[PPT] - Influence of BGP Community Attributes on Routing and Internet PowerPoint Presentation

SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Influence of BGP Community Attributes on Routing and Internet Traffic

Final talk for the IDP by

Fabian Raab B.Sc.

advised by Oliver Gasser, Quirin Scheitle, Minoo Rouhi Monday 18th February, 2019 Chair of Network Architectures and Services Department of Informatics Technical University of Munich

SLIDE 2

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

BGP communities introduction

The Border Gateway Protocol (BGP) is used for exchanging routing information
A BGP Community can optimize routing decisions and is a simple integer:

ASN val

For example AS1273 (Vodafone):

Informational
Tagging (ex. geographic)
1273:12276 Route learned from a customer in Germany
Action
Routes redistribution (ex. backup routes)
1273:90 Sets local preference value

within AS1273 to 90

Export control (ex. blackholing)
1273:666 Discard any traffic to

the announced prefix (blackhole)

Provider AS R Customer AS Customer AS R R R Informational Action

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 2

SLIDE 3

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Communities Taxonomy Tree

action informational usage category process category inbound

utbound

tagging blackhole attach localpref prepend announce link-tags pass-tags peertype IXP geographic AS IPv4 IPv6

legend

scope

application class

routes redistribution attack mitigation unspecified BGP attribute manipulation export control action relic Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 3

SLIDE 4

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Goals

Better understand dynamics of routing networks with BGP Communities
Identify BGP Communities announcement characteristics
Stable behaviour
Parallel announcements (Community Flapping)
For impact, correlate BGP Community changes with
BGP routing changes
traffic changes
Hopefully leads to better and more stable BGP configuration since effects are known

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 4

SLIDE 5

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Path types

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 TR3 Traffic Router BGP Router

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 5

SLIDE 6

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Path types

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 TR3 AS path

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 5

SLIDE 7

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Path types

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 TR3 IP path AS path

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 5

SLIDE 8

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Path types

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 TR3 Communities Ruter path IP path AS path

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 5

SLIDE 9

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Research questions

Routing
How detailed are Communities, and therefore influence the route?

(path, AS configuration)

In which cases do changed Communities replace an older one, in which remain both valid in

parallel? (Router and AS behaviour) → Can Communities improve routing?

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 6

SLIDE 10

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Research questions

Routing
How detailed are Communities, and therefore influence the route?

(path, AS configuration)

In which cases do changed Communities replace an older one, in which remain both valid in

parallel? (Router and AS behaviour) → Can Communities improve routing?

Normal behaviour
How stable are Communities?
Can regular Community changes be a stable condition?
Should they cause like intended traffic/routing changes?

→ Can instabilities/problems be identified?

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 6

SLIDE 11

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 1 (Single switch) Prefix Peer-IP AS-Path

Diego Cassio (Brasilia)↓

138.117.146.0/24 193.178.185.65 286 7738 8167 53062 262607 264242 Announce Time BGP Community set 11.11.2017 14:07:33 286:286, 286:3001, 286:4502 BR1 , 286:4991, 7738:51448 BR3 11.11.2017 22:01:12 286:286, 286:3001, 286:4510 BR2 , 286:4991, 7738:51448 BR3 value Description 286:4502 US - nyk-s2 (New York, Switch and Data / 8th Avenue 111) 286:4510 US - miaf-s1 (Miami, Terremark) 286:286

wn or customer prefix

286:3001 Unites States 286:4991 North America

Replacement route
Second route
Wrong community / misconfiguration
Effectless

AS3856 AS7738 AS286 CR VP BR1 BR2 BR3

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 7

SLIDE 12

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 2 (Community Flapping Set change)

lower local preference to 94, Asia, Turkey, itb-s3 Istanbul lower local preference to 97, Asia, Turkey, itb-s3 Istanbul Europe, Germany, ffm-s1 Frankfurt lower local preference to 97, Europe, Germany, ffm-s1 Frankfurt, some unknown Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 8

SLIDE 13

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community change detection — primitive approach [2]

α β γ

Base

Base: For 48h only one Community set allowed (here definition of stable)
Other behaviour does not work

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 9

SLIDE 14

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community change detection — primitive approach [2]

α β γ

Base Changes

Base: For 48h only one Community set allowed (here definition of stable)
Other behaviour does not work
Any other Community set is a change

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 9

SLIDE 15

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community changes detection — Own approach

α β γ

Announcement is a change iff: The same Community set is not seen 24h before OR after (= ✓)

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 10

SLIDE 16

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community changes detection — Own approach

α β γ

Announcement is a change iff: The same Community set is not seen 24h before OR after (= ✓)

Begin of new Comm set can be detected

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 10

SLIDE 17

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community changes detection — Own approach

α β γ

Announcement is a change iff: The same Community set is not seen 24h before OR after (= ✓)

Begin of new Comm set can be detected
Flapping is not a change

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 10

SLIDE 18

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community changes detection — Own approach

α β γ

Announcement is a change iff: The same Community set is not seen 24h before OR after (= ✓)

Begin of new Comm set can be detected
Flapping is not a change
Begin/End of Sequence within Flapping can be detected

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 10

SLIDE 19

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Community change detection — Summary

Approach:
Simple
Detects changes in relation to direct previous/next announcements
Works with many announcement characteristics
Supports permanent changes
Community Flapping are not changes
Challenging parametrization:
Announcement frequency varies
Duration compare back/forth

→ Jumping back/forth n announcements → But still many change hits

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 11

SLIDE 20

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Traffic analysis: outage — Communities

Europe, Germany, ffm-s1 Frankfurt, Kleyerstr. 90 Europe, Germany, hmb-s2 Hamburg, Wendenstr. 251 Europe, Germany, mchn-s1 Munich, Seibelstr./Arnulfstr. Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 12

SLIDE 21

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Traffic analysis: outage — AS link graph (1)

Frankfurt Hamburg Munich c) b) d)

(a) 2018-04-28 23:15 Star topology to origin (b) 2018-04-28 23:28 Rerouting

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 13

SLIDE 22

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Traffic analysis: outage — AS link graph (2)

Frankfurt Hamburg Munich c) b) d)

(c) 2018-04-28 23:43 Outage (d) 2018-04-29 08:01 Recovery

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 14

SLIDE 23

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Traffic analysis: outage — Summary

Communities show routing changes, although AS path not
Algorithm should exclude big jumps, since Communities are not the causes
Challenging parametrization:
Daily pattens
Statistics per prefix (valid after route change?)
Change from average traffic (threshold?)

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 15

SLIDE 24

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Conclusion

Finer route description (BGP-router-path)
Looked at Community set as a whole
Standardization documents do not define behaviour
Impact not obvious
Stable definition of Communities difficult

→ Community Flapping → When should I adapt my routing to changes?

Traffic change detection problematic

→ Many reasons for change possible such as outage.

What can we learn out of this work:
Document Communities
Communities can detect routing issues
When specific usage of Communities can cause problems

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 16

SLIDE 25

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Questions?

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 17

SLIDE 26

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Statistics per day PRA: Prefix and Route Attributes (Peer AS, Peer IP , Next-Hop IP , AS Path). Statistics for one day of a single collector: #prefixes #Communities #ASes #origins #CommASN 17716 720 5173 4133 136 #PRA #PRA with Comm #changes mean changes/PRA (with Comms only) 18151 43.6% 8536 0.47

high Community usage
PRA quite stable (compare with #prefixes)
but many Community changes

→ So route not stable?

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 18

SLIDE 27

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 3 (Backup path, Reserved ASN) Prefix Peer-IP AS-Path

↓TELLCOM (Turkey)

92.45.92.0/24 193.178.185.65 286 1–2 34984 3–5 Announce Duration BGP Community set 11.11.2017 00:01:34 — 23:37:35 286:286, 286:3049, 286:4015, 286:4990, 286:90 BR1 , 65100:25001, 65110:13412 BR3 11.11.2017 00:01:36 — 23:38:15 286:286, 286:3049, 286:4015, 286:4990 BR2 BR4 11.11.2017 14:55:27 — 22:03:22 286:286, 286:3049, 286:4015, 286:4990, 286:90 BR1 , 65100:25001, 65110:13411 BR5 value Description 286:4015 DE - ffm-s1 (Frankfurt, Equinix FR5 / Kleyerstr. 90) 286-default Customer will get a standard local preference of 100 assigned. 286:90 lower local preference of route inside AS286 to 97 286:286

wn or customer prefix

286:3049 Germany 286:4990 Europe

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 19

SLIDE 28

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 4 (Community Flapping) Prefix Peer-IP AS-Path

↓Antares (Swiss)

2a01:6a8::/32 2001:7f8:19:1::32e6:1 13030 31424 34554 Time BGP Community set (date of measurement: 11.11.2017) 00:03:01 13030:7186, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51102 00:03:01 13030:7208, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51107 00:14:11 13030:7186, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51102 00:14:11 13030:7208, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51107 00:25:21 13030:7186, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51102 00:25:21 13030:7208, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51107 . . . . . . 23:55:22 13030:7186, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51102 23:55:22 13030:7208, 13030:6, 13030:50000, 31424:1261, 31424:1260, 13030:51107 value Description 13030:51102 ZRH-2 Equinix Zurich 2 13030:51107 GLB-1 Interxion Glattbrugg (suburb of Zurich)

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 20

SLIDE 29

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 4 (Community Flapping)

2 4 6 8 10 12 measurements (stacked) dst num_pkts ip_src ip_dst prefix_src asn_src 04-23 00 04-23 06 04-23 12 04-23 18 04-24 00 04-24 06 04-24 12 04-24 18 04-25 00 04-25 06 04-25 12 04-25 18 04-26 00 04-26 06 04-26 12 04-26 18 04-27 00 04-27 06 04-27 12 04-27 18 04-28 00 04-28 06 04-28 12 04-28 18 04-29 00 04-29 06 04-29 12 04-29 18 04-30 00 wd 1 2 3 4 5 6 announcement times withdrawns 1) Next-Hop: 193.178.185.34 Peer: 193.178.185.34 AS-Path: 6939 34554 2) Next-Hop: 193.178.185.34 Peer: 193.178.185.6 AS-Path: 6939 34554 0:12989, 0:13335, 0:15169, 0:20940, 0:22822 3) Next-Hop: 193.178.185.34 Peer: 193.178.185.5 AS-Path: 6939 34554 0:12989, 0:13335, 0:15169, 0:20940, 0:22822 4) Next-Hop: 193.178.185.92 Peer: 193.178.185.92 AS-Path: 13030 31424 34554 13030:11, 13030:7208, 13030:50000, 13030:51107, 31424:1200, 31424:1201 5) Next-Hop: 193.178.185.44 Peer: 193.178.185.44 AS-Path: 33891 31424 34554 31424:1200, 31424:1201, 33891:33892 6) Next-Hop: 193.178.185.92 Peer: 193.178.185.92 AS-Path: 13030 31424 34554 13030:11, 13030:7203, 13030:50000, 13030:51102, 31424:1200, 31424:1201

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 21

SLIDE 30

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 5 (Withdrawn order)

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 22

SLIDE 31

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 6 (No traffic change)

20 40 60 80 100 120 measurements (stacked) dst num_pkts ip_src ip_dst prefix_src asn_src 04-23 00 04-23 06 04-23 12 04-23 18 04-24 00 04-24 06 04-24 12 04-24 18 04-25 00 04-25 06 04-25 12 04-25 18 04-26 00 04-26 06 04-26 12 04-26 18 04-27 00 04-27 06 04-27 12 04-27 18 04-28 00 04-28 06 04-28 12 04-28 18 04-29 00 04-29 06 04-29 12 04-29 18 04-30 00 wd 1 2 3 announcement times 1 2 3 4 1 2 3 4 5 1 2 3 4 5 6 withdrawns 1) Next-Hop: 193.178.185.32 Peer: 193.178.185.32 AS-Path: 8928 7×15735 35356 8928:10900, 8928:11002, 8928:20901, 8928:65191 2) Next-Hop: 193.178.185.32 Peer: 193.178.185.32 AS-Path: 8928 15735 35356 8928:10900, 8928:11005, 8928:20901, 8928:65191 3) Next-Hop: 193.178.185.32 Peer: 193.178.185.32 AS-Path: 8928 7×15735 35356 8928:10900, 8928:11003, 8928:20901, 8928:65191

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 23

SLIDE 32

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Communities compared to other attributes

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 24

SLIDE 33

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Collector’s point of view (full)

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 Example Announcement from AS64501 BR4 TR3 Traffic Router BGP Router Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 25

SLIDE 34

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Collector’s point of view (full)

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 Example Announcement from AS64501 BR4 TR3 Traffic Router BGP Router BGP Peer Next-Hop Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 25

SLIDE 35

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Collector’s point of view (full)

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 Example Announcement from AS64501 BR4 AS-Path: AS64501 AS64502 AS64504 TR3 Traffic Router BGP Router BGP Peer Next-Hop Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 25

SLIDE 36

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Collector’s point of view (full)

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 Example Announcement from AS64501 BR4 AS-Path: IP-Path: AS64501 AS64502 AS64504 BR3 TR2 TR1 CR TR3 Traffic Router BGP Router BGP Peer Next-Hop Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 25

SLIDE 37

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Collector’s point of view (full)

Collector-AS64504 AS64501 AS64502 C BR1 BR3 BR4 TR2 TR1 Example Announcement from AS64501 BR4 AS-Path: IP-Path: BGP-router-Path: AS64501 AS64502 AS64504 BR3 TR2 TR1 CR BR4 BR3 BR1 CR TR3 Traffic Router BGP Router BGP Peer Next-Hop Communities Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 25

SLIDE 38

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 7 (Traffic dead)

5 10 15 20 25 measurements (stacked) dst num_pkts ip_src ip_dst prefix_src asn_src 04-24 12 04-24 14 04-24 16 04-24 18 04-24 20 04-24 22 04-25 00 04-25 02 04-25 04 04-25 06 04-25 08 04-25 10 04-25 12 04-25 14 04-25 16 04-25 18 04-25 20 04-25 22 04-26 00 04-26 02 04-26 04 04-26 06 04-26 08 04-26 10 04-26 12 04-26 14 04-26 16 04-26 18 04-26 20 04-26 22 04-27 00 04-27 02 04-27 04 04-27 06 04-27 08 04-27 10 04-27 12 wd 1 2 announcement times 1 2 3 4 1 2 3 4 1 2 3 4 5 withdrawns 1) Next-Hop: 193.178.185.32 Peer: 193.178.185.32 AS-Path: 8928 12715 2×62352 8928:10900, 8928:11006, 8928:20901, 8928:29306, 8928:65191, 12715:32000, 12715:32087 2) Next-Hop: 193.178.185.32 Peer: 193.178.185.32 AS-Path: 8928 12715 2×62352 8928:10900, 8928:11006, 8928:20901, 8928:29306, 8928:65191

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 26

SLIDE 39

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 8 (Traffic plateau)

10 20 30 40 measurements (stacked) src num_pkts ip_src ip_dst prefix_dst asn_dst 4

2

3 4

2

3 6 4

2

3 1 2 4

2

3 1 8 4

2

4 4

2

4 6 4

2

4 1 2 4

2

4 1 8 4

2

5 4

2

5 6 4

2

5 1 2 4

2

5 1 8 4

2

6 4

2

6 6 4

2

6 1 2 4

2

6 1 8 4

2

7 4

2

7 6 4

2

7 1 2 4

2

7 1 8 4

2

8 4

2

8 6 4

2

8 1 2 4

2

8 1 8 4

2

9 4

2

9 6 4

2

9 1 2 4

2

9 1 8 4

3

wd 1 2 3 4 5 6 7 announcement times 1 2 3 4 5 6 1 2 1 2 3 4 5 6 7 8 withdrawns 1) Next-Hop: 193.178.185.65 Peer: 193.178.185.65 AS-Path: 286 9211 45012 286:286, 286:3049, 286:4057, 286:4990, 45012:45012 2) Next-Hop: 193.178.185.39 Peer: 193.178.185.39 AS-Path: 13237 2×21413 3) Next-Hop: 193.178.185.39 Peer: 193.178.185.5 AS-Path: 13237 2×21413 0:286, 0:702, 0:1136, 0:2119, 0:2856, 0:2906, 0:3209, 0:3257, 0:3292, 0:3320, 0:3491, 0:4766, 0:6461, 0:6805, 0:6830, 0:6939, 0:8218, 0:8220, 0:8447, 0:8591, 0:8881, 0:8928, 0:9121, 0:12322, 0:13184, 0:15169, 0:20676, 0:20940, 0:22822, 0:24953, 0:25596, 0:28876, 0:30094, 0:31334, 13237:45049, 13237:46010 4) Next-Hop: 193.178.185.39 Peer: 193.178.185.6 AS-Path: 13237 2×21413 0:286, 0:702, 0:1136, 0:2119, 0:2856, 0:2906, 0:3209, 0:3257, 0:3292, 0:3320, 0:3491, 0:4766, 0:6461, 0:6805, 0:6830, 0:6939, 0:8218, 0:8220, 0:8447, 0:8591, 0:8881, 0:8928, 0:9121, 0:12322, 0:13184, 0:15169, 0:20676, 0:20940, 0:22822, 0:24953, 0:25596, 0:28876, 0:30094, 0:31334, 13237:45049, 13237:46010 5) Next-Hop: 193.178.185.65 Peer: 193.178.185.65 AS-Path: 286 45012 286:286, 286:3049, 286:4017, 286:4990, 45012:45012 6) Next-Hop: 193.178.185.39 Peer: 193.178.185.5 AS-Path: 13237 2×21413 0:286, 0:702, 0:1136, 0:2119, 0:2856, 0:2906, 0:3209, 0:3257, 0:3292, 0:3320, 0:3491, 0:4766, 0:6461, 0:6805, 0:6830, 0:6939, 0:8218, 0:8220, 0:8447, 0:8591, 0:8881, 0:8928, 0:9121, 0:12322, 0:13184, 0:15169, 0:20676, 0:20940, 0:22822, 0:24953, 0:25596, 0:28876, 0:30094, 0:31334, 13237:45049, 13237:46092 7) Next-Hop: 193.178.185.44 Peer: 193.178.185.44 AS-Path: 33891 2×21413 33891:33892

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 27

SLIDE 40

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Detection Steps

Correctly detect a community change
Intended / Real influence
Alternating Communities
Understand normal behaviour
key (Prefix, Peer AS, Peer IP

, Next-Hop IP , AS Path), Statistics for 02.03.2018:

#prefixes #Communities #ASes #origins #CommASN 17716 720 5173 4133 136 #keys #Keys with Comm #changes mean changes (with Comms only) 18151 43.6% 8536 0.47

Correlate routing or traffic change
What is a change (metric)?
When it is a change (threshold)?
Caused by community or unrelated change?
Relation of change only on key or wider range?
Day of week / Time of day
Active & passive measurements
Estimation of change
Reason: Outage, Route Optimization, Blackholing, Peak balancing, . . .
Correctness: Should the change happen?
Resources: Community meaning database, Event information

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 28

SLIDE 41

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Looking Glass — Communities & traffic

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 29

SLIDE 42

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Looking Glass — Communities

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 30

SLIDE 43

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Looking Glass — Server

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 31

SLIDE 44

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Looking Glass — Summary

No direct relation
Most Looking Glass display no Communities
Looking glass changes must not be reflected in Community changes and vice versa
Looking glass can also show Community Flapping

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 32

SLIDE 45

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Method

Measurements
BGP updates via BGP peering
Traffic analysis
Active measurements
Traceroutes (IP- & AS-Path)
Reachability
Historical data from different points

all over the world

RIPE Atlas traceroute dumps
BGP collector dumps

IXP Route Server Traffic router Fetch Traffic data IN-I8 Own BGP Router 4 1 2a 3 2b BGP and Community Data Correlate anonymized results Active Measurements Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 33

SLIDE 46

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Case study 9 (Prepending, Incongruous, Reserved ASN) Prefix Peer-IP AS-Path 31.47.238.0/24 193.178.185.44 33891 34549 34549 200462 Announce Time BGP Community set 11.11.2017 10:22:36 3257:2291, 33891:2490, 33891:33892, 34549:300 11.11.2017 10:29:54 3257:2291, 33891:2490, 33891:33892, 34549:300, 1299:2001, 1299:5001, 1299:7001 11.11.2017 10:30:44 3257:2291, 33891:2490, 33891:33892, 34549:300, 1299:2001, 1299:5001, 1299:7001, 65001:0 value Description 3257:2291 prepend 1x to any peering partner 33891:33892 Customers/Downstreams 1299:200x Prepend x times to all peers in Europe 1299:500x Prepend x times to all peers in US 1299:700x Prepend x times to all peers in Asia (Note: AS1299 has only Communities for Europe, US, and Asia) 65001:XXXX prepend 1x to ASXXXX (defined by AS3257)

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 34

SLIDE 47

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Related Work

Detecting Peering Infrastructure Outages in the Wild [3]
Geographic communities to pinpoint facility
Active measurements for more precision
On the Effectiveness of DDoS Mitigation in the Wild [1]
Blackholing service at IXP activated with BGP communities
Very effective and high usage
Inferring BGP Blackholing Activity on the Internet [5]
Blackholing with BGP communities
Usage increased over last three years (peak of 5K concurrently blackholed prefixes from 400

Ases)

Blackholed destination could not be reached any more or AS- and IP-path increased noticeable
Detect user and provider of BGP community
Modelling and Analysis of BGP Community Attributes [4]
More detailed BGP Community model
Database with 60088 BGP communities
Evaluation of BGP Community propagation and acceptance by different ASes

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 35

SLIDE 48

Bibliography

[1]

C. Dietzel, A. Feldmann, and T. King.

Blackholing at IXPs: On the Effectiveness of DDoS Mitigation in the Wild. In Passive and Active Measurement, Lecture Notes in Computer Science, pages 319–332. Springer, Cham, Mar. 2016. [2]

V. Giotsas.

CommunityWatch: The Swiss-Army Knife of BGP Anomaly Detection. [3]

V. Giotsas, C. Dietzel, G. Smaragdakis, A. Feldmann, A. Berger, and E. Aben.

Detecting Peering Infrastructure Outages in the Wild. In Proceedings of the Conference of the ACM Special Interest Group on Data Communication, SIGCOMM ’17, pages 446– 459, New York, NY, USA, 2017. ACM. [4]

F. Raab.

Modeling and Analysis of BGP Community Attributes. Bachelor thesis, Technische Universität München, Garching bei München, Sept. 2015. [5] Vasileios Giotsas, Georgios Smaragdakis, Christoph Dietzel, Philipp Richter, Anja Feldmann, and Arthur Berger. Inferring BGP Blackholing Activity in the Internet. In Proceedings of ACM Internet Measurements Conference, volume IMC’17, London, UK, Nov. 2017.

Fabian Raab — Influence of BGP Community Attributes on Routing and Internet Traffic 36