λBGP:Rethinking BGP programmability

BGP has long been the de-facto control plane protocol for inter-network connectivity. Although initially designed to provide best-effort routing between ASes, the evolution of Internet services has created a demand for more complex control functionalities using the protocol. At the heart of this challenge lies the static nature of configuration mechanisms and the limited programmability of existing BGP speakers. Meanwhile, the SDN paradigm has demonstrated that open and generic network control APIs can greatly improve network functionality and seamlessly enable greater flexibility in network management. In this paper, we argue that BGP speaking systems can and should provide an open and rich control and configuration mechanism, in order to address modern era network control requirements. Towards this goal, we present λbgp, a modular and extensible BGP framework written in Haskell. The framework offers an extensible integration model for reactive BGP control that remains backward compatible with existing BGP standards and allows network managers to define route processing policies using a high-level language and to dynamically inject information sources into the path selection logic. Using a high-performance BGP traffic generator, we demonstrate that λbgp offers performance comparable to production BGP speakers, while dynamic AS route processing policies can be written in just a few lines of code

On the Effectiveness of BGP Hijackers That Evade Public Route Collectors

Routing hijack attacks have plagued the Internet for decades. After many failed mitigation attempts, recent Internet-wide BGP monitoring infrastructures relying on distributed route collection systems, called route collectors, give us hope that future monitor systems can quickly detect and ultimately mitigate hijacks. In this paper, we investigate the effectiveness of public route collectors with respect to future attackers deliberately engineering longer hijacks to avoid being recorded by route collectors. Our extensive simulations (and attacks we device) show that monitor-based systems may be unable to observe many carefully crafted hijacks diverting traffic from thousands of ASes. Hijackers could predict whether their attacks would propagate to some BGP feeders (i.e., monitors) of public route collectors. Then, manipulate BGP route propagation so that the attack never reaches those monitors. This observation remains true when considering plausible future Internet topologies, with more IXP links and up to 4 times more monitors peering with route collectors. We then evaluate the feasibility of performing hijacks not observed by route collectors in the real-world. We experiment with two classifiers to predict the monitors that are dangerous to report the attack to route collectors, one based on monitor proximities (i.e., shortest path lengths) and another based on Gao-Rexford routing policies. We show that a proximity-based classifier could be sufficient for the hijacker to identify all dangerous monitors for hijacks announced to peer-to-peer neighbors. For hijacks announced to transit networks, a Gao-Rexford classifier reduces wrong inferences by $\ge 91\%$ without introducing new misclassifications for existing dangerous monitors

BGPStream:A software framework for live and historical BGP data analysis

We present BGPStream, an open-source software frame-work for the analysis of both historical and real-Time Border Gateway Protocol (BGP) measurement data. Although BGP is a crucial operational component of the Internet infrastructure, and is the subject of research in the areas of Internet performance, security, topol-ogy, protocols, economics, etc., there is no efficient way of processing large amounts of distributed and/or live BGP measurement data. BGPStream fills this gap, en-abling efficient investigation of events, rapid prototyp-ing, and building complex tools and large-scale monitor-ing applications (e.g., detection of connectivity disrup-tions or BGP hijacking attacks). We discuss the goals and architecture of BGPStream. We apply the compo-nents of the framework to different scenarios, and we describe the development and deployment of complex services for global Internet monitoring that we built on top of it

Machine Learning and Big Data Methodologies for Network Traffic Monitoring

Over the past 20 years, the Internet saw an exponential grown of traffic, users, services and applications. Currently, it is estimated that the Internet is used everyday by more than 3.6 billions users, who generate 20 TB of traffic per second. Such a huge amount of data challenge network managers and analysts to understand how the network is performing, how users are accessing resources, how to properly control and manage the infrastructure, and how to detect possible threats. Along with mathematical, statistical, and set theory methodologies machine learning and big data approaches have emerged to build systems that aim at automatically extracting information from the raw data that the network monitoring infrastructures offer. In this thesis I will address different network monitoring solutions, evaluating several methodologies and scenarios. I will show how following a common workflow, it is possible to exploit mathematical, statistical, set theory, and machine learning methodologies to extract meaningful information from the raw data. Particular attention will be given to machine learning and big data methodologies such as DBSCAN, and the Apache Spark big data framework. The results show that despite being able to take advantage of mathematical, statistical, and set theory tools to characterize a problem, machine learning methodologies are very useful to discover hidden information about the raw data. Using DBSCAN clustering algorithm, I will show how to use YouLighter, an unsupervised methodology to group caches serving YouTube traffic into edge-nodes, and latter by using the notion of Pattern Dissimilarity, how to identify changes in their usage over time. By using YouLighter over 10-month long races, I will pinpoint sudden changes in the YouTube edge-nodes usage, changes that also impair the end users’ Quality of Experience. I will also apply DBSCAN in the deployment of SeLINA, a self-tuning tool implemented in the Apache Spark big data framework to autonomously extract knowledge from network traffic measurements. By using SeLINA, I will show how to automatically detect the changes of the YouTube CDN previously highlighted by YouLighter. Along with these machine learning studies, I will show how to use mathematical and set theory methodologies to investigate the browsing habits of Internauts. By using a two weeks dataset, I will show how over this period, the Internauts continue discovering new websites. Moreover, I will show that by using only DNS information to build a profile, it is hard to build a reliable profiler. Instead, by exploiting mathematical and statistical tools, I will show how to characterize Anycast-enabled CDNs (A-CDNs). I will show that A-CDNs are widely used either for stateless and stateful services. That A-CDNs are quite popular, as, more than 50% of web users contact an A-CDN every day. And that, stateful services, can benefit of A-CDNs, since their paths are very stable over time, as demonstrated by the presence of only a few anomalies in their Round Trip Time. Finally, I will conclude by showing how I used BGPStream an open-source software framework for the analysis of both historical and real-time Border Gateway Protocol (BGP) measurement data. By using BGPStream in real-time mode I will show how I detected a Multiple Origin AS (MOAS) event, and how I studies the black-holing community propagation, showing the effect of this community in the network. Then, by using BGPStream in historical mode, and the Apache Spark big data framework over 16 years of data, I will show different results such as the continuous growth of IPv4 prefixes, and the growth of MOAS events over time. All these studies have the aim of showing how monitoring is a fundamental task in different scenarios. In particular, highlighting the importance of machine learning and of big data methodologies

Inter-domain traffic management in and evolving Internet peering eco-system

Operators of the Autonomous Systems (ASes) composing the Internet must deal with constant traffic growth, while striving to reduce the overall cost-per-bit and keep an acceptable quality of service. These challenges have motivated ASes to evolve their infrastructure from basic interconnectivity strategies, using a couple transit providers and a few settlement-free peers, to employ geographical scoped transit services (e.g. partial transit) and multiplying their peering efforts. Internet Exchange Points (IXPs), facilities allowing the establishment of sessions to multiple networks using the same infrastructure, have hence become central entities of the Internet. Although the benefits of a diverse interconnection strategy are manifold, it also encumbers the inter-domain Traffic Engineering process and potentially increases the effects of incompatible interests with neighboring ASes. To efficiently manage the inter-domain traffic under such challenges, operators should rely on monitoring systems and computer supported decisions. This thesis explores the IXP-centric inter-domain environment, the managing obstacles arising from it, and proposes mechanisms for operators to tackle them. The thesis is divided in two parts. The first part examines and measures the global characteristics of the inter-domain ecosystem. We characterize several IXPs around the world, comparing them in terms of their number of members and the properties of the traffic they exchange. After highlighting the problems arising from the member overlapping among IXPs, we introduce remote peering, an interconnection service that facilitates the connection to multiple IXPs. We describe this service and measure its adoption in the Internet. In the second part of the thesis, we take the position of the network operators. We detail the challenges surrounding the control of inter-domain traffic, and introduce an operational framework aimed at facilitating its management. Subsequently, we examine methods that peering coordinators and network engineers can use to plan their infrastructure investments, by quantifying the benefits of new interconnections. Finally, we delve into the effects of conflicting business objectives among ASes. These conflicts can result in traffic distributions that violate the (business) interests of one or more ASes. We describe these interest violations, differentiating their impact on the ingress and egress traffic of a single AS. Furthermore, we develop a warning system that operators can use to detect and rank them. We test our warning system using data from two real networks, where we discover a large number of interest violations. We thus stress the need for operators to identify the ones having a larger impact on their network.This work has been supported by IMDEA Networks Institute.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: Jordi Domingo-Pascual.- Secretario: Francisco Valera Pintor.- Vocal: Víctor Lópe

BGP traffic policies recommendation System

Trabajo de Fin de Máster en Ingeniería Informática, Facultad de Informática UCM, Departamento de Arquitectura de Computadores y Automática, Curso 2021/2022.Las tecnologías de la información y comunicación son áreas de investigación en constante crecimiento. Los numerosos avances del sector proporcionan herramientas para acceder a una gran variedad de información y servicios desde cualquier parte del mundo. Estas herramientas se podrían resumir en una única palabra, Internet. Internet es un sistema de carácter global cuyo funcionamiento es posible gracias a complejos mecanismos y protocolos desarrollados a lo largo de la historia. Cada uno de estos mecanismos se encarga de gestionar una característica concreta, siendo BGP (Border Gateway Protocol) uno de los protocolos más relevantes sobre los que se sostiene Internet. Sin embargo, este protocolo que se encarga del intercambio de información de encaminamiento global, es gestionado y configurado de manera local por los diferentes ISP (Internet Service Provider), empresas tecnológicas, universidades, agencias gubernamentales e instituciones científicas. Esto hace que los intereses particulares de algunas entidades intervengan en el encaminamiento del tráfico de red, causando en ocasiones ciertos problemas. En este trabajo se presenta un estudio acerca de los diferentes problemas que alberga este protocolo, proporcionando un medio para observar los eventos que se producen y recomendando posibles configuraciones con el fin de evitar interrupciones de servicio inesperadas o el secuestro indeseado de prefijos.Information and communication technologies are areas of research that are constantly growing. The numerous advances in the sector provide tools to access a wide variety of information and services from anywhere in the world. These tools could be summarized in a couple of words, the Internet. The Internet is a global system whose operation is possible thanks to complex mechanisms and protocols developed throughout history. Each of these mechanisms is responsable for managing a specific feature, being BGP (Border Gateway Protocol) one of the most relevant protocols on which the Internet is based. However, this protocol, which is responsable for the exchange of global routing information, is managed and configured locally by different ISPs (Internet Service Provider), technology companies, universities, government agencies and scientific institutions. This causes the interests of some entities to intervene in the routing of network traffic, sometimes causing certain problems. This academic project presents a study about the different problems that this protocol harbors, providing a means to observe the events that occur and recommending posible configurations to avoid unexpected service interruptions or unwanted prefix hijacking.Depto. de Arquitectura de Computadores y AutomáticaFac. de InformáticaTRUEunpu