Routing Bottlenecks in the Internet: Causes, Exploits, and - PowerPoint PPT Presentation

Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures Min Suk Kang Virgil D. Gligor ECE Department and CyLab, Carnegie Mellon University Nov 4, 2014

Route Diversity is Critical to Resiliency of Internet Connectivity link-flooding attack rest of … … the world geographic area with poor route diversity 2

Fortunately , most countries have enough route diversity 40 + # of ISPs with direct ≤ 40 international ≤ 10 connectivity ≤ 2 (source: www.renesys.com/2014/02/internetunderfire/) Most countries have 10+ ISPs with international connections => good Internet route diversity Then, do we need to worry about the link-flooding attacks? Unfortunately , YES. 3

Despite high route diversity, Internet connectivity of countries can be degraded • Why ? routing bottleneck the vast majority of Internet routes to chosen destinations concentrated on a small set of links Paper illustrates 1. pervasive phenomenon of routing bottlenecks 2. causes of routing bottlenecks 3. impact of targeted attacks & countermeasures 4

Mincut and Routing Bottleneck mincut , M ( S , D ) geographic routing area bottleneck, B destinations sources (D) (S) | B | ≪ | M (S, D )| e.g. 10 ≪ 1000 routing bottleneck ≠ bandwidth bottleneck 5

Routing Bottlenecks in the current Internet 250 nodes 1,000 measurement for a country in (ratio) randomly PlanetLab Normalized Link Occurrence 0.12 selected 0.12 (in 164 cities working 0.1 B 0.1 (0.80) in 39 servers 0.08 0.08 countries) 0.06 M ( S , D ) 0.06 0.04 0.04 0.02 B 0 0.02 0 10 20 30 40 50 destinations 0 traceroute sources (S) (D) 0 200 400 600 800 1000 1200  high rank low rank  Rank of Links in M ( S , D ) geographic area Link Occurrence 6

Routing Bottlenecks in 15 Countries • link occurrence is accurately modeled by a power-law 1 1 1 Tested Countries Country1 Country2 Country3 (alphabetical) Country4 Country5 Country6 Country7 Country8 Country9 Brazil 0.1 0.1 0.1 Country10 Country11 Country12 Normalized link occurrence Country13 Country14 Country15 Egypt Country1 Country2 Country3 ( β = 7.8) France 0.01 0.01 0.01 Germany Zipf-Mandelbrot India distribution Iran Country1 0.001 0.001 0.001 1 Israel α = 1.31 f(k) = Italy (k + β ) α Japan 0.0001 0.0001 0.0001 Romania Country15 Russia 0.00001 0.00001 0.00001 α = 2.36 S. Korea Taiwan Turkey 0.000001 0.000001 0.000001 1 1 1 10 10 10 100 100 100 1000 1000 1000 10000 10000 10000 UK Rank of Link 7

Routing Bottlenecks in 15 Large Cities • link occurrence is accurately modeled by a power-law 1 1 1 Tested Cities City1 City2 City3 City4 City5 City6 (alphabetical) City7 City8 City9 Beijing City10 City11 City12 0.1 0.1 0.1 City13 City14 City15 Normalized link occurrence Berlin City1 City2 City3 ( β = 7.8) Chicago 0.01 0.01 0.01 Guangzhou Zipf-Mandelbrot Houston distribution London City1 0.001 0.001 0.001 1 Los Angeles α = 1.38 f(k) = Moscow (k + β ) α New York 0.0001 0.0001 0.0001 Paris City15 Philadelphia 0.00001 0.00001 0.00001 α =2.17 Rome Shanghai Shenzhen 0.000001 0.000001 0.000001 1 1 1 10 10 10 100 100 100 1000 1000 1000 10000 10000 10000 Tianjin Rank of Link 8

Causes? An Analogy w/ Word Occurrence Distribution… sentence construction: “Principle of least effort” [Zipf’49, Mandelbrot’53 ] ==> Z-M distribution of word occurrence Speaker word1 word2 … word n route construction: conjecture: route-cost minimization Internet policies ==> Z-M distribution of link occurrence … routers link1 link2 … link n 9

Evidence for Inter-Domain Routing Policy: route-cost minimization • Test: – BGP favors minimum-cost link – policy I: favors min-cost links => AS-level route concentration – policy II: distribute routes uniformly AS $$$ Norm. Link Occurrence AS ? AS* AS $ AS Rank of Inter-AS Links (*) AS: autonomous system 10

Evidence for Intra-Domain Routing • Practice: route-cost minimization • Test: all possible ingress/egress routes – hierarchical topology + shortest path routing => route concentration at – clear Zipf-Mandelbrot distribution backbones Norm. Link Occurrence AS Rank of Intra-AS Links 11

Link Types of Routing Bottlenecks AS 3 IXP … intra-AS inter-AS 3 link locations: … … … … AS 1 AS 2 IXP AS 4 (Internet exchange points) (Global Transits/ 3 AS categories: Tier-1 National Backbones) (regional providers) Tier-2 Tier-2 (customers) Tier-3 Tier-3 Tier-3 Tier-3 12

Link Types of Routing Bottlenecks < Avg. link types of 50 bottleneck links of 15 countries (percentage) > INTRA-AS INTER-AS IXP Not Deter. 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Tier1-Tier1 in Tier-1 in in Tier1-Tier2 in Tier1-Tier3 Tier-2 in inter ( Tier2-Tier2 Tier2-Tier3 inter ( Not Determined inter ( • various link types: intra ( 30 %), inter ( 30 %), and IXP ( 20 %) • 91% of inter/intra-AS links are owned by Tier-1/Tier-2 13

Routing-Bottleneck Exploits Massive Link Flooding e.g., Crossfire attack [IEEE S&P 2013] Link-flooding with indistinguishable attack flows Decoy low-rate attack flows Servers routing-bottleneck link Target Botnets Geographic … … several hops away area (e.g., 40 Gbps = 4 Kbps x 10K bots x 1K decoys) 14

Connectivity Degradation in 15 Countries 1 1 Country15 α = 2.36 0.9 0.9 0.8 0.8 Degradation Ratio 0.7 0.7 0.6 0.6 α = 1.31 0.5 0.5 ( β = 7.8) Country1 0.4 0.4 0.3 0.3 Country1 Country2 Country3 Country4 Country5 Country6 0.2 0.2 Country7 Country8 Country9 Country10 Country11 Country12 0.1 0.1 Country13 Country14 Country15 0 0 0 0 10 10 20 20 30 30 40 40 50 50 Number of Links to Flood 15

Connectivity Degradation in 15 Large Cities 1 1 City15 α = 2.17 0.9 0.9 0.8 0.8 Degradation Ratio 0.7 0.7 α = 1.38 0.6 0.6 City1 ( β = 7.8) 0.5 0.5 0.4 0.4 0.3 0.3 0.2 0.2 City1 City2 City3 City4 City5 City6 City7 City8 City9 City10 0.1 0.1 City11 City12 City13 City14 City15 0 0 0 0 10 10 20 20 30 30 40 40 50 50 Number of Links to Flood 16

Countermeasures • Inter-domain links  Load balancing across parallel  Load balancing across links to links between two ASes [ATC’07] different ASes [SIGCOMM’06] AS2 AS1 AS2 AS1 AS3 AS4 17

Countermeasures • Intra-domain links  Equal-cost multipath (ECMP)  MPLS tunnels Needs real-time MPLS Needs real-time link-weight traffic enginnering (unknown if recent SDN-based re-adjustment solutions can be applied here) AS AS 1 1 2 18

Effectiveness of Countermeasures 4 implementation alternatives: Intra-AS links Inter-AS links Tier-1 ASes Tier-1&2 ASes Reduction of degradation ratio (%) Reduction of degradation ratio (%) Reduction of degradation ratio (%) Reduction of degradation ratio (%) 100 100 100 100 90 90 90 90 80 80 80 80 70 70 70 70 60 60 60 60 50 50 50 50 40 40 40 40 30 30 30 30 20 20 20 20 10 10 10 10 0 0 0 0 • “one type fits all” countermeasures are not very effective • countermeasures at large ISPs (Tier-1&2) are most effective 19

Related Work • Internet topology studies; e.g., CAIDA, DIMES, etc. • Power-law in Internet connectivity ; e.g., [SIGCOMM’99, NATURE’00] • Link-flooding attacks; e.g., Coremelt [ESORICS’09], Crossfire [S&P’13 ] 20

Conclusions • Notion of the routing bottlenecks – they are pervasive (in 15 countries and 15 cities) • Causes: route-cost minimization – very desirable feature of Internet routing • Countermeasures – effective when implemented in large ISPs 21

Thank You Min Suk Kang (minsukkang@cmu.edu) 22