Geoff Huston

Securing BGP — A Literature Survey

The Border Gateway Protocol (BGP) is the Internets inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internets routing architecture and the design of BGP in particular, and surveys the work to date on securing BGP. To date no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Some open questions on the next steps in the study of BGP security are posed.

A Technique for Reducing BGP Update Announcements through Path Exploration Damping

This paper defines and evaluates Path Exploration Damping (PED) - a router-level mechanism for reducing the volume of propagation of likely transient update messages within a BGP network and decreasing average time to restore reachability compared to current BGP Update damping practices. PED selectively delays and suppresses the propagation of BGP updates that either lengthen an existing AS Path or vary an existing AS Path without shortening its length. We show how PED impacts on convergence time compared to currently deployed mechanisms like Route Flap Damping (RFD), Minimum Route Advertisement Interval (MRAI) and Withdrawal Rate Limiting (WRATE). We replay Internet BGP update traffic captured at two Autonomous Systems to observe that a PED-enabled BGP speaker can reduce the total number of BGP announcements by up to 32% and reduce Path Exploration by 77% compared to conventional use of MRAI. We also describe how PED can be incrementally deployed in the Internet, as it interacts well with prevailing MRAI deployment, and enables restoration of reachability more quickly than MRAI.

Mitigating sampling error when measuring internet client IPv6 capabilities

Despite the predicted exhaustion of unallocated IPv4 addresses between 2012 and 2014, it remains unclear how many current clients can use its successor, IPv6, to access the Internet. We propose a refinement of previous measurement studies that mitigates intrinsic measurement biases, and demonstrate a novel web-based technique using Google ads to perform IPv6 capability testing on a wider range of clients. After applying our sampling error reduction, we find that 6% of world-wide connections are from IPv6-capable clients, but only 1--2% of connections preferred IPv6 in dual-stack (dual-stack failure rates less than 1%). Except for an uptick around IPv6-day 2011 these proportions were relatively constant, while the percentage of connections with IPv6-capable DNS resolvers has increased to nearly 60%. The percentage of connections from clients with native IPv6 using happy eyeballs has risen to over 20%.

Measures of self-similarity of BGP updates and implications for securing BGP

Techniques for authenticating BGP protocol objects entail the inspection of additional information in the form of authentication credentials that can be used to validate the contents of the BGP update message. The additional task of validation of these credentials when processing BGP messages will entail significant additional processing overheads. If the BGP validation process is prepared to assume that a validation outcome has a reasonable lifetime before requiring re-validation, then a local cache of BGP validation outcomes may provide significant leverage in reducing the additional processing overhead. The question then is whether we can quantify the extent to which caching of BGP updates and the associated validation outcome can reduce the validation processing load. The approach used to address this question is to analyze a set of BGP update message logs collected from a regional transit routing location within the public IPv4 Internet. This paper describes the outcomes of this study into the self-similarity of BGP updates and relates these self-similarity metrics to the size and retention time characteristics of an effective BGP update cache. This data is then related to the message validation activity, and the extent to which caching can reduce this validation processing activity is derived.

Understanding IPv6 populations in the wild

With the global exhaustion of the IPv4 address pool, there has been significant interest in understanding the adoption of IPv6. Previous studies have shown that IPv6 traffic continues to be a very small fraction of the overall total traffic in any network, but its use is gradually increasing. Utilizing a novel display advertising approach to reach behind NAT and other firewall devices, we engage in a seven-month study of IPv6 in which we observe 14M unique IPv6 addresses including native IPv6, teredo, as well as 6to4. We exploit the intrinsic information within IPv6 addresses in order to infer IPv6 properties, such as, coarse grained geographic location, ISPs, the use of native IPv6 versus transition techniques, cone NAT usage, and even network interface manufacturer identifiers. We find that while the number of native IPV6 addresses in the wild is small (1.3%) a large number of IPv6 hosts are IPv6 capable via transition techniques such as teredo and 6to4.

Estimating IPv4 address space usage with capture-recapture

As of April 2013 almost 95% of the IPv4 address space has been allocated. Yet, the transition to IPv6 is still relatively slow. One reason could be existing “IPv4 reserves” - allocated but unused IPv4 addresses. Knowing how many addresses are actively used is important to predict a potential IPv4 address market, predict the IPv6 deployment time frame, and measure progressive exhaustion after the IPv4 space is fully allocated. Unfortunately, only a fraction of hosts respond to active probes, such as “ping”. We propose a capture-recapture method to estimate the actively used IPv4 addresses from multiple incomplete data sources, including “ping” censuses, network traces and server logs. We estimate that at least 950-1090 million IPv4 addresses are used, which is 36-41% of the publicly routed space. We analyse how the utilisation depends on various factors, such as region, country and allocation prefix length.

Resource Certification - A Public Key Infrastructure for IP Addresses and AS's

We examine a form of an X.509 Public Key certificate that is used to bind IP address and AS number resources to a public/private key pair. These certificates are used to attest to resource allocation actions, so that digitally signed attestations relating to a partys right-of-use of IP addresses and AS numbers can be validated by relying parties, using a related Resource Certificate Public Key Infrastructure. This has particular application in the area of demonstrable attestations related to the right-of-use of IP addresses, and in the area of inter-domain routing security. The issues related to the application of this PKI to inter-domain routing security are considered, and the design, management and use of resource certificates, and the structure of the related Public Key Infrastructure are described in detail.