review of bgp bcp in 2014 seen from ris collectors
play

Review of BGP BCP in 2014 Seen from RIS collectors Guillaume - PowerPoint PPT Presentation

Oct 08, 2022 •21 likes •231 views

Review of BGP BCP in 2014 Seen from RIS collectors Guillaume Valadon Agence nationale de la scurit des systmes dinformation http://www.ssi.gouv.fr/en RIPE 69 - November, 3rd 2014 ANSSI - http://www.ssi.gouv.fr/en 1/19 The observatory

  1. Review of BGP BCP in 2014 Seen from RIS collectors Guillaume Valadon Agence nationale de la sécurité des systèmes d’information http://www.ssi.gouv.fr/en RIPE 69 - November, 3rd 2014 ANSSI - http://www.ssi.gouv.fr/en 1/19

  2. The observatory in a nutshell The observatory is under the supervision of the ANSSI, the French involved in the project. Some of our objectives ANSSI - http://www.ssi.gouv.fr/en 2/19 national cyberdefence agency. French operators and Afnic are also • Study the Internet in France in details: • presented during RIPE 67 plenary. • Develop technical interactions with the networking community; • Publish anonymized results; • see http://www.ssi.gouv.fr/observatoire/ • Publish recommendations and best practices: • BGP BCP presented during RIPE 68 BCOP WG.

  3. ANSSI BGP Best Current Practices guide html ANSSI - http://www.ssi.gouv.fr/en Some BCP can be observed in routing tables ! Recommendations examples About the guide 3/19 new-publication-bgp-configuration-best-practices. gouv.fr/en/the-anssi/events/ http://www.ssi. at: • available • written in collaboration with 7 French operators • confjguration examples for: IOS, Junos, SR-OS, OpenBGPD • contributions are welcome ! • authenticate BGP sessions with TCP-MD5 • fjlter the default route • fjlter special AS numbers (private, documentation, ...) • fjlter too specifjc prefjxes: IPv4 > /24 , IPv6 > /48 • limit the number of prefjxes received from a peer

  4. ANSSI BGP Best Current Practices guide About the guide Recommendations examples Some BCP can be observed in routing tables ! ANSSI - http://www.ssi.gouv.fr/en 3/19 • available at: http://www.ssi.gouv.fr/en • written in collaboration with 7 French operators • confjguration examples for: IOS, Junos, SR-OS, OpenBGPD • contributions are welcome ! • authenticate BGP sessions with TCP-MD5 • fjlter the default route • fjlter special AS numbers (private, documentation, ...) • fjlter too specifjc prefjxes: IPv4 > /24 , IPv6 > /48 • limit the number of prefjxes received from a peer

  5. ANSSI BGP Best Current Practices guide About the guide Recommendations examples Some BCP can be observed in routing tables ! ANSSI - http://www.ssi.gouv.fr/en 3/19 • authenticate BGP sessions with TCP-MD5 • fjlter the default route • fjlter special AS numbers (private, documentation, ...) • fjlter too specifjc prefjxes: IPv4 > /24 , IPv6 > /48 • limit the number of prefjxes received from a peer

  6. Default routes seen by the RIS collectors

  7. Default routes seen by RIS from January to September ceived defaults Some UPDATEs could be legitimate. ANSSI - http://www.ssi.gouv.fr/en 5/19 • ≈ 17000 UPDATEs received • 11/13 active collectors re-

  8. AS PATH length default an- nounced by a RIS peer, or a transit provider of a RIS peer should not be seen an AS PATH length strictly smaller than 3 ANSSI - http://www.ssi.gouv.fr/en 6/19 • len () < = 2 : • len () > 2 : • 40% of the UPDATES have Short AS PATH ( < = 2 ) could identify legitimate announces.

  9. Default routes seen by RIS - no short AS PATH from January to September Some collectors still received much more messages than the others. ANSSI - http://www.ssi.gouv.fr/en 7/19 • ≈ 10000 UPDATEs received • IPv4: 12% • IPv6: 88%

  10. Default routes per day DATEs per day received between 1 and 1436 UPDATEs per day September Collectors see more IPv6 defaults than with IPv4. ANSSI - http://www.ssi.gouv.fr/en 8/19 • IPv4: between 1 and 43 UP- • some days no defaults are • IPv6: • decrease at the end of

  11. Origin and transit AS 52 origin AS announced a default route 35 transit AS did not fjlter a de- fault route All of these transit providers should have fjltered the default route. ANSSI - http://www.ssi.gouv.fr/en 9/19

  12. Open questions ANSSI - http://www.ssi.gouv.fr/en 10/19 • do these UPDATEs are only seen by RIS collectors ? • how many UPDATEs are seen by difgerent RIS collectors ? • …

  13. Too specifjc prefjxes

  14. Number of too specifjc prefjxes per day ANSSI - http://www.ssi.gouv.fr/en 12/19 • IPv6: ≈ 200 distinct prefjxes ≈ 2100 distinct prefjxes seen every day.

  15. Prefjxes lengths Unique IPv4 prefjxes: 7797 Unique IPv6 prefjxes: 261 ANSSI - http://www.ssi.gouv.fr/en 13/19

  16. Unique AS PATH length Most of the too specifjc prefjxes cross the Internet. ANSSI - http://www.ssi.gouv.fr/en 14/19

  17. Origin and transit ASes ANSSI - http://www.ssi.gouv.fr/en 15/19 ≈ 450 distinct origin AS seen every day. ≈ 200 transit AS seen every day.

  18. Can these prefjxes be reached otherwise ? Most of the too specifjc prefjxes can be reached by a less specifjc prefjx. ANSSI - http://www.ssi.gouv.fr/en 16/19 • on June 30th, there are 2089 unique too specifjc IP prefjxes • on July 1st: 125 prefjxes can’t be reached globally: • 46 are only reachable through the specifjc announce • 79 are not reachable at all

  19. Conclusion

  20. Closing remarks Still a work in progress ! Will it be useful to contact operators ? ANSSI - http://www.ssi.gouv.fr/en 18/19 • the observation of BCP adoption is a good awareness tool • the same methodology can be applied to AS numbers, … 28220 3549 3356 8220 23456 198648

  21. Questions? Published material) ANSSI - http://www.ssi.gouv.fr/en 19/19 • 2011 report (French); • 2012 report (French); • 2013 report (French & English - soon); • BGP confjguration best practices (French & English).

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Welcome to tonights gathering This presentation is about a planned fellow collectors trip to

Welcome to tonights gathering This presentation is about a planned fellow collectors trip to

Welcome to tonights gathering This presentation is about a planned fellow collectors trip to Germany From collectors friends for collectors friends Facts (1): The tour is completely privately organised and no ICCC money or

339 views • 13 slides
A solenoid pion collector for ESSnuSB Maja Olvegrd October 7, 2014 Magnetic Pion Collectors

A solenoid pion collector for ESSnuSB Maja Olvegrd October 7, 2014 Magnetic Pion Collectors

A solenoid pion collector for ESSnuSB Maja Olvegrd October 7, 2014 Magnetic Pion Collectors Positron sources matching to accelerator optics Neutrino factories / Muon colliders nature of focusing? matching? Superbeam

658 views • 10 slides
An Analysis of The Completeness of the Internet AS-level Topology Discovered by Route Collectors

An Analysis of The Completeness of the Internet AS-level Topology Discovered by Route Collectors

An Analysis of The Completeness of the Internet AS-level Topology Discovered by Route Collectors Luca Sani July 21, 2014 . Example of ASes (about . Interconnected ASes 47,000 up to date) . . AS 3269 Telecom Italia AS 12145 Colorado State

569 views • 52 slides
BIG PROJECT LIST PRESENTATION MAIN COLLECTIVE SOLAR INSTALLATIONS MADE BY SOLE Name Collectors

BIG PROJECT LIST PRESENTATION MAIN COLLECTIVE SOLAR INSTALLATIONS MADE BY SOLE Name Collectors

BIG PROJECT LIST PRESENTATION MAIN COLLECTIVE SOLAR INSTALLATIONS MADE BY SOLE Name Collectors type &amp; size Storage Capacity Place Year 1. Arkitsa, Calypso Bungalows Hotel Flat plate collectors (100m) 1975 5.000 ltr GREECE 2.

513 views • 36 slides
TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com 1 TAX COLLECTORS OFFICE

TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com 1 TAX COLLECTORS OFFICE

TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com 1 TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com A little bit of history ! How it happened in Orange County, Florida 1868 TAX COLLECTORS BECOME

300 views • 26 slides
Voter Registration Training Overview for D HSMV / Tax Collectors Offices Katrinia Ferguson,

Voter Registration Training Overview for D HSMV / Tax Collectors Offices Katrinia Ferguson,

Voter Registration Training Overview for D HSMV / Tax Collectors Offices Katrinia Ferguson, NVRA Coordinator Maria Matthews, Division Director Last Updated September 23, 2014 Table of Contents 1. Voter Registration Law History NVRA and HAVA

921 views • 58 slides
Tecflote - Novel Chemistry for New Sulfide Collectors Peter Zhou, Andrew Lewis, and Henrik

Tecflote - Novel Chemistry for New Sulfide Collectors Peter Zhou, Andrew Lewis, and Henrik

Tecflote - Novel Chemistry for New Sulfide Collectors Peter Zhou, Andrew Lewis, and Henrik Nordberg SME Denver February 2019 Agenda Nouryon Thiol-based collectors Tecflote non-thiol new chemistry Collector chemistry

546 views • 18 slides
Luk Luke 15: e 15: 1-10 10 Luk Luke 15:1 e 15:1 Now all the tax collectors and sinners

Luk Luke 15: e 15: 1-10 10 Luk Luke 15:1 e 15:1 Now all the tax collectors and sinners

Luk Luke 15: e 15: 1-10 10 Luk Luke 15:1 e 15:1 Now all the tax collectors and sinners were coming near to listen to him. Luk Luke 15:2 e 15:2 And the Pharisees and the scribes were grumbling and saying, This fellow welcomes

1.01k views • 74 slides
The Harmonica Its Evolution, Variety and Beauty For Players, Collectors, And the Curious A

The Harmonica Its Evolution, Variety and Beauty For Players, Collectors, And the Curious A

The Harmonica Its Evolution, Variety and Beauty For Players, Collectors, And the Curious A Presentation for the Members of the Lyncean Group by John Whiteman La Jolla, CA eMail: JohnWhiteman88@gmail.com Mobile Phone: (858) 922-3750 July

600 views • 28 slides
Ethics for County Tax Assessor-Collectors Disclaimer This course is intended as general

Ethics for County Tax Assessor-Collectors Disclaimer This course is intended as general

6/10/2020 Ethics for County Tax Assessor-Collectors Disclaimer This course is intended as general information only and does not carry the force of legal opinion. The Texas Ethics Commission enforces the laws set by the Local Government Code that

246 views • 22 slides
Derivation And Evaluation of Concurrent Collectors Martin T. Vechev University of Cambridge

Derivation And Evaluation of Concurrent Collectors Martin T. Vechev University of Cambridge

Derivation And Evaluation of Concurrent Collectors Martin T. Vechev University of Cambridge David F. Bacon, Perry Cheng and Dave Grove IBM T.J. Watson Research Center Outline Motivation and Benefits New Generalizations Abstract

777 views • 64 slides
Luke 15 - The gospel in the gospel 1 Now the tax collectors and sinners were all drawing

Luke 15 - The gospel in the gospel 1 Now the tax collectors and sinners were all drawing

Luke 15 - The gospel in the gospel 1 Now the tax collectors and sinners were all drawing near to hear him. 2 And the Pharisees and the scribes grumbled, saying, This man receives sinners and eats with them. 3 So he told them this

716 views • 26 slides
Segregation by age Why generational garbage collection Simple tracing collectors suffer from a

Segregation by age Why generational garbage collection Simple tracing collectors suffer from a

Segregation by age Why generational garbage collection Simple tracing collectors suffer from a # of drawbacks All active data must be marked or copy Delays caused by GC can be obtrusive Deferred RC can be used to smooth out cost of

408 views • 16 slides
Vince But Butler @ your service Agenda What is VBU? Dashboard and Host Collectors

Vince But Butler @ your service Agenda What is VBU? Dashboard and Host Collectors

Vince But Butler @ your service Agenda What is VBU? Dashboard and Host Collectors and Publishers Demo Requirements VBU a Proactive System REACTIVE PROACTIVE Hours from errors to action Seconds from error to

185 views • 16 slides
An Experimental Evaluation of Garbage Collectors on Big Data Applications Lijie Xu 1 , Tian Guo 2 ,

An Experimental Evaluation of Garbage Collectors on Big Data Applications Lijie Xu 1 , Tian Guo 2 ,

The 45th International Conference on Very Large Data Bases (VLDB 2019) An Experimental Evaluation of Garbage Collectors on Big Data Applications Lijie Xu 1 , Tian Guo 2 , Wensheng Dou 1 , Wei Wang 1 , Jun Wei 1 1 Institute of Software, Chinese

456 views • 45 slides
CT Tax Collectors Association Spring Meeting 2016 Mike Dugan

CT Tax Collectors Association Spring Meeting 2016 Mike Dugan

CT Tax Collectors Association Spring Meeting 2016 Mike Dugan Capitol Consulting LLC May 12, 2016 Agenda Legislative Overview Budget Crisis

389 views • 17 slides
Bollywood Power: Using films and celebrities to talk water Ankita Bhalla &amp; Anil Cherukupalli:

Bollywood Power: Using films and celebrities to talk water Ankita Bhalla &amp; Anil Cherukupalli:

Bollywood Power: Using films and celebrities to talk water Ankita Bhalla &amp; Anil Cherukupalli: WaterAid India Le 7 me Forum du // 7 th Forum of the Rural Water Supply Network : Abidjan, Cte dIvoire (29.11.2016 02.12.2016) 1:

95 views • 7 slides
The International Water and Film Events After Mexico City (2006) and Istanbul (2009) on

The International Water and Film Events After Mexico City (2006) and Istanbul (2009) on

The International Water and Film Events After Mexico City (2006) and Istanbul (2009) on our way to Marseille (2012) RIEC-IWFE The International Water and Film Events (IWFE), which fjrst appeared on the scene in Mexico in 2006,

364 views • 8 slides
Influence of Temperature on MBBR Denitrification for Advanced Nitrogen Removal of Wastewater

Influence of Temperature on MBBR Denitrification for Advanced Nitrogen Removal of Wastewater

Influence of Temperature on MBBR Denitrification for Advanced Nitrogen Removal of Wastewater Treatment Plant Effluent Haiyan Wang K. Liu,Q.Y. Hang, Q. Yuan, M.J. Ma, and C. M. Li Research Center for Water Pollution Control Technology Chinese

442 views • 27 slides
City Council Study Session December 6, 2016 Tonights Agenda and Discussion Items I. Growth

City Council Study Session December 6, 2016 Tonights Agenda and Discussion Items I. Growth

City Council Study Session December 6, 2016 Tonights Agenda and Discussion Items I. Growth Considerations II. Buildout Analysis Process and Initial Results III. Discussion and Questions I. GROWTH CONSIDERATIONS POPULATION: HISTORICAL

489 views • 33 slides
Finance Committee Meeting August 13, 2020 Agenda Board Item Approve Revised Agreement for

Finance Committee Meeting August 13, 2020 Agenda Board Item Approve Revised Agreement for

Finance Committee Meeting August 13, 2020 Agenda Board Item Approve Revised Agreement for Lifeguard and CPR Certifications Approve Increase in Elementary and Middle School Adult Lunch Price Approve Bid 20-14, Miscellaneous

427 views • 13 slides
Beta Presentation CATAlyst: Mapping CATA Routes and Buses in Real-Time The Capstone Experience

Beta Presentation CATAlyst: Mapping CATA Routes and Buses in Real-Time The Capstone Experience

Beta Presentation CATAlyst: Mapping CATA Routes and Buses in Real-Time The Capstone Experience Team Michigan State University Catherine Dinsmoor Charlie Ward Tom Beaver James Dodge Jimmy Mkude Department of Computer Science and Engineering

264 views • 13 slides
eliminating late fjnes IMPROVING ACCESS TO YOUR LIBRARY SEPTEMBER 2018 public libraries are

eliminating late fjnes IMPROVING ACCESS TO YOUR LIBRARY SEPTEMBER 2018 public libraries are

eliminating late fjnes IMPROVING ACCESS TO YOUR LIBRARY SEPTEMBER 2018 public libraries are the peoples university and we need to make sure they are accessible to everyone. - ELLIOT WARREN, BERKELEY PUBLIC LIBRARY project background

658 views • 29 slides
Financial Data FOR FISCAL YEAR 2013-2014 Budget Goals Cope with RLC disappearance

Financial Data FOR FISCAL YEAR 2013-2014 Budget Goals Cope with RLC disappearance

Financial Data FOR FISCAL YEAR 2013-2014 Budget Goals Cope with RLC disappearance Identify US 290 ancillary costs Fee review year Get ahead of county / state increases Review long-standing contractual relations Systematic

145 views • 12 slides

More recommend