level-by-level” exploration:

• Proceed by increasing topological distance:– Prohibit all ASes at certain distance

• Observe paths seen during convergence and after convergence• Add all ASes and peerings found to feasibility graph

– If new ASes appear at this distance, turn them off too– When no new ASes appear, increase distance by one

Example: prohibit level 2

33 10566 3320

6939 1930 6175 1299 5539 293 31103

6830 209652914 1853 3265 12779 8447 8763 3425 29686

3549 127933333 12859 559 1103 11537

51332575417

3310566 3320 1275

693919306175 1299 5539293 31103 127025424

6830 20965 4691 291430071 13944 2535818533265 12779 8447 87633425 29686

3549 12793333312859 25005591103 11537

51318084 766032575417

32 ASes33 peerings

42 ASes57 peerings

{33,3320,10566}

After 4 levels...

331056633201275

6939 17965 2489514277 6435 29145609 47161091930 15897758061755408 37484697 139441299 91125539 293680 25493110312702 26075424

6830 1752 20965 8664513 455556233549 469130071 204214525358 32571853 32651277984478763 4725 175793425 1103 177152500 3246334429686

11537213851273 12793 538533331285989547684 24971808455117660 786 6680790 559 2200 13110

9270 92642516 5417

84 ASes (2.6x)184 peerings (5.6x)

Level-by-level exploration: BGPlay

http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=2001:a30::/32&start=2005-04-19+01:20&end=2005-04-19+02:40

Path Feasibility determination

• Suppose the route collector C sees ZFGC• Is the path ZADC feasible?

• Announce {B,F,G}

• If C sees ZADC, ZADC is feasible (obviously)• If C does not see anything, ZADC is not feasible

Path Preference discovery

• Suppose ZADC and ZBEC are feasible• Which does C prefer?

• Announce {F,G}

• The path C prefers is the one it chooses as best

“Altered state” measurements

• Use AS-set stuffing to put network into altered state– e.g. “turn off” one of our upstreams' upstreams

• Then measure network performance– Look at looking glasses in other ASes

– Or use RTT measurements• Forward path stays the same!

Testing and Results

• We tested on the IPv6 backbone:– Fewer legacy devices

– Fewer mission-critical services

– Much smaller size

• Announcements were for 2001:a30::/32 and originated in AS5397

• For results, see our technical report:

http://www.dia.uniroma3.it/~compunet/bgp-probing/bgp-probing-tr.pdf

Operational Impact

This is safe

• Equipment tests– Juniper, old Cisco: reset session at 125 ASes

• This is not specific to our techniques!

– New Cisco: ignore path at 75 ASes– We never needed more than ~50

• IPv6 tests– 11/2004 – 2/2005 (reprise in April); no problems reported

– AS-sets noticed only twice (first time after 3 months)

• Observation in the wild (IPv4)– Jan 2001: 123-element AS-set; Jan 2002, 124-element

– Nobody complained of problems due to these events

This is low impact

• Dampening limits us to ~ 1 update per hour– A typical Tier-1 router might receive 15k updates per hour

• A 100-element AS-set should require about 200 bytes of memory– Core routers are already using tens of megabytes of

memory for BGP

This doesn't hamper debugging

• People already prepend other people's AS numbers • Our techniques are more transparent

– Our AS is the first AS before the AS-set

– Apart from the AS-set, the rest of the path is the path the announcement took

– Such large AS-sets are obviously unlikely to result from route aggregation

• The routes can be tagged with communities– Thanks to Tim Griffin for suggesting this

• A whois on the prefix immediately reveals the origin

Ethical Issues

• We're using BGP for stuff it was not designed to do– This happens frequently!

• e.g.: NAT, IP-in-IP tunneling, dupacks for congestion control, ...

• We're using people's AS numbers without their permission– People already do it, if not in such an obvious way– The announcements should not cause confusion

• A whois query on the prefix immediately reveals the origin• The announcements are immediately recognizable

– We believe the usefulness of our techniques for ISPs makes it worthwhile

Testing in the IPv4 backbone

Testing over IPv4

• We believe these techniques can be useful for ISPs – There are no good technical reasons not to do this

• We would like to discover how effective they are in the IPv4 Internet– We have tested in the lab

– We have tested on the IPv6 backbone, with good results• See the technical report for details

– We would like to test on the IPv4 backbone• Applying our techniques to the IPv4 Internet might also provide

new insights on the structure of the network

Questions?

Active BGP Probing - RIPE 82

Documents

Measuring and Modeling the Adoption of IPv6 · 1/14/2013 · Measurement Data • Topology snapshots+updates from BGP routing datasets from 1998-present – Routeviews and RIPE •

AS Border Definition - RIPE 73 · Target Plain BGP Preference transmission 1. Synchronize Local Preference Values 2. Local-pref->Community->Local_pref ‘Hot potato’ routing Origin

Internet Routing Table Analysis Updatebgp4all.com/dokuwiki/_media/conferences/ripe44-rtg-wg-bgp-report.… · Analysis Update Philip Smith pfs@cisco.com RIPE Routing WG Amsterdam,

A Simple BGP - RIPE 71 · A Simple BGP Author: mitradir Created Date: 11/19/2015 10:38:31 AM

BGP Scanner Isolario BGP-MRT Data Reader: C library & tool - RIPE … · 2018-10-12 · BGP Scanner Isolario BGP-MRT Data Reader: C library & tool Lorenzo Cogotti lorenzo.cogotti

An Active Approach to Measuring Routing Dynamics Induced by … · BGP inbound traffic engineering Motivations AS path prepending Active Measurement Methodology RIPE NCC RIS Results

BGP in 2013 (and a bit of 2014) Geoff Huston APNIC RIPE 68

Recent BGP Innovations for Operational Challenges - RIPE 75 · • BGP speakers that announce routes and/or accept routes, without explicitly being configured to do so, are no longer

Prefix Filtering: RIPE Database and ROAs · 2018. 4. 12. · !3 BGP - simple hijack Tim Bruijnzeels | 10 April 2018 | RIPE NCC Educa AS65001 AS65002 AS65003 AS65004 10.0.0.0/20 10.0.0.0/20

Large BGP Communities - RIPE · PDF file• Large BGP Communities are encoded as a 96-bit quantity and ... VyOS VyOS Requested Feature Requested T143. Tools and Ecosystem Implementation

RIPE 78 Closing PlenaryRIPE 78 Closing Plenary, 24 May 2019 RIPE Meeting Attendance Over Time 3 400 500 600 700 800 RIPE 74 RIPE 75 RIPE 76 RIPE 77 RIPE 78 627 460 737 796 742 RIPE

30 Years of BGP - RIPE 79 · 2019. 10. 14. · BGP Scaling •BGP has scaled because the protocol only passes topology deltas -as long as the topology change rate is low, the BGP

GEOLOCATION - CAIDA€¦ · GEOLOCATION Topology Data COMPARISON • BGP (Routeviews/RIPE) - IPv4 Preﬁx to AS mapping • ark router graph - IPv4 preﬁxes / hostnames • CAIDA’s

Modeling the Routing of an ISP with C-BGP - RIPE 58ripe58.ripe.net/content/presentations/modelling-with-cbgp.pdf · Modeling the Routing of an ISP with C-BGP ... Case study ... Modeling

Real-Time BGP Toolkit - RIPE 76 · Peer with it AS 393338 Set up peering at (create an account & login, then look for the menu option to add peering) Contact Us RT-BGP Toolkit Martin

RIPE IPv6 Seminar - RIPE 61 | RIPE 61 Meeting and Events

Day in the Life of a BGP Update in Cisco IOS - RIPEmeetings.ripe.net/ripe-45/presentations/ripe45-routing-bgp-update.pdf · Day in the Life of a BGP Update in Cisco IOS Philip Smith

JunOS - Marseillemeetings.ripe.net/ripe-45/presentations/ripe45-eof-pedro.pdf · JunOS BGP Pedro Roque Marques roque@juniper.net. JunOS

RIPE IPmap - ENOG · 2018-06-11 · •Peering DB data and BGP data are used to reduce the locations probed •Score based on RTT, only RTT

BGP Network Design RIPE 49 - Marseillemeetings.ripe.net/ripe-49/presentations/ripe49-routing-bgp-design.pdf · BGP Network Design RIPE 49 ... In practice, many use RR as a configuration