BGP more specifics: routing vandalism or useful? APNIC Blog

      Comments Off on BGP more specifics: routing vandalism or useful? APNIC Blog

While the BGP protocol’s definition of a “best” network path is one that transits a minimum number of networks, a very “best” path from a network operations perspective or even a user’s perspective is not necessarily based on the same metric. A network operator may wish to bias the path decisions made by other BGP speakers to direct traffic to links with larger potential, lower latency or lower cost, for example. One way a community operator can bias this simple protocol metric is to artificially prolong the number of AS transit hops on undesired community paths. This apply is named “AS prepending”.

Not all more actual routing advertisements are a similar. Some adverts serve the purpose of commercials reachability, announcing to other networks that a distinctive network, as diagnosed by a typical address prefix, is attached to the network. Other advertisements attempt to qualify this basic reachability commercial to advise other networks of the preferred path to reach the community. In looking at more real networks, we can devise a basic taxonomy of ‘more specific’ by looking at the relationship between the ‘more genuine’ commercial and its instantly enclosing aggregate commercial. A common theory as to why network operators do this is that the more precise adverts are meant to mitigate, to a point, the dangers of a more actual routing attack. By commercials the more true itself, a adverse effort to promote a more precise does not redirect everything of the traffic to the attacker’s site.

On any other hand, the antagonistic advertisement would still be in part a success, so it is unclear to me what the actual advantage of this degree can be, aside from some level of rather senseless routing vandalism and a few rather messy occlusion of the routing attack!We also should agree with the fact that BGP propagates only its version of the “best” route. While a remote BGP observer may only see a masking mixture and the more real with a typical path and assume that the more true serves no useful intention, it is possible that the originating community has generated a couple of different adverts for the more real tackle prefix and passed them to different local peers to help a local traffic engineering outcome. What could seem fairly unnecessary from a far off vantage point might not always be an identical for those networks near the originating community. Figure 1 shows the count of the total number of unique prefixes for both IPv4 and IPv6 with regards to the number of more real prefix adverts in each protocol. While either one of these plots are basic “up and to the right”, the IPv6 plot on the right shows signs of accelerating growth, while the IPv4 plot shows a growth model that is only somewhat higher than linear growth.

See also  Advertising on Social Networks

The difference, for sure, lies in absolutely the scale of growth. Over the past decade, the IPv4 routing table has grown from some 220,000 prefixes to some 680,000 prefixes, while the IPv6 table has grown from 1,000 prefixes to 40,000 in the same period. In both cases, the number of more exact prefixes has also grown. The question is whether or not this count of more specifics is turning out to be at a similar rate as the complete prefix count, or no matter if the more true growth rate is accelerating or slowing down. The rise of the Overlay sort of more genuine may be attributed to the expanding attention of the more exact routing hijack attack.

If an attacker advertises more exact routes of the target prefix, all networks that see these more specifics will favor to use them and divert all their site visitors to the destination nominated by the attacker. If the positioning defends itself by commercials the more exact routes, then an attacker cannot usurp the entire site visitors load with a more specific. But, as already noted, this is an incredibly flimsy defence, as a statement of a competing route will still cause some level of disruption to the tackle holder!Type II Traffic Engineering more specifics are basically guilty for a far better variety of BGP updates per announced prefix in both IPv4 and IPv6. In IPv4, these updates occur at a standard rate of two updates per prefix of the 10 year period, while Type I and III more specifics are relatively far quieter, with average update rates of lower than one per announced prefix in both classes. The IPv6 photograph is noisier, but there’s a discernible signal that Type II traffic engineering prefixes are relatively less stable, and Type I Hole punching prefixes are relatively more stable, by up to a factor of 10 on some days.

See also  COMITATO DIFENSORI DELLA TOSCANA difendiamo il valore storico e l'economia del paesaggio Pagina