DOCSLIB.ORG

Services Load Balancer for a Software Defined

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Services Load Balancer for a Software Defined Services Load Balancer for a Software Defined IXP Miguel Oliveira Rodrigues dos Santos Thesis to obtain the Master of Science Degree in Electrical and Computer Engineering Supervisors: Prof. Rui Antonio´ dos Santos Cruz Prof. Paulo Rogerio´ Barreiros d’Almeida Pereira Examination Committee Chairperson: Prof. Antonio´ Manuel Raminhos Cordeiro Grilo Supervisor: Prof. Rui Antonio´ dos Santos Cruz Member of the Committee: Prof. Joao˜ Lu´ıs Da Costa Campos Gonc¸alves Sobrinho November 2017 Acknowledgments I would like to thank my parents for their patience and support. To my whole family - each and every one of you had a unique role in this thesis. To Miguel Dias, Andre´ Pinho and Pedro Sacadura Botte for the after-work hours. A special thank you goes to Shams Valibhai for borrowing his technical knowledge and putting up with endless discussions that helped me improve my thesis. I would also like to acknowledge my supervisor Prof. Rui Santos Cruz for his guidance and expertise. To each and every one of you – Thank you. Abstract Border Gateway Protocol (BGP) has been used and studied for more than two decades. While its ubiquity makes it almost irreplaceable, its lack of flexibility is becoming more and more apparent. The advent of Software Defined Networking (SDN) technology opens new opportunities to scale interdomain routing. Industrial-scale Software Defined Internet Exchange Point (iSDX) is an implementation of an Internet Exchange Point (IXP) using SDN to emulate the usual features of an IXP. For a new technology to be useful, it cannot simply emulate the functionality of an old one; it has to excel at the old tasks and bring in new capabilities. This thesis extends iSDX to provide added value to the customers. In particular, it studies how to implement new services at the IXP in a scalable fashion. The study results in an implementation of a Services Load Balancer provided by the iSDX. Keywords Routing, Load Balancing, Ryu, Software Defined Networking (SDN), Internet Exchange Point (IXP), Industrial-scale Software Defined Internet Exchange Point (iSDX). iii Resumo O protocolo Border Gateway Protocol (BGP) e´ usado e estudado ha´ mais de duas decadas.´ A sua omnipresenc¸a na internet torna-o quase insubstitu´ıvel, mas a sua falta de flexibilidade e´ cada vez mais clara. O advento da tecnologia Software Defined Networking (SDN) abre novas oportunidades para escalar o encaminhamento inter-dom´ınio. Industrial-scale Software Defined Internet Exchange Point (iSDX) e´ uma implementac¸ao˜ de um Internet Exchange Point (IXP) que usa SDN para emular as funcionalidades mais comuns de um IXP. Mas para uma tecnologia ser util,´ nao˜ basta emular uma tecnologia anterior; tem de a superar. Esta tese estende a implementac¸ao˜ do iSDX para que esta possa oferecer novos servic¸os aos clientes do IXP. Em particular, estuda como implementar novos servic¸os de forma escalavel.´ O estudo e´ concretizado com um exemplo: um Balanceador de Servic¸os incorporado no iSDX. Palavras Chave Encaminhamento, Balanceamento de carga, Ryu, Software Defined Networking (SDN), Internet Ex- change Point (IXP), Industrial-scale Software Defined Internet Exchange Point (iSDX). v Contents 1 Introduction 1 1.1 A quick peek at the history of the Internet...........................3 1.2 Problem statement........................................4 1.3 Objective.............................................5 1.4 Contributions...........................................5 1.5 Document Structure.......................................5 2 State of the art 7 2.1AS internetworking........................................9 2.2 Peering.............................................. 11 2.2.1 Why peer?........................................ 11 2.2.2 How peering works.................................... 12 2.3 Internet Exchange Points.................................... 13 2.3.1 IXP operation....................................... 14 2.3.2 IXP’s business model.................................. 15 2.3.2.A Costs for customers.............................. 15 2.3.2.B Is it really cheaper than transit networks?.................. 15 2.3.3 European versus U.S. Internet Exchanges....................... 15 2.3.4 IXP architecture..................................... 16 2.3.5 A deeper look into remote peering........................... 18 2.3.5.A Remote Peering networking principles.................... 18 2.4 Anti-social peering practices................................... 18 2.4.1 Static next-hop misconfiguration............................ 19 2.4.2 Stealing traffic by announcing more specific prefixes................. 19 2.5 Software Defined Networking (SDN).............................. 20 2.5.1 The SDN architecture.................................. 21 2.5.2 Current status of SDN................................. 22 2.5.3 SDN Technologies: OpenFlow............................. 22 vii 2.5.4 SDN Technologies: Ryu SDN Framework....................... 23 2.5.5 Implementation of a learning switch using Ryu.................... 23 2.5.6 IXPs–The killer app for SDN.............................. 27 3 Related Work 29 3.1 SDX: A software defined IXP.................................. 31 3.2 iSDX: An Industrial-Scale Software Defined Internet Exchange Point............ 33 3.2.1 Scaling.......................................... 33 3.2.1.A Decomposing the IXP fabric into four tables................. 33 3.2.1.B Statically encoding BGP routing information in a tag............ 36 3.2.2 Architecture of the iSDX................................. 37 3.2.3 Critique of iSDX design................................. 38 3.2.3.A Security: is offloading responsibilities to participants’ routers a good idea? 38 3.2.3.B Scalability: Limitations concerning the number of participants....... 39 3.2.3.C Routing correctness.............................. 40 3.3 Current status of SDX technology................................ 40 4 Design and Development of a Service Load Balancer in the iSDX 43 4.1 Load Balancing in general–features and modes........................ 45 4.2 SDN-based load balancing................................... 46 4.3 Applying SDN-based load balancing to the iSDX....................... 47 4.3.1 Reasoning about a proactive implementation..................... 48 4.3.2 Reasoning about a reactive implementation...................... 49 4.3.3 Adding reactive load balancing while keeping previous functionality......... 50 4.3.4 Load distribution methods................................ 51 4.4 Design Rationale of iSDX Service Load Balancer....................... 52 4.4.1 Controller Logic...................................... 52 4.4.2 Configuring the iSDX Load Balancer.......................... 54 4.5 Development Process of the iSDX Service Load Balancer.................. 55 4.5.1 Test Environment Setup................................. 55 4.5.2 Development and Test Environment.......................... 56 4.5.3 Implementing load distribution methods........................ 57 4.5.4 Implementing the Controller Logic........................... 60 5 Validation of the implementation 63 5.1 Connectivity checks and bandwidth testing.......................... 65 5.2 Load balancing.......................................... 66 viii 6 Conclusion 71 6.1 Conclusions............................................ 73 6.2 System Limitations and Future Work.............................. 73 ix x List of Figures 2.1 Example of the propagation of routing information...................... 10 2.2 Daily traffic in AMS-IX between 31-Jan-2017 and 02-Feb-2017............... 13 2.3 Direct peering........................................... 17 2.4 Remote peering......................................... 17 2.5 Static next-hop misconfiguration................................ 19 2.6 Stealing traffic by announcing more specific prefixes..................... 20 2.7 SDN Architecture......................................... 21 2.8 A simple Mininet topology with Ryu Controller......................... 24 3.1 Multi-table scheme in the iSDX................................. 35 3.2 Setup of an inbound policy bypass attack........................... 39 3.3 A forwarding loop caused by two seemingly unrelated policies................ 40 4.1 Sample configuration of a load balanced service....................... 47 4.2 Table pipeline for the load balanced service.......................... 51 4.3 Development and Test environment............................... 56 5.1 Network used for testing purposes............................... 65 5.2 Distribution of sessions by the servers using a Round Robin load balancing approach.. 67 5.3 Distribution of sessions by the servers using a Weighted Round Robin load balancing approach............................................. 68 5.4 Distribution of sessions by the servers using a random load balancing approach..... 68 5.5 Distribution of sessions by the servers using a weighted random load balancing approach 69 xi xii List of Tables 2.1 Routing Policies......................................... 10 2.2 Internet Transit Prices...................................... 16 List of Algorithms 4.1 Installing static flow entries in the controller........................... 53 4.2 Installing static flow entries in the hardware to handle traffic targeted at the anycast Internet Protocol (IP) address....................................... 53 4.3 Installing static flow entries in the hardware to handle traffic coming from the anycast IP address............................................... 53 xiii xiv Listings 2.1 IPv6 ping from Cogent’s looking-glass server to Hurricane
Load more

Recommended publications
  • Inter-AS Routing Anomalies: Improved Detection and Classification*
    2014 6th International Conference on Cyber Confl ict Permission to make digital or hard copies of this publication for internal use within NATO and for personal or educational use when for non-profi t or non-commercial P.Brangetto, M.Maybaum, J.Stinissen (Eds.) purposes is granted providing that copies bear this notice and a full citation on the 2014 © NATO CCD COE Publications, Tallinn first page. Any other reproduction or transmission requires prior written permission by NATO CCD COE. Inter-AS Routing Anomalies: Improved Detection and Classifi cation* Matthias Wübbeling Michael Meier Fraunhofer FKIE Fraunhofer FKIE & University of Bonn & University of Bonn Bonn, Germany Bonn, Germany [email protected] [email protected] Till Elsner Fraunhofer FKIE & University of Bonn Bonn, Germany [email protected] Abstract: Based on the interconnection of currently about 45.000 Autonomous Systems (ASs) the Internet and its routing system in particular is highly fragile. To exchange inter-AS routing information, the Border Gateway Protocol (BGP) is used since the very beginning, and will be used for the next years, even with IPv6. BGP has many weaknesses by design, of which the implicit trust of ASs to each other AS is the most threatening one. Although this has been topic on network security research for more than a decade, the problem still persists with no solution in sight. This paper contributes a solution to stay up to date concerning inter- AS routing anomalies based on a broad evidence collected from different publicly available sources. Such an overview is necessary to question and to rely on the Internet as a basis in general and must be a part of every cyber defense strategy.
    [Show full text]
  • EC Ipv6 Cluster Demonstrations at the Madrid 2003 Global Ipv6 Summit
    Document Version Title: and date: EC IPv6 Cluster 0.5 Demonstrations at the Madrid 2003 Global IPv6 Summit 12/05/2003 Date: Project Acronym: Project Title: 12/05/2003 6LINK IPv6 Projects United Contributing Projects: 6LINK (http://www.6link.org) 6POWER (http://www.6power.org) 6QM (http://www.6qm.org) Euro6IX (http://www.euro6ix.org) Eurov6 (http://www.eurov6.org) Abstract: This document summarizes all the demonstrations that will be showed at the Madrid 2003 Global IPv6 Summit, 12-14th May 2003. The aim of the document is to show the IPv6 advantages and also that it is now easily deployable and a wide range of applications and services supports it. The Madrid 2003 Global IPv6 Summit has been a good opportunity for several IST projects for showing their public trials. Thus, each project has presented its own achievements according to its goals. Keywords: IPv6 Demonstrations 6LINK EC IPv6 Cluster: Demonstrations at the Madrid 2003 Global IPv6 Summit Revision History Revision Date Description Author (Organization) v0.1 08/05/2003 Document creation Miguel Angel Díaz (Consulintel) v0.2 09/05/2003 Added new demos descriptions Miguel Angel Díaz (Consulintel) v0.3 09/05/2003 Added new demos descriptions Miguel Angel Díaz (Consulintel) v0.4 10/05/2003 Added the latest demos descriptions Miguel Angel Díaz (Consulintel) v0.5 12/05/2003 Final Review Jordi Palet (Consulintel) 12/05/2003 – v0.5 Page 2 of 32 6LINK EC IPv6 Cluster: Demonstrations at the Madrid 2003 Global IPv6 Summit Table of Contents 1. Introduction ........................................................................................................................6
    [Show full text]
  • Using Forgetful Routing to Control BGP Table Size
    Using Forgetful Routing to Control BGP Table Size Elliott Karpilovsky Jennifer Rexford Computer Science Department Computer Science Department Princeton University Princeton University [email protected] [email protected] ABSTRACT prefixes1. A router stores the BGP routes it learns for each Running the Border Gateway Protocol (BGP), the Inter- destination prefix in a routing table, known as a Routing net’s interdomain routing protocol, consumes a large amount Information Base (RIB), and selects a single “best” route of memory. A BGP-speaking router typically stores one or for forwarding data traffic; all other routes are “alternates,” more routes, each with multiple attributes, for more than used when the primary path becomes unavailable. Upon 170,000 address blocks, and growing. When the router does running out of memory for storing the routing table, today’s not have enough memory to store a new route, it may crash BGP-speaking routers crash, stop accepting new informa- or enter into other unspecified behavior, causing serious dis- tion, or enter some indeterminate state, leading to serious ruptions for the data traffic. In this paper, we propose a new disruptions in the end-to-end delivery of data traffic [1]. In mechanism for routers to handle memory limitations with- this paper, we propose and evaluate a new technique for out modifying the underlying routing protocol and without containing the size of a BGP routing table, while remaining negatively affecting convergence delay. Upon running out of backwards compatible with the BGP protocol. memory, the router simply discards information about some In the remainder of this section, we discuss the memory alternate routes, and requests a “refresh” from its neighbors constraints on routers and the limitations of existing reme- later if necessary.
    [Show full text]
  • Stony Brook University
    SSStttooonnnyyy BBBrrrooooookkk UUUnnniiivvveeerrrsssiiitttyyy The official electronic file of this thesis or dissertation is maintained by the University Libraries on behalf of The Graduate School at Stony Brook University. ©©© AAAllllll RRRiiiggghhhtttsss RRReeessseeerrrvvveeeddd bbbyyy AAAuuuttthhhooorrr... Measuring Routing Policies on the Internet A Thesis presented by Mohammad Haseeb Niaz to The Graduate School in Partial Fulfillment of the Requirements for the Degree of Master of Science in Computer Science Stony Brook University May 2015 Stony Brook University The Graduate School Mohammad Haseeb Niaz We, the thesis committee for the above candidate for the Master of Science degree, hereby recommend acceptance of this thesis Phillipa Gill - Thesis Advisor Assistant Professor, Computer Science Department Aruna Balasubramanian - Thesis Committee Member Assistant Professor, Computer Science Department Samir R. Das - Thesis Committee Member Professor, Computer Science Department This thesis is accepted by the Graduate School Charles Taber Dean of the Graduate School ii Measuring Routing Policies on the Internet by Mohammad Haseeb Niaz Submitted to the Department of Computer Science in partial fulfillment of the requirements for the degree of Master of Science in Computer Science Stony Brook University May 2015 Abstract Models of Internet routing are critical for studies of Internet security, reliability and evolution, which often rely on simulations of the Internet’s routing system. Accurate models are difficult to build and suffer from a dearth of ground truth data, as ISPs often treat their connectivity and routing policies as trade secrets. In this environment, researchers rely on a number of simplifying assumptions and models proposed over a decade ago, which are widely criticized for their inability to capture routing policies employed in practice.
    [Show full text]
  • Systems for Improving Internet Availability and Performance
    Systems for Improving Internet Availability and Performance Ethan B. Katz-Bassett A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy University of Washington 2012 Program Authorized to Offer Degree: Computer Science and Engineering University of Washington Graduate School This is to certify that I have examined this copy of a doctoral dissertation by Ethan B. Katz-Bassett and have found that it is complete and satisfactory in all respects, and that any and all revisions required by the final examining committee have been made. Co-Chairs of the Supervisory Committee: Thomas E. Anderson Arvind Krishnamurthy Reading Committee: Thomas E. Anderson Arvind Krishnamurthy David Wetherall Date: In presenting this dissertation in partial fulfillment of the requirements for the doctoral degree at the University of Washington, I agree that the Library shall make its copies freely available for inspection. I further agree that extensive copying of this dissertation is allowable only for scholarly purposes, consistent with “fair use” as prescribed in the U.S. Copyright Law. Requests for copying or reproduction of this dissertation may be referred to Proquest Information and Learning, 300 North Zeeb Road, Ann Arbor, MI 48106-1346, 1-800-521-0600, to whom the author has granted “the right to reproduce and sell (a) copies of the manuscript in microform and/or (b) printed copies of the manuscript made from microform.” Signature Date University of Washington Abstract Systems for Improving Internet Availability and Performance Ethan B. Katz-Bassett Co-Chairs of the Supervisory Committee: Professor Thomas E. Anderson Department of Computer Science and Engineering Associate Professor Arvind Krishnamurthy Department of Computer Science and Engineering The Internet’s role in our lives continues to grow, but it often fails to provide the availability and performance demanded by our increasing reliance on it.
    [Show full text]
  • Internet Topology
    Internet Topology Comparing different approaches of inferring AS relationships Beatrice Huber Master Thesis September 15, 2003 – March 14, 2004 Supervising Professor: Prof. Dr. Roger Wattenhofer Supervising Assistant: Regina O’Dell Preface Abstract The Routing in the Internet is strongly affected by the business relationships between administrative domains (Autonoumous Systems, AS). This paper compares existing approaches inferring such relationships to each pair of directly connected ASes and proposes modifications. Starting from an algorithm based on the degree of an AS [1] to infer the importance of an AS, we introduce three alternative measures: First, the range of IP address space assigned to the AS; second, the number of important websites (rated by GOOGLE) and third, the number of users having an IP belonging to the AS (approximated by Gnutella log-files). We also analyze a rank based algorithm [2] that uses routing tables from dif- ferent vantage points. Additionally, we propose a new approach to infer rela- tionships by parsing the WHOIS Databases. This has the advantage that much more peering relationships are revealed and is the simplest way to a obtain a global view on the AS graph. Common problems arising are discussed and relationships resulting from the algorithms are compared. Acknowledgment I am grateful to all people who supported me in writing this thesis, especially my tutor Simon Leinen who gave lots of helpful ideas. I am much obliged to Regina O’Dell who gave me always the needed support and proof read the paper again and again. I am also grateful to Prof. Roger Wattenhofer and his team.
    [Show full text]
  • A Study on the Costing, Operational Principles and Modalities of a Proposed South Pacific Internet Exchange
    A Study on the Costing, Operational Principles and Modalities of a Proposed South Pacific Internet Exchange August 2020 The Economic and Social Commission for Asia and the Pacific (ESCAP) serves as the United Nations’ regional hub promoting cooperation among countries to achieve inclusive and sustainable development. The largest regional intergovernmental platform with 53 Member States and 9 Associate Members, ESCAP has emerged as a strong regional think-tank offering countries sound analytical products that shed insight into the evolving economic, social and environmental dynamics of the region. The Commission’s strategic focus is to deliver on the 2030 Agenda for Sustainable Development, which it does by reinforcing and deepening regional cooperation and integration to advance connectivity, financial cooperation and market integration. ESCAP’s research and analysis coupled with its policy advisory services, capacity building and technical assistance to governments aims to support countries’ sustainable and inclusive development ambitions. The shaded areas of the map indicate ESCAP members and associate members. Disclaimer: The report has been prepared in support of the development of the AP-IS and inclusive development. The findings should not be reported as representing the views of the United Nations. The views expressed herein are those of the author. This working paper has been issued without formal editing, and the designations employed and material presented do not imply the expression of any opinion whatsoever on the part of the Secretariat of the United Nations concerning the legal status of any country, territory, city or area, or of its authorities, or concerning the delimitation of its frontiers or boundaries.
    [Show full text]
  • Desenvolvimento De Sistema Para Monitoramento De Redes De Computadores E Servidor Looking Glass
    Desenvolvimento de Sistema para Monitoramento de Redes de Computadores e Servidor Looking Glass Ednardo Ferreira de Miranda Rio de Janeiro, RJ - Brasil 22 de Novembro de 2013 ii Desenvolvimento de Sistema para Monitoramento de Redes de Computadores e Servidor Looking Glass Ednardo Ferreira de Miranda Disserta¸c~ao apresentada a Coordena¸c~aode Forma¸c~aoCient´ıfica do Centro Brasileiro de Pesquisas F´ısicas para a obten¸c~ao do t´ıtulo de Mestre no programa Mestrado Profissional em F´ısicacom ^enfaseem Intrumenta¸c~aoCient´ıfica. Membros da banca examinadora: Nilton Alves J´unior,D.Sc. - (Orientador) M´arcioPortes de Albuquerque, D.Sc. - (CBPF) Artur Ziviani, D.Sc. - (LNCC) Rio de Janeiro, RJ - Brasil 22 de Novembro de 2013 Dedicat´oria: A` minha fam´ılia que sempre me apoiou em minhas decis~oes. iii Resumo Neste trabalho, s~aodescritos dois sistemas de informa¸c~ao,com finalida- des de apoiar a tomada de decis~aona ´area de monitora¸c~aoe ger^enciade dispositivos de rede. Em ambos os sistemas foram utilizados diferentes mecanismos computaci- onais, voltados principalmente para ambientes de internet, sendo o principal, o conjunto LAMP: sistema operacional Linux, servidor HTTP Apache, banco de dados MySQL e linguagem de programa¸c~aoPHP. Com o primeiro sistema de informa¸c~aofoi poss´ıvel armazenar, caracterizar e quantificar em gr´aficos, diferentes par^ametrosde monitoramento nos equipamentos de rede do projeto RedeRio de Computadores. Al´emdisto, o sistema mant´emuma base de dados com informa¸c~oesad- ministrativas das fontes de informa¸c~aoque alimentam o sistema, resumidas em empresas p´ublicasassociadas ao projeto.
    [Show full text]
  • BGP-Multipath Routing in the Internet
    BGP-Multipath Routing in the Internet Jie Li 1 2, Vasileios Giotsas 3, Yangyang Wang 4 and Shi Zhou July 26, 2021 arXiv:2107.10938v1 [cs.NI] 22 Jul 2021 1This work was supported by China Scholarship Council (CSC) with grant no. 201406060022. 2Jie Li and Shi Zhou are with Department of Computer Science, University College London (UCL), London, UK (emails: [email protected] & [email protected]). 3Vasileios Giotsas is with School of Computing and Communications, Lancaster University, Lancaster, UK (email: [email protected]). 4Yangyang Wang is with Institute for Network Sciences and Cyberspace, Beijing National Research Center for Information Science and Technology (BNRist), Tsinghua University, Beijing, China (email: [email protected]). Abstract BGP-Multipath (BGP-M) is a multipath routing technique for load balanc- ing. Distinct from other techniques deployed at a router inside an Autonomous System (AS), BGP-M is deployed at a border router that has installed multiple inter-domain border links to a neighbour AS. It uses the equal-cost multi-path (ECMP) function of a border router to share traffic to a destination prefix on different border links. Despite recent research interests in multipath routing, there is little study on BGP-M. Here we provide the first measurement and a comprehensive analysis of BGP- M routing in the Internet. We extracted information on BGP-M from query data collected from Looking Glass (LG) servers. We revealed that BGP-M has already been extensively deployed and used in the Internet. A particular ex- ample is Hurricane Electric (AS6939), a Tier-1 network operator, which has implemented >1,000 cases of BGP-M at 69 of its border routers to prefixes in 611 of its neighbour ASes, including many hyper-giant ASes and large content providers, on both IPv4 and IPv6 Internet.
    [Show full text]
  • Improving the Accuracy of the Internet Cartography
    Improving the Accuracy of the Internet Cartography Vasileios Giotsas A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy of University College London. Department of Computer Science University College London November 21, 2014 2 I, Vasileios Giotsas, confirm that the work presented in this thesis is my own. Where information has been derived from other sources, I confirm that this has been indicated in the work. Abstract As the global Internet expands to satisfy the demands of the ever-increasing con- nected population, profound changes are occurring in its interconnection structure. The pervasive growth of IXPs and CDNs, two initially independent but synergistic infras- tructure sectors, have contributed to the gradual flattening of the Internet’s inter-domain hierarchy with primary routing paths shifting from backbone networks to peripheral peering links. At the same time the IPv6 deployment has taken off due to the depletion of unallocated IPv4 addresses. These fundamental changes in Internet dynamics has obvious implications for network engineering and operations, which can be benefited by accurate topology maps to understand the properties of this critical infrastructure. This thesis presents a set of new measurement techniques and inference algorithms to construct a new type of semantically rich Internet map, and improve the state of the art in Internet cartography. The author first develops a methodology to extract large- scale validation data from the Communities BGP attribute, which encodes rich routing meta-data on BGP messages. Based on this better-informed dataset the author pro- ceeds to analyse popular assumptions about inter-domain routing policies and devise a more accurate model to describe inter-AS business relationships.
    [Show full text]
  • Analysis of BGP Routing Tables
    Analysis of BGP Routing Tables Ayesha Gandhi Routing Tables Routing Tables Î Next Hop Routing Table Entry: IP Address Prefix Next Hop Prefix can range be up to 32 bits Updating Techniques: Distance Vector (BGP: Path Vector) Link State Autonomous Systems Internet Æ Set of Autonomous Systems (AS) At the boundary of each AS, border routers exchange reachability information to destination IP address blocks or prefixes in that domain. The commonly used protocol for exchanging this information is the Border Gateway Protocol, version 4 (BGP4). AS’s and Border Routers BGP4 Series of Announcements Æ Routing Information Routing Information Æ Withdrawals/Updates Updates Î New Network Attachment Change Network Route to a Destination Routing Looking Glass It is useful for network operators to see routing views of other networks. A common tool to provide this is the RLG. An RLG is a diagnostic tool deployed by a network provider to give a limited view of that provider's internal network state. Facilitates the debugging of end-to-end problems without exposing sensitive information. Examples Merit IP Plus Looking Glass Server Oregon Route Views Project Originally conceived as a tool for Internet operators to obtain real-time information about the global routing system . Looking Glass Constrained View No real-time access to routing data. A router connects to foreign ASes using a “peering” session. RIPE RIS Routing tables for this experiment have been downloaded from the RIPE RIS site. RIS GOAL: Collect routing information between ASes and their development over time from default free core of the Internet. Uses Remote Route Collectors at different locations around the world and integrates the information into a comprehensive view.
    [Show full text]
  • Internet Plumbing for Security Professionals: the State of Bgp Security
    INTERNET PLUMBING FOR SECURITY PROFESSIONALS: THE STATE OF BGP SECURITY Wim Remes – Rapid7 Blackhat USA 2015 – Las Vegas Introduction The Border Gateway Protocol, commonly known as BGP, is a Fundamental protocol in the functioning of the internet as we know it today. In essence, BGP allows Autonomous Systems (ASNs) to inForm eachother oF the networks they know a route to. This allows those ASNs to build a resilient network that does not have a single point of Failure For most IP preFixes, given that enough peering relationships between ASNs are established. Together with technologies such as DNS, SSL/TLS, and HTTP, BGP Forms the Foundational structure oF the internet and, as such, supports many critical services globally. Several events over the past few years, that will be illustrated later in this paper, have shown how it is fairly easy to impact large parts oF the internet. While several initiatives have been taken to improve security oF the BGP inFrastructure, they are plagued by low adoption rates and a general misunderstanding oF their impact. The ultimate goal oF this whitepaper and its accompanying presentation is to make the BGP problem space understood by a wider audience and to drive adoption of the available counter-measures in order to improve the security of the Foundational internet infrastructure. A Few key things are necessary to be understood how BGP works and where its weaknesses are. BGP, for the purpose oF this paper, is looked at in its Exterior Border Gateway Protocol (eBGP) implementation. That is where it is conFigured to communicate with BGP peers outside its own autonomous system.
    [Show full text]