Title: An Analysis of BGP Multiple Origin AS (MOAS) Conflicts
1An Analysis of BGP Multiple Origin AS (MOAS)
Conflicts
- Xiaoliang Zhao, NCSU
- S. Felix Wu, UC Davis
- Allison Mankin, Dan Massey, USC/ISI
- Dan Pei, Lan Wang, Lixia Zhang, UCLA
- IMW2001, November 1, 2001
2Outline
- Introduction of BGP
- Multiple Origin AS (MOAS) conflicts analysis
- Summary and recent work
3Border Gateway Protocol 4 (BGP-4)
- To exchange inter-domain routing information
- Defined in RFC 1771, deployed since 1995 to
support CIDR - Path Vector Routing Protocol
- Includes the path information to the destination
- Loop detection
- Eliminates count-to-infinity problem, but still
converge slowly Labovitz97 - More flexibility for local policy design
4BGP operational environment
- Autonomous System (AS) a set of routers under a
single technical administration - e.g., AS4 ISI, AS3561 Cable Wireless, etc.
- Each AS, the originator, advertises its own
networks to its neighboring ASs, the neighboring
ASs will propagate those advertisements to the
rest of the Internet - I tell you, you tell your friends, and so on
- A BGP route lists a prefix (destination) and the
path of ASs to reach that prefix - e.g., R(p, ltAS1, AS2, AS3gt), and AS3 is the
origin AS for the prefix p, AS2 provides the
transit service for p.
5BGP route updates and MOAS conflicts
128.9.0.0/16 nets
AS 4
AS 226
MOAS conflict !
AS X
AS Z
AS Y
6Motivation
- It is recommended RFC 1930 that each prefix
should be originated by a single AS with a few
possible exceptions - However recommendation not followed in practice
- We want to answer the question that what are the
reasons for MOAS conflicts and what are the
impacts? - Data talks...
7Measurement Data Collection
- Data collected from the Oregon Route Views
- Peers with gt50 routers from gt40 different ASes.
- Our analysis uses data 11/08/97?07/18/01
(1279 days total) - At a randomly selected moment,
- The Route Views server observed 1364 MOAS
conflicts - The views from 3 individual ISPs showed 30, 12
and 228 MOAS conflicts - More than 38000 MOAS conflicts observed during
this time period.
8Example MOAS Data
Conflict prefix start date end date
days origin ASs 7 12.0.0.0/8
01/28/98 02/01/98 5 70181757
02/03/98 04/14/98 68
70181757 04/16/98
04/26/98 11 70181757
05/12/98 05/12/98 1
70181290 total lifetime for
conflict 7 85 days ... 234 128.9.0.0/16
09/25/98 10/09/98 15 2264
12/01/98 02/04/99 63
2264 02/06/99
04/26/99 78 2264
04/28/99 08/04/99 94 2264
08/07/99 09/01/00 352
2264 09/03/00
11/13/00 68 2264
11/15/00 11/21/00 7 2264
11/23/00 11/30/00 8
2264 12/02/00
12/12/00 11 2264
12/14/00 12/26/00 13 2264
12/28/00 07/15/01 190
2264 07/17/01 -
2 2264 total lifetime
for conflict 234 901 days (total 38225 MOAS
conflicts)
9MOAS Conflicts Do Exist
Max 10226 (9177 from a single AS)
Max 11842 (11357 from a single AS)
10Histogram of MOAS Conflict Lifetime
of MOAS conflicts
Total of days a prefix experienced MOAS conflict
11Distribution of MOAS Conflicts over Prefix Lengths
ratio of MOAS entries over total routing
entries for the same prefix length
12Classification of MOAS conflicts
PSI.net event
- Classified into three categories
- OrginTranAS xnyj (jltm)
- SplitView xiyj (iltn, jltm)
- DistinctPaths xi?yj (1? i ? n, 1? j ? m)
- Given a MOAS conflict for prefix p and two
associated AS paths asp1(x1,x2,xn) and
asp2(y1,y2,ym)
13Valid Causes of MOAS Conflicts (1)
- Exchange point addresses
- E.g. 198.32.136.0/24 was originated by ASes
2914, 3561, 4006, 6079, 6453, 6461 and 7018. - Few instances 30 out of 38225 are identified as
EP addresses - Lifetime 1226 days out of 1279 days for
198.32.138.0/24
- AS sets
- typically only 12 prefixes out of 100K prefixes
end with AS sets, and these AS sets were
consistent with others - Anycast addresses
14Valid Causes of MOAS Conflicts (2)
Multi-homing without BGP
Private AS number Substitution
128.9/16 Path 226
128.9/16 Path 11422,4
131.179/16 Path X
131.179/16 PathY
AS 226
AS Y
AS X
AS 11422
131.179/16 Path 64512
Static route or IGP route
128.9/16 Path 4
AS 64512
AS 4
128.9/16
131.179/16
15Invalid Causes of MOAS Conflicts
- Operational faults led to large spikes of MOAS
conflicts - 04/07/1998 one AS originated 12593 prefixes, out
of which 11357 were MOAS conflicts - 04/10/2001 another AS originated 9180 prefixes,
out of which 9177 were MOAS conflicts - There are many smaller scale examples of falsely
originated routes - Errors
- Intentional traffic hijacking
16Summary
- MOAS conflicts exist today
- Some due to operational need some due to faults
- Blind acceptance of MOAS could be dangerous
- An open door for traffic hijacking
- A solution for determining MOAS validity is under
development
For more info about FNIISC project http//fniisc.
nge.isi.edu
17Recent Work MOAS Solutions
- Proposal 1 using BGP community attribute
- Proposal 2 DNS-based solution
- Solutions presented to NANOG 23
18BGP-Based Solution
- Define a new community attribute
- Listing all the ASes allowed to originate a
prefix - Attach this MOAS community-attribute to BGP route
announcement - Enable BGP routers to detect faults and attacks
- At least in most cases, we hope!
19Comm. Attribute Implementation Example
AS58
18.0.0.0/8
AS52
AS59
Example configuration
router bgp 59 neighbor 1.2.3.4 remote-as 52
neighbor 1.2.3.4 send-community neighbor
1.2.3.4 route-map setcommunity out route-map
setcommunity match ip address 18.0.0.0/8 set
community 59MOAS 58MOAS additive
20Another Proposal DNS-based Solution
- Put the MOAS list in a new DNS Resource Record
- ftp//psg.com/pub/dnsind/draft-bates-bgp4-nlri-ori
g-verif-00.txt - by Bates, Li, Rekhter, Bush, 1998
Enhanced DNS service