ABSTRACT
Despite BGP's critical importance as the de-facto Internet inter-domain routing protocol, there is little understanding of how BGP actually performs under stressful conditions when dependable routing is most needed. In this paper, we examine BGP's behavior during one stressful period, the Code Red/Nimda attack on September 18, 2001. The attack was correlated with a 30-fold increase in the BGP update messages at a monitoring point which peers with a number of Internet service providers. Our examination of BGP's behavior during the event concludes that BGP exhibited no significant abnormality, and that over 40% of the observed updates can be attributed to the monitoring artifact in current BGP measurement settings. Our analysis, however, does reveal several weak points in both the protocol and its implementation, such as BGP's sensitivity to the transport session reliability, its inability to avoid the global propagation of small local changes, and its certain implementation features whose otherwise benign effects only get amplified under stressful conditions. We also identify areas for improvement in the current network measurement and monitoring effort.
- Y. Rekhter and T. Li, "Border Gateway Protocol 4," RFC 1771, July 1995. Google ScholarDigital Library
- J. Cowie, A. Ogielski, B. J. Premore, and Y. Yuan, "Global routing instabilities triggered by Code Red II and Nimda worm attacks," Tech. Rep., Renesys Corporation, Dec 2001.Google Scholar
- Networking System Adminisration and Security Institute (SANS), "Nimda worm/virus report," http://www.incidents.org/react/nimda.pdf.Google Scholar
- RIPE, "Routing Information Service Project," http://www.ripe.net/ripencc/pub-services/np/ris-index.html.Google Scholar
- C. Labovitz, A. Ahuja, A. Bose, and E Jahanian, "Delayed Internet routing convergence," in Proceedings of the ACM SIGCOMM, August/September 2000. Google ScholarDigital Library
- C. Labovitz, G. R. Malan, and F. Jahanian, "Origins of internet routing instability," in Proceedings of the IEEE INFOCOM "99, New York, NY, March 1999, pp. 218--26.Google Scholar
- Cisco Systems, "Dealing with mallocfail and high cpu utilization resulting from the "code red" worm," http://www.cisco.com/warp/public/63/ts_codred_worm.shtml.Google Scholar
- D. Pei, X. Zhao, L. Wang, D. Massey, A. Mankin, S. Wu, and L. Zhang, "Improving BGP convergence through consistency assertions," in Proceedings of the IEEE INFOCOM, June 2002.Google Scholar
- C. Labovitz, G. R. Malan, and F. Jahanian, "Internet routing instability," in Proceedings of the ACM SIGCOMM '97, Cannes, France, September 1997, pp. 115--26. Google ScholarDigital Library
- G.R. Malan and F. Jahanian, "An extensible probe architecture for network protocol performance measurement," in Proceedings of the ACM SIGCOMM '98, Vancouver, BC, Canada, September 1998. Google ScholarDigital Library
- A. Shaikh, A. Varma, L. Kalampoukas, and R. Dube, "Routing stability in congested networks: Experimentation and analysis," in Proceedings of the ACM SIGCOMM 2000, Stockholm, Sweden, September 2000, pp. 163--74. Google ScholarDigital Library
- D.-F. Chang, R. Govindan, and J. Heidemann, "An empirical study of router response to large BGP routing table load," Tech. Rep. ISI-TR-2001-552, USC/Information Sciences Institute, December 2001.Google Scholar
- S. Ramachandra, Y. Rekhter, R. Fernando, J. Scudder, and E. Chen, "Graceful restart mechanism for BGP," lnternet Draft October 2000.Google Scholar
- University of Oregon, "The Route Views Project," http://www.antc.uoregon.edu/route-views/.Google Scholar
Index Terms
- Observation and analysis of BGP behavior under stress
Recommendations
BGP skeleton: an alternative to iBGP route reflection
INFOCOM'10: Proceedings of the 29th conference on Information communicationsThe Internet is a composition of ASes (Autonomous Systems), BGP (Border Gateway Protocol) is the routing protocol that is responsible of exchanging routes between these ASes. It operates in two modes: External BGP (eBGP) and Internal BGP (iBGP). EBGP ...
Neighbor-specific BGP: more flexible routing policies while improving global stability
SIGMETRICS '09The Border Gateway Protocol (BGP) offers network administrators considerable flexibility in controlling how traffic flows through their networks. However, the interaction between routing policies in different Autonomous Systems (ASes) can lead to ...
Multiple route selector BGP (MRS-BGP)
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in TechnologyTo maximize the utilization of network resources it is necessary to have good approach for Routing Policy. The protocol currently used for Interdomain Routing is Border Gateway Protocol (BGP). BGP permits each router to use single best route for each ...
Comments