Diagnosing the Location Diagnosing the Location of Bogon Bogon Filters Filters of Randy Bush Randy Bush Internet Initiative Japan (IIJ) Internet Initiative Japan (IIJ) Olaf Maennel James Hiebert Hiebert Olaf Maennel James National Oceanic and Atmospheric Administration National Oceanic and Atmospheric Administration University of Adelaide University of Adelaide Matthew Roughan Roughan Steve Uhlig Uhlig Matthew Steve University of Adelaide Delft University of Technology University of Adelaide Delft University of Technology
Outline Outline Advertising a new prefix Advertising a new prefix ● ● Methodology Methodology ● ● In- -probes probes In ● ● Out- -probes probes Out ● ● Relationship in- - and out and out- -probes probes Relationship in ● ● Further work Further work ● ●
“ Bogon ” Problem: “ filters ” Bogon filters Problem: ISPs often filter unallocated address ISPs often filter unallocated address ● ● space to protect themselves from space to protect themselves from malicious attacks and unwanted traffic malicious attacks and unwanted traffic Over time unallocated address space may Over time unallocated address space may ● ● become allocated and legitimately become allocated and legitimately announced address space... announced address space... Problem: Filters need to be updated but Filters need to be updated but Problem: ● ● seem often not to be seem often not to be
Objectives Objectives ● Develop methodology that is capable of Develop methodology that is capable of ● detecting filters that are blocking newly detecting filters that are blocking newly allocated address space allocated address space ● Analyze reachability status of a newly Analyze reachability status of a newly ● allocated prefixes allocated prefixes ● For the experiment, ARIN loaned us For the experiment, ARIN loaned us ● 96.0.0.0/16 97.64.0.0/16 96.0.0.0/16 97.64.0.0/16 98.128.0.0/16 99.192.0.0/16 98.128.0.0/16 99.192.0.0/16
Testing reachability of a new Testing reachability of a new prefix prefix Terminology: Terminology: ● ● ● Test Test- -prefix prefix : : newly allocated prefix to be tested newly allocated prefix to be tested ● ● Anchor Anchor- -prefix prefix : : well well- -established prefix whose established prefix whose ● reachability should be fine reachability should be fine ● Probe Probe- -site site : : router that announces router that announces both both the test the test- - ● prefix and the anchor- -prefix prefix prefix and the anchor Test- - prefix prefix Test ( 96.0.1.1 ) Probe- - Probe Internet Internet site site Anchor- -prefix prefix Anchor ( 147.28.0.35 )
Testing reachability of a new Testing reachability of a new In- -Probes Probes prefix: In prefix: Two IPs IPs hosted at the same location: hosted at the same location: Two • • anchor IP : well established, hopefully unfiltered well established, hopefully unfiltered anchor IP : • • test IP : newly allocated address newly allocated address test IP : • • Assume that they are propagated in the same way (as Assume that they are propagated in the same way (as • • they are announced from the same location) they are announced from the same location) Run two traceroutes traceroutes: to : to test test- -IP IP and and Run two • • to anchor anchor- -IP IP to traceroute- - traceroute site site Probe- - Probe traceroute- - traceroute site site traceroute- - traceroute site site site site
In- -Probes: Principles Probes: Principles In In- -probe probe : : traceroute traceroute performed from external IP performed from external IP In • • addresses towards the test and anchor prefixes addresses towards the test and anchor prefixes In- -probes give reachability information towards the probes give reachability information towards the In • • test and anchor prefixes test and anchor prefixes If traceroute traceroute from test from test- -prefix address diverges at prefix address diverges at If • • some point, we conjecture that some bogon bogon filter filter is is some point, we conjecture that some responsible responsible traceroute traceroute site site x anchor & x anchor & ? ? test prefix test prefix x x x x ? ? ? ?
In- -Probes: measurements Probes: measurements In Advertise test and anchor prefixes from 4 probe- - Advertise test and anchor prefixes from 4 probe • • sites: Seattle (USA), Munich (DE), Wellington (NZ), Seattle (USA), Munich (DE), Wellington (NZ), sites: Tokyo (JPN) Tokyo (JPN) 2,052 traceroutes traceroutes in total (test+anchor counting as in total (test+anchor counting as 2,052 • • one): one): • from up to 744 different locations from up to 744 different locations • • from NANOG from NANOG- -posting: 881 posting: 881 • (towards two locations) (towards two locations) • from from Traceroute Traceroute- -sites: 981 sites: 981 • (towards four locations) (towards four locations) • from from PlanetLab PlanetLab: 190 : 190 • (towards four locations) (towards four locations)
In- -Probes: results Probes: results In Categories : Categories : • • “ “good good” ” (anchor and test take exactly same path) (anchor and test take exactly same path) • 66.9% (1,373) 66.9% (1,373) • • “diverging inside diverging inside” ” (anchor and test take different (anchor and test take different • “ paths) paths) • 20.6% (423) • 20.6% (423) • Test stops, but anchor ok • Test stops, but anchor ok • 8.6% (177) 8.6% (177) • • Failure (either anchor or anchor and test failed) • Failure (either anchor or anchor and test failed) • 3.9% (79) • 3.9% (79)
In- -Probes: results Probes: results In • Derive candidate links, eliminate unlikely • Derive candidate links, eliminate unlikely candidates. candidates. • Remaining candidate links: • Remaining candidate links: • ~ 32 ~ 32 ASs ASs that may contain wrongly that may contain wrongly • configured filters. configured filters. http://psg.com/filter- -candidates.txt candidates.txt • http://psg.com/filter •
In- -Probes: evaluation Probes: evaluation In Advantages: Advantages: • • • traceroutes traceroutes go around go around bogon bogon filters filters • • known details about IP known details about IP- -level path level path • Disadvantages: Disadvantages: • • • traceroute traceroute site MUST be site MUST be “ “behind behind” ” bogon bogon filter filter • • Not many Not many traceroute traceroute sites available sites available • Goal: test as many ASs ASs as possible for reachability as possible for reachability Goal: test as many • • Solution: “ “ out out- -probes probes ” ” Solution: • •
Testing for usable Testing for usable reachability: : reachability Out- -Probes Probes Out Out- -probe probe : ping and : ping and traceroute traceroute performed from performed from Out • • test- -IP IP and and anchor anchor- -IP IP towards external IP addresses towards external IP addresses test Target- -AS AS : AS towards which we perform out : AS towards which we perform out- -probes probes Target • • If out- -probe towards target AS from probe towards target AS from test test- -IP IP stops stops If out • • while the out- -probe from probe from anchor anchor- -IP IP goes on, we goes on, we while the out conjecture a bogon bogon filter filter of the form of the form <IP X, IP Y> <IP X, IP Y>: : conjecture a Bogon Bogon filter filter Target AS Target AS x x ? ? Test- -site site Test IP y IP IP x IP y x
Out- -Probes: measurements Probes: measurements Out Perform ping from test test- -sites sites ( ( test test- -IP IP and and anchor anchor- -IP IP ) ) Perform ping from • • towards a large set of target target- -IP IP addresses (58,766) addresses (58,766) towards a large set of in 20,142 different ASs ASs in 20,142 different If ping comes back => usable reachability from If ping comes back => usable reachability from • • target- -IP IP target If ping does not come back => run traceroutes traceroutes to find to find If ping does not come back => run • • out location of bogon bogon- -filter(s filter(s) ) out location of Traceroute return path is interesting, but unknown: return path is interesting, but unknown: Traceroute • • only usable reachability of the IPs IPs on the path on the path only usable reachability of the towards target target- -IP IP is obtained is obtained towards
Recommend
More recommend
