Performance Analysis on a BGP Network using Wireshark Analyzer

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but is sometimes also classed as a distance-vector routing protocol. This study focused on the performance analysis of BGP when implemented in a network. The configuration of BGP was done using Graphical Network Simulator (GNS3). To test the performance of BGP in a network, Wireshark was used for this purpose. The Wireshark is a network packet analyzer where it can capture live packet data from a network interface and display packet with every detailed protocol information. Performance details of the packet in terms of several parameters are used in this study namely: length of packet, total packets captured, packets captured between first and last packet, average packet per second, average packet size in bytes, number of bytes , and average bytes per second. Based on the results, all routers have the same packet length and packets captured. However, the packets captured between the first and last, the average packet/sec, Avg. packet size (bytes), Bytes, and Avg. bytes/sec differ in all the routers. Keywords: BGP, Autonomous system, packet, GNS3, Wireshar

Analyzing BGP Instances in Maude

Analyzing Border Gateway Protocol (BGP) instances is a crucial stepin the design and implementation of safe BGP systems. Today, the analysis is amanual and tedious process. Researchers study the instances by manually constructingexecution sequences, hoping to either identify an oscillation or showthat the instance is safe by exhaustively examining all possible sequences. Wepropose to automate the analysis by using Maude, a tool based on rewriting logic.We have developed a library specifying a generalized path vector protocol, andmethods to instantiate the library with customized routing policies. Protocols canbe analyzed automatically by Maude, once users provide specifications of thenetwork topology and routing policies. Using our Maude library, protocols orpolicies can be easily specified and checked for problems. To validate our approach,we performed safety analysis of well-known BGP instances and actualrouting configurations

Measurement of Backbone Routing Parameters

Tato práce se zabývá problematikou směrování mezi autonomními systémy. Pro směrování mezi autonomními systémy se používá Border Gateway Protocol (BGP). Směrovače v autonomních systémech si na základě BGP zpráv upravují své směrovací tabulky, pomocí kterých směrují informace proudící Internetem. Předmětem práce je analýza změn směrovacích tabulek pro případné optimalizace architektury směrovačů. V první části se práce zabývá teorií o směrovačích, směrování a BGP. V druhé části pak návrhem a provedením experimentů na směrovacích tabulkách. V této části jsou také popsány dosažené výsledky.This thesis deals with issue of routing between Autonomous Systems. For routing between autonomous systems is used Border Gateway Protocol (BGP). The routers in Autonomous Systems modify their routing tables based on BGP messages.   Routing tables are used for forwarding information on Internet. Issue of this thesis is analysis of change routing tables for eventually optimizing of routing architecture. First part of thesis is focused on theory of routers, routing ang BGP. Second part of this thesis focuses on implementation and execution experiments with routing tables. In this part are also described reached results.

Long-Range Correlations and Memory in the Dynamics of Internet Interdomain Routing

Data transfer is one of the main functions of the Internet. The Internet consists of a large number of interconnected subnetworks or domains, known as Autonomous Systems. Due to privacy and other reasons the information about what route to use to reach devices within other Autonomous Systems is not readily available to any given Autonomous System. The Border Gateway Protocol is responsible for discovering and distributing this reachability information to all Autonomous Systems. Since the topology of the Internet is highly dynamic, all Autonomous Systems constantly exchange and update this reachability information in small chunks, known as routing control packets or Border Gateway Protocol updates. Motivated by scalability and predictability issues with the dynamics of these updates in the quickly growing Internet, we conduct a systematic time series analysis of Border Gateway Protocol update rates. We find that Border Gateway Protocol update time series are extremely volatile, exhibit long-term correlations and memory effects, similar to seismic time series, or temperature and stock market price fluctuations. The presented statistical characterization of Border Gateway Protocol update dynamics could serve as a ground truth for validation of existing and developing better models of Internet interdomain routing

It bends but would it break?:topological analysis of BGP infrastructures in Europe

The Internet is often thought to be a model of resilience, due to a decentralised, organically-grown architecture. This paper puts this perception into perspective through the results of a security analysis of the Border Gateway Protocol (BGP) routing infrastructure. BGP is a fundamental Internet protocol and its intrinsic fragilities have been highlighted extensively in the literature. A seldom studied aspect is how robust the BGP infrastructure actually is as a result of nearly three decades of perpetual growth. Although global black-outs seem unlikely, local security events raise growing concerns on the robustness of the backbone. In order to better protect this critical infrastructure, it is crucial to understand its topology in the context of the weaknesses of BGP and to identify possible security scenarios. Firstly, we establish a comprehensive threat model that classifies main attack vectors, including but non limited to BGP vulnerabilities. We then construct maps of the European BGP backbone based on publicly available routing data. We analyse the topology of the backbone and establish several disruption scenarios that highlight the possible consequences of different types of attacks, for different attack capabilities. We also discuss existing mitigation and recovery strategies, and we propose improvements to enhance the robustness and resilience of the backbone. To our knowledge, this study is the first to combine a comprehensive threat analysis of BGP infrastructures withadvanced network topology considerations. We find that the BGP infrastructure is at higher risk than already understood, due to topologies that remain vulnerable to certain targeted attacks as a result of organic deployment over the years. Significant parts of the system are still uncharted territory, which warrants further investigation in this direction

A Survey on the Contributions of Software-Defined Networking to Traffic Engineering

Since the appearance of OpenFlow back in 2008, software-defined networking (SDN) has gained momentum. Although there are some discrepancies between the standards developing organizations working with SDN about what SDN is and how it is defined, they all outline traffic engineering (TE) as a key application. One of the most common objectives of TE is the congestion minimization, where techniques such as traffic splitting among multiple paths or advanced reservation systems are used. In such a scenario, this manuscript surveys the role of a comprehensive list of SDN protocols in TE solutions, in order to assess how these protocols can benefit TE. The SDN protocols have been categorized using the SDN architecture proposed by the open networking foundation, which differentiates among data-controller plane interfaces, application-controller plane interfaces, and management interfaces, in order to state how the interface type in which they operate influences TE. In addition, the impact of the SDN protocols on TE has been evaluated by comparing them with the path computation element (PCE)-based architecture. The PCE-based architecture has been selected to measure the impact of SDN on TE because it is the most novel TE architecture until the date, and because it already defines a set of metrics to measure the performance of TE solutions. We conclude that using the three types of interfaces simultaneously will result in more powerful and enhanced TE solutions, since they benefit TE in complementary ways.European Commission through the Horizon 2020 Research and Innovation Programme (GN4) under Grant 691567 Spanish Ministry of Economy and Competitiveness under the Secure Deployment of Services Over SDN and NFV-based Networks Project S&NSEC under Grant TEC2013-47960-C4-3-

BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?

As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system