rib size estimation for bgpsec
play

RIB Size Estimation for BGPSEC Trustworthy Networking Program K. - PowerPoint PPT Presentation

Aug 17, 2023 •13 likes •133 views

RIB Size Estimation for BGPSEC Trustworthy Networking Program K. Sriram (with O. Borchert, O. Kim, D. Cooper, and D. Montgomery) IETF-81 SIDR WG Meeting July 28, 2011 Contacts: ksriram@nist.gov, dougm@nist.gov Acknowledgements: Many thanks

  1. RIB Size Estimation for BGPSEC Trustworthy Networking Program K. Sriram (with O. Borchert, O. Kim, D. Cooper, and D. Montgomery) IETF-81 SIDR WG Meeting July 28, 2011 Contacts: ksriram@nist.gov, dougm@nist.gov Acknowledgements: Many thanks are due to the BGPSEC Design Team for comments and suggestions. Thanks are also due to people in the SIDR WG who have shared measurement data, made suggestions, or critiqued the work. This research was supported by the Department of Homeland Security under the Secure Protocols for the Routing Infrastructure (SPRI) program and the NIST Information Technology Laboratory Cyber and Network Security Program. 1

  2. Measurement of Prefixes and Paths in ISP’s Route Reflectors and PE Routers Measurement data from a Large, Tier 1 ISP Provider Route Edge (PE) Reflectors routers (RR) # Unique Prefixes Observed 377,000 377,000 Total number of Prefix Paths Observed (Low) 750,000 3,100,000 Total number of Prefix Paths Observed (High) 1,100,000 3,600,000 Ratio of Total # Prefix Paths / # Unique Prefixes (High) 2.92 9.55 2

  3. Update Format and Signature Overheads Octets (RSA- Update Element 2048 Alg.) NLRI Length 1 NLRI 4 AS-n 4 AS-(n-1) 4 … 4 AS2 4 AS1 (Originating AS) 4 AS-(n+1) (ASN of Subsequent AS) 4 Expire Time 8 Algorithm Suite Itentifier 1 Signature-List Block Length 2 SKI Length-n 1 SKI-n 20 Signature-n 256 SKI Length-(n-1) 1 Signature SKI-(n-1) 20 Signature-(n-1) 256 overheads … … … SKI Length-2 1 SKI-2 20 Signature-2 256 SKI Length-1 1 SKI-1 20 Signature-1 256 4 ASes per AS path Other BGP Attributes (besides NLRI & Reference: draft-sidr- AS_PATH; measured/estimated) 40 Estimated Signed Update Size (average) 1188 15x increase in bgpsec-protocol update size (with Measured Unsigned BGP Update Size RSA-2048) (average including all BGP attributes) 78 3

  4. Estimation of BGPSEC Update Sizes BGPSEC Signed Update Size: IPv4 (octets) IPv6 (octets) For RSA-2048 Signatuer Alg 1188 1200 For ECDSA-256 Signatuer Alg 420 432 Unsigned Update 78 90 RIB memory storage ovehead 5.0% 5.0% • It should also be noted that eBGP updates in BGP-4 average 3.83 prefixes per update whereas the same in BGPSEC have only a single prefix per update (un-optimized). • Unsigned update size was measured from Routeviews data. • Signed update sizes are estimated (see the excel spread sheet for details: http://www.antd.nist.gov/~ksriram/BGPSEC_RIB.xls ). 4

  5. BGPSEC Adoption Rate (1) Probability Distribution of Adoption (Truncated Normal Distribution) 25% Normal Distribution, Std Dev = 3 Probability Distribution of Adoption Rate Normal Distribution, Std Dev = 2 20% 15% Start of Adoption 10% 5% 0% 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 • In the RIB estimates that follow, we will apply truncated Normal distribution of adoption with Std. Deviation = 2 (Green plot). 5

  6. BGPSEC Adoption Rate (2) Cumulative Distribution of Adoption (Truncated Normal Distribution) 100% Normal Distribution, Std Dev = 3 90% Cumulative Distribution of Adoption Rate Normal Distribution, Std Dev = 2 80% 70% 60% 50% 40% Start of 30% Adoption 20% 10% 0% 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 • In the RIB estimates that follow, we will apply truncated Normal distribution of adoption with Std. Deviation = 2 (Green plot). 6

  7. PE Router RIB Size Estimation for BGPSEC Contribution to RIB Memory PE PE Due to IPv4 and IPv6 eBGP Router Router Updates in PE Router Total # Total # # Unique Signed # Unique Signed BGPSEC IPv4 IPv4 eBGP IPv6 IPv6 eBGP Adoption IPv4 eBGP Prefix- IPv6 eBGP Prefix- (% Prefix- For RSA-2048 For ECDSA- Growth Prefixes Paths in Growth Prefixes Paths in Paths Signature Alg. 256 Signature Year Rate (FIB) RIB Rate (FIB) RIB Signed) (GB) Alg. (GB) 2011 12% 377000 1100840 100% 4000 11680 0% 0.09 0.09 2012 12% 422240 1232941 90% 8000 23360 0% 0.10 0.10 2013 12% 472909 1380894 80% 15200 44384 0% 0.12 0.12 2014 12% 529658 1546601 70% 27360 79891 0% 0.13 0.13 2015 12% 593217 1732193 60% 46512 135815 0% 0.15 0.15 2016 12% 664403 1940056 50% 74419 217304 2% 0.22 0.19 2017 12% 744131 2172863 40% 111629 325956 6% 0.38 0.26 2018 12% 833427 2433607 30% 156280 456339 15% 0.75 0.40 2019 12% 933438 2725639 30% 203164 593240 30% 1.46 0.64 2020 12% 1045451 3052716 30% 264114 771212 50% 2.55 1.01 2021 12% 1170905 3419042 30% 343348 1002576 70% 3.96 1.48 2022 12% 1311413 3829327 30% 446352 1303348 85% 5.51 2.00 2023 12% 1468783 4288846 30% 580258 1694353 94% 7.07 2.53 2024 12% 1645037 4803508 30% 754335 2202659 98% 8.64 3.08 2025 12% 1842441 5379929 30% 980636 2863457 100% 10.32 3.67 • Geoff Huston’s IPv4 data shows a steady 12% (approximately) yearly growth rate for eBGP IPv4 prefixes over the past few years (2008-2011). http://bgp.potaroo.net/index-bgp.html • His data also shows 4000 announced IPv6 at start of 2011 with about 100% growth rate so far in 2011. 7

  8. Route Reflector RIB Size Estimation for BGPSEC Contribution to RIB Memory Route Route Due to IPv4 and IPv6 eBGP Reflector Reflector Updates in Route Reflector Total # Total # # Unique Signed IPv4 # Unique Signed IPv6 BGPSEC IPv4 eBGP IPv6 eBGP Adoption IPv4 eBGP Prefix- IPv6 eBGP Prefix- (% Prefix- For RSA-2048 For ECDSA- Growth Prefixes Paths in Growth Prefixes Paths in Paths Signature Alg. 256 Signature Year Rate (FIB) RIB Rate (FIB) RIB Signed) (GB) Alg. (GB) 2011 12% 377000 3600350 100% 4000 38200 0.00% 0.30 0.30 2012 12% 422240 4032392 90% 8000 76400 0.00% 0.34 0.34 2013 12% 472909 4516279 80% 15200 145160 0.00% 0.38 0.38 2014 12% 529658 5058233 70% 27360 261288 0.00% 0.44 0.44 2015 12% 593217 5665220 60% 46512 444190 0.00% 0.51 0.51 2016 12% 664403 6345047 50% 74419 710703 1.61% 0.72 0.63 2017 12% 744131 7106453 40% 111629 1066055 5.97% 1.25 0.86 2018 12% 833427 7959227 30% 156280 1492477 15.21% 2.47 1.31 2019 12% 933438 8914334 30% 203164 1940220 30.44% 4.76 2.10 2020 12% 1045451 9984054 30% 264114 2522286 50.00% 8.34 3.30 2021 12% 1170905 11182141 30% 343348 3278972 69.56% 12.95 4.84 2022 12% 1311413 12523997 30% 446352 4262664 84.79% 18.02 6.54 2023 12% 1468783 14026877 30% 580258 5541463 94.03% 23.12 8.28 2024 12% 1645037 15710102 30% 754335 7203902 98.39% 28.24 10.06 2025 12% 1842441 17595315 30% 980636 9365072 100.00% 33.75 12.01 • Please see notes on previous slides. 8

  9. Comparison: RSA-2048 vs. ECDSA-256 RR with RSA-2048 32 RR with ECDSA-256 28 PE with RSA-2048 RIB MEMORY (GB) PE with ECDSA-256 24 20 16 12 8 4 0 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 YEAR • Includes IPv4 and IPv6 prefixes. • See slides 7, 8 for details. 9

  10. BGPSEC Signature Algorithm Transition (Example) • Dual signature-list blocks are used during algorithm transition (see draft-sidr- bgpsec-protocol) 40 Dual Sig-List Blocks (RSA-2048 & ECDSA-256) RSA-2048 35 ECDSA-256 Transition from RSA-2048 to ECDS-256 30 RIB MEMORY (GB) 25 Algorithm Transition 20 15 10 Start of 5 Adoption 0 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 YEAR 10

  11. BGPSEC Signature Algorithm Transition Followed by Protocol Transition (Example) • Dual signature-list blocks are used during protocol/algorithm transition (see draft-sidr-bgpsec-protocol) 40 Dual Sig-List Blocks (RSA-2048 & ECDSA-256) RSA-2048 35 Dual Sig-List Blocks (two ECDSA-256 blocks) ECDSA-256 30 RIB MEMORY (GB) Algorithm Transition followed by Protocol Transition 25 Algorithm 20 Transition 15 10 Start of Protocol 5 Adoption Transition 0 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 YEAR 11

  12. Summary & Conclusions • RIB sizes have been estimated for realistic RR and PE scenarios (with input from a large, Tier 1 ISP and also from Geoff Huston’s latest measurement data for eBGP IPv6 and IPv4 prefixes http://bgp.potaroo.net/index-bgp.html ) • Signature algorithms considered: RSA-2048 and ECDSA-256 • RIB memory needs to be engineered so it is adequate for algorithm/protocol transition down the road • Please also see previously shared slides http://www.antd.nist.gov/~ksriram/BGPSEC_RIB_Estimation.pdf for other related details and discussion regarding the modeling • The excel spread sheet is made available so anyone can play with assumptions in accordance with their view. Several details of the modeling can be gleaned from the excel spread sheet as well: http://www.antd.nist.gov/~ksriram/BGPSEC_RIB.xls • Thanks for the discussion and comments on the SIDR list so far. Further comments/suggestions are very welcome 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BGPSec Interoperability Test QuaggaSRx and BIRD bgpsec IETF 97 Trustworthy Networking Program

BGPSec Interoperability Test QuaggaSRx and BIRD bgpsec IETF 97 Trustworthy Networking Program

BGPSec Interoperability Test QuaggaSRx and BIRD bgpsec IETF 97 Trustworthy Networking Program Seoul, South Korea Nov. 17, 2016 Oliver Borchert (oliver.borchert@nist.gov) NaNonal InsNtute of Standards and Technology 1 Tested Systems:

304 views • 17 slides
Contents Introduction Approaches and Methods for Software Size Estimation FPA Method

Contents Introduction Approaches and Methods for Software Size Estimation FPA Method

Estimating Software Size and Effort Software Size and Effort Estimation Dr. Ale ivkovi , CISA, PRINCE 2 University of Maribor, Slovenia Faculty of Electrical Engineering and Computer Science e-mail: ales.zivkovic@uni-mb.si

800 views • 38 slides
Sunthud Pornprasertmanit W. Joel Schneider Sample Size Estimation Approach Power

Sunthud Pornprasertmanit W. Joel Schneider Sample Size Estimation Approach Power

Sunthud Pornprasertmanit W. Joel Schneider Sample Size Estimation Approach Power Accuracy in Parameter Estimation Cluster Randomized Design (CRD) Sample Size Estimation in CRD Program Illustration Power analysis The

343 views • 22 slides
Software size measures and their usefulness for software project estimation Software Size

Software size measures and their usefulness for software project estimation Software Size

Software size measures and their usefulness for software project estimation Software Size Measures and their usefulness for software project estimation Harold van Heeringen Sogeti Nederland B.V., Senior Software Cost Engineer San Diego (CA,

779 views • 32 slides
Sample Size Re-Estimation: Controlling the Type-1 Error Yannis Jemiai, Ph.D. 26 September 2017

Sample Size Re-Estimation: Controlling the Type-1 Error Yannis Jemiai, Ph.D. 26 September 2017

Sample Size Re-Estimation: Controlling the Type-1 Error Yannis Jemiai, Ph.D. 26 September 2017 ASA Biopharmaceutical Section Regulatory-Industry Statistics Workshop unblinded sample size re-estimation is an essential design tool Addresses

490 views • 23 slides
Dr. OLEKSANDR SAKHARENKO COUNSEL KESAREV CONSULTING ESTIMATION OF THE SIZE OF SHADOW

Dr. OLEKSANDR SAKHARENKO COUNSEL KESAREV CONSULTING ESTIMATION OF THE SIZE OF SHADOW

ESTIMATION OF THE SCALE OF THE SHADOW MARKET IN UKRAINES AGRICULTURE Dr. OLEKSANDR SAKHARENKO COUNSEL KESAREV CONSULTING ESTIMATION OF THE SIZE OF SHADOW LEASE OF AGRICULTURAL LAND BY COMPARING DATA OF STATEGEOCADASTRE AND

896 views • 25 slides
IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at the internet layer. Handles addressing and routing TCP: at the transport layer. Setting up channels (between ports), with traffic control, error-

292 views • 17 slides
Size estimation of orbital debris using a zenith-pointing telescope By : Bikram Pradhan

Size estimation of orbital debris using a zenith-pointing telescope By : Bikram Pradhan

Size estimation of orbital debris using a zenith-pointing telescope By : Bikram Pradhan Supervisor: Prof. Jean Surdej @ 2 nd BINA WORKSHOP [10 th Oct, 2018] A greener planet ? OUTLINE Space awareness Optical observations of Space

377 views • 26 slides
BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec

BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec

Advanced Network Security BGP Joeri de Ruiter Agenda BGP recap BGP security RPKI / ROA BGPsec Startng (almost) from scratch 2 Autonomous systems (AS) Internet is divided into Autonomous Systems (AS) Controlled by

815 views • 39 slides
Similarity Join Size Estimation using Locality Sensitive Hashing Hongrae Lee, Google Inc Raymond

Similarity Join Size Estimation using Locality Sensitive Hashing Hongrae Lee, Google Inc Raymond

Similarity Join Size Estimation using Locality Sensitive Hashing Hongrae Lee, Google Inc Raymond Ng, University of British Columbia Kyuseok Shim, Seoul National University Highly Similar, but not Identical, Data Introduction Finding all

309 views • 30 slides
IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite

IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite

IPsec, BGPsec, DNSSEC Lecture 18 And a bit of Zero-Knowledge Proofs Internet Protocol Suite TCP/IP: Developed in the 70 s IP: at the internet layer. Handles addressing and routing TCP: at the transport layer. Setting up channels (between

418 views • 21 slides
IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite Link layer: ethernet, wifi etc. Internet

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite Link layer: ethernet, wifi etc. Internet

IPsec, BGPsec, DNSSEC Lecture 20 Internet Protocol Suite Link layer: ethernet, wifi etc. Internet layer: addressing and routing Transport layer: Setting up channels (between ports), with traffic control, error-correction etc. TCP/IP for

676 views • 16 slides
Matching Size and Matrix Rank Estimation in Data Streams Sepehr Assadi University of

Matching Size and Matrix Rank Estimation in Data Streams Sepehr Assadi University of

Matching Size and Matrix Rank Estimation in Data Streams Sepehr Assadi University of Pennsylvania Joint work with Sanjeev Khanna (Penn), and Yang Li (Penn) Sepehr Assadi (Penn) JHU Algorithms and Complexity Seminar The Streaming Model

1.74k views • 135 slides
Size Estimation - Statistical Models for Underreporting Gerhard Neubauer, Gordana Djura &

Size Estimation - Statistical Models for Underreporting Gerhard Neubauer, Gordana Djura &

Size Estimation - Statistical Models for Underreporting Gerhard Neubauer, Gordana Djura & Herwig Friedl JOANNEUM RESEARCH and Technical University, Graz useR! 2009, Rennes 8.-10. July 2009 p. 1 1 Introduction useR! 2009, Rennes

601 views • 27 slides
Sample size estimation v. 2018-02 Outline Definition of Power Variables of a power

Sample size estimation v. 2018-02 Outline Definition of Power Variables of a power

Sample size estimation v. 2018-02 Outline Definition of Power Variables of a power analysis Difference between technical and biological replicates Power analysis for: Comparing 2 proportions Comparing 2 means

1.01k views • 61 slides
Estimating Size and Effort Dr. James A. Bednar jbednar@inf.ed.ac.uk

Estimating Size and Effort Dr. James A. Bednar jbednar@inf.ed.ac.uk

Estimating Size and Effort Dr. James A. Bednar jbednar@inf.ed.ac.uk http://homepages.inf.ed.ac.uk/jbednar Dr. David Robertson dr@inf.ed.ac.uk http://www.inf.ed.ac.uk/ssp/members/dave.htm SAPM Spring 2007: Estimation 1 Estimating SW Size and

560 views • 24 slides
Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David

Open Security Controls Assessment Language (OSCAL) Lunch with the OSCAL Developers David Waltermire National Institute of Standards and Technology Teleconference Overview 2 Ground Rules OSCAL Status Summary (5 minutes) Issues

404 views • 11 slides
Long Range Wireless IoT Technologies: Low Power Wide Area Network (LPWAN) vs Cellular ______

Long Range Wireless IoT Technologies: Low Power Wide Area Network (LPWAN) vs Cellular ______

Long Range Wireless IoT Technologies: Low Power Wide Area Network (LPWAN) vs Cellular ______ Anne-Lena Kampen Trondheim 18 th of May 2017 Outline Introduction Long Range Wireless IoT Technologies; characteristics Cellular

638 views • 36 slides
Chiral Bose and Fermi phases in orbital optical lattices W. Vincent Liu University of

Chiral Bose and Fermi phases in orbital optical lattices W. Vincent Liu University of

Seminar, Department of Physics, NYC College of Tech City University of New York, Dec 3, 2015 Chiral Bose and Fermi phases in orbital optical lattices W. Vincent Liu University of Pittsburgh, Pennsylvania Acknowledgement Pitt

248 views • 21 slides
1 JSC2018 Nanotechnology Lecture 3 2 JSC2018 Nanotechnology Lecture 3 3 JSC2018 Nanotechnology

1 JSC2018 Nanotechnology Lecture 3 2 JSC2018 Nanotechnology Lecture 3 3 JSC2018 Nanotechnology

JSC2018 Nanotechnology Lecture 3 1 JSC2018 Nanotechnology Lecture 3 2 JSC2018 Nanotechnology Lecture 3 3 JSC2018 Nanotechnology Lecture 3 4 JSC2018 Nanotechnology Lecture 3 5 JSC2018 Nanotechnology Lecture 3 6 JSC2018 Nanotechnology

303 views • 7 slides
Ne Networ ork M Measur urem emen ent f for ND NDN Davide Pesavento , Omar Ilias El Mimouni,

Ne Networ ork M Measur urem emen ent f for ND NDN Davide Pesavento , Omar Ilias El Mimouni,

Ne Networ ork M Measur urem emen ent f for ND NDN Davide Pesavento , Omar Ilias El Mimouni, Lotfi Benmohamed N ATIONAL I NSTITUTE OF S TANDARDS AND T ECHNOLOGY (NIST) Scenario Network measurements needed for a variety of use cases

67 views • 3 slides
HPC Cloud Floris Sluiter SARA computing & networking services About SARA, NCF and BiG Grid

HPC Cloud Floris Sluiter SARA computing & networking services About SARA, NCF and BiG Grid

HPC Cloud Floris Sluiter SARA computing & networking services About SARA, NCF and BiG Grid The foundation for National Compute Facilities is part of NWO, the Dutch Government Organization for Scientific Research The BiG Grid project is

509 views • 46 slides
Math 211 Math 211 Lecture #32 Harmonic Motion November 10, 2003 2 The Vibrating Spring The

Math 211 Math 211 Lecture #32 Harmonic Motion November 10, 2003 2 The Vibrating Spring The

1 Math 211 Math 211 Lecture #32 Harmonic Motion November 10, 2003 2 The Vibrating Spring The Vibrating Spring Newtons second law: ma = total force. Forces acting: Gravity mg . Restoring force R ( x ) . Damping force D ( v

186 views • 5 slides
Lecture Outline Regeltechniek Previous lecture: representation of dynamic models, transfer func-

Lecture Outline Regeltechniek Previous lecture: representation of dynamic models, transfer func-

Lecture Outline Regeltechniek Previous lecture: representation of dynamic models, transfer func- Lecture 3 Stability analysis and transient response tions and state-space models. Robert Babu ska Today: Delft Center for Systems and

266 views • 8 slides

More recommend