Inferring Internet AS Relationships Based on BGP Routing Policies

The type of business relationships between the Internet autonomous systems (AS) determines the BGP inter-domain routing. Previous works on inferring AS relationships relied on the connectivity information between ASes. In this paper we infer AS relationships by analysing the routing polices of ASes encoded in the BGP attributes Communities and the Locpref. We accumulate BGP data from RouteViews, RIPE RIS and the public Route Servers in August 2010 and February 2011. Based on the routing policies extracted from data of the two BGP attributes, we obtain AS relationships for 39% links in our data, which include all links among the Tier-1 ASes and most links between Tier-1 and Tier-2 ASes. We also reveal a number of special AS relationships, namely the hybrid relationship, the partial-transit relationship, the indirect peering relationship and the backup links. These special relationships are relevant to a better understanding of the Internet routing. Our work provides a profound methodological progress for inferring the AS relationships.Comment: 8 pages and 3 figure

Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering

A proposal to improve routing security---Route Origin Authorization (ROA)---has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist? Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with a description of a controlled, verifiable methodology for measuring ROV and present three ASes that do implement ROV, confirmed by operators

A Two-step Statistical Approach for Inferring Network Traffic Demands (Revises Technical Report BUCS-2003-003)

Accurate knowledge of traffic demands in a communication network enables or enhances a variety of traffic engineering and network management tasks of paramount importance for operational networks. Directly measuring a complete set of these demands is prohibitively expensive because of the huge amounts of data that must be collected and the performance impact that such measurements would impose on the regular behavior of the network. As a consequence, we must rely on statistical techniques to produce estimates of actual traffic demands from partial information. The performance of such techniques is however limited due to their reliance on limited information and the high amount of computations they incur, which limits their convergence behavior. In this paper we study a two-step approach for inferring network traffic demands. First we elaborate and evaluate a modeling approach for generating good starting points to be fed to iterative statistical inference techniques. We call these starting points informed priors since they are obtained using actual network information such as packet traces and SNMP link counts. Second we provide a very fast variant of the EM algorithm which extends its computation range, increasing its accuracy and decreasing its dependence on the quality of the starting point. Finally, we evaluate and compare alternative mechanisms for generating starting points and the convergence characteristics of our EM algorithm against a recently proposed Weighted Least Squares approach.National Science Foundation (ANI-0095988, EIA-0202067, ITR ANI-0205294

Practicable route leak detection and protection with ASIRIA

Route leak events have historically caused many wide-scale disruptions on the Internet. Leaks are particularly hard to detect because they most frequently involve routes with legitimate origin announced through legitimate paths that are propagated beyond their legitimate scope. In this paper we present ASIRIA, a mechanism for detecting and avoiding leaked routes and protecting against leakage events that uses AS relationship information inferred from the Internet Routing Registries. By relying on existing information, ASIRIA provides immediate benefits to early adopters. In particular, we consider the deployment of ASIRIA to detect leaks caused by over 300 ASes and we show that it can detect over 99% of the leakage events generated by a customer or a peer solely using currently available information in 90% of the cases.This work has been partially supported by Huawei through the Internet Routing Blockchain project, by the EU through the NGI Atlantic MCCA project and the Madrid Government (Comunidad de Madrid Spain) under the Multiannual Agreement with UC3M in the line of Excellence of University Professors (EPUC3M21), and in the context of the V PRICIT (Regional Programme of Research and Technological Innovation

CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP

The Internet routing protocol BGP expresses topological reachability and policy-based decisions simultaneously in path vectors. A complete view on the Internet backbone routing is given by the collection of all valid routes, which is infeasible to obtain due to information hiding of BGP, the lack of omnipresent collection points, and data complexity. Commonly, graph-based data models are used to represent the Internet topology from a given set of BGP routing tables but fall short of explaining policy contexts. As a consequence, routing anomalies such as route leaks and interception attacks cannot be explained with graphs. In this paper, we use formal languages to represent the global routing system in a rigorous model. Our CAIR framework translates BGP announcements into a finite route language that allows for the incremental construction of minimal route automata. CAIR preserves route diversity, is highly efficient, and well-suited to monitor BGP path changes in real-time. We formally derive implementable search patterns for route leaks and interception attacks. In contrast to the state-of-the-art, we can detect these incidents. In practical experiments, we analyze public BGP data over the last seven years

BGP and inter-AS economic relationships

The structure of the Internet is still unknown even if it pro- vides well-known services for a large part of the worldwide population. Its current conguration is the result of complex economic interaction developed in the last 20 years among important carriers and ISPs (i.e. ASes). Although with slight success, in the last few years some research work tried to shed light on the economic relationships established among ASes. Typical approaches employed in the above work proceed along two lines: rst, data from BGP monitors spread out all over the world is gath- ered to infer an Internet AS-level topology graph, and second heuristics taking as input this graph are applied to get economic tags associated to all edges between nodes (i.e. ASes). In this paper we propose an in- novative tagging approach leveraging on the lifetime of an AS path to infer the economic relationships on all edges joining the ASes crossed by the path itself, without cutting-o backup links, that bring economic information as well as stable links. The major ndings of our approach can be summarized as follows: (data hygiene before infer the Internet AS-level topology graph) study on AS paths loops, human error and their impact on data correctness ( life-time based tagging we do not cut-o bakcup links) we evidence those tags are inferred only from a partial viewpoint we evidence the maximum lifetime of the AS path that have contributed to infer the tag of each connection { classication of candidate Tier-1 AS based on three indexes re ecting the importance of an AS { explanation and life-time study of non valley-free AS path