An Analysis of BGP Multiple Origin AS MOAS
An Analysis of BGP Multiple Origin AS (MOAS) Conflicts Xiaoliang Zhao, NCSU S. Felix Wu, UC Davis Allison Mankin, Dan Massey, USC/ISI Dan Pei, Lan Wang, Lixia Zhang, UCLA IMW 2001, November 1, 2001 IMW 2001 - San Francisco
Outline n n n Introduction of BGP Multiple Origin AS (MOAS) conflicts analysis Summary and recent work 9/16/2020 IMW 2001 - San Francisco 2
Border Gateway Protocol 4 (BGP-4) n n n To exchange inter-domain routing information Defined in RFC 1771, deployed since 1995 to support CIDR Path Vector Routing Protocol – Includes the path information to the destination – Loop detection – Eliminates count-to-infinity problem, but still converge slowly [Labovitz 97] – More flexibility for local policy design 9/16/2020 IMW 2001 - San Francisco 3
BGP operational environment n Autonomous System (AS): a set of routers under a single technical administration – e. g. , AS 4: ISI, AS 3561: Cable & Wireless, etc. n Each AS, the originator, advertises its own networks to its neighboring ASs, the neighboring ASs will propagate those advertisements to the rest of the Internet – “I tell you, you tell your friends, and so on” n A BGP route lists a prefix (destination) and the path of ASs to reach that prefix – e. g. , R=(p, <AS 1, AS 2, AS 3>), and AS 3 is the origin AS for the prefix p, AS 2 provides the transit service for p. 9/16/2020 IMW 2001 - San Francisco 4
BGP route updates and MOAS conflicts 128. 9. 0. 0/16 nets AS 4 128. 9. 0. 0/16 Path: 4 AS X MOAS conflict ! AS Y 128. 9. 0. 0/16 Path: X, 4 9/16/2020 AS 226 128. 9. 0. 0/16 Path: 226 AS Z 128. 9. 0. 0/16 Path: Z, 226 IMW 2001 - San Francisco 5
Motivation n n It is recommended [RFC 1930] that each prefix should be originated by a single AS with a few possible exceptions However recommendation not followed in practice We want to answer the question that “what are the reasons for MOAS conflicts and what are the impacts? ” Data talks. . . 9/16/2020 IMW 2001 - San Francisco 6
Measurement Data Collection n Data collected from the Oregon Route Views – Peers with >50 routers from >40 different ASes. – Our analysis uses data [11/08/97 07/18/01] (1279 days total) n At a randomly selected moment, – The Route Views server observed 1364 MOAS conflicts – The views from 3 individual ISPs showed 30, 12 and 228 MOAS conflicts n More than 38000 MOAS conflicts observed during this time period. 9/16/2020 IMW 2001 - San Francisco 7
Example MOAS Data Conflict# prefix 7 12. 0. 0. 0/8 . . . 234 start date 01/28/98 02/03/98 04/16/98 05/12/98 total lifetime for end date days origin ASs 02/01/98 5 04/14/98 68 04/26/98 11 05/12/98 1 conflict #7 = 85 days 128. 9. 0. 0/16 09/25/98 10/09/98 15 12/01/98 02/04/99 63 02/06/99 04/26/99 78 04/28/99 08/04/99 94 08/07/99 09/01/00 352 09/03/00 11/13/00 68 11/15/00 11/21/00 7 11/23/00 11/30/00 8 12/02/00 12/12/00 11 12/14/00 12/26/00 13 12/28/00 07/15/01 190 07/17/01 2 total lifetime for conflict #234 = 901 days 7018+1757 7018+1290 226+4 226+4 226+4 (total 38225 MOAS conflicts) 9/16/2020 IMW 2001 - San Francisco 8
MOAS Conflicts Do Exist Max: 11842 (11357 from a single AS) 9/16/2020 Max: 10226 (9177 from a single AS) IMW 2001 - San Francisco 9
# of MOAS conflicts Histogram of MOAS Conflict Lifetime Total # of days a prefix experienced MOAS conflict 9/16/2020 IMW 2001 - San Francisco 10
Distribution of MOAS Conflicts over Prefix Lengths ratio of # MOAS entries over total routing entries for the same prefix length 9/16/2020 IMW 2001 - San Francisco 11
Classification of MOAS conflicts PSI. net event n Given a MOAS conflict for prefix p and two associated AS paths: asp 1=(x 1, x 2, …xn) and asp 2=(y 1, y 2, …ym) 9/16/2020 n Classified into three categories: – Orgin. Tran. AS: xn=yj (j<m) – Split. View: xi=yj (i<n, j<m) – Distinct. Paths: xi yj (1 i n, 1 j m) IMW 2001 - San Francisco 12
Valid Causes of MOAS Conflicts (1) n Exchange point addresses n – E. g. : 198. 32. 136. 0/24 was originated by ASes 2914, 3561, 4006, 6079, 6453, 6461 and 7018. – Few instances: 30 out of 38225 are identified as EP addresses – Lifetime: 1226 days out of 1279 days for 198. 32. 138. 0/24 9/16/2020 AS sets – typically only 12 prefixes out of 100 K prefixes end with AS sets, and these AS sets were consistent with others n Anycast addresses IMW 2001 - San Francisco 13
Valid Causes of MOAS Conflicts (2) Multi-homing without BGP 128. 9/16 Path: 226 Path: 11422, 4 AS 11422 128. 9/16 Path: 4 AS 226 AS 4 Private AS number Substitution 131. 179/16 Path: X AS Y AS X Static route or IGP route 128. 9/16/2020 131. 179/16 Path: Y 131. 179/16 Path: 64512 AS 64512 131. 179/16 IMW 2001 - San Francisco 14
Invalid Causes of MOAS Conflicts n Operational faults led to large spikes of MOAS conflicts – 04/07/1998: one AS originated 12593 prefixes, out of which 11357 were MOAS conflicts – 04/10/2001: another AS originated 9180 prefixes, out of which 9177 were MOAS conflicts n There are many smaller scale examples of falsely originated routes – Errors – Intentional traffic hijacking 9/16/2020 IMW 2001 - San Francisco 15
Summary n MOAS conflicts exist today – Some due to operational need; some due to faults n Blind acceptance of MOAS could be dangerous – An open door for traffic hijacking n A solution for determining MOAS validity is under development For more info about FNIISC project: http: //fniisc. nge. isi. edu 9/16/2020 IMW 2001 - San Francisco 16
Recent Work: MOAS Solutions n Proposal 1: using BGP community attribute n Proposal 2: DNS-based solution n Solutions presented to NANOG 23 9/16/2020 IMW 2001 - San Francisco 17
BGP-Based Solution n Define a new community attribute – Listing all the ASes allowed to originate a prefix n n Attach this MOAS community-attribute to BGP route announcement Enable BGP routers to detect faults and attacks – At least in most cases, we hope! 9/16/2020 IMW 2001 - San Francisco 18
18. 0. 0. 0/8 Comm. Attribute Implementation Example AS 58 18/8, PATH<58>, MOAS{58, 59} O M , > 9 5 < H 18/8, PAT AS 59 AS 52 18/8, PATH<52>, MOAS{52, 58} 18/8, PATH<4>, MOAS{4, 58, 59} Example configuration: router bgp 59 neighbor 1. 2. 3. 4 remote-as 52 neighbor 1. 2. 3. 4 send-community neighbor 1. 2. 3. 4 route-map setcommunity out route-map setcommunity match ip address 18. 0. 0. 0/8 set community 59: MOAS 58: MOAS additive 9/16/2020 IMW 2001 - San Francisco 19
Another Proposal: DNS-based Solution n Put the MOAS list in a new DNS Resource Record ftp: //psg. com/pub/dnsind/draft-bates-bgp 4 -nlri-orig-verif-00. txt by Bates, Li, Rekhter, Bush, 1998 MOAS detected for 18/8, query DNS to verify Enhanced Query 18. bgp. in-addr. arpa: origin AS? DNS service Response 18. bgp. in-addr. arpa AS 58 8 AS 59 8 Example configuration (zone file for 18. bgp. in-addr. arpa): $ORIGIN 18. bpg. in-addr. arpa. . AS 58 8 AS 59 8. . . 9/16/2020 IMW 2001 - San Francisco 20
- Slides: 20