1 Alexander Azimov Highload Lab Detecting Autonomous Systems Relationships.

1

Alexander Azimov<[email protected]> Highload Lab

Detecting Autonomous Systems Relationships

2

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design2. What have been already done?Physical link discovery, classterization3. What have we done?Active route policy discovery 4. What opportunities does it give?BGP Route Prediction, AS Design

3

Traffic generators

Internet

Inbound balancing

AS1 AS2

Интернет

4

Traffic consumers

Internet

Outbound balancing

AS1 AS2

Интернет

5

Traffic vector

Asymmetric!

AS1 AS2 AS3 AS5

AS6AS7

6

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design2. What have been already done?Physical link discovery, classterization3. What have we done?Active route policy discovery 4. What opportunities does it give?BGP Route Prediction, AS Design

7

Physical Link Discovery

8

Classterization

9

BGP AS Paths

10

Core of the problem

Used at any given moment

Could be used by sigle AS

Number of Links

0 100000 200000 300000 400000

Links between ASes

11

Route Policy in RR

Outdated or incomplete

12

Deadlock

1. Physical link discovery;2. No registry of current route

policies.

No opportunity for traffic flow prediction

13

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design2. What have been already done?Physical link discovery, classterization3. What have we done?Active route policy discovery 4. What opportunities does it give?BGP Route Prediction, AS Design

14

AS Design

15

I did it my way…

2

16

Route Policy Recovery

1. AS relations2. Active verification3. Priority at every level of BGP

decision process4. Mathematical Equations5. …….........

17

AS Relations : example

AS3

AS2

AS4

AS5

AS1 AS6 AS7

Relations:p2p = {AS3, AS4}c2p = {(AS2, AS23, (AS5,AS4), (AS1, AS2), (AS6, AS5), (AS7,AS5)}

p2p

18

AS Relations : example

AS3

AS2

AS4

AS5

AS1 AS6 AS7

p2p

Relations:p2p = {AS3, AS4}c2p = {(AS5, AS4} (AS2,AS3) (AS1, AS2), (AS6, AS5), (AS7,AS5)}

19

AS Relations : example

AS3

AS2

AS4

AS5

AS1 AS6 AS7

p2p

Relations:p2p = {AS3, AS4}c2p = {(AS5, AS4, (AS2,AS3), (AS1, AS2), (AS6, AS5), (AS7,AS5)}

20

Active Verification : example

ASXXX

TracerouteOne remote node – one path

21

Active Verification : example

ASXXX

Ping –R with source from ASXXXOne remote node – count(neighbors) * path

AS1

AS2

Echo request

Echo reply

22

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design2. What have been already done?Physical link discovery, classterization3. What opportunities does it give?Active route policy discovery 4. What opportunities does it give?BGP Route Prediction, AS Design

23

How to make You interested in my

results?

24

Qrator Radar

1. AS Relations2. BGP Route Prediction3. AS Design4. Security Issues5. Rates

25

AS Relations

Rates: peering, customers, providers

26

BGP Route Prediction

27

Route Withdraw

28

Prepend Policy

29

AS Design

30

Security Issues

1. Default Route Errors2. BGP Route Loops3. DDoS Amplifires4. Bots > 30 % of ASes are affected!

31

Security Issues

32

Botnet map

33

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design2. What have been already done?Physical link discovery, classterization3. What have we done?Active route policy discovery 4. What opportunities does it give?BGP Route Prediction, AS Design

34

Future Work

Drop detection -> Prediction how to overcome it using

prepend policy

35

Qrator Radarradar.qrator.net