Gerald R. Malan

Internet routing instability

This paper examines the network interdomain routing information exchanged between backbone service providers at the major US public Internet exchange points. Internet routing instability, or the rapid fluctuation of network reachability information, is an important problem currently facing the Internet engineering community. High levels of network instability can lead to packet loss, increased network latency and time to convergence. At the extreme, high levels of routing instability have led to the loss of internal connectivity in wide-area, national networks. We describe several unexpected trends in routing instability, and examine a number of anomalies and pathologies observed in the exchange of inter-domain routing information. The analysis in this paper is based on data collected from border gateway protocol (BGP) routing messages generated by border routers at five of the Internet cores public exchange points during a nine month period. We show that the volume of these routing updates is several orders of magnitude more than expected and that the majority of this routing information is redundant, or pathological. Furthermore, our analysis reveals several unexpected trends and ill-behaved systematic properties in Internet routing. We finally posit a number of explanations for these anomalies and evaluate their potential impact on the Internet infrastructure.

Origins of Internet routing instability

This paper examines the network routing messages exchanged between core Internet backbone routers. Internet routing instability, or the rapid fluctuation of network reachability information, is an important problem currently facing the Internet engineering community. High levels of network instability can lead to packet loss, increased network latency and time to convergence. At the extreme, high levels of routing instability have led to the loss of internal connectivity in wide-area, national networks. In an earlier study of inter-domain routing, we described widespread, significant pathological behaviour in the routing information exchanged between backbone service providers at the major US public Internet exchange points. These pathologies included several orders of magnitude more routing updates in the Internet core than anticipated, large numbers of duplicate routing messages, and unexpected frequency components between routing instability events. The work described in this paper extends our earlier analysis by identifying the origins of several of these observed pathological Internet routing behaviour. We show that as a result of specific router vendor software changes suggested by our earlier analysis, the volume of Internet routing updates has decreased by an order of magnitude. We also describe additional router software changes that can decrease the volume of routing updates exchanged in the Internet core by an additional 30 percent or more. We conclude with a discussion of trends in the evolution of Internet architecture and policy that may lead to a rise in Internet routing instability.

Transport and application protocol scrubbing

This paper describes the design and implementation of a protocol scrubber, a transparent interposition mechanism for explicitly removing network attacks at both the transport and application protocol layers. The transport scrubber supports downstream passive network-based intrusion detection systems; whereas the application scrubbing mechanism supports transparent fail-closed active network-based intrusion detection systems. The transport scrubbers role is to convert ambiguous network flows into well-behaved flows that are unequivocally interpreted by all downstream endpoints. As an example, this paper presents the implementation of a TCP/IP scrubber that eliminates insertion and evasion attacks-attacks that use ambiguities to subvert detection-on passive network-based intrusion detection systems, while preserving high performance. The application protocol scrubbing mechanism is used as a substrate for building fail-closed active network based intrusion detections systems that can respond to attacks by eluding or modifying application data flows in real-time. This paper presents the high performance implementation of a general purpose transparent application-level scrubbing toolkit in the FreeBSD kernel.

Software architecture for the UARC Web-based collaboratory

The Upper Atmospheric Research Collaboratory was actively used over a period of six years to study space weather phenomena such as magnetic storms and solar winds. The UARC software was designed as a modular system of independent services that work over a wide area network and support a complex array of data suppliers, transformation modules that provided quality-of-service support, and client tools such as groupware applications. During the last two years of the project, the system provided access to over 30 data sources including ground- and satellite-based instruments and predictive model output from supercomputers during active data collection periods that lasted up to 2 weeks. This article describes the UARC architecture and services. The main UARC servers are a data dissemination substrate specifically designed to support push-based applications using attribute-based routing, and a group management and shared state management server. The servers are scalable, and designed to operate satisfactorily on a wide variety of networking conditions and client resources.

Fault-tolerant virtual private networks within an autonomous system

This paper proposes the concept of a fault-tolerant virtual private network (FVPN) within an autonomous system-a framework for supporting seamless network fail-over by leveraging the inherent redundancy of the underlying Internet infrastructure. The proposed architecture includes an application-level module, which is integrated into gateways at VPN end-points. This module enables fail-over to a redundant path without waiting for the underlying routing protocol converging to a new route. The paper introduces two algorithms for establishing redundant backup paths while minimizing overlapping network links. The proposed schemes are evaluated using topology information and sample routing logs from a regional Internet service provider network.

Protocol scrubbing: network security through transparent flow modification

Describes the design and implementation of protocol scrubbers. Protocol scrubbers are transparent, active interposition mechanisms for explicitly removing network scans and attacks at various protocol layers. The transport scrubber supports downstream passive network-based intrusion detection systems by converting ambiguous network flows into well-behaved flows that are unequivocally interpreted by all downstream end-points. The fingerprint scrubber restricts an attackers ability to determine the operating system of a protected host. As an example, this paper presents the implementation of a TCP scrubber that eliminates insertion and evasion attacks - attacks that use ambiguities to subvert detection - on passive network-based intrusion detection systems, while preserving high performance. The TCP scrubber is based on a novel, simplified state machine that performs in a fast and scalable manner. The fingerprint scrubber is built upon the TCP scrubber and removes additional ambiguities from flows that can reveal implementation-specific details about a hosts operating system.