1 / 22

On the Impact of Route Monitor Selection

On the Impact of Route Monitor Selection. Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^. University of Michigan* Purdue University # Carnegie Mellon and Akamai Technologies ^. AS 7018. Internet route monitoring systems. Monitor the Internet routing system

olaf
Download Presentation

On the Impact of Route Monitor Selection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang# Z. Morley Mao* Y. Charlie Hu# Bruce M. Maggs^ University of Michigan* Purdue University# Carnegie Mellon and Akamai Technologies^

  2. AS 7018 Internet route monitoring systems • Monitor the Internet routing system • Establish passive, default-free BGP sessions with many networks • Collect real-time BGP updates and periodic table snapshots • Discover dynamic changes (e.g., misconfigs, routing attacks) • Example public systems: RouteViews and RIPE Route monitor “I can reach 141.213.15.0/24” via DE “I can reach 141.213.15.0/24” via AE AS 3561 AS 174 AS 701 AS 1239 Prefix 141.213.15.0/24 Internet

  3. AS 7018 Limited coverage • Coverage and representativeness • Only monitor a subset of ASes in the Internet • Only monitor at most one router in each AS • Difficulties in obtaining full coverage • Scalability and privacy concerns “I can reach 141.213.15.0/24” via CFG Route monitor “I can reach 141.213.15.0/24” via CDG AS 174 AS 3561 AS 701 AS 1239 AS 237 AS 105 Internet

  4. AS 7018 Limited visibility on IP Hijacking detection • The accuracy of detection depends on route monitor systems’ visibility • Example problems caused by limited visibility • IP prefix hijacking: ASG hijacks ASE’s prefix • Missed The route monitor system does not cover polluted ASes Route monitor Prefix p’s origin AS is E Prefix p’s origin AS has changed to be G Path[p] = CE Path[p] = BE Path[p] = CE Path[p] = AG Path[p] = DE Path[p] = BE Path[p] = ABE AS 174 Path[p] = DE AS 3561 AS 701 AS 1239 Hijack: Path[p] = G AS 237 AS 105 Prefix p Path[p] = FG Path[p] = G Path[p] = E Path[p] = FGDE Path[p] = GDE

  5. Motivation • Many research studies rely on BGP data from public route monitors: • Network topology discovery, AS relationship inference, AS level path prediction, etc. • The limitation of coverage and representativeness of the monitors is critical to their results. • Obtaining full coverage is difficult in practice. • Understanding limitation can assist improved route monitor placement.

  6. Outline • Motivation • Methodology • Discovery of static network properties • Discovery of dynamic network properties • Inference of network properties

  7. Methodology • Data collection • Public BGP monitoring vantage points: RouteViews and RIPE • Private peering vantage points: 200 distinct ASes • Comparison across different combinations of vantage points • Monitor selection schemes • Random: select monitor nodes randomly • Degree based: select the node with largest degree • Greedy: select the node with largest unobserved links • Address block based: select the node originating largest IP addresses

  8. Outline • Motivation • Methodology • Discovery of static network properties • Discovery of dynamic network properties • Inference of network properties

  9. Static network properties • Network topology discovery • IP prefix to origin AS mappings • Identifying stub AS and its providers • Multi-homed ASes • Observed AS paths

  10. Network topology discovery • The number of observed AS level links • Greedy based selection performs best

  11. Multi-homed ASes discovery • Discover multi-homed ASes to understand edge network resilience • Greedy based scheme performs best: additional discovered links help discover multi-homed stub ASes

  12. Outline • Motivation • Methodology • Discovery of static network properties • Discovery of dynamic network properties • Inference of network properties

  13. Dynamic network properties • Routing instability monitoring • Number of routing updates observed • IP prefix hijacking detection • The visibility of inconsistent origin ASes across routing updates

  14. Routing instability monitoring • Fraction of BGP routing events observed by the set of vantage points • Huge difference between random and other three: core networks are more likely to observe network instabilities

  15. IP Prefix hijacking detection • Detected hijacking: as long as one vantage point can observe hijacked routes • Greedy based scheme performs slightly better With 10 vantage points deployed, 0.35% of all possible attacker- victim pairs can evade detection

  16. Outline • Motivation • Methodology • Discovery of static network properties • Discovery of dynamic network properties • Inference of network properties

  17. Inference of network properties • AS relationship inference • Commonly used Gao’s degree-based relationship inference [Gao00] • AS-level path prediction • AS-relationship based profit-driven AS path inference [Mao05] • AS-relationship-independent path prediction [Muhlbauer06]

  18. AS relationship inference and path prediction • Accuracy: comparing the predicted paths with the observed paths • More vantage points may not increase the accuracy

  19. AS relationship inference and path prediction – further explanation • More vantage points may not increase the accuracy • It may be due to nature of the degree-based relationship inference • We study the changes of the top degree node per path • More vantage points do not consistently improve the estimation of the top degree nodes

  20. Conclusion • Examined the route monitor placement impact on various applications • Evaluated four simple placement schemes • Demonstrated the limitation of studies relying on the existing monitoring system • Future work: develop a better placement technique.

  21. Thank you! Questions?

  22. AS relationship-independent path prediction • Recent proposed path prediction algorithm not relying on AS relationships • Matched percentage of unobserved does not increase with more monitors

More Related