Your search keyword '"Border Gateway Protocol (BGP)"' showing total 50 results

1. Implementasi BGP dan Resource Public Key Infrastructure menggunakan BIRD untuk Keamanan Routing

Author

Valen Brata Pranaya and Theophilus Wellem

Subjects

border gateway protocol (bgp), resource public key infrastructure (rpki), bird internet routing daemon (bird), rpki validator, Systems engineering, TA168, Information technology, T58.5-58.64

Abstract

The validity of the routing advertisements sent by one router to another is essential for Internet connectivity. To perform routing exchanges between Autonomous Systems (AS) on the Internet, a protocol known as the Border Gateway Protocol (BGP) is used. One of the most common attacks on routers running BGP is prefix hijacking. This attack aims to disrupt connections between AS and divert routing to destinations that are not appropriate for crimes, such as fraud and data breach. One of the methods developed to prevent prefix hijacking is the Resource Public Key Infrastructure (RPKI). RPKI is a public key infrastructure (PKI) developed for BGP routing security on the Internet and can be used by routers to validate routing advertisements sent by their BGP peers. RPKI utilizes a digital certificate issued by the Certification Authority (CA) to validate the subnet in a routing advertisement. This study aims to implement BGP and RPKI using the Bird Internet Routing Daemon (BIRD). Simulation and implementation are carried out using the GNS3 simulator and a server that acts as the RPKI validator. Experiments were conducted using 4 AS, 7 routers, 1 server for BIRD, and 1 server for validators, and there were 26 invalid or unknown subnets advertised by 2 routers in the simulated topology. The experiment results show that the router can successfully validated the routing advertisement received from its BGP peer using RPKI. All invalid and unknown subnets are not forwarded to other routers in the AS where they are located such that route hijacking is prevented.

Published

2021

2. N‐BGP: An efficient BGP routing protocol adaptation for named data networking.

Author

Aldaoud, Manar, Al‐Abri, Dawood, Awadalla, Medhat, and Kausar, Firdous

Subjects

*BGP (Computer network protocol), *INTERNET exchange points, *PROCESS capability, *NETWORK routing protocols, *AD hoc computer networks

Abstract

Summary: Named data networking (NDN) is gaining momentum as a future Internet architecture. NDN is a type of information‐centric networking (ICN) that attempts to change the current Internet architecture from host/location‐centric to content‐centric, where data retrieving is done by the names of the contents irrespective of the location of the data. A mechanism to advertise the name‐based prefixes between different domains is necessary to accelerate the NDN deployment. In IP‐based routing, border gateway protocol (BGP) is the de facto inter‐domain routing protocol that plays a vital role in Internet communication by enabling different Internet domains to exchange routing information. In its current form, BGP can advertise and process IP‐based prefixes, but it cannot advertise or process NDN name‐based prefixes. Accordingly, BGP needs to be extended to support NDN technology. This paper proposes an NDN extension for BGP, referred to as N‐BGP, that offers a solution to exchange name‐based routes in the current BGP networks. This proposed extension modifies the traditional BGP speaker into a hybrid one. This hybrid speaker is qualified to understand, advertise, receive, process, and store both IP‐based and name‐based routes simultaneously and efficiently, without disturbing or breaking the current Internet operation; that is, it can coexist along with traditional speakers. We also validate and evaluate our proposed solution in a hybrid environment, and the results show that N‐BGP has the capability to exchange and process both Name and IP‐based routes efficiently. [ABSTRACT FROM AUTHOR]

Published

2022

3. Code Ethnography and the Materiality of Power in Internet Governance.

Author

Rosa, Fernanda R.

Subjects

*INTERNET governance, *ETHNOLOGY, *BGP (Computer network protocol), *INTERNET exchange points, *INFORMATION superhighway, DEVELOPING countries

Abstract

The purpose of this article is to discuss an ethnography of code, specifically code ethnography, a method for examining code as a socio-technical actor, considering its social, political, and economic dynamics in the context of digital infrastructures. While it can be applied to any code, the article presents the results of code ethnography application in the study of internet interconnection dynamics, having the Border Gateway Protocol (BGP) as code and two of the largest internet exchange points (IXPs) in the world as points of data collection, DE-CIX Frankfurt, and IX.br São Paulo. The results show inequalities in the flows of information between the global North and the global South and concentration of power at the level of interconnection infrastructure hitherto unknown in the context of the political economy of the internet. Code ethnography is explained in terms of code assemblage, code literacy, and code materiality. It demonstrates the grammar of BGP in context, making its logical and physical dimensions visible in the analysis of the formation of giant internet nodes and infrastructural interdependencies in the circulation information infrastructure of the internet. [ABSTRACT FROM AUTHOR]

Published

2022

4. The (Thin) Bridges of AS Connectivity: Measuring Dependency Using AS Hegemony

Author

Fontugne, Romain, Shah, Anant, Aben, Emile, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Beverly, Robert, editor, Smaragdakis, Georgios, editor, and Feldmann, Anja, editor

Published

2018

5. Routing

Author

Carthern, Chris, Wilson, William, Bedwell, Richard, Rivera, Noel, Carthern, Chris, Wilson, William, Bedwell, Richard, and Rivera, Noel

Published

2015

6. Code Ethnography and the Materiality of Power in Internet Governance

Author

Fernanda R. Rosa

Subjects

Internet Exchange Points (IXP), Border Gateway Protocol (BGP), Sociology and Political Science, Internet Interconnection Infrastructure, Internet Governance, Digital Ethnography, Code Ethnography, Digital Inequalities

Abstract

The purpose of this article is to discuss an ethnography of code, specifically code ethnography, a method for examining code as a socio-technical actor, considering its social, political, and economic dynamics in the context of digital infrastructures. While it can be applied to any code, the article presents the results of code ethnography application in the study of internet interconnection dynamics, having the Border Gateway Protocol (BGP) as code and two of the largest internet exchange points (IXPs) in the world as points of data collection, DE-CIX Frankfurt, and IX.br Sao Paulo. The results show inequalities in the flows of information between the global North and the global South and concentration of power at the level of interconnection infrastructure hitherto unknown in the context of the political economy of the internet. Code ethnography is explained in terms of code assemblage, code literacy, and code materiality. It demonstrates the grammar of BGP in context, making its logical and physical dimensions visible in the analysis of the formation of giant internet nodes and infrastructural interdependencies in the circulation information infrastructure of the internet. Columbia University's School of International and Public Affairs; Carnegie Corporation of New York Next Generation Cyber Fellowship (2016-2017) Published version This research was possible thanks to Columbia University's School of International and Public Affairs and Carnegie Corporation of New York Next Generation Cyber Fellowship (2016-2017).

Published

2022

7. SDN 与传统 IP 网络互联架构的设计与实现*.

Author

唐勇, 王卫振, 汪文勇, and 徐宾伟

Abstract

The interconnected architecture of software defined network (SDN) and traditional IP network we propose is based on the following core idea： taking the SDN as a traditional "route". The network layer reachability information (NLRI) of the entire network becomes consistent after "route" communicates with IP network by exchanging NLRI through the border gateway protocol (BGP). We design an interconnected architecture based on the above idea. Besides, we test the models' functions, and verify the validity of interconnected architecture in the multi-SDN scene and the performance. Simulation results show that the interconnected architecture can make the SDN and traditional IP network interconnect and communicate normally. The proposed interconnected architecture makes little change to network devices, and the changes mainly focus on the SDN controller which is software programmable, and it is helpful for this technology to be deployed and implemented in the real network environment. [ABSTRACT FROM AUTHOR]

Published

2017

8. I-Seismograph: Observing, Measuring, and Analyzing Internet Earthquakes.

Author

Zhang, Mingwei, Li, Jun, and Brooks, Scott

Subjects

SEISMOMETERS, BGP (Computer network protocol)

Abstract

Disruptive events, such as large-scale power outages, undersea cable cuts, or security attacks, could have an impact on the Internet and cause the Internet to deviate from its normal state of operation, which we also refer to as an “Internet earthquake.” As the Internet is a large, complex moving target, unfortunately little research has been done to define, observe, quantify, and analyze such impact on the Internet, whether it is during a past event period or in real time. In this paper, we devise an Internet seismograph, or I-seismograph, to fill this gap. Since routing is the most basic function of the Internet and the Border Gateway Protocol (BGP) is the de facto standard inter-domain routing protocol, we focus on BGP to observe, measure, and analyze the Internet earthquakes. After defining what an impact to BGP entails, we describe how I-seismograph observes and measures the impact, exemplify its usage during both old and recent disruptive events, and further validate its accuracy and convergency. Finally, we show that I-seismograph can further be used to help analyze what happened to BGP while BGP experienced an impact, including which autonomous systems (AS) were affected most or which AS paths or path segments surged significantly in BGP updates during an Internet earthquake. [ABSTRACT FROM PUBLISHER]

Published

2017

9. A Method to Detect Prefix Hijacking by Using Ping Tests

Author

Tahara, Mitsuho, Tateishi, Naoki, Oimatsu, Toshio, Majima, Souhei, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Ma, Yan, editor, Choi, Deokjai, editor, and Ata, Shingo, editor

Published

2008

10. Anatomy of an internet hijack and interception attack: A global and educational perspective

Author

Scott, Ben A., Johnstone, Michael N., Szewczyk, Patryk, Scott, Ben A., Johnstone, Michael N., and Szewczyk, Patryk

Abstract

The Internet’s underlying vulnerable protocol infrastructure is a rich target for cyber crime, cyber espionage and cyber warfare operations. The stability and security of the Internet infrastructure are important to the function of global matters of state, critical infrastructure, global e-commerce and election systems. There are global approaches to tackle Internet security challenges that include governance, law, educational and technical perspectives. This paper reviews a number of approaches to these challenges, the increasingly surgical attacks that target the underlying vulnerable protocol infrastructure of the Internet, and the extant cyber security education curricula; we find the majority of predominant cyber security education frameworks do not address security for the Internet’s critical communication system, the Border Gateway Protocol (BGP). Finally, we present a case study as an anatomy of such an attack. The case study can be implemented ethically and safely for educational purposes.

Published

2022

11. An Adaptive Management Approach to Resolving Policy Conflicts

Author

Yilmaz, Selma, Matta, Ibrahim, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Akyildiz, Ian F., editor, Sivakumar, Raghupathy, editor, Ekici, Eylem, editor, Oliveira, Jaudelice Cavalcante de, editor, and McNair, Janise, editor

Published

2007

12. 一种复合的自治域级拓扑发现方法.

Author

胡一非 and 程光

Abstract

Copyright of Journal of Chongqing University of Posts & Telecommunications (Natural Science Edition) is the property of Chongqing University of Posts & Telecommunications and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2016

13. AS-level BGP community usage classification

Author

Krenc, Thomas (author), Beverly, Robert (author), Smaragdakis, G. (author), Krenc, Thomas (author), Beverly, Robert (author), and Smaragdakis, G. (author)

Abstract

BGP communities are a popular mechanism used by network operators for traffic engineering, blackholing, and to realize network policies and business strategies. In recent years, many research works have contributed to our understanding of how BGP communities are utilized, as well as how they can reveal secondary insights into real-world events such as outages and security attacks. However, one fundamental question remains unanswered: "Which ASes tag announcements with BGP communities and which remove communities in the announcements they receive?" A grounded understanding of where BGP communities are added or removed can help better model and predict BGP-based actions in the Internet and characterize the strategies of network operators. In this paper we develop, validate, and share data from the first algorithm that can infer BGP community tagging and cleaning behavior at the AS-level. The algorithm is entirely passive and uses BGP update messages and snapshots, e.g. from public route collectors, as input. First, we quantify the correctness and accuracy of the algorithm in controlled experiments with simulated topologies. To validate in the wild, we announce prefixes with communities and confirm that more than 90% of the ASes that we classify behave as our algorithm predicts. Finally, we apply the algorithm to data from four sets of BGP collectors: RIPE, RouteViews, Isolario, and PCH. Tuned conservatively, our algorithm ascribes community tagging and cleaning behaviors to more than 13k ASes, the majority of which are large networks and providers. We make our algorithm and inferences available as a public resource to the BGP research community., Cyber Security

Published

2021

14. A Novel Methodology to Address the Internet AS-Level Data Incompleteness.

Author

Gregori, Enrico, Improta, Alessandro, Lenzini, Luciano, Rossi, Lorenzo, and Sani, Luca

Subjects

INCOMPLETENESS theorems, BGP (Computer network protocol), ROUTING (Computer network management), DECISION making, PEER-to-peer architecture (Computer networks)

Abstract

In the last decade, many studies have used the Internet autonomous system (AS)-level topology to perform several analyses, from discovering its graph properties to assessing its impact on the effectiveness of worm-containment strategies. Yet, the Border Gateway Protocol (BGP) data used to reveal the topologies are far from complete. Our contribution is threefold. First, we analyze BGP data currently gathered by the most famous route collector projects, highlighting and explaining the causes of their incompleteness. We found that large areas of the Internet are not properly captured due to the geographical location of route collector feeders and due to BGP filters, such as export policies and decision processes. Second, we propose a methodology based on a new metric, named p2c-distance, which is able to: 1) identify the minimum number of ASs required to obtain an Internet AS-level topology that is closer to reality; and 2) identify a ranking list of these ASs to show that it is possible to obtain nonnegligible coverage improvements with a limited number of appropriately chosen feeding ASs. Third, we characterize the ASs that were found to be part of the solution of the above covering problems. We found that the route collectors are rarely connected to these ASs, thus highlighting that much effort is needed to devise a route collector infrastructure that ideally would be able to capture a complete view of the Internet. [ABSTRACT FROM PUBLISHER]

Published

2015

15. AS-level BGP community usage classification

Author

Georgios Smaragdakis, Robert Beverly, and Thomas Krenc

Subjects

Networking and Internet Architecture (cs.NI), FOS: Computer and information sciences, Correctness, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, 02 engineering and technology, BGP communities, Network topology, Computer Science - Networking and Internet Architecture, Prefix, Traffic engineering, Large networks, 020204 information systems, Research community, border gateway protocol (BGP), 0202 electrical engineering, electronic engineering, information engineering, The Internet, business, Computer network, Public resource

Abstract

BGP communities are a popular mechanism used by network operators for traffic engineering, blackholing, and to realize network policies and business strategies. In recent years, many research works have contributed to our understanding of how BGP communities are utilized, as well as how they can reveal secondary insights into real-world events such as outages and security attacks. However, one fundamental question remains unanswered: "Which ASes tag announcements with BGP communities and which remove communities in the announcements they receive?" A grounded understanding of where BGP communities are added or removed can help better model and predict BGP-based actions in the Internet and characterize the strategies of network operators. In this paper we develop, validate, and share data from the first algorithm that can infer BGP community tagging and cleaning behavior at the AS-level. The algorithm is entirely passive and uses BGP update messages and snapshots, e.g. from public route collectors, as input. First, we quantify the correctness and accuracy of the algorithm in controlled experiments with simulated topologies. To validate in the wild, we announce prefixes with communities and confirm that more than 90% of the ASes that we classify behave as our algorithm predicts. Finally, we apply the algorithm to data from four sets of BGP collectors: RIPE, RouteViews, Isolario, and PCH. Tuned conservatively, our algorithm ascribes community tagging and cleaning behaviors to more than 13k ASes, the majority of which are large networks and providers. We make our algorithm and inferences available as a public resource to the BGP research community.

Published

2021

16. External Border Gateway Protocol (EBGP) Routing Design in Router Core

Author

Hadipratama, Nico, Desmulyati, Desmulyati, and Taufik, Andi

Subjects

Border Gateway Protocol (BGP), GNS3, Router, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Autonomous Systems (AS), Routing

Abstract

An autonomous system (AS) is the collection of networks having the same set of routing policies. Each AS has administrative control to its own inter-domain routing policy. Computer networks consisting of a bunch of AS's with different routing will not be able to interconnecttion one another. This is causes communication in the network to be inhibited. For that we need a protocol that can connect each different AS. External Border Gateway Protocol (EBGP) is an inter-domain routing protocol ie between different AS that is used to exchange routing information between them. In a typical inter-network (and in the Internet) each autonomous system designs one or more routers that run EBGP software. EBGP routers in each AS are linked to those in one or more other AS. The ability to exchange table routing information between Autonomous System (AS) is one of the advantages of EBGP. EBGP implements routing policies based on a set of attributes accompanying each route used to pick the "shortest" path across multiple AS, along with one or more routing policies. EBGP uses an algorithm which cannot be classified as a pure "Distance Vector", or pure "Link State". It is a path vector routing protocol as it defines a route as a collection of a number of AS that is passes through from source AS to destination AS. This paper discusses the implementation of the EBGP routing protocol in the network that have different AS in order to interconnect. Its application using Graphic Network Simulator (GNS3) software for prototyping and simulating network. So that later can be applied to the actual network.

Published

2020

17. Fast ReRoute Technique in BGP with Secure Route Reliability Testing Algorithm.

Author

Siva, C. and Arumugam, S.

Subjects

RELIABILITY in engineering, COMPUTER security, ALGORITHMS, SYSTEM failures, ROUTING (Computer network management), BGP (Computer network protocol)

Abstract

This paper deals with the Fast Reroute technique which is the extension of the Route Reliability Testing (RRT) algorithm. The main issues of the BGP are link failure and untrustworthiness of the link and many more. In a network when the actual link fails the data will not be sent to its destination and which results in congestion and also increases the load of the network. To deal with these issues, in this paper we propose a Fast ReRoute (FRR) Technique in BGP, which helps when the primary link fails by finding an alternate link for the data. The main advantage of this of this proposal is while finding the alternate link the lowest post failure, traffic load across all the links into the account and also it is possible to decrease the data packet loss. By simulation results, we show that the proposed rerouting technique reduces the packet loss and increases the throughput [ABSTRACT FROM AUTHOR]

Published

2013

18. Improving Network Agility With Seamless BGP Reconfigurations.

Author

Vissicchio, Stefano, Vanbever, Laurent, Pelsser, Cristel, Cittadini, Luca, Francois, Pierre, and Bonaventure, Olivier

Subjects

BGP (Computer network protocol), INFRASTRUCTURE (Economics), INTERNET service providers, COMPUTATIONAL complexity, PARALLEL computers, PHYSICAL constants

Abstract

The network infrastructure of Internet service providers (ISPs) undergoes constant evolution. Whenever new requirements arise (e.g., the deployment of a new Point of Presence or a change in the business relationship with a neighboring ISP), operators need to change the configuration of the network. Due to the complexity of the Border Gateway Protocol (BGP) and the lack of methodologies and tools, maintaining service availability during reconfigurations that involve BGP is a challenge for operators. In this paper, we show that the current best practices to reconfigure BGP do not provide guarantees with respect to traffic disruptions. Then, we study the problem of finding an operational ordering of BGP reconfiguration steps that guarantees no packet loss. Unfortunately, finding such an operational ordering, when it exists, is computationally hard. To enable lossless reconfigurations, we propose a framework that extends current features of carrier-grade routers to run two BGP control planes in parallel. We present a prototype implementation and show the effectiveness of our framework through a case study. [ABSTRACT FROM PUBLISHER]

Published

2013

19. Enhancing the Trust of Internet Routing With Lightweight Route Attestation.

Author

Li, Qi, Xu, Mingwei, Wu, Jianping, Zhang, Xinwen, Lee, Patrick P. C., and Xu, Ke

Abstract

The weak trust model in Border Gateway Protocol (BGP) introduces severe vulnerabilities for Internet routing including active malicious attacks and unintended misconfigurations. Although various secure BGP solutions have been proposed, the complexity of security enforcement and data-plane attacks still remain open problems. We propose TBGP, a trusted BGP scheme aiming to achieve high authenticity of Internet routing with a simple and lightweight attestation mechanism. TBGP introduces a set of route update and withdrawal rules that, if correctly enforced by each router, can guarantee the authenticity and integrity of route information that is announced to other routers in the Internet. To verify this enforcement, an attestation service running on each router provides interfaces for a neighboring router to challenge the integrity of its routing stack, enforced rules, and the attestation service itself. If this attestation succeeds, the neighboring router updates its routing table or announces the route to its neighbors, following the same rules. Thus, a router on a routing path only needs to verify one neighbor's routing status to ensure that the route information is valid. Through this, TBGP builds a transitive trust relationship among all routers on a routing path. We implement a prototype of TBGP to investigate its practicality. In our implementation, we use identity-based signature and trusted computing techniques to further reduce the complexity of security operations. Our security analysis and performance study shows that TBGP can achieve the security goals of BGP with significantly better convergence performance and lower computation overhead than existing secure BGP solutions. [ABSTRACT FROM PUBLISHER]

Published

2012

20. INTERDOMAIN ROUTING AND GAMES.

Author

Levin, Hagay, Schapira, Michael, and Zohar, Aviv

Subjects

*INTERNET, *DYNAMICS, *ROUTING (Computer network management), *BGP (Computer network protocol), *COMPUTER network protocols

Abstract

We present a game-theoretic model that captures many of the intricacies of interdomain routing in today's Internet. In this model, the strategic agents are source nodes located on a network, who aim to send traffic to a unique destination node. The interaction between the agents is dynamic and complex--asynchronous, sequential, and based on partial information. Best-reply dynamics in this model capture crucial aspects of the de facto standard interdomain routing protocol, namely, the Border Gateway Protocol (BGP). We study complexity and incentive-related issues in this model. Our main results show that in realistic and well-studied settings, BGP is incentive-compatible. That is, not only does myopic behavior of all players converge to a "stable" routing outcome, but no player has motivation to unilaterally deviate from BGP. Moreover, we show that even coalitions of players of any size cannot improve their routing outcomes by collaborating. Unlike the vast majority of works in mechanism design, our results do not require any monetary transfers (to or by the agents). [ABSTRACT FROM AUTHOR]

Published

2011

21. Wheel + Ring = Reel: The Impact of Route Filtering on the Stability of Policy Routing.

Author

Cittadini, Luca, Di Battista, Giuseppe, Rimondini, Massimo, and Vissicchio, Stefano

Subjects

BGP (Computer network protocol), COMPUTER network protocols, ROUTING (Computer network management), COMPUTER network management, INFORMATION filtering, ALGORITHMS

Abstract

Border Gateway Protocol (BGP) allows providers to express complex routing policies preserving high degrees of autonomy. However, unrestricted routing policies can adversely impact routing stability. A key concept to understand the interplay between autonomy and expressiveness on one side, and stability on the other side, is safety under filtering, i.e., guaranteed stability under autonomous usage of route filters. BGP route filters are used to selectively advertise specific routes to specific neighbors. In this paper, we provide a characterization of safety under filtering, filling the large gap between previously known necessary and sufficient conditions. Our characterization is based on the absence of a particular kind of dispute wheel, a structure involving circular dependencies among routing preferences. We exploit our result to show that networks admitting multiple stable states are provably unsafe under filtering, and the troublesome portion of the configuration can be pinpointed starting from the stable states alone. This is especially interesting from an operational point of view since networks with multiple stable states actually happen in practice (BGP wedgies). Finally, we show that adding filters to an existing configuration may lead to oscillations even if the configuration is safe under any link failure. Unexpectedly, we find policy configurations where misconfigured filters can do more harm than network faults. [ABSTRACT FROM PUBLISHER]

Published

2011

22. Peering Equilibrium Multipath Routing: A Game Theory Framework for Internet Peering Settlements.

Author

Secci, Stefano, Rougier, Jean-Louis, Pattavina, Achille, Patrone, Fioravante, and Maier, Guido

Subjects

ROUTING (Computer network management), GAME theory, VIDEO games, INTERNET, INTERNET protocols, COMPUTER network resources

Abstract

It is generally admitted that interdomain peering links represent nowadays the main bottleneck of the Internet, particularly because of lack of coordination between providers, which use independent and “selfish” routing policies. We are interested in identifying possible “light” coordination strategies that would allow carriers to better control their peering links while preserving their independence and respective interests. We propose a robust multipath routing coordination framework for peering carriers, which relies on the multiple-exit discriminator (MED) attribute of Border Gateway Protocol (BGP) as signaling medium. Our scheme relies on a game theory modeling, with a non-cooperative potential game considering both routing and congestions costs. Peering equilibrium multipath (PEMP) coordination policies can be implemented by selecting Pareto-superior Nash equilibria at each carrier. We compare different PEMP policies to BGP Multipath schemes by emulating a realistic peering scenario. Our results show that the routing cost can be decreased by roughly 10% with PEMP. We also show that the stability of routes can be significantly improved and that congestion can be practically avoided on the peering links. Finally, we discuss practical implementation aspects and extend the model to multiple players highlighting the possible incentives for the resulting extended peering framework. [ABSTRACT FROM PUBLISHER]

Published

2011

23. Reducing burst packet loss through route-free forwarding.

Author

Ma, Hailong, Guo, Yunfei, Cheng, Dongnian, and Zhang, Jianwei

Abstract

It is well known that today's inter-domain routing protocol, Border Gateway Protocol (BGP), converges slowly during network failures. Due to the distribution nature of Internet routing decisions and the rate-limiting timer Minimum Route Advertisement Interval (MRAI) of BGP, unavoidable convergence latency is introduced in reaction to network changes. During the period of convergence temporarily routing table inconsistencies cause short-term routing blackholes and loops which result in widespread temporary burst packet loss. In this paper, we present ROute-Free Forwarding (ROFF) - a novel technique for packet delivering continuously during periods of convergence. With slightly modifications on IP packet header and BGP, route loops and blackholes can be avoided. Our preliminary evaluation demonstrates that ROFF succeeds in reducing the number of Autonomous Systems (ASes) which experience burst packet loss and the duration of packet loss. [ABSTRACT FROM AUTHOR]

Published

2010

24. The (In)Completeness of the Observed Internet AS-level Structure.

Author

Oliveira, Ricardo, Dan Pei, Willinger, Walter, Beichuan Zhang, and Lixia Zhang

Subjects

BGP (Computer network protocol), INTERNET, COMPUTER network protocols, COMPUTER networks, NETWORK routing protocols, COMPUTER network management

Abstract

Despite significant efforts to obtain an accurate picture of the Internet's connectivity structure at the level of individual autonomous systems (ASes), much has remained unknown in terms of the quality of the inferred AS maps that have been widely used by the research community. In this paper, we assess the quality of the inferred Internet maps through case studies of a sample set of ASes. These case studies allow us to establish the ground truth of connectivity between this set of ASes and their directly connected neighbors. A direct comparison between the ground truth and inferred topology maps yield insights into questions such as which parts of the actual topology are adequately captured by the inferred maps, which parts are missing and why, and what is the percentage of missing links in these parts. This information is critical in assessing, for each class of real-world networking problems, whether the use of currently inferred AS maps or proposed AS topology models is, or is not, appropriate. More importantly, our newly gained insights also point to new directions towards building realistic and economically viable Internet topology maps. [ABSTRACT FROM AUTHOR]

Published

2010

25. Ouantifying Path Exploration in the Internet.

Author

Oliveira, Ricardo, Beichuan Zhang, Dan Pei, and Lixia Zhang

Subjects

ROUTING (Computer network management), COMPUTER network management, INTERNET, NETWORK routing protocols, COMPUTER network protocols, TOPOLOGY

Abstract

Previous measurement studies have shown the existence of path exploration and slow convergence in the global Internet routing system, and a number of protocol enhancements have been proposed to remedy the problem. However, existing measurements were conducted only over a small number of testing prefixes. There has been no systematic study to quantify the pervasiveness of Border Gateway Protocol (BGP) slow convergence in the operational Internet, nor any known effort to deploy any of the proposed solutions. In this paper, we present our measurement results that identify BGP slow convergence events across the entire global routing table. Our data shows that the severity of path exploration and slow convergence varies depending on where prefixes are originated and where the observations are made in the Internet routing hierarchy. In general, routers in tier-1 Internet service providers (ISPs) observe less path exploration, hence they experience shorter convergence delays than routers in edge ASs; prefixes originated from tier-I ISPs also experience less path exploration than those originated from edge ASs. Furthermore, our data show that the convergence time of route fail-over events is similar to that of new route announcements and is significantly shorter than that of route failures. This observation is contrary to the widely held view from previous experiments but confirms our earlier analytical results. Our effort also led to the development of a path-preference inference method based on the path usage time, which can be used by future studies of BGP dynamics. [ABSTRACT FROM AUTHOR]

Published

2009

26. Secure Interdomain Routing Registry.

Author

E-yong Kim, Li Xiao, Nahrstedt, K., and Kunsoo Park

Abstract

The current Internet has no secure way to validate the correctness of routing information. We propose a mechanism that supports secure validation of routing information in the interdomain routing protocol of the Internet. Our mechanism focuses on alleviating obstacles which previously prevent the complete and correct construction of the Internet routing information. In particular, we present a registry with authorized and verifiable search (RAVS) by which routing information can be constructed securely. We give an efficient RAVS scheme and prove its securities in the random oracle model. By our scheme, the routing information can be securely stored and tested without revealing contents of registry entries and search queries. Only legal autonomous systems (ASes) can construct valid registry entries and a single compromised AS can be detected. Our experiment shows that our RAVS scheme can be implemented efficiently and the incurred overhead, in terms of time and space, is acceptable in practice. [ABSTRACT FROM PUBLISHER]

Published

2008

27. Investigating prefix propagation through active BGP probing

Author

Colitti, Lorenzo, Di Battista, Giuseppe, Patrignani, Maurizio, Pizzonia, Maurizio, and Rimondini, Massimo

Subjects

*MICROPROCESSORS, *COMPUTER networks, *BGP (Computer network protocol), *COMPUTER network protocols, *PROGRAMMING languages

Abstract

To devise effective network engineering strategies and to assess the quality of upstream providers, network operators would greatly benefit from the knowledge of which Internet paths might be traversed by the traffic flows entering their networks in the case of network faults or when traffic engineering measures are used. However, current methodologies do not provide this information. This paper presents methodologies to discover alternate paths that might be selected in the presence of network faults or different routing policies and to deduce the routing policies of other operators. The techniques are validated through extensive experimentation on the Internet. [Copyright &y& Elsevier]

Published

2007

28. Study of BGP Peering Session Attacks and Their Impacts on Routing Performance. .

Author

Sriram, Kotikalapudi, Montgomery, Doug, Borchert, Oliver, Kim, Okhee, and Kuhn, D. Richard

Subjects

BGP (Computer network protocol), CYBERTERRORISM, ROUTING (Computer network management), NETWORK routers, INTERNET

Abstract

We present a detailed study of the potential impact of border gateway protocol peering session attacks and the resulting exploitation of route flap damping (RFD) that cause network-wide routing disruptions. We consider canonical grid as well as down-sampled realistic autonomous system (AS) topologies and address the impact of various typical service provider routing policies. Our modeling focuses on three dimensions of routing performance sensitivity: 1) protocol aware attacks (e.g., tuned to RFD); 2) route selection policy: and 3) attack-region topology. Analytical results provide insights into the nature of the problem and potential impact of the attacks. Detailed packet-level simulation results complement the analytical models and provide many additional insights into specific protocol interactions and timing issues. Finally, we quantify the potential effect of the BGP graceful restart mechanism as a partial mitigation of the BGP vulnerability to peering session attacks. [ABSTRACT FROM AUTHOR]

Published

2006

29. Advertising Interdomain QoS Routing Information.

Author

Li Xiao, Jun Wang, King-Shan Lui, and Nahrstedt, Klara

Subjects

QUALITY of service, INTERNET, BGP (Computer network protocol), ADVERTISING, DATA transmission systems

Abstract

To enable end-to-end quality-of-service (QoS) guarantees in the Internet, based on the border gateway protocol (BGP), interdomain QoS information advertising, and routing are important. However, little research has been done in this area so far. Two major challenges, scalability and heterogeneity, make the QoS extension to BGP difficult. In the existing routing schemes, static and instantaneous QoS metrics, such as link capacity and available bandwidth, are used to represent QoS routing information, but neither of them can solve the two challenges well. In this paper, BGP is extended to advertise available bandwidth and delay information of routes, but, instead of using the traditional deterministic metrics, a series of statistical metrics, available bandwidth index (ABI), delay index (DI), available bandwidth histogram (ABH), and delay histogram (DH), are defined and applied to QoS information advertising and routing. Two major contributions of the proposed statistical metrics are: 1) QoS information is abstracted into one or several probability intervals and, thus, the heterogeneous and dynamic QoS information can be represented more flexibly and precisely and 2) by capturing the statistical property of the detailed distribution of QoS information, these new metrics are efficient and they can highly decrease the message overhead in routing, thereby making the QoS advertising and routing scalable. Our extensive simulations confirm both contributions of the QoS extension to BGP very well. Moreover, besides BGP, these statistical metrics can be applied to other networks and protocols to represent QoS information in a more scalable and precise way. [ABSTRACT FROM AUTHOR]

Published

2004

30. IP routing issues in satellite constellation networks.

Author

Wood, L., Clerget, A., Andrikopoulos, I., Pavlou, G., and Dabbous, W.

Abstract

The growth in use of Internet-based applications in recent years has led to telecommunication networks transporting an increasingly large amount of Internet Protocol (IP)-based traffic. Proposed broadband satellite constellation networks, currently under development, will be required to transport IP traffic. A case can be made for implementing IP routing directly within the constellation network, in order to transport IP traffic well and to provide good support for IP multicast and for emerging IP-based quality of service (QoS) guarantees. This paper examines strategies for implementing and operating IP routing effectively within satellite constellation networks, given known constraints on the constellation resulting from satellite mobility, global visibility, routing and addressing. Copyright © 2001 John Wiley & Sons, Ltd. [ABSTRACT FROM AUTHOR]

Published

2001

31. A Novel Methodology to Address the Internet AS-Level Data Incompleteness

Author

Luciano Lenzini, Enrico Gregori, Lorenzo Rossi, Luca Sani, and Alessandro Improta

Subjects

Route Views, Border Gateway Protocol (BGP), Computer Networks and Communications, Computer science, computer.internet_protocol, Internet layer, Network topology, law.invention, law, Multihoming, Internet Protocol, Electrical and Electronic Engineering, Internet, business.industry, Network mapping, Autonomous system (Internet), Autonomous systems, Computer Science Applications, Tier 1 network, Border Gateway Protocol, Default-free zone, The Internet, business, data incompleteness, computer, Software, Computer network

Abstract

In the last decade, many studies have used the Internet autonomous system (AS)-level topology to perform several analyses, from discovering its graph properties to assessing its impact on the effectiveness of worm-containment strategies. Yet, the Border Gateway Protocol (BGP) data used to reveal the topologies are far from complete. Our contribution is threefold. First, we analyze BGP data currently gathered by the most famous route collector projects, highlighting and explaining the causes of their incompleteness. We found that large areas of the Internet are not properly captured due to the geographical location of route collector feeders and due to BGP filters, such as export policies and decision processes. Second, we propose a methodology based on a new metric, named p2c-distance, which is able to: 1) identify the minimum number of ASs required to obtain an Internet AS-level topology that is closer to reality; and 2) identify a ranking list of these ASs to show that it is possible to obtain nonnegligible coverage improvements with a limited number of appropriately chosen feeding ASs. Third, we characterize the ASs that were found to be part of the solution of the above covering problems. We found that the route collectors are rarely connected to these ASs, thus highlighting that much effort is needed to devise a route collector infrastructure that ideally would be able to capture a complete view of the Internet.

Published

2015

32. Improving Network Agility With Seamless BGP Reconfigurations

Author

Olivier Bonaventure, Stefano Vissicchio, Luca Cittadini, Pierre Francois, Laurent Vanbever, and Cristel Pelsser

Subjects

Routing protocol, QA Mathematics::QA75 Electronic computers. Computer science [Q Science], Border Gateway Protocol (BGP), Computer Networks and Communications, Computer science, T Technology (General) [T Technology], Distributed computing, configuration, migration, Q Science (General) [Q Science], Packet loss, Virtual Routing and Forwarding (VRF), Ships in the Night, reconfiguration, Point of presence, Electrical and Electronic Engineering, TA Engineering (General). Civil engineering (General) [T Technology], business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Network mapping, Control reconfiguration, Computer Science Applications, TK Electrical engineering. Electronics Nuclear engineering [T Technology], Border Gateway Protocol, The Internet, business, Network agility, Software, Computer network

Abstract

The network infrastructure of Internet service providers (ISPs) undergoes constant evolution. Whenever new requirements arise (e.g., the deployment of a new Point of Presence or a change in the business relationship with a neighboring ISP), operators need to change the configuration of the network. Due to the complexity of the Border Gateway Protocol (BGP) and the lack of methodologies and tools, maintaining service availability during reconfigurations that involve BGP is a challenge for operators. In this paper, we show that the current best practices to reconfigure BGP do not provide guarantees with respect to traffic disruptions. Then, we study the problem of finding an operational ordering of BGP reconfiguration steps that guarantees no packet loss. Unfortunately, finding such an operational ordering, when it exists, is computationally hard. To enable lossless reconfigurations, we propose a framework that extends current features of carrier-grade routers to run two BGP control planes in parallel. We present a prototype implementation and show the effectiveness of our framework through a case study.

Published

2013

33. Anàlisi de la seguretat del protocol d'encaminament d'Internet BGPv4

Author

Lacambra Linés, Carlos, Universitat Autònoma de Barcelona. Escola d'Enginyeria, and Borrell i Viader, Joan

Subjects

Route Origin Authorization (ROA), Autonomous System (AS), Border Gateway Protocol (BGP), Resource Public Key Infrastructure (RPKI), Sistema Autónomo (SA), Prefix Origin Validation, Sistema Autònom (SA)

Abstract

Aquest treball de fi de grau (TFG) ha continuat el TFG "Avaluació Pràctica del Protocol d'encaminament BGPv4", realitzat l'any passat per en Roger Serra, on s'explicava el funcionament del protocol BGP, juntament amb una simulació pràctica que demostrava el comportament d'aquest protocol. En aquest TFG, fem una anàlisi de la seguretat d'aquest protocol tan teòrica com pràctica. En la part teòrica expliquem quines són les vulnerabilitats que presenta o presentava aquest protocol, quins atacs es poden o es podien produir aprofitant aquestes vulnerabilitats i quins han estat alguns dels atacs més importants que s'han produït a Internet contra aquest protocol. També mencionem quines mesures de seguretat es van proposar per intentar fer segur el protocol BGP i expliquem quines mesures existeixen actualment per contrarestar algunes de les vulnerabilitats i evitar certs atacs. A la part pràctica, fem una simulació d'un escenari de routers BGP, mitjançant el software Quagga, sobre el qual executarem certes proves. Aquestes proves consisteixen en la realització d'un atac molt conegut que es va produir a Internet i en l'aplicació d'alguna mesura de seguretat que pot evitar algun dels atacs que hem presentat. This final degree Project (FDP) has followed the FDP "Avaluació pràctica del Protocol d'encaminament BGPv4", which was done last year by Roger Serra, and which explained the operation of the BGP routing protocol, together with its practical simulation using the Quagga software. In this FDP, we made an analysis of the security of this protocol both theoretical and practical. In the theoretical part we explain which vulnerabilities the protocol has, which attacks could be produced taking advantage of them, and which have been some of the most important attacks that occurred on Internet against this protocol. We also mention what security measures were proposed in order to secure the protocol BGP and we explain which security measures currently exist to counteract some of the vulnerabilities and to avoid certain attacks. In the practice, we simulate a BGP router's scenario, using the Quagga software, where we run some tests. Those tests consist of performing a well-known attack which occurred on the Internet, and we also apply some security measures that can prevent some of the attacks we presented. Este trabajo de fin de grado (TFG) ha continuado el TFG "Avaluació Pràctica del Protocol d'encaminament BGPv4", realizado el año pasado por Roger Serra, donde se explicaba el funcionamiento del protocolo BGP, juntamente con una simulación práctica que demostraba el comportamiento de este protocolo. En este TFG, hacemos un análisis de la seguridad de este protocolo tanto teórica como práctica. En la parte teórica explicamos cuales son las vulnerabilidades que presenta o presentaba este protocolo, que ataques se pueden o se podían producir aprovechando estas vulnerabilidades y cuales han sido algunos de los ataques más importantes que se han producido en Internet contra este protocolo. También mencionamos que medidas de seguridad se propusieron para intentar hacer seguro el protocolo BGP y explicamos que medidas existen actualmente para contrarrestar algunas de las vulnerabilidades y evitar ciertos ataques. En la parte práctica, hacemos una simulación de un escenario de routers BGP, mediante el software Quagga, sobre el cual ejecutaremos ciertas pruebas. Estas pruebas consisten en la realización de un ataque muy conocido que se produjo en Internet y en la aplicación de alguna medida de seguridad que puede evitar alguno de los ataques que hemos presentado.

Published

2015

34. Εφαρμογή της θεωρίας των γράφων στους αλγόριθμους δρομολόγησης των σύγχρονων τηλεπικοινωνιακών δικτύων

Author

Λυμπερόπουλος, Δημήτρης and Spyrou, Panagiotis

Subjects

Γράφοι, Border Gateway Protocol (BGP), Δρομολόγηση, 004.6, Graphs, Routing

Abstract

Στην εργασία αυτή, μελετήθηκε η δομή του σύγχρονου ίντερνετ από την σκοπιά του δικτύου και κατέστη σαφές το πως διασυνδέονται οι πάροχοι υπηρεσιών και οι τερματική χρήστες, πως γίνεται η δρομολόγηση και ποιοί αλγόριθμοι χρησιμοποιούνται για τιν επίτευξη της. This diploma thesis focus on how modern networks connect together in order to create the internet and which algorithms used for the routing of informations that traverse through them.

Published

2015

35. Interdomain traffic engineering with redistribution communities

Author

Quoitin, Bruno, Uhlig, Steve, Tandel, Sébastien, Bonaventure, Olivier, Annual International Workshop on Quality of Future Internet Services, UCL - FSA/INGI - Département d'ingénierie informatique, and UCL - DRT/DPRI - Département de droit privé

Subjects

Focus (computing), Computer Networks and Communications, Computer science, business.industry, Network packet, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Stub (distributed computing), Traffic Engineering, Redistribution (cultural anthropology), Airfield traffic pattern, Border Gateway Protocol (bgp), Traffic engineering, The Internet, business, Computer network

Abstract

Various traffic engineering techniques are used to control the flow of IP packets inside large ISP networks. However, few techniques have been proposed to control the flow of packets between domains. In this paper, we focus on the needs of stub ISPs that compose 80% of the global Internet. We first describe the typical traffic pattern of such a stub ISP. Then we briefly describe the methods that those ISPs currently use to engineer their interdomain traffic. We focus on the control of the incoming traffic and show the increasing utilization of the BGP Community attribute and discuss the limitations of this approach. We then propose the redistribution communities as a deployable method to control the flow of the incoming interdomain traffic. We implement those redistribution communities in zebra and evaluate its performance. (C) 2003 Elsevier B.V. All rights reserved.

Published

2004

36. Distributed out-bound load balancing in inter-AS routing by random matchings

Author

Musunuri, Ravi and Cobb, Jorge A.

Published

2007

37. Avaluació pràctica del protocol d'encaminament d'Internet BGPv4

Author

Serra Petit, Roger, Universitat Autònoma de Barcelona. Escola d'Enginyeria, and Borrell i Viader, Joan

Subjects

BGP segur (S-BGP), Autonomous System (AS), Border Gateway Protocol (BGP), Quagga, Path Attributes, Mensaje Update, Routing Information Base (RIB), Vector de ruta, Atributs de ruta, Sistema Autónomo (SA), Path Vector, BGP seguro (S-BGP), Missatge Update, Update Message, Secure BGP (S-BGP), Sistema Autònom (SA), Atributos de Ruta

Abstract

En aquest article es fa una breu explicació teòrica sobre el funcionament bàsic del protocol d'encaminament BGP, juntament amb una simulació pràctica mitjançant el software Quagga. En la part teòrica s'explica quin és l'ús principal d'aquest protocol, que és un sistema autònom i quins tipus hi ha, quin tipus de taules d'encaminament utilitza, quins són els missatges que s'intercanvien dos routers veïns durant una sessió BGP i quines extensions de seguretat existeixen per cobrir les principals vulnerabilitats conegudes. A continuació s'explica com realitzar la configuració dels dimonis zebra i bgpd del software Quagga de cadascuna de les 5 màquines virtuals que formen l'escenari de proves, mostrant les diferents comandes de configuració que existeixen i per a que serveixen. Finalment, en la simulació es mostren els missatges que s'intercanvien els routers BGP i com es modifiquen les seves taules d'encaminament. També es simula una fallada de la connexió entre dos routers BGP per demostrar com el protocol és capaç de sobreposar-se a aquest tipus de circumstancies. Mitjançant aquesta simulació es demostra com el protocol BGP és molt fiable i és capaç d'adaptar-se a qualsevol topologia de la xarxa. En este artículo se realiza una breve explicación teórica sobre el funcionamiento básico del protocolo de encaminamiento BGP, juntamente con una simulación práctica mediante el software Quagga. En la parte teórica se explica cuál es el uso principal de este protocolo, que es un sistema autónomo y que tipos hay, que tipos de tablas de encaminamiento utiliza, cuáles son los mensajes que se intercambian dos routers vecinos durante una sesión BGP y que extensiones de seguridad existen para cubrir las principales vulnerabilidades conocidas. A continuación se explica cómo realizar la configuración de los demonios zebra y bgpd del software Quagga de cada una de las máquinas virtuales que forman el escenario de pruebas, mostrando los diferentes comandos de configuración que existen y para que sirven. Finalmente, en la simulación se muestran los mensajes que se intercambian los routers BGP y como se modifican sus tablas de encaminamiento. También se simula una fallada de la conexión entre dos routers BGP para demostrar como el protocolo es capaz de sobreponerse a este tipo de circunstancias. Mediante esta simulación se demuestra como el protocolo BGP es muy fiable y es capaz de adaptarse a cualquier topología de red. This article provides a brief theoretical explanation about the BGP Routing protocol basic operation, together with a practical simulation using the Quagga software. In the theoretical part it is explained which is the main use of this protocol, what an autonomous system is and what kinds are there, what kinds of routing tables uses, which kind of messages are exchanged between two neighbour routers during a BGP session and what security extensions exists to cover the main known vulnerabilities. Following this, it is explained how to configure zebra and bgpd daemons from Quagga software for all the 5 virtual machines that form the test scenario, showing the configuration commands used. Finally, at the simulation there are shown the different messages that routers exchanged and how their routing tables are modified. A failure of the connection between two BGP routers is also simulated to demonstrate how this protocol is able to overcome such circumstances. By means of this simulation is demonstrated that BGP protocol is very reliable and it is able to adapt to any network topology.

Published

2014

38. Configuración y gestión del equipamiento de red para el nuevo acceso a Internet deuna empresa con encaminamiento BGP

Author

Muguerza Larrayoz, Cristina, Morató Osés, Daniel, and Escuela Técnica Superior de Ingenieros Industriales y de Telecomunicación

Subjects

Multihoming, Border Gateway Protocol (BGP), RADIUS, Spectrum, Sistemas autónomos, eHealth

Abstract

En este trabajo se estudia la migración del acceso a Internet de una empresa, la cual va a pasar a constituirse como Sistema Autónomo, utilizando un escenario multihoming con dos operadores. Para ello, se han integrado los equipos de red adquiridos por la empresa en una maqueta de pruebas y se han configurado para establecer el peering BGP con los operadores, aplicando las políticas necesarias para que el comportamiento sea el deseado. A lo largo del trabajo se desarrollan tres escenarios de pruebas en los que se prueban distintos aspectos: en el primero de ellos se comprueba el correcto funcionamiento de los equipos con una configuración básica para el establecimiento de las sesiones BGP, en el segundo, se modifican distintos atributos BGP para realizar un reparto del tráfico tanto de entrada como de salida entre ambos enlaces con los proveedores y, finalmente, en el tercer escenario se realizan pruebas de redundancia frente a caídas tanto de línea como de equipos. Por otra parte, se han integrado los equipos en los sistemas de gestión empleados por la empresa. Concretamente, se explica la configuración de los mismos para realizar la autentificación con un servidor RADIUS y se integran en los softwares de gestión de CA Technologies Spectrum y eHealth. Spectrum realiza una gestión de las alarmas enviadas por los dispositivos en forma de traps SNMP, y comprueba periódicamente su disponibilidad mediante el envío de polls a los mismos. En cuanto a eHealth, se trata de un software que permite realizar informes de utilización de los equipos. Para ello envía periódicamente polls SNMP a los dispositivos para consultar distintos parámetros de los mismos y almacena los datos en su base de datos. Se empleará para ver las estadísticas de tráfico a través de los routers BGP de la empresa Graduado o Graduada en Ingeniería en Tecnologías de Telecomunicación por la Universidad Pública de Navarra Telekomunikazio Teknologien Ingeniaritzako Graduatua Nafarroako Unibertsitate Publikoan

Published

2014

39. Analysis of intrusion detection system (IDS) in border gateway protocol

Author

Mujtaba, M

Subjects

Autonomous systems, Denial of Service (DoS) attack, Intrusion detection system (IDS), Internet security, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Border gateway protocol (BGP), Malicious packet detection

Abstract

University of Technology, Sydney. Faculty of Engineering and Information Technology. Border Gateway Protocol (BGP) is the de-facto inter-domain routing protocol used across thousands of Autonomous Systems (AS) joined together in the Internet. The main purpose of BGP is to keep routing information up-to-date across the Autonomous System (AS) and provide a loop free path to the destination. Internet connectivity plays a vital role in organizations such as in businesses, universities and government organisations for exchanging information. This type of information is exchanged over the Internet in the form of packets, which contain the source and destination addresses. Because the Internet is a dynamic and sensitive system which changes continuously, it is therefore necessary to protect the system from intruders. Security has been a major issue for BGP. Nevertheless, BGP suffers from serious threats even today, DoS attack is the major security threat to the Internet today, among which, is the TCP SYN flooding, the most common type of attack. The aim of this DoS attack is to consume large amounts of bandwidth. Any system connected to the Internet and using TCP services are prone to such attacks. It is important to detect such malicious activities in a network, which could otherwise cause problems for the availability of services. This thesis proposes and implements two new security methods for the protection of BGP data plane, “Analysis of BGP Security Vulnerabilities” and “Border Gateway Protocol Anomaly Detection using Failure Quality Control Method” to detect the malicious packets and the anomaly packets in the network. The aim of this work is to combine the algorithms with the Network Data Mining (NDM) method to detect the malicious packets in the BGP network. Furthermore, these patterns can be used in the database as a signature to capture the incidents in the future.

Published

2012

40. Improving network agility with seamless BGP reconfigurations

Author

UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Vissicchio, Stefano, Vanbever, Laurent, Pelsser, Cristel, Cittadini, Luca, François, Pierre, Bonaventure, Olivier, UCL - SST/ICTM/INGI - Pôle en ingénierie informatique, Vissicchio, Stefano, Vanbever, Laurent, Pelsser, Cristel, Cittadini, Luca, François, Pierre, and Bonaventure, Olivier

Abstract

The network infrastructure of Internet Service Providers (ISPs) undergoes constant evolution. Whenever new requirements arise (e.g., the deployment of a new Point of Presence, or a change in the business relationships with a neighboring ISP), operators need to change the configuration of the network. Due to the complexity of BGP, and the lack of methodologies and tools, maintaining service availability during reconfigurations that involve BGP is a challenge for operators. In this paper, we show that the current best practices to reconfigure BGP do not provide guarantees with respect to traffic disruptions. Then, we study the problem of finding an operational ordering of BGP reconfiguration steps which guarantees no packet loss. Unfortunately, such an operational ordering, when it exists, is computationally hard to find. To enable lossless reconfigurations, we propose a framework which extends current features of carrier-grade routers to run two BGP control planes in parallel. We present a prototype implementation and we show the effectiveness of our framework through a case study.

Published

2013

41. COMPARATIVE ANALYSIS OF SOFTWARE DEFINED NETWORKS (SDN) AND CONVENTIONAL NETWORKS USING ROUTING PROTOCOLS

Author

Gopi, Deepthi

Subjects

Software Defined Networks (SDN), Conventional Networks, Border Gateway Protocol (BGP), OpenFlow Protocol, Convergence process, Routing Convergence Time, Routing Protocols

Abstract

Conventional routing protocols such as RIP, OSPF, EIGRP and BGP have a very rigid and intricate system thus narrowing the adaptability of networks to the ever changing Internet, the emergence of Software Defined Networking (SDN) provides a solution for this problem. Due to the handiness of a centralized controller, SDN has provided an effective method in terms of routing computation and fine control over data packets. Due to the increase in unpredicted failures taking place the ability to predict/ know the approximate maximum time it takes for these networks to converge in order to avoid and/or minimize loss of packets/data during these failures has become crucial in today's world. This time that the routers in the network take to converge via the implemented routing protocol to resume communication or transfer of information again is called the routing convergence time. In this thesis, the performance is evaluated by measuring the routing convergence time during link failure with respect to the topology scale of the networks to show that SDN routing/forwarding is better compared to conventional routing. Further the results indicate that the routing convergence time is less in SDN networks on comparison with conventional networks when the topology scale is increased, indicating that SDN networks converge faster during link/node failures in comparison with Conventional networks and that routing convergence time is greatly influenced with the changing topological size/increasing network size. I believe that this work can throw light upon many advantages in SDN with regards to faster convergence during failures in contrast to archaic conventional networks.

Published

2017

42. Working Around BGP: An Improvement of BGP Session Maintenance

Author

A. Cavalli, Dario Vieira, Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes (LIMOS), Université Blaise Pascal - Clermont-Ferrand 2 (UBP)-Université d'Auvergne - Clermont-Ferrand I (UdA)-SIGMA Clermont (SIGMA Clermont)-Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Centre National de la Recherche Scientifique (CNRS), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), AllianSTIC-EFREI, and Efrei (Efrei)

Subjects

Routing protocol, Border Gateway Protocol (BGP), Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Network mapping, Data security, Information security, Computer security, computer.software_genre, Managed Session, Routing Protocol, Border Gateway Protocol, Autonomous Systems, Default-free zone, The Internet, [INFO]Computer Science [cs], business, Internetworking, computer, Computer network

Abstract

International audience; The border gateway protocol (BGP) is the routing protocol that glues together the global Internet. BGP makes use of a "managed session" to maintain a bidirectional error-free session over which reachability information is exchanged between autonomous systems (ASes) in the global Internet. Nevertheless, despite its great importance to BGP, this "managed session" suffers from some weaknesses such as a slow failure mechanism, which may represent a great deal of lost data, and some security problems. Besides, some important services to BGP are missed such as multi-session and broadcasting. To overcome these weaknesses, session maintenance should be separated from BGP protocol. Instead, a separate managed session protocol (MSP) should cope with session maintenance. Accordingly, we argue that our approach may reduce BGP design complexity, increase both BGP reliability and robustness, and lead to a routing system that is easier to manage. We also describe our prototype implementation and some evaluation details.

Published

2006

43. An Enhanced Passive Testing Approach for Network Protocols

Author

A. Cavalli, Dario Vieira, Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes (LIMOS), Université Blaise Pascal - Clermont-Ferrand 2 (UBP)-Université d'Auvergne - Clermont-Ferrand I (UdA)-SIGMA Clermont (SIGMA Clermont)-Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Centre National de la Recherche Scientifique (CNRS), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), and Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)

Subjects

Protocol (science), Border Gateway Protocol (BGP), Computer science, White-box testing, Real-time computing, System testing, Managed Session Protocol, Fault detection and isolation, Network Protocol, System under test, critical properties, [INFO]Computer Science [cs], Passive testing, Session (computer science), Communications protocol, Passive Testing

Abstract

International audience; In passive testing approach faults are detected while the System Under Test (SUT) is observed during its normal operation. Usually traces produced by SUT are recorded and compared with those of the specification. The traditional approach to passive testing has a low performance if non-deterministic specifications are considered. Therefore, in this paper it is proposed an approach to passive testing in order to express invariants for network protocols, such as session maintenance protocols. In the proposed technique, critical properties are represented as a set of invariants that an Implementation Under Test (IUT) should fulfill. Furthermore, it is proposed a mechanism to get around the problem to determine from which state it is started the observation of execution traces. In order to validate the effectiveness of the proposed approach, it is made use of the Managed Session Protocol as a real-life case study.

Published

2006

44. Investigating Prefix Propagation through Active BGP Probing

Author

Lorenzo Colitti, Maurizio Pizzonia, G. Di Battista, Maurizio Patrignani, Massimo Rimondini, Paolo Bellavista and Chi-Ming Chen, Lorenzo, Colitti, DI BATTISTA, Giuseppe, Patrignani, Maurizio, Pizzonia, Maurizio, and Rimondini, Massimo

Subjects

Routing protocol, Route Views, Internet probing, Border Gateway Protocol (BGP), Computer Networks and Communications, computer.internet_protocol, Computer science, Internet traffic engineering, Network topology, Internet Service Provider (ISP), Networking, Artificial Intelligence, Multihoming, Internet transit, Interdomain routing, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Network mapping, Autonomous system (Internet), Internet backbone, Internet traffic, IPv4, IPv6, Hardware and Architecture, Peering, Default-free zone, The Internet, business, computer, Software, Computer network

Abstract

For an Internet Service Provider (ISP), the knowledge of which interdomain paths could be traversed by its BGP announcements - and thus traffic flows - is essential to predict the impact of network faults, to develop effective traffic engineering and peering strategies, and to assess the quality of upstream providers. However, current methodologies do not provide this information. We present methodologies to discover how the BGP announcements for an ISP’s prefix are propagated through the Internet using withdrawals and specially crafted AS-sets. The techniques allow an ISP to determine which paths could be traversed in the presence of network faults or different routing policies on the ISP’s part and to deduce the routing policies of other ISPs with respect to its network. We validate our techniques through experimentation in the IPv6 and IPv4 Internet, showing that they can be safely and effectively applied in real-world situations.

Published

2006

45. A Reliable Approach for Transport Session Management

Author

A. Cavalli, Dario Vieira, Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes (LIMOS), Université Blaise Pascal - Clermont-Ferrand 2 (UBP)-Université d'Auvergne - Clermont-Ferrand I (UdA)-SIGMA Clermont (SIGMA Clermont)-Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Centre National de la Recherche Scientifique (CNRS), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), and Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)

Subjects

Routing protocol, Border Gateway Protocol (BGP), Computer science, Transmission Control Protocol, business.industry, computer.internet_protocol, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Mission critical, Network layer, Session management, Transmission Control Protocol (TCP), Network Protocol, Internet protocol suite, Multihoming, Redundancy (engineering), [INFO]Computer Science [cs], business, computer, Computer network

Abstract

International audience; An endpoint’s IP address can become inaccessible due to an interface failure, severe congestions, or due to Border Gateway Protocol’s (BGP) slow route convergence around path outages. In this situation, mission critical applications may require either a fast failure detection or multihoming service. A fast detect failure mechanism allows routing protocols to reroute traffic around problems as soon as they get aware of the link failures. On the other hand, redundancy at the network layer allows a host to be accessible even if one of its IP addresses becomes unreachable. Even though Transmission Control Protocol (TCP) provides some level of reliability for its applications, it does not provide these essential services required for mission critical applications. Accordingly, in this paper, it is investigated main requirements of a session maintenance protocol. Besides, it is presented a reliable approach of transport session management in order to overcome TCP’s shortcoming.

Published

2006

46. Implementation Analysis of MSP

Author

T.G. Griffin, A. Cavalli, Dario Vieira, Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes (LIMOS), Université Blaise Pascal - Clermont-Ferrand 2 (UBP)-Université d'Auvergne - Clermont-Ferrand I (UdA)-SIGMA Clermont (SIGMA Clermont)-Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Centre National de la Recherche Scientifique (CNRS), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), and Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP)

Subjects

Router, Border Gateway Protocol (BGP), Computer science, computer.software_genre, Network Protocol, Implementation analysis, Session Maintenance Protocol (SMP), Multihoming, Border Gateway Protocol, Operating system, eXtensible Open Router Platform (XORP), [INFO]Computer Science [cs], computer, Managed Session Protocol (MSP)

Abstract

International audience; A basic function of a Session Maintenance Protocol (SMP) is to keep sessions alives amongst two or more nodes as far as possible. However, a SMP should provide other essential services to its mission critical applications such as multi-session, multihoming, failure detection mechanism and graceful automatic restart of transport session. It has been proposed a new SMP so-called Managed Session Protocol (MSP), and a sub-protocol that operates on top of MSP so-called Multiple Managed Session Protocol (MMSP). Together MSP/MMSP provide services such as graceful automatic restart of transport session, preservation of application message boundaries, multi-session and multi-homing. In this paper, it is presented an implementation and performance analysis of MSP/MMSP. They have been implemented using a C++ based open-source router platform called eXtensible Open Router Platform (XORP). Two approaches are presented in order to implement MSP/MMSP. Aiming to compare these two approaches and validate the behaviors of MSP/MMSP, some experiments have been carried out using a real-life case study: Border Gateway Protocol (BGP). Furthermore, a performance analysis is presented that provide some insight, not only about the two MSP implementation approaches, but also the effectiveness of MSP/MMSP.

Published

2006

47. A comparison between two maintenance session protocols

Author

A. Cavalli, T.G. Griffin, Dario Vieira, Laboratoire d'Informatique, de Modélisation et d'optimisation des Systèmes (LIMOS), Université Blaise Pascal - Clermont-Ferrand 2 (UBP)-Université d'Auvergne - Clermont-Ferrand I (UdA)-SIGMA Clermont (SIGMA Clermont)-Ecole Nationale Supérieure des Mines de St Etienne (ENSM ST-ETIENNE)-Centre National de la Recherche Scientifique (CNRS), Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux (SAMOVAR), Institut Mines-Télécom [Paris] (IMT)-Télécom SudParis (TSP), AllianSTIC-EFREI, and Efrei (Efrei)

Subjects

managed session protocol (MSP), Session Initiation Protocol, Border Gateway Protocol (BGP), Internet Protocol Control Protocol, computer.internet_protocol, Computer science, Transmission Control Protocol, Session Announcement Protocol, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Transmission Control Protocol (TCP), Network Protocol, Internet protocol suite, Internetwork protocol, User Datagram Protocol, [INFO]Computer Science [cs], Session Description Protocol, stream control transmission protocol (SCTP), business, computer, Computer network

Abstract

International audience; The paper presents a comparison between two maintenance session protocols. The first one, already known and used, is the stream control transmission protocol (SCTP). The second is a new one, called managed session protocol (MSP). SCTP has some similar functionalities to the Transmission Control Protocol (TCP) and, as additional services, it provides multi-streaming and multi-homing. On the other hand, MSP is a novel maintenance session protocol that operates on top of TCP. Rather than re-implementing some TCP functionalities, MSP enhances the TCP layer with some missing services, such as automatic transport restart and preservation of messages boundaries. Besides, MSP is implemented in user space instead of having to handle all kernel complexities. In order to provide services like multi-session and broadcasting, a sub-protocol is provided, called multiple managed session protocol (MMSP). MMSP operates on top of MSP and offers services such as multi-homing, multi-streaming and multi-session. It is shown that MSP/MMSP is a good alternative to SCTP.

Published

2005

48. Interdomain traffic engineering with redistribution communities

Author

UCL - FSA/INGI - Département d'ingénierie informatique, UCL - DRT/DPRI - Département de droit privé, Quoitin, Bruno, Uhlig, Steve, Tandel, Sébastien, Bonaventure, Olivier, Annual International Workshop on Quality of Future Internet Services, UCL - FSA/INGI - Département d'ingénierie informatique, UCL - DRT/DPRI - Département de droit privé, Quoitin, Bruno, Uhlig, Steve, Tandel, Sébastien, Bonaventure, Olivier, and Annual International Workshop on Quality of Future Internet Services

Abstract

Various traffic engineering techniques are used to control the flow of IP packets inside large ISP networks. However, few techniques have been proposed to control the flow of packets between domains. In this paper, we focus on the needs of stub ISPs that compose 80% of the global Internet. We first describe the typical traffic pattern of such a stub ISP. Then we briefly describe the methods that those ISPs currently use to engineer their interdomain traffic. We focus on the control of the incoming traffic and show the increasing utilization of the BGP Community attribute and discuss the limitations of this approach. We then propose the redistribution communities as a deployable method to control the flow of the incoming interdomain traffic. We implement those redistribution communities in zebra and evaluate its performance. (C) 2003 Elsevier B.V. All rights reserved.

Published

2004

49. Interdomain Traffic Engineering with Redistribution Communities

Author

UCL - FSA/INGI - Département d'ingénierie informatique, Quoitin, Bruno, Tandel, Sébastien, Uhlig, Steve, Bonaventure, Olivier, UCL - FSA/INGI - Département d'ingénierie informatique, Quoitin, Bruno, Tandel, Sébastien, Uhlig, Steve, and Bonaventure, Olivier

Abstract

Various traffic engineering techniques are used to control the flow of IP packets inside large ISP networks. However, few techniques have been proposed to control the flow of packets between domains. In this paper, we focus on the needs of stub ISPs that compose 80% of the global Internet. We first describe the typical traffic pattern of such a stub ISP. Then we briefly describe the methods that those ISPs currently use to engineer their interdomain traffic. We focus on the control of the incoming traffic and show the increasing utilization of the BGP Community attribute and discuss the limitations of this approach. We then propose the redistribution communities as a deployable method to control the flow of the incoming interdomain traffic. We implement those redistribution communities in zebra and evaluate its performance.

Published

2003

50. A Technique for Reducing BGP Update Announcements through Path Exploration Damping.

Author

Huston, Geoff, Rossi, Mattia, and Armitage, Grenville

Abstract

This paper defines and evaluates Path Exploration Damping (PED) — a router-level mechanism for reducing the volume of propagation of likely transient update messages within a BGP network and decreasing average time to restore reachability compared to current BGP Update damping practices. PED selectively delays and suppresses the propagation of BGP updates that either lengthen an existing AS Path or vary an existing AS Path without shortening its length. We show how PED impacts on convergence time compared to currently deployed mechanisms like Route Flap Damping (RFD), Minimum Route Advertisement Interval (MRAI) and Withdrawal Rate Limiting (WRATE). We replay Internet BGP update traffic captured at two Autonomous Systems to observe that a PED-enabled BGP speaker can reduce the total number of BGP announcements by up to 32% and reduce Path Exploration by 77% compared to conventional use of MRAI. We also describe how PED can be incrementally deployed in the Internet, as it interacts well with prevailing MRAI deployment, and enables restoration of reachability more quickly than MRAI. [ABSTRACT FROM PUBLISHER]

Published

2010