CHASING THE UNKNOWN: A PREDICTIVE MODEL TO DEMYSTIFY BGP COMMUNITY SEMANTICS

The Border Gateway Protocol (BGP) specifies an optional communities attribute for traffic engineering, route manipulation, remotely-triggered blackholing, and other services. However, communities have neither unifying semantics nor cryptographic protections and often propagate much farther than intended. Consequently, Autonomous System (AS) operators are free to define their own community values. This research is a proof-of-concept for a machine learning approach to prediction of community semantics; it attempts a quantitative measurement of semantic predictability between different AS semantic schemata. Ground-truth community semantics data were collated and manually labeled according to a unified taxonomy of community services. Various classification algorithms, including a feed-forward Multi-Layer Perceptron and a Random Forest, were used as the estimator for a One-vs-All multi-class model and trained according to a feature set engineered from this data. The best model's performance on the test set indicates as much as 89.15% of these semantics can be accurately predicted according to a proposed standard taxonomy of community services. This model was additionally applied to historical BGP data from various route collectors to estimate the taxonomic distribution of communities transiting the control plane.http://archive.org/details/chasingtheunknow1094566047Outstanding ThesisCivilian, CyberCorps - Scholarship For ServiceApproved for public release. distribution is unlimite

On the Analysis of the Internet from a Geographic and Economic Perspective via BGP Raw Data

The Internet is nowadays an integral part of the everyone's life, and will become even more important for future generations. Proof of that is the exponential growth of the number of people who are introduced to the network through mobile phones and smartphones and are connected 24/7. Most of them rely on the Internet even for common services, such as online personal bank accounts, or even having a videoconference with a colleague living across the ocean. However, there are only a few people who are aware of what happens to their data once sent from their own devices towards the Internet, and an even smaller number -- represented by an elite of researchers -- have an overview of the infrastructure of the real Internet. Researchers have attempted during the last years to discover details about the characteristics of the Internet in order to create a model on which it would be possible to identify and address possible weaknesses of the real network. Despite several efforts in this direction, currently no model is known to represent the Internet effectively, especially due to the lack of data and the excessive coarse granularity applied by the studies done to date. This thesis addresses both issues considering Internet as a graph whose nodes are represented by Autonomous Systems (AS) and connections are represented by logical connections between ASes. In the first instance, this thesis has the objective to provide new algorithms and heuristics for studying the Internet at a level of granularity considerably more relevant to reality, by introducing economic and geographical elements that actually limit the number of possible paths between the various ASes that data can undertake. Based on these heuristics, this thesis also provides an innovative methodology suitable to quantify the completeness of the available data to identify which ASes should be involved in the BGP data collection process as feeders in order to get a complete and real view of the core of the Internet. Although the results of this methodology highlights that current BGP route collectors are not able to obtain data regarding the vast majority of the ASes part of the core of the Internet, the situation can still be improved by creating new services and incentives to attract the ASes identified by the previous methodology and introduce them as feeders of a BGP route collector

CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP

The Internet routing protocol BGP expresses topological reachability and policy-based decisions simultaneously in path vectors. A complete view on the Internet backbone routing is given by the collection of all valid routes, which is infeasible to obtain due to information hiding of BGP, the lack of omnipresent collection points, and data complexity. Commonly, graph-based data models are used to represent the Internet topology from a given set of BGP routing tables but fall short of explaining policy contexts. As a consequence, routing anomalies such as route leaks and interception attacks cannot be explained with graphs. In this paper, we use formal languages to represent the global routing system in a rigorous model. Our CAIR framework translates BGP announcements into a finite route language that allows for the incremental construction of minimal route automata. CAIR preserves route diversity, is highly efficient, and well-suited to monitor BGP path changes in real-time. We formally derive implementable search patterns for route leaks and interception attacks. In contrast to the state-of-the-art, we can detect these incidents. In practical experiments, we analyze public BGP data over the last seven years

ISP Probing Reduction with Anaximander

peer reviewedSince the early 2000's, Internet topology discovery has been an active research topic, providing data for various studies such as Internet modeling, network management, or to assist and support network protocol design. Within this research area, ISP mapping at the router level has attracted little interest despite its utility to perform intra-domain routing evaluation. Since Rocketfuel (and, to a smaller extent, mrinfo), no new tool or method has emerged for systematically mapping intra-domain topologies. In this paper, we introduce Anaximander, a new efficient approach for probing and discovering a targeted ISP in particular. Considering a given set of vantage points, we implement and combine several predictive strategies to mitigate the number of probes to be sent without sacrificing the ISP coverage. To assess the ability of our method to efficiently retrieve an ISP map, we rely on a large dataset of ISPs having distinct nature and demonstrate how Anaximander can be tuned with a simple parameter to control the trade-off between coverage and probing budget

Automatic provisioning in multi-domain software defined networking

Multi-domain Software Defined Networking (SDN) is the extension of the SDN paradigm to multi-domain networking and the interconnection of different administrative domains. By utilising SDN in the core telecommunication networks, benefits are found including improved traffic flow control, fast route updates and the potential for routing centralisation across domains. The Border Gateway Protocol (BGP) was designed three decades ago, and efforts to redesign interdomain routing that would include a replacement or upgrade to the existing BGP have yet to be realised. For the near real-time flow control provided by SDN, the domain boundary presents a challenge that is difficult to overcome when utilising existing protocols. Replacing the existing gateway mechanism, that provides routing updates between the different administrative domains, with a multi-domain centralised SDN-based solution may not be supported by the network operators, so it is a challenge to identify an approach that works within this constraint. In this research, BGP was studied and selected as the inter-domain SDN communication protocol, and it was used as the baseline protocol for a novel framework for automatic multi-domain SDN provisioning. The framework utilises the BGP UPDATE message with Communities and Extended Communities as the attributes for message exchange. A new application called Inter-Domain Provisioning of Routing Policy in ONOS (INDOPRONOS), for the framework implementation, was developed and tested. This application was built as an ONOS controller application, which collaborated with the existing ONOS SDN-IP application. The framework implementation was tested to verify the information exchange mechanism between domains, and it successfully carried out the provisioning actions that are triggered by that exchanged information. The test results show that the framework was successfully verified. The information carried inside the two attributes can successfully be transferred between domains, and it can be used to trigger INDOPRONOS to create and install new alternative intents to override the default intents of the ONOS controller. The intents installed by INDOPRONOS immediately change the route of the existing connection, which demonstrated that the correct request sent from the other domain, can carry out a modification in network settings inside a domain. Finally, the framework was tested using a bandwidth on demand use case. In this use case, a customer network administrator can immediately change the network service bandwidth which was provided by the service provider, without any intervention from the service provider administrator, based on an agreed-predefined configuration setting. This ability will provide benefits for both customer and service provider, in terms of customer satisfaction and network operations efficiency

Исследование структурных свойств сети Интернет на основе метаграфовых моделей

Studying the Internet its structure is usually divided into levels: Autonomous Systems Level (AS), Point of Presence Level (PoP), Router Level, etc. The global network can be represented on each of them as a graph based on the initial data obtained from open sources. Consideration of a network within the framework of a separate level facilitates analysis, but does not allow to systematically assess its structural properties when providing the connectivity between several segments of the network related, particularly, to the objects of critical information infrastructure. To overcome this contradiction, a mathematical model of the global network in the form of a metagraph was developed at the interface between AS-level and PoP-level that takes into account the characteristics of each level and allows to find bottlenecks both in the interdomain routing system and in the topology of internal networks of Internet providers. Based on the proposed model some structural phenomena of the global network are described: stub, multihomed and transit autonomous systems, content providers. Taking into account available data from open sources about Internet structure, a method for constructing a metagraph is proposed. A comparative analysis of tools that automate the process of analyzing a network model is carried out. The practice-oriented problems of finding a cutting subset in a metagraph were set. Certain areas of further research are software implementation of the models using module MGtoolkit in Python and the assessment of structural phenomena of Russian segments of the Internet.При исследовании сети Интернет ее структуру разделяют на уровни: уровень автономных систем, уровень точек присутствия операторов связи, уровень оборудования и так далее. На каждом из них глобальная сеть может быть описана в виде графа на основании исходных данных, получаемых из открытых источников. Рассмотрение сети в рамках отдельного уровня упрощает анализ, однако не позволяет системно оценить ее структурные свойства при решении задач обеспечения связности нескольких сегментов сети, относящихся, в частности, к объектам критической информационной инфраструктуры. Для преодоления этого противоречия разработана математическая модель глобальной сети на стыке уровня автономных систем и уровня точек присутствия операторов связи в виде метаграфа, которая учитывает особенности каждого из уровней и позволяет находить «узкие» места как в системе междоменной маршрутизации, так и в топологии внутренних сетей интернет-провайдеров. На основе предложенной модели описаны некоторые структурные феномены глобальной сети: тупиковые, многоинтерфейсные и транзитные автономные системы, контент-провайдеры. С учетом доступных в открытых источниках данных о структуре сети Интернет предложен способ построения метаграфа. Проведен сравнительный анализ инструментов, автоматизирующих процесс анализа модели сети. Сформулированы ориентированные на практику задачи поиска разрезающего подмножества в метаграфе. Определены направления дальнейших исследований – программная реализация инструментов анализа структуры глобальной сети с использованием общедоступного модуля MGtoolkit на языке Python и оценивание структурных феноменов российского сегмента сети Интернет