1 / 35

Updates on Routing Experiments

Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security Technology (EMIST). USC Information Sciences Institute  University of California, Berkeley  University of California, Davis  Penn State University

byron-mccullough
Télécharger la présentation

Updates on Routing Experiments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security Technology (EMIST) USC Information Sciences Institute  University of California, Berkeley  University of California, Davis  Penn State University Purdue University  International Computer Science Institute  Stanford Research Institute (SRI)  Network Associates  SPARTA Updates on Routing Experiments USC/ISI

  2. Research Objectives • Realistic Internet routing experiments on Dynamics (i.e., faults, failures, & attacks) with configurable parameters • Study, analyze, evaluate, & validate hypothesis/principles related to Internet routing and its security USC/ISI

  3. Problems in Understanding the Problems • Inter-Domain Routing is very hard and complex to understand… USC/ISI

  4. The “Internet”as February 1, 2006 http://bgp.potaroo.net/cidr/ • 21319 Autonomous Systems • 177300 IP Address Prefixes announced USC/ISI

  5. Problems in Understanding the Problems • Inter-Domain Routing is very hard and complex to understand… • It is really not just scalability though… • Policy/configuration • Implementation USC/ISI

  6. Simulation versus Emulation • Simulation  large-scale but might abstracting away low level characteristics. • Emulation  experimenting realistic implementations and observing the “unexpected” • Implementation differences • Analyzing/interpreting the interactions • May help in accomplishing better simulation tasks in BGP. USC/ISI

  7. Interactions/Dynamics • Failures/faults/attacks • Mobility/configuration/policy changes • Cross-layer interactions • EGP versus IGP USC/ISI

  8. Problems in Understanding the Problems • Inter-Domain Routing is very hard and complex to understand… • It is really not just scalability though… • Policy/configuration • Implementation • And, industry is introducing new BGP features.. USC/ISI

  9. Route Flap Damping (RFC 2439) USC/ISI

  10. Differential Damping Penalty CISCO 2600 AS65002 CISCO 12000 AS65001 IBM 2210 AS65003 Zebra/Linux AS65006 IBM 2210 AS65004 CISCO 2514 AS65005 USC/ISI

  11. Penalty: 0 Penalty 1: 0 Penalty 2: 0 Prefix: 169.237/16 USC/ISI

  12. Penalty: ??? Penalty 1: 1000 Penalty 2: 1000 Prefix: 169.237/16 USC/ISI

  13. Penalty: 1000  2000 initial difference Penalty 1: 1000 Penalty 2: 1000 artificial delay X Prefix: 169.237/16 USC/ISI

  14. Penalty: 2000 -/+ X > 750 Penalty 1: 1000 Penalty 2: 1000 -/x < 2000 Prefix: 169.237/16 USC/ISI

  15. Outbound Route Filter (ORF) Internet draft, under implementation in Cisco “defines a BGP-based mechanism that allows a BGP speaker to send to its BGP peer a set of Outbound Route Filters (ORFs). The peer would then apply these filters, in addition to its locally configured outbound filters (if any), to constrain/filter its outbound routing updates to the speaker. ” If the peer damps a path, sends ORF to the downstream peer. So, the peer won’t receive further updates until the path is reused. USC/ISI

  16. Penalty: 1000  2000 ORF Penalty 1: 1000 Penalty 2: 1000 Prefix: 169.237/16 USC/ISI

  17. A Little Dampening Story SSFNet Zebra Cisco per prefix + per peer per prefix + per peer + per AS path USC/ISI

  18. Withdraw 169.237/16 Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 USC/ISI

  19. SSFNet Simulator “Bugs” Withdraw 169.237/16 Missing!! Penalty: 1000  2000 Penalty 1: 1000 Penalty 2: 1000 USC/ISI

  20. SSFNET + WD SSFNET CISCO USC/ISI

  21. SSFNET + WD SSFNET CISCO USC/ISI

  22. ICDCS’2005 Best Paper Award SSFNET + WD SSFNET CISCO USC/ISI

  23. Problems or Issues • Damping implementation • MRAI timer • The Single Router AS Assumption • Route Withdraw • ORF USC/ISI

  24. Collecting the Results in 2005 show IP BGP … updates -- MRT 1 peer (SPRINT) Full Routing Table (9MB compressed) BGP Updates (2 hours -- 168KB) selected prefixes per router per 1 second USC/ISI

  25. AS-117 AS-112 AS-121 AS-113 AS-101 AS-114 USC/ISI

  26. AS 101Multi homing =====================================================Wed Sep 28 02:26:00 PDT 2005=====================================================Paths: (3 available, best #3, table Default-IP-Routing-Table)  Advertised to non peer-group peers:  101.0.0.1 101.0.0.2 112.0.0.2 114.0.0.2114 113 121    114.0.0.2 from 114.0.0.2 (114.0.0.2)      Origin IGP, localpref 100, valid, external      Last update: Wed Sep 28 02:13:28 2005112 117    112.0.0.2 from 112.0.0.2 (112.0.0.2)      Origin IGP, localpref 100, valid, external      Dampinfo: penalty 543, flapped 1 times in 00:13:05      Last update: Wed Sep 28 02:25:39 2005113 121    113.0.0.2 from 113.0.0.2 (113.0.0.2)      Origin IGP, localpref 100, valid, external, best      Last update: Wed Sep 28 02:13:11 2005 USC/ISI

  27. 117 112 101 113 121 114 AS-117 announced AS-121 withdrawn OASC USC/ISI

  28. Creation and Evolution of BGP modeling DETER All BGP information are available SSFNet: Current Understand of The BGP Model Conflicts  Anomalies USC/ISI

  29. Observation Point Data • ORV/RIPE • Relatively incomplete in understanding the behavior USC/ISI

  30. On Explaining and Model-Building the Model Anomaly Detection Anomaly Analysis and Explanation USC/ISI

  31. Creation and BGP model • What are the event ? • Event  changes in BGP table • Cause by : • OP Configuration • BGP peers • Other means , OSPF redistribute route • Event results BGP update messages • How are the event related ? USC/ISI

  32. BGP Behavior Update Update BGP Y Redistribute Policy / local pref Operator OSPF N Done USC/ISI

  33. Mapping Announce Announce Announce Announce Time 60 TIME Time 30 Withdraw Withdraw Time 0 2D AS Topology via project to Z=0 USC/ISI

  34. BGP Events: Causality and Correlation • Causality Relationship among each individual BGP event (across different routers/ASes) • Critical to simply understand/correlate BGP behavior • Discovery new types of relationships (or filter/correct false causality in experiments) • Important for generating/replaying realistic BGP events • Using emulation to verify the causality • Maybe also with commercial routers (e.g., Juniper) USC/ISI

  35. Plan for the June 2006 Demo • One “very interesting” defense tested.. • in a stealthy mode… • Event correlation • “realistic” and “comprehensive” BGP model • Many interesting examples and comparisons • Still in development (not sure yet) • Using the model to examine real BGP data • What patterns should we expect from the observation points? USC/ISI

More Related