1 / 25

Preliminary Measurement Results on Highly Active Prefixes in BGP Routing

Preliminary Measurement Results on Highly Active Prefixes in BGP Routing. Ricardo Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang UCLA November 9, 2004. Why measure Highly Active (HA) prefixes. Observations from some previous work

barbra
Download Presentation

Preliminary Measurement Results on Highly Active Prefixes in BGP Routing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Preliminary Measurement Resultson Highly Active Prefixes in BGP Routing Ricardo Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang UCLA November 9, 2004

  2. Why measure Highly Active (HA) prefixes • Observations from some previous work • "BGP routing stability of popular destinations" by Rexford et al, IMW 2002 • "Observation and analysis of BGP behavior under stress" by Wang et al, IMW 2002 • Is this HA phenomenon common among all ASes? • How long has it existed? • And who are the HAs? UCLA

  3. Approach • Got BGP logs from RouteViews (RV) (zebra box) • Dataset: 10/26/01 — 8/31/04 • Removed update messages potentially due to BGP session reset • over this (near) 3-year time period • looked through all the updates from 4 peers • Looked through all the updates from all 33 peers for 2 random months Peer RV multihop BGP peering session UCLA

  4. How to define HA UCLA

  5. HA phenomenon is persistent over time 1/1/03 Blaster(8/11/03) slammer UCLA

  6. HAs contribute a big chunk of updates UCLA

  7. # of HAs seen by each of 33 peers (5/04) • Fig 5 UCLA

  8. # of HAs seen by each of 33 peers (10/04) 146370 (peer 12.0.1.63) UCLA

  9. # of HAs seen by multiple peers (May 1-5) 5/3/04 UCLA

  10. # of HAs seen by multiple peers(May'04) UCLA

  11. More on common HAs seen in May04 • The origin Ases of the common HAs: 144 common HAs came from 58 origin ASes • AS5786: 39; AS11139: 18; the rest: originated1 - 4 • Lifetime of these common HAs UCLA

  12. How many days a HA active? > 700 UCLA

  13. Prefix length distribution of HAs with lifetime > 20 days UCLA

  14. Some /8's: Stability or lack of it[10/26/01-- 8/31/04] # of highly active days 129.250.0.11 144.228.241.81 199.74.221.1 204.42.253.253 3.0.0.0/8 204 136 186 175 61.0.0.0/8 148 71 178 15 62.0.0.0/8 39 1 11 1 63.0.0.0/8 120 31 70 83 64.0.0.0/8 62 4 56 48 65.0.0.0/8 20 1 41 6 67.0.0.0/8 72 0 0 11 80.0.0.0/8 383 297 299 314 81.0.0.0/8 157 4 4 93 82.0.0.0/8 144 34 128 28 UCLA

  15. Does the set of HAs change over time? End of dataset (8/31/04) UCLA

  16. Who are those persistent HAs? • Case 1: BGP Beacons • 1 update/2-hour, interleaving announce/withdrawal • 12 updates/day generated from the origin UCLA

  17. Slow convergence: one example Took almost 3 min beacon 195.80.227/24 seen at one peer Time type AS path 1099000967 W 1099008081 A 1239 3257 3257 28747 12654 1099008111 A 1239 8928 25232 12654 1099015221 A 1239 3356 25232 12654 1099015247 A 1239 701 6762 12654 1099015304 A 1239 701 6762 12654 (community change) 1099015329 A 1239 7018 8220 513 3320 702 13030 12654 1099015364 A 1239 7018 8220 513 3320 702 13030 12654 1099015387 W 30 sec UCLA

  18. slow convergence: another example 8 updates in 53 sec beacon 195.80.227/24 seen at another peer Time type AS path 1099245759 W 1099252820 A 2914 12654 1099260008 A 2914 6453 12654 1099260009 A 2914 13237 12654 1099260027 A 2914 6453 12654 1099260031 A 2914 6453 12654(duplicate) 1099260032 A 2914 6453 12654 1099260035 A 2914 6453 12654 1099260042 A 2914 6453 12654 1099260061 W MRAI timer off UCLA

  19. Histogram of updates/day UCLA

  20. Prefix #days Average active #updates/day +-----------------+-----+-----+---+---+ | 195.80.225.0/24 | 702 | 97 |622|114| | 195.80.229.0/24 | 700 | 105 |606|100| | 195.80.227.0/24 | 699 | 81 |579| 92| | 192.135.183.0/24| 676 | 34 |418| 92| | 195.80.231.0/24 | 612 | 49 |277| 69| | 195.80.226.0/24 | 533 | 79 |124| 68| | 195.80.235.0/24 | 134 | 65 | 72| 66| +-----------------+-----+-----+---+---+ Other beacons' update counts[10/26/01-- 8/31/04] #HA days UCLA

  21. Another example: a small set of /24 HAs • Seen by one peer: some # /24's from Universite de Brest • Highly active since Dec'01 (stopped before Octobor'04) • May'04: 9 of 33 RV peers observed high update counts during the month +----------------+---------+---------+---------+ | peers | average | maximum | minimum | +----------------+---------+---------+---------+ | 144.228.241.81 | 336 | 424 | 263 | | 12.0.1.63 | 367 | 431 | 250 | | 206.24.210.26 | 270 | 433 | 53 | | 204.42.253.253 | 163 | 490 | 59 | | 147.28.255.1 | 174 | 491 | 61 | | 4.68.0.243 | 456 | 571 | 315 | | 129.250.0.11 | 225 | 596 | 79 | | 193.251.128.22 | 533 | 603 | 370 | | 208.51.113.254 | 284 | 713 | 79 | +----------------+---------+---------+---------+ UCLA

  22. Yet another example ofhighly active, long lasting prefix Early 2003 The origin AS generated >1000 updates/day for 8 days (>2000 for 3 days) UCLA

  23. Yet another example • one /24 prefix was active for 12 consecutive days, 6011 updates/day average ( 11 sec/update) • The peaks: > 12,000 updates on 11/6/03 • Looked all the 33 peers on 11/6/03: 6 classified this prefix as HA • 2 routers saw 12K, 8K updates respectively • One router observed flapping between 2 routes • the other : flapping among 5 routes • The other 4 peers saw 49-59/day • the rest 27 peers didn’t catch this prefix as HA UCLA

  24. What kinds of updates? Seen by one peer, October 2004: 188.1.0.0/16: HA for 254 days [Oct'01-Aug'04]. 66.150.140.0/23: HA for 542 days [Oct'01-Aug'04]. UCLA

  25. Ongoing Effort • Your suggestions go here • Continue the monitoring effort • Identify the causes of HAs • for prefixes that are originated by RV's direct peers, comparing local view and remote views of prefixes to better identify slow convergence and damping effect UCLA

More Related