1

Alexander Azimov <aa@highloadlab.com> Highload Lab

Detecting Autonomous

Systems Relationships

2

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design

2. What have been already done?

Physical link discovery, classterization

3. What have we done?

Active route policy discovery

4. What opportunities does it give?

BGP Route Prediction, AS Design

3

Traffic generators

Internet

Inbound balancing

AS1 AS2

Интернет

4

Traffic consumers

Internet

Outbound balancing

AS1 AS2

Интернет

5

Traffic vector

Asymmetric!

AS1 AS2 AS3 AS5

AS6 AS7

6

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design

2. What have been already done?

Physical link discovery, classterization

3. What have we done?

Active route policy discovery

4. What opportunities does it give?

BGP Route Prediction, AS Design

7

Physical Link Discovery

8

Classterization

9

BGP AS Paths

10

Core of the problem

0 200000 400000

Used at any

given moment

Could be used

by sigle AS

Number of Links

Links between ASes

11

Route Policy in RR

Outdated or incomplete

12

Deadlock

1. Physical link discovery;

2. No registry of current route policies.

No opportunity for traffic flow prediction

13

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design

2. What have been already done?

Physical link discovery, classterization

3. What have we done?

Active route policy discovery

4. What opportunities does it give?

BGP Route Prediction, AS Design

14

AS Design

15

I did it my way…

2

16

Route Policy Recovery

1. AS relations

2. Active verification

3. Priority at every level of BGP decision process

4. Mathematical Equations

5. …….........

17

AS Relations : example

AS3

AS2

AS4

AS5

AS1 AS6 AS7

Relations:

p2p = {AS3, AS4}

c2p = {(AS2, AS23, (AS5,AS4), (AS1, AS2), (AS6, AS5), (AS7,AS5)}

p2p

18

AS Relations : example

AS3

AS2

AS4

AS5

AS1 AS6 AS7

p2p

Relations:

p2p = {AS3, AS4}

c2p = {(AS5, AS4} (AS2,AS3) (AS1, AS2), (AS6, AS5), (AS7,AS5)}

19

AS Relations : example

AS3

AS2

AS4

AS5

AS1 AS6 AS7

p2p

Relations:

p2p = {AS3, AS4}

c2p = {(AS5, AS4, (AS2,AS3), (AS1, AS2), (AS6, AS5), (AS7,AS5)}

20

Active Verification :

example

ASXXX

Traceroute

One remote node – one path

21

Active Verification :

example

ASXXX

Ping –R with source from ASXXX

One remote node – count(neighbors) * path

AS1

AS2

Echo request

Echo reply

22

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design

2. What have been already done?

Physical link discovery, classterization

3. What opportunities does it give?

Active route policy discovery

4. What opportunities does it give?

BGP Route Prediction, AS Design

23

How to make You

interested in my results?

24

Qrator Radar

1. AS Relations

2. BGP Route Prediction

3. AS Design

4. Security Issues

5. Rates

25

AS Relations

Rates: peering, customers, providers

26

BGP Route Prediction

27

Route Withdraw

28

Prepend Policy

29

AS Design

30

Security Issues

1. Default Route Errors

2. BGP Route Loops

3. DDoS Amplifires

4. Bots

> 30 % of ASes are affected!

31

Security Issues

32

Botnet map

33

Quiz!

1. Why We need AS relation and policy discovery?

BGP Route Prediction, AS Design

2. What have been already done?

Physical link discovery, classterization

3. What have we done?

Active route policy discovery

4. What opportunities does it give?

BGP Route Prediction, AS Design

34

Future Work

Drop detection ->

Prediction how to overcome it using prepend policy

35

Qrator Radar radar.qrator.net