analysis of bgp behavior through beacon prefixes
DESCRIPTION
Analysis of BGP Behavior through Beacon Prefixes. By, Matt Guidry Yashas Shankar. - PowerPoint PPT PresentationTRANSCRIPT
By, Matt Guidry Yashas Shankar
Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.
The withdraws have an effect on neighboring prefixes and down the line to their neighbors as well. We are conducting analysis on the number of updates that are propagated as a result of these events.
We also analyze the relative convergence period associated with each beacon event and how it is correlated to the number of update messages collected by RouteViews.
3
Internet and Autonomous Systems
AS X AS Y
AS Z
•Autonomous System: a set of routers or networks under the same administration
•Border routers exchange routing updates via Border Gateway Protocol
Assuming all destinations use node B to reach A, and Link A-B fails:
Node B sends a withdraw to node D
Node D sends announcement to C and B and next hop, saying it can reach A through C
Nodes B and C start using backup link C-A to reach A
Here a Single link failure event produced 1 withdraw and 6 announcements.
An unused, globally visible prefix with known Announce/Withdrawal schedule
For long-term, public use for analyzing the behavior of the BGP
Researchers: study BGP dynamics◦ To calibrate and interpret BGP updates◦ To study convergence behavior◦ To analyze routing and data plane interaction
Network operators◦ Serve to debug reachability problems◦ Test effects of configuration changes:
E.g., flap damping setting Less network traffic helps the general
Internet flow faster
Internet
BGP Beacon #1198.133.206.0/24
1:Oregon RouteViews
Stub AS
Upstreamprovider
Upstreamprovider
ISP
ISP
ISP
ISP
Many Observation points:
2. RIPE
ISP
ISP
ISP
ISP
ISPISP
6.Berkeley
4. Verio
3.AT&T
5. MIT
Sendroute update
Active measurement infrastructure
Prefix Src AS
Start date
Upstream provider AS
Beaconhost
Beacon location
198.133.206.0/24
3130 8/10/02 2914, 1239 Randy Bush WA, US
192.135.183.0/24
5637 9/4/02 3701, 2914 Dave Meyer OR, US
203.10.63.0/24 1221 9/25/02 1221 Geoff Huston Australia
198.32.7.0/24 3944 10/24/02
2914, 8001 Andrew Partan
MD, US
192.83.230.0/24
3130 06/12/03
2914, 1239 Randy Bush WA, US
BGP path exploration and a slow convergence in the operational Internet routing system can potentially lead to sever performance problems in data delivery.
This path exploration suggests that some BGP routers, in response to a path failure, may try a number of transient paths before settling and declaring a new best path or declaring a destination unreachable.
This may cause the entire network to take a long time to settle and converge to the final decision, which causes slow routing convergence.
An example of a failed path and resulting path exploration is depicted in figure
To cause these events to occur in predictable and measurable time intervals BGP beacons are used.
This study is conducted by analyzing the BGP log data collected at RouteViews.
The link to this data is at http://www.routeviews.org/.
Routing data collected at the bgp routing tables. The following fields in the routing data were useful to do our analysis.• BGP protocol• Unix time in seconds• Withdraw or Announce• Prefix• AS_PATH• MED• AtomicAGG• AGGREGATOR
5 days of data (from 02/07/2004 to 02/11/2004) with intervals of 2 hrs was analyzed.
Data was then characterized into these categories:• Updates in the routing table caused from genuine
sources (i.e not from the beacons)• Updates in the routing table caused due to the
beacons.• Updates in the routing table caused due to not
employing the route flap damping mechanism.
Data Collected in different tables for intervals of 2 hours for each of the 5
days. Ex for 02/05/2007 data collected between 1-
3 AM, 5-6 AM ….
Total number of Announcements: 262,265,753
Total number Within Withdrawal Periods: 111,357,720
Total Associated with Beacon AS: 10,587,528
Total Number of Distinct Updates: 9,272,232
Number of Repeated Updates: 1,315,296
Number of Updates Sent through 6,336Anchor Prefix:
Used in the BGP to limit the number of announcements sent out by routers.
Keeps a Penalty value associated with every path and whenever that value is above a certain limit, the router will not use that path or propagate updates from that path.
This prevents duplicate messages from being sent out over a short period of time
The Predictor variables were :• The total number of distinct beacon withdrawals• The total number of withdrawals with the anchor prefixes.
The response variable is the total number of beacon withdrawals with the duplicates.
The number of updates sent due to RFD not being set are then predicted from subtracting the response variable with the number of distinct records.
During the regression we got:
• For n = 24• Coefficient of determination as .9864• Thus the regression explains 98.64% of the
variation of the total withdrawals.• Standard deviation of errors as 87.11• The regression passed the F-test
We can notice that here there is no visible trend or clustering of points thus the errors appear to be independent.
From this graph between the error residuals and the experiment number as there are no visible trends, the experiment does not indicate side effects.
From the quantile-quantile graph we can see that there is visible linearity and the errors do seem to be normally distributed.
For any beacon withdrawal there will be some neighbor that sends the associated update first and some neighbor that send the update last, the period between these called the relative convergence period.
For instance: if the first message is received at 1076450513 ( 2004- 02- 10 17:01:53) and the last message is received at 1076450539 ( 2004- 02- 10 17:02:19)
the relative convergence period for this event is 26 seconds
The Predictor variable was :• The total number of beacon withdrawals
The response variable is the Relative Convergence Period.
Through regression we predict the mean of the future Relative Convergence Period.
During the regression we got:
• For n = 24• Mean of Relative Convergence Period is 25.91• Coefficient of determination as .9051• Thus the regression explains 90.51% of the
Relative Convergence Period’s variation.• Standard deviation of errors as 1.32• The regression passed the F-test
The predictions at 90% confidence interval were calculated to be :◦ 27.72529671 ◦ 26.773703
Predicted mean for 5th day = 27.2495
We can notice that here there is no visible trend or clustering of points thus the errors appear to be independent.
From this graph between the error residuals and the experiment number as there are no visible trends, the experiment does not indicate side effects.
Quantile-Quantile graph for the Relative Convergence Period
From the quantile-quantile graph we can see that there is visible linearity and the errors do seem to be normally distributed.
We described the Announce and Withdrawal functions of BGP beacons and how we used them to analyze behaviors of the BGP.
We described how we gathered and processed data from RouteViews
From our analysis we have found the if Route Flap Damping is enabled, less updates are propagated through the BGP.
From our analysis of Relative Convergence Time we predicted the amount of time it would take for an update to propagate through the BGP.