AI Chat Paper
Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.
{{lang === 'zh_CN' ? '文章概述' : 'Summary'}}
{{lang === 'en_US' ? '中' : 'Eng'}}
Chat more with AI
Powered by AMiner. Clicking this button will take you away from SciOpen.
Home Tsinghua Science and Technology Article
PDF (3.4 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript AI Chat Paper
Show Outline
Outline
Show full outline
Hide outline
Outline
Show full outline
Hide outline
Open Access

Measuring BGP AS Path Looping (BAPL) and Private AS Number Leaking (PANL)

Shenglin ZhangYing Liu( )Dan PeiBaojun Liu
Institute for Network Sciences and Cyberspace, Tsinghua University, Beijing 100084, China.
Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China.
Show Author Information

Abstract

As a path vector protocol, Border Gateway Protocol (BGP) messages contain an entire Autonomous System (AS) path to each destination for breaking arbitrary long AS path loops. However, after observing the global routing data from RouteViews, we find that BGP AS Path Looping (BAPL) behavior does occur and in fact can lead to multi-AS forwarding loops in both IPv4 and IPv6. The number and ratio of BAPLs in IPv4 and IPv6 on a daily basis from August 1, 2011 to August 31, 2015 are analyzed. Moreover, the distribution of BAPLs among duration and loop length in IPv4 and IPv6 are also studied. Several possible explanations for BAPL are discussed in this paper. Private AS Number Leaking (PANL) has contributed to 0.20% of BAPLs in IPv4, and at least 1.76% of BAPLs in IPv4 were attributed to faulty configurations and malicious attacks. Valid explanations, including networks of multinational companies, preventing particular AS from accepting routes, also can lead to BAPLs. Motivated by the large number of PANLs that contribute to BAPLs, we also study the number and the ratio of PANLs per day in the 1492 days. The distribution of the private AS numbers in all of the PANLs is concentrated, and most of them are located in the source of the AS paths. The majority of BAPLs resulted from PANLs endure less than one day, and the number of BAPLs which are caused by two or more leaked private ASes are much larger than that of BAPLs which are caused by one leaked private AS. We explain for this phenomenon and give some advices for the operators of ASes.

Keywords

forwarding loopsBGP AS pathprivate AS numberRouteViewstraceroute

References

[1]
J. Hawkinson, Guidelines for creation, selection, and registration of an autonomous system (AS), http://tools.ietf.org/html/rfc1930, April 4, 2015.
[2]
J. Moy, OSPF version 2, http://www.ietf.org/rfc/rfc2328, April 5, 2015.
[3]
G. Malkin, RIP version 2, http://www.ietf.org/rfc/rfc2453.txt, April 7, 2015.
[4]
R. Callon, Use of OSI IS-IS for routing in TCP/IP and dual environments, http://tools.ietf.org/rfc/rfc1195.txt, April 8, 2015.
[5]
Y. Rekhter and T. Li, A border gateway protocol 4 (BGP-4), http://www.rfc-editor.org/rfc/rfc4271.txt, April 4, 2015.
[6]
X. G. Shi, Y. Xiang, Z. L. Wang, X. Yin, and J. P. Wu, Detecting prefix hijackings in the internet with argus, in Proc. 2012 Internet Measurement Conf., Boston, MA, USA, 2012, pp. 15-28.
Crossref
[7]
R. Mahajan, D. Wetherall, and T. Anderson, Understanding BGP misconfiguration, ACM SIGCOMM Computer Communication Review, vol. 32, no. 4, pp. 3-16, 2002.
Crossref Google Scholar
[8]
R. E. Seastrom, Re: As path loops in practice? https://www.nanog.org/mailinglist/mailarchives/old_archive/2003-12/msg00260.html, April 2, 2015.
[9]
J. H. Xia, L. X. Gao, and T. Fei, A measurement study of persistent forwarding loops on the internet, Computer Networks, vol. 51, no. 17, pp. 4780-4796, 2007.
Crossref Google Scholar
[10]
Z. M. Mao, J. Rexford, J. Wang, and R. H. Katz, Towards an accurate AS-level traceroute tool, in Proc. 2003 Conf. Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, 2003, pp. 365-378.
Crossref
[11]
U. Hengartner, S. Moon, R. Mortier, and C. Diot, Detection and analysis of routing loops in packet traces, in Proc. 2nd ACM SIGCOMM Workshop on Internet Measurement, Marseille, France, 2002, pp. 107-112.
Crossref
[12]
D. Pei, L. Wang, D. Massey, S. F. Wu, and L. X. Zhang, A study of packet delivery performance during routing convergence, in Proc. 2003 Int. Conf. Dependable Systems and Networks, San Francisco, CA, USA, 2003, pp. 183-192.
[13]
J. H. Xia, L. X. Gao, and T. Fei, Flooding attacks by exploiting persistent forwarding loops, in Proc. 5th ACM SIGCOMM Conf. Internet Measurement, Berkeley, CA, USA, 2005, p. 36.
Crossref
[14]
S. L. Zhang, Y. Liu, and D. Pei, A measurement study on BGP AS path looping (BAPL) behavior, in 2014 23rd Int. Conf. Computer Communication and Networks (ICCCN), Shanghai, China, 2014, pp. 1-7.
Crossref
[15]
V. Paxson, End-to-end routing behavior in the internet, IEEE/ACM Transactions on Networking, vol. 5, no. 5, pp. 601-615, 1997.
Crossref Google Scholar
[16]
D. Pei, X. G. Zhao, D. Massey, and L. X. Zhang, A study of BGP path vector route looping behavior, in Proc. 24th Int. Conf. Distributed Computing Systems, Tokyo, Japan, 2004, pp. 720-729.
Crossref
[17]
K. Weitz, D. Woos, E. Torlak, M. D. Ernst, A. Krishnamurthy, and Z. Tatlock, Bagpipe: Verified BGP configuration checking, in ACM SIGCOMM Workshop on Networking and Programming Languages (NetPL 2016), Florianópolis, Brazil, 2016.
[18]
B. Al-Musawi, P. Branch, and G. Armitage, BGP anomaly detection techniques: A survey, IEEE Communications Surveys & Tutorials, vol. 19, no. 1, pp. 377-396, 2017.
Crossref Google Scholar
[19]
D. Walton, A. Retana, E. Chen, and J. Scudder, Solutions for BGP persistent route oscillation, Technical Report, IETF, 2016.
Crossref
[20]
Q. Jacquemart, G. Urvoy-Keller, and E. Biersack, Behind IP prefix overlaps in the BGP routing table, in Proc. 17th Int. Conf. Passive and Active Network Measurement, Heraklion, Greece, 2016, pp. 289-301.
Crossref
[21]
M. Ćsovi, S. Obradovio, and L. Trajkovi, Classifying anomalous events in BGP datasets, in 2016 IEEE Canadian Conf. Electrical and Computer Engineering (CCECE), Vancouver, Canada, 2016, pp. 1-4.
[22]
J. Schutrup and B. ter Borch, BGP hijack alert system, University of Amsterdam, the Netherlands, 2016.
[23]
Y. Y. Wang, J. Bi, K. Y. Zhang, and Y. C. Wu, A framework for fine-grained inter-domain routing diversity via SDN, in 2016 8th Int. Conf. Ubiquitous and Future Networks (ICUFN), Vienna, Austria, 2016, pp. 751-756.
Crossref
[24]
U. Javed, I. Cunha, D. Choffnes, E. Katz-Bassett, T. Anderson, and A. Krishnamurthy, PoiRoot: Investigating the root cause of interdomain path changes, ACM SIGCOMM Computer Communication Review, vol. 43, no. 4, pp. 183-194, 2013.
Crossref Google Scholar
[25]
E. Katz-Bassett, C. Scott, D. R. Choffnes, Í Cunha, V. Valancius, N. Feamster, H. V. Madhyastha, T. Anderson, and A. Krishnamurthy, Lifeguard: Practical repair of persistent route failures, ACM SIGCOMM Computer Communication Review, vol. 42, no. 4, pp. 395-406, 2012.
Crossref Google Scholar
[26]
University of Oregon route views project, http://www.routeviews.org/, 2017.
[27]
T. Kernen, Traceroute, http://www.traceroute.org, April 1, 2015.
[28]
T. G. Griffin and G. Wilfong, On the correctness of IBGP configuration, ACM SIGCOMM Computer Communication Review, vol. 32, no. 4, pp. 17-29, 2002.
Crossref Google Scholar
[29]
L. Blunk and M. Karir, Multi-threaded routing toolkit (MRT) routing information export format, http://tools.ietf.org/html/rfc6396, April 6, 2015.
[30]
P. C. Cheng, X. Zhao, B. C. Zhang, and L. X. Zhang, Longitudinal study of BGP monitor session failures, ACM SIGCOMM Computer Communication Review, vol. 40, no. 2, pp. 34-42, 2010.
Crossref Google Scholar
[31]
P. Marques, Internal BGP as the provider/customer edge protocol for BGP/MPLS IP virtual private networks (VPNs), http://www.rfc-editor.org/rfc/rfc6368.txt, April 5, 2015.
[32]
http://www.peeringdb.com/net/1045, 2015.
[33]
Sprint, http://www.sprint.com/, April 2, 2015.
[34]
Verizon, http://www.verizonenterprise.com/, April 2, 2015.
[35]
Zebra, https://www.gnu.org/software/zebra/, April 5, 2015.
[36]
Y. Xiang, Z. L. Wang, X. Yin, and J. P. Wu, Argus: An accurate and agile system to detecting IP prefix hijacking, in 2011 19th IEEE Int. Conf. Network Protocols (ICNP), Vancouver, Canada, 2011, pp. 43-48.
Crossref
[37]
S. Hogg and E. Vyncke, IPv6 Security. Amsterdam, the Netherlands: Pearson Education, 2008.
Tsinghua Science and Technology
Volume 23 Issue 1,
February 2018
Pages 22-34
DOI: 10.26599/TST.2018.9010008
Cite this article:
Zhang S, Liu Y, Pei D, et al. Measuring BGP AS Path Looping (BAPL) and Private AS Number Leaking (PANL). Tsinghua Science and Technology, 2018, 23(1): 22-34. https://doi.org/10.26599/TST.2018.9010008

619

Views

23

Downloads

5

Crossref

N/A

Web of Science

4

Scopus

0

CSCD

Altmetrics
Received: 01 November 2016
Revised: 06 March 2017
Accepted: 07 March 2017
Published: 15 February 2018
© The authors 2018
Return