On the Impact of Route Monitor Selection

1
On the Impact of Route Monitor Selection

• Ying Zhang Zheng Zhang
• Z. Morley Mao Y. Charlie Hu Bruce M. Maggs

University of Michigan Purdue University
Carnegie Mellon and Akamai Technologies
2
Internet route monitoring systems

• Monitor the Internet routing system
• Establish passive, default-free BGP sessions with
  many networks
• Collect real-time BGP updates and periodic table
  snapshots
• Discover dynamic changes (e.g., misconfigs,
  routing attacks)
• Example public systems RouteViews and RIPE

Route monitor
I can reach 141.213.15.0/24 via DE
I can reach 141.213.15.0/24 via AE
AS 3561
AS 174
AS 701
AS 1239
Prefix 141.213.15.0/24
Internet
3
Limited coverage

• Coverage and representativeness
• Only monitor a subset of ASes in the Internet
• Only monitor at most one router in each AS
• Difficulties in obtaining full coverage
• Scalability and privacy concerns

I can reach 141.213.15.0/24 via CFG
Route monitor
I can reach 141.213.15.0/24 via CDG
AS 174
AS 3561
AS 701
AS 1239
Internet
4
Limited visibility on IP Hijacking detection

• The accuracy of detection depends on route
  monitor systems visibility
• Example problems caused by limited visibility
• IP prefix hijacking ASG hijacks ASEs prefix
• Missed The route monitor system does not cover
  polluted ASes

Route monitor
Prefix ps origin AS is E
Prefix ps origin AS has changed to be G
Pathp CE
Pathp BE
Pathp CE
Pathp AG
Pathp BE
Pathp DE
AS 174
Pathp ABE
Pathp DE
AS 3561
AS 701
AS 1239
Hijack Pathp G
AS 237
AS 105
Prefix p
Pathp G
Pathp FG
Pathp E
Pathp FGDE
Pathp GDE
5
Motivation

• Many research studies rely on BGP data from
  public route monitors
• Network topology discovery, AS relationship
  inference, AS level path prediction, etc.
• The limitation of coverage and representativeness
  of the monitors is critical to their results.
• Obtaining full coverage is difficult in practice.
• Understanding limitation can assist improved
  route monitor placement.

6
Outline

• Motivation
• Methodology
• Discovery of static network properties
• Discovery of dynamic network properties
• Inference of network properties

7
Methodology

• Data collection
• Public BGP monitoring vantage points RouteViews
  and RIPE
• Private peering vantage points 200 distinct ASes
• Comparison across different combinations of
  vantage points
• Monitor selection schemes
• Random select monitor nodes randomly
• Degree based select the node with largest degree
• Greedy select the node with largest unobserved
  links
• Address block based select the node originating
  largest IP addresses

8
Outline

• Motivation
• Methodology
• Discovery of static network properties
• Discovery of dynamic network properties
• Inference of network properties

9
Static network properties

• Network topology discovery
• IP prefix to origin AS mappings
• Identifying stub AS and its providers
• Multi-homed ASes
• Observed AS paths

10
Network topology discovery

• The number of observed AS level links
• Greedy based selection performs best

11
Multi-homed ASes discovery

• Discover multi-homed ASes to understand edge
  network resilience
• Greedy based scheme performs best additional
  discovered links help discover multi-homed stub
  ASes

12
Outline

• Motivation
• Methodology
• Discovery of static network properties
• Discovery of dynamic network properties
• Inference of network properties

13
Dynamic network properties

• Routing instability monitoring
• Number of routing updates observed
• IP prefix hijacking detection
• The visibility of inconsistent origin ASes across
  routing updates

14
Routing instability monitoring

• Fraction of BGP routing events observed by the
  set of vantage points
• Huge difference between random and other three
  core networks are more likely to observe network
  instabilities

15
IP Prefix hijacking detection

• Detected hijacking as long as one vantage point
  can observe hijacked routes
• Greedy based scheme performs slightly better

With 10 vantage points deployed, 0.35 of all
possible attacker- victim pairs can evade
detection
16
Outline

• Motivation
• Methodology
• Discovery of static network properties
• Discovery of dynamic network properties
• Inference of network properties

17
Inference of network properties

• AS relationship inference
• Commonly used Gaos degree-based relationship
  inference Gao00
• AS-level path prediction
• AS-relationship based profit-driven AS path
  inference Mao05
• AS-relationship-independent path prediction
  Muhlbauer06

18
AS relationship inference and path prediction

• Accuracy comparing the predicted paths with the
  observed paths
• More vantage points may not increase the accuracy

19
AS relationship inference and path prediction
further explanation

• More vantage points may not increase the accuracy
• It may be due to nature of the degree-based
  relationship inference
• We study the changes of the top degree node per
  path
• More vantage points do not consistently improve
  the estimation of the top degree nodes

20
Conclusion

• Examined the route monitor placement impact on
  various applications
• Evaluated four simple placement schemes
• Demonstrated the limitation of studies relying on
  the existing monitoring system
• Future work develop a better placement technique.

21

• Thank you!
• Questions?

22
AS relationship-independent path prediction

• Recent proposed path prediction algorithm not
  relying on AS relationships
• Matched percentage of unobserved does not
  increase with more monitors