Understanding Hyper-Specific Prefixes in Internet Routing

Delve into the world of Hyper-Specific Prefixes (HSPs) in Internet routing as authors analyze the prevalence, visibility, and consistency of these unique routing elements. Exploring BGP best practices, related work, and methodological approaches, the study uncovers the nuances of HSPs' presence and impact on the interdomain routing ecosystem over time.

• Internet routing
• Hyper-Specific Prefixes
• BGP
• Routing ecosystem
• Prefix visibility

egne_ary Follow

Uploaded on Sep 24, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Hyper-Specific Prefixes: Gotta Enjoy the Little Things in Interdomain Routing Presenter: Khwaja Zubair Sediqi 23.May.2023 Authors: Khwaja Zubair Sediqi, Lars Prehn, Oliver Gasser zsediqi@mpi-inf.mpg.de, lprehn@mpi-inf.mpg.de, oliver.gasser@mpi-inf.mpg.de Paper Published at: ACM SIGCOMM Computer Communication Review, Volume 52 Issue 2, April 2022

2. Introduction ASes use the BGP to announce prefixes BGP best practices recommend filtering prefixes more specific than /24 in IPv4 and /48 in IPv6 Plenty of /25 to /32 IPv4 and /49 to /128 IPv6 exist hyper-specific prefixes (HSPs) How prominent and why HSPs exist in the Internet routing ecosystem? 2

3. Related Work In 2014 and 2015 Aben and Petrie announced /24, /25, and /28 IPv4 prefixes RIPE Atlas measurements HSPs visible at most 20 % of RIPE RIS peers In 2017, Strowes and Petrie conclude at most one fourth of all BGP peers In 2017, Huston analyzed different types of more-specific prefixes 1. hole punching (different origin AS), 2. traffic engineering (same origin AS, but different AS path), 3. overlay (same AS path) 3

4. Methodology For our analysis we utilize snapshots from the RC projects RIPE RIS , Routeviews, and Isolario From Jan.2010 to October.2021 Quarterly, 7days per quarter BGP RIBs every 24 hours BGP Updates every 5 mins Applied filters to clean the data Supplemental datasets ASDB 4

5. 1. OBSERVABILITY 5

6. HSPs in Routing Ecosystem Prefix/8 15 /16 23 /24 HSP Prefix/12 31 /32 47 /48 HSP Share of HSPs in the Interent 100 100 80 80 % IPv4 Prefixes % IPv6 Prefixes 60 60 HSPs make ~ 14% to more than 20% of of all the prefixes 40 40 20 20 0 2010 0 2010 2015 2021 2015 2021 Time (quarterly) Time (quarterly) HSPs make ~ 10% of all the prefixes 6

7. HSP Visibility and Consistency We use one year data of BGP RIBs and updates to track every HSP for the whole year 250 Log # HSPs Log # HSPs IPv4 Visibility (Max # ASes) IPv6 Visibility (Max # ASes) 1 100 10K 1 100 10K 150 200 150 100 There is a correlation between consistency and visibility 100 50 50 0 0.00 0 0.00 0.25 0.50 0.75 1.00 0.25 0.50 0.75 1.00 Consistency Over 1 Year Consistency Over 1 Year HSPs have life span from days to more than a year Many have visibility to less than 50 peer ASes 7

8. 2. USE CASES & FUNCTIONS 8

9. CIDR Sizes of HSPs CIDR sizes hint use cases /32 and /128 for blackholing purposes /30, /29 peering subnets /56 and /64 address block assignments /25 traffic engineering 120K 18K CIDR CIDR # HSPs (IPv4, stacked) # HSPs (IPv6, stacked) /[113 128] /[97 112] /[81 96] /[65 80] /[49 64] /[31 32] /[29 30] /[27 28] /[25 26] 80K 12K 40K 6K 0 2010 0 2010 2015 2021 2015 2021 Time (quarterly) Time (quarterly) HSPs have heterogeneous use cases 9

10. Protocols on HSP IPs 500% 400% 300% 200% 100% (HSP vs. IPv4 wide) We leverage Rapid7 s Open Data platform Year 2019 2020 2021 Responding hosts and total tested hosts per-protocol % hitrate difference Top5 Protocols: CWMP is only present in the IPv4-wide BGP is only present in the HSP 0% 100% SMTP BGP HTTPS HTTP Top Protocols SSH CWMP HSPs have upto 5 times higher hitrate than IPv4-wide 10

11. BGP Communities of HSPs We examine BGP communites: specifically used for blackholing (BH) restrict route propagation (RES) 13% and 7% of IPv4 and IPv6 HSPs are Blackholing 11

12. 3.INTENDED OR ACCIDENTAL USE? 12

13. HSPs Origin ASes in Public Databases Dataset IRR RPKI Multiple 1.5K BGP IRR has high HSP origin ASes 7.5K Many HSPs from RC/BGP have no entries in operator databases could be accidental announcements misconfigured route collector sessions leak of internal routes # IPv4 Origin ASes # IPv6 Origin ASes 5K 1K 2.5K 500 0 2010 0 2010 2015 2021 2015 2021 Time (quarterly) Time (quarterly) Are HSPs caused by BGP prefix hijacks? 13

14. HSPs in the RPKI Database Invalid (Length) - largest group Invalid (Both) Invalid (Origin) Invalid (Length) Valid ROV state 100 100 Invalid (Origin) - a minor fraction Invalid (Origin) and Invalid (Both): not entered sibling ASes DDoS Protection Service (DPS) (HSP Origin Pairs) (HSP Origin Pairs) 75 75 Fraction of IPv4 Fraction of IPv6 50 50 25 25 0 2015 0 2015 2018 2021 2018 2021 Time (quarterly) Time (quarterly) legitimate ASes announce 75 % of HSPs 14

15. 4. THE FUTURE OF HSPS 15

16. Discussion: Research Community RC projects play a vital role in awareness HSP dashboard https://hyperspecifics.io 16

17. Discussion: Operator Community Discussing with thirteen operators cutomer requests traffic engineering Question: Should operators filter HSPs in the first place? for IPv6, Yes, no shortage of IPv6, avoid large routing table size for IPv4, shifting filters by a few CIDR sizes (e.g., /26 or /28) How do you handle HSPs in your network/work ? 17

18. Conclusion We analyzed HSPs in routing ecosystem for the last decade Most HSPs visible by a few RC peers, still plenty propagate to hundreds of RC peers IPv4 HSPs: blackholing and infrastructure announcements IPv6 HSP: related to address block reassignments Though, hundreds of networks use HSPs intentionally, we attribute even more cases to the accidental leakage of internal routes HSP dashaboard and the paper https://hyperspecifics.io 18

19. Backup Slides 19

20. Users of HSPs CONTENT EDUCATION HYPERGIANT ISP (Stub) ISP (Transit) TIERONE OTHERS NA in ASDB Network Comparing all BGP-visible Ases to HSP origin ASes ISP(Transit) originate more HSPs 12 to 15 of the total 19 Tier 1 s originate HSP most hypergiants do not originate HSPs 100 100 8K 9K 7K 7K 8K 8K 319 330 8K 8K 8K 8K 8K 9K 314 340 313 353 361 358 349 322 390 380 (classification data) 4K 4K 4K 14 4K 14 4K 14 4K 14 4K 14 4K 14 4K 14 4K 14 4K 14 4K 14 204 4 213 6 210 3 219 3 215 4 215 3 223 3 203 3 210 2 229 4 199 2 233 3 % HSP Origin ASes 75 75 % Origin ASes (HSP data) 726 613 670 693 734 584 590 694 25K 737 744 25K 644 742 20K 20K 21K 21K 21K 22K 22K 23K 23K 23K 50 50 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 8K 19 805 789 854 918 820 915 972 929 897 930 915 887 21K 21K 25 25 12 14 13 19K 19K 20K 20K 20K 21K 20K 21K 21K 21K 13 13 13 14 14 15 12 13 15 517 471 528 493 516 463 478 490 516 460 489 474 10K 10K 5K 6K 6K 6K 6K 6K 6K 6K 6K 6K 152 155 160 148 150 124 140 119 125 123 107 117 0 0 2019 2020 2021 2019 2020 2021 Time (quarterly) Time (quarterly) 20

21. Growth of HSPs Over Time Type IPv4 IPv6 All Feeds Consistent Feeds presence of HSPs increased # Origin ASes (bar) # Origin ASes (bar) 15K 2.2K3.4K4.6K 25K 50K 75K 100K 2K # HSPs (line) # HSPs (line) one-tenth of all the prefixes 1.3K 10K in IPv4 the increase in HSPs is driven by an increment in feeder ASes 650 5K 1K 0 0 0 2010 0 2010 2015 2021 2015 2021 Time (quarterly) Time (quarterly) IPv6 we see an increase also for a constant set of feeder ASes 21

22. HSP Aggregation Analyse anchor-prefixes: /24 in IPv4 /48 in IPv6 Aggregator Multiple Origin Off path On path 3K 24K (IPv4, Stacked) (IPv6, Stacked) # Unique Anchors # Unique Anchors 2K 16K 1K 8K 0 2010 0 2010 2015 2021 2015 2021 majority of HSPs are aggregated at the origin BGP confederation Time (quarterly) Time (quarterly) 22

23. How Far HSPs Propagate? Majority of HSPs visible on one peer Peer ASes 1 11+ 2 5 6 10 120K 20K # HSPs (IPv4, stacked) # HSPs (IPv6, stacked) visible on 2+ peers IPv6 HSPs have better visibility than IPv4 HSPs 90K 15K 60K 10K 30K 5K Most of HSPs are visible on less than 10 peers 0 2010 0 2010 2015 2021 2015 2021 Time (quarterly) Time (quarterly) 23

24. HSP Anchors in Various Datasets Dataset IRR RPKI Aggregated Multiple HSP Observations: 30K Current RC infrastrucure misses 1/3 of anchors potentially contain HSP less noisy, linear increase in the number of anchor prefix for which HSPs 3K (IPv4, stacked) (IPv6, stacked) # HSP anchors # HSP anchors 20K 2K 10K 1K Aggregated class only contains on-path aggregated anchor prefixes 0 2010 0 2010 2015 2021 2015 2021 Time (quarterly) Time (quarterly) 24

25. HSP Originators Across Datasets Dataset IRR RPKI Multiple Aggregated HSP Observations HSP origins has more than doubled for IPv4 For IPv6, the growth rate of more than 25x little overlap between the individual data sets 4.5K 1.5K # Origin ASes # Origin ASes 3K 1K 1.5K 500 0 2010 0 2010 2015 2021 2015 2021 25

26. Methodology Route Collectors Data 11+ years (2010-2021) BGP RIBs + updates From 3 Projects IRRs Snapshots RPKI Snapshots AS Relationships Inferences AS Classification Inferences ASDB Advertise our own HSPs to the Internet and contuct experiment. Passive Measurement Supplemental data sets Active Measurement 26

27. Cleaning Noisy Data Rule1: Misconfigured Peer ASes Abnormal Prefixes Private IP ranges Private Origin ASes Multicast and IPv4 class E Rule2: Testable HSP For all HSPs, check if it was announced via a route that crossed at least one additional AS then testable . 27

28. HSP Propagation Pattern HSPs All At least one We use: AS triplets (three consecutive ASes) AS Relatship Inferences of CAIDA No single occurrence relationships ASes strongly filter the routes they send to peers for IPv4 almost redistribute HSPs upwards Customers pay their providers to reannounce their prefixes 250 500 750 1K 1.2K intermediate ASes # IPv4 of P2P 0 intermediate ASes 150 100 # IPv6 all ASes 50 0 C2P C2PC2P P2CP2C P2CP2C C2P HSPs are only propagated vertically and never horizontally . 28

29. Route Collector Data For our analysis we utilize snapshots from the RC projects Isolario , RIPE RIS , and Routeviews From Jan.2010 to October.2021 Quarterly, 7days per quarter BGP RIBs every 24 hours BGP Updates every 5 mins seven-day window allows us to achieve a consistency of 97 % and 98 % for IPv4 and IPv6, respectively. 29

30. Real World Experimentaiton The PEERING testbed RIPE Atlas probes Experimemt design To maximize AS coverage - one probe per AS prefer dual-stack probes Highest stable 180 IPv4 and 152 IPv6 neighboring ASes 8 IPv4 and 9 IPv6 neighboring ASes redistributed HSPs announce HSP and anchors wait convergence run paris-traceroutes from all probes simultaneously issue ICMP, TCP, and UDP probing withdraw prefixes map traceroutes to AS Paths using bdrmapit Used Prefixes IPv4:184.164.240.0/23 IPv6:2804:269c:4::/46 30

31. How Far HSPs Propagate? Group ALL ATLAS_PATH ATLAS_SOURCE BGP We did experiment by advertising anchor + HSPs to the Internet conduct traceroute from probes check it in RC s peer ASes 4000 15% of ASes 3000 # IPv4 ASes 2000 1000 The more specific the CIDR size, the less propagation chances. 0 /24 /25 /28 /32 CIDR Size Current RC s infrastructure underestimates data plane reachibility Anchor Prefixes 1000 # IPv6 ASes 500 0 /48 /49 /64 /65 /128 CIDR Size 31