Border Gateway Protocol

1
Border Gateway Protocol

• Vasant Reddy

2
Contents

• Introduction
• Operation
• BGP Types
• BGP Header
• Message Attributes
• BGP Route Processing
• Security Issues
• Vulnerabilities
• Security Solution

3
Some Terminology

• Autonomous System (a.k.a Administrative Domain)
  is set of networks which share a common routing
  polices Ex UNT,ATT
• Interior Gateway Protocols are routing protocols
  within an Autonomous System
• Ex RIP,OSPF
• Exterior Gateway Protocols are routing protocols
  used between Autonomous Systems
• EX BGP

4
Introduction

• Border Gateway Protocol the exterior gateway
  protocol for IP address families.
• BGP uses a TCP connection to exchange information
  between peers.
• Policy based
• Incremental Updates

5
BGP v4

• RFC 1771
• The only Inter Domain routing protocol currently
  in use.
• All previous versions of BGP are obsolete and not
  in use today.
• Utilizes a Path Vector PV protocol.
• Employs CIDR or Classless inter-domain routing.

6
BGP vs IGP
OSPF
RIP
BGP peering
R
R
R
R
R
R
R
R
R
R
R
R
Neither AS needs to know or care about the IGP
used by the neighboring AS. BGP propagates
routes between them.
7
BGP Operation

• Runs over a reliable transport protocol (TCP)
• Uses TCP port 179 to establish connections
• BGP Speaker is router running BGP protocol
  ,speakers communicate across TCP and become peers
  or neighbors.
• External links connections between BGP speakers
  in different AS.
• Internal links connections between BGP speakers
  in the same AS.
• Resolve connection collisions if two BGP peers
  Simultaneously try to open connection.

8
BGP Session Estblishment

• Connect.req

SYN(179)
Connect.ind
SYN ACK
CONNECT.conf
Connect.resp
ACK(179)
TCP session established
DATA.req(OPEN)
TCP session Established
DATA(BGPopen)
DATA.req
DATA(BGPopen)
DATA.req(OPEN)
DATA.req(open)
ACK
BGP Session Established
ACK
BGP Session Established
9
Origin of Routes for BGP

• Learned from other BGP routers
• BGP router only propagates the received routes
• Static configuration
• BGP router is configured to advertise some
  prefixes
• Drawback requires manual configuration
• Advantage Stable set of advertised prefixes
• Learned from an Interior Gateway Protocol
• prefixes received from the IGP are advertised by
  the BGP router usually as an aggregate
• Advantage BGP advertisements follow network
  state, prefix is automatically withdrawn by BGP
  it is not reachable via IGP

10
eBGP and iBGP

• eBGP
• BGP running between two different ASs
• iBGP
• BGP running within the same AS
• An AS has multiple BGP speakers
• Distribute routing info among BGP routers
• Minor but important difference with eBGP

11
BGP Header

• 16 2
  1 var
• Marker
• Contains an authentication value that the message
  receiver can predict.
• Length
• Indicates the total length of the message in
  bytes.
• Type
• Specifies the message type as one of the
  following
• Open
• Update
• Notification
• Keep-alive
• Data
• Contains upper-layer information in this optional
  field.

Marker
Length Type Data
12
BGP Message Types

• Open
• Update
• Notification
• Keep alive
• TCP connection always established throughout the
  BGP session

13
Open Messages

• Establish a peering session
• The first message sent after TCP established
• Each peer identify itself to each other
• Negotiate protocol version/parameters
• Security (optional)

14
Open Message Format
Version (1 octet)
My Autonomous System (2 octet)
Hold Time (2 octet)
BGP identifier (4 octet)
Optional Parameter Length (1 octet)
Optional parameters (variable length)
15
Update Message

• Primary message used in a BGP
• Advertises (announces) a prefix to BGP
  neighbors/withdraw a previously advertised
  message
• Encourage multiple prefixes in a single Update

16
Notification Message

• Used when error(s) happen(s)
• TCP will be closed immediately after notification
  is sent
• Indicates to remote system why BGP was terminated

17
Keepalive Message

• Confirm the connection is still active
• rate depend on the hold timer negotiated by open
  message and update message frequency
• A common header with no other data

18
BGP attributes

• AS-path attribute
• Origin attribute
• BGP Nexthop attribute
• Weight Attribute
• Local preference attribute
• Metric attribute

19
AS-Path Attribute

• A list of AS numbers that a route has traversed
  in order to reach a destination
• Whenever a route update pass through a new AS,
  the AS number is prepended
• AS numbers are listed in order
• If the AS number is already in the update, the
  route is dropped.

20
Origin Attribute

• Mandatory attribute
• Defines the origin of the path information
• three typical values
• i IGP, interior to the originating AS
• e EGP, learnt via exterior gateway protocol
• ? incomplete, unknown or via others

21
Nexthop Attribute

• The next hop IP address used to reach destination
• For eBGP, always the directly connected
  neighbors interface
• For iBGP, the nexthop advertised by eBGP should
  be carried through into iBGP

22
Weight Attribute

• Cisco implementation
• Assigned locally to indicate a router to choose
  best exit path
• Does not propagate through router updates
• Higher weight is preferred
• Default is 0

23
Local Preference Attribute

• Indicate which route is preferred
• Exchanged among routers in the same AS through
  updates
• Higher value is preferred
• Default value is 100

24
Metric Attribute

• Also called Multi_exit_discriminator
• Exchanged between AS, but not carried through
• Low value of a metric is more preferred
• Default value is 0
• Unless specified, router only compare metrics for
  paths from the same neighbor AS

25
BGP Policies

• BGP provides capability for enforcing various
  policies
• Policies are not part of BGP they are provided
  to BGP as configuration information
• BGP enforces policies by choosing paths from
  multiple alternatives and controlling
  advertisement to other ASs

26
Best Path Selection

• Decision Process
• Highest local preference
• Shortest AS path
• eBGP over iBGP
• Lowest IGP metric
• Lowest router id

27
BGP Router Model
Decide exactly ONE best path
Decision Process
Export policy
Import policy
Filter out unwanted routes, and manipulate the
attributes of remaining routes
Manipulate attributes of the best route,
influence neighbor's choice, or decide whether to
advertise the route to neighbors
Receive routes for prefixes from multiple
neighbors
28
BGP Security Issues

• The BGP architecture makes it highly vulnerable
  to human errors and malicious attacks against
• Links between routers
• The routers themselves
• Management stations that control routers
• Most router implementations of BGP are
  susceptible to various DoS attacks that can crash
  the router or severely degrade performance
• Many ISPs rely on local policy filters to protect
  them against configuration errors some forms of
  attacks, but creating and maintaining these
  filters is difficult, time consuming, and error
  prone

29
Vulnerability Note VU784540

• Overview
• Multiple implementations of the Border
  Gateway Protocol (BGP) contain vulnerabilities
  related to the processing of UPDATE and OPEN
  messages. The impacts of these vulnerabilities
  appear to be limited to denial of service
• Impact
• A remote attacker can cause a denial of service
  in a vulnerable system. In most cases, the
  attacker would need to act as a valid BGP peer.
  BGP session instability can result in "flapping"
  and other routing traffic that may adversely
  effect internet traffic
• Solution
• Apply patch given by vendor
• Restrict BGP Access using ACLs
• Authenticate BGP Messages( use MD5,IPSEC)

30
Vulnerability Note VU689326

• Overview
• Cisco device running IOS that is enabled for
  BGP is vulnerable to a denial-of-service attack
  via a malformed BGP packet. The specific nature
  of the crafted packets exploiting this
  vulnerability is not known. IOS is vulnerable
  only if the device is set up with the bgp
  log-neighbor-changes command.
• Impact
• By sending a specially crafted BGP packet to an
  affected device, a remote attacker could cause
  the device to reload resulting in a DOS
• Solution
• Apply patch given by vendor
• Systems Affected
• Cisco Systems, Inc

31
Vulnerability Note VU106392

• Overview
• There is a problem involving BGP updates on
  Cisco routers with BGP4 and prefix filtering and
  inbound route maps enabled. A route update with
  an unrecognized transitive attribute may cause
  vulnerable routers to crash.
• Impact
• Attackers that are able to send malformed BGP
  updates can cause vulnerable routers to crash
  causing network outages. Under certain
  circumstances the attacker may be able to use BGP
  infrastructure to propagate the bad route update
  to multiple routers
• Solution
• Apply patch from vendor
• Systems Affected
• Cisco Systems, Inc

32
Basic BGP Security Requirement

• For every UPDATE it receives, a BGP router should
  be able to verify that the owner of each prefix
  authorized the first (origin) AS to advertise the
  prefix and that each subsequent AS in the path
  has been authorized by the preceding AS to
  advertise a route to the prefix
• This requirement, if achieved, allows a BGP
  router to detect and reject unauthorized routes,
  irrespective of what sort of attack resulted in
  the bad routes
• Conversely, if a security approach fails to
  achieve this requirement, a BGP router will be
  vulnerable to attacks that result in misrouting
  of traffic in some fashion

33
Security Solution Requirements

• Security architectures for BGP should not rely on
  trust among ISPs or subscribes
• On a global scale, some ISPs will never be
  trusted
• Transitive trust in people or organizations
  causes mistakes to propagate
• Security solutions must exhibit the same dynamics
  as the aspects of BGP they protect
• Both implementation and architectural security
  concerns must be addressed

34
Secure BGP (S-BGP)

• S-BGP is an architectural solution to the BGP
  security problems described earlier
• S-BGP represents an extension of BGP
• It uses a standard BGP facility to carry
  additional data about paths in UPDATE messages
• It adds an additional set of checks to the BGP
  route selection algorithm
• S-BGP avoids the pitfalls of transitive trust
  that are common in todays routing infrastructure

35
How does S-BGP do it?

• S-BGP makes use of
• IPsec to secure point-to-point communication of
  BGP control traffic
• Public Key Infrastructure to provide an
  authorization framework representing address
  space and AS ownership
• Attestations (digitally-signed data) to bind
  authorization information to UPDATE messages
• S-BGP requires routers to
• Generate an attestation when generating an UPDATE
  for another S-BGP router
• Validate attestations associated with each UPDATE
  received from another S-BGP router

36
QUESTIONS?
37
Questions

• What is difference between IGP and EGP?
• When is I-BGP needed?
• How does BGP implements policies?
• Why is BGP vulnerable?
• How S-BGP overcomes security problems of BGP?

38
References

• http//totem.info.ucl.ac.be/BGP/slides/bgp-4.pdf
• www.ida.liu.se/TDTS02/bgp-slides.pdf
• ws.edu.isoc.org/data/2000/13925681240073677d0fb5/b
  gp.ppt
• www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/
  bgp.html
• www.freesoft.org/CIE/Topics/88.htm

39
THANK YOU!