Business relationships between ASes in the Internet are typically confidential, yet knowledge of them is essential to understand many aspects of Internet structure, performance, dynamics, and evolution. We present a new algorithm to infer these relationships using BGP paths. Unlike previous approaches, our algorithm does not assume the presence (or seek to maximize the number) of valley-free paths, instead relying on three assumptions about the Internet's inter-domain structure: (1) an AS enters into a provider relationship to become globally reachable; and (2) there exists a peering clique of ASes at the top of the hierarchy, and (3) there is no cycle of p2c links. We assemble the largest source of validation data for AS-relationship inferences to date, validating 34.6% of our 126,082 c2p and p2p inferences to be 99.6% and 98.7% accurate, respectively. Using these inferred relationships, we evaluate three algorithms for inferring each AS's customer cone, defined as the set of ASes an AS can reach using customer links. We demonstrate the utility of our algorithms for studying the rise and fall of large transit providers over the last fifteen years, including recent claims about the flattening of the AS-level topology and the decreasing influence of "tier-1" ASes on the global Internet.
The Border Gateway Protocol (BGP) has been used for decades as the de facto protocol to exchange reachability information among networks in the Internet. However, little is known about how this protocol is used to restrict reachability to selected destinations, e.g., that are under attack. While such a feature, BGP blackholing, has been available for some time, we lack a systematic study of its Internet-wide adoption, practices, and network ecacy, as well as the prole of blackholed destinations. In this paper, we develop and evaluate a methodology to automatically detect BGP blackholing activity in the wild. We apply our method to both public and private BGP datasets. We nd that hundreds of networks, including large transit providers, as well as about 50 Internet exchange points (IXPs) oer blackholing service to their customers, peers, and members. Between 2014-2017, the number of blackholed prexes increased by a factor of 6, peaking at 5K concurrently blackholed prexes by up to 400 Autonomous Systems. We assess the eect of blackholing on the data plane using both targeted active measurements as well as passive datasets, nding that blackholing is indeed highly eective in dropping trac before it reaches its destination, though it also discards legitimate trac. We augment our ndings with an analysis of the target IP addresses of blackholing. Our tools and insights are relevant for operators considering oering or using BGP blackholing services as well as for researchers studying DDoS mitigation in the Internet.
The traditional approach of modeling relationships between ASes abstracts relationship types into three broad categories: transit, peering, and sibling. More complicated configurations exist, and understanding them may advance our knowledge of Internet economics and improve models of routing. We use BGP, traceroute, and geolocation data to extend CAIDA's AS relationship inference algorithm to infer two types of complex relationships: hybrid relationships, where two ASes have different relationships at different interconnection points, and partial transit relationships, which restrict the scope of a customer relationship to the provider's peers and customers. Using this new algorithm, we find 4.5% of the 90,272 provider-customer relationships observed in March 2014 were complex, including 1,071 hybrid relationships and 2,955 partial-transit relationships. Because most peering relationships are invisible, we believe these numbers are lower bounds. We used feedback from operators, and relationships encoded in BGP communities and RPSL, to validate 20% and 6.9% of our partial transit and hybrid inferences, respectively, and found our inferences have 92.9% and 97.0% positive predictive values. Hybrid relationships are not only established between large transit providers; in 57% of the inferred hybrid transit/peering relationships the customer had a customer cone of fewer than 5 ASes.
Annotating Internet interconnections with robust physical coordinates at the level of a building facilitates network management including interdomain troubleshooting, but also has practical value for helping to locate points of attacks, congestion, or instability on the Internet. But, like most other aspects of Internet interconnection, its geophysical locus is generally not public; the facility used for a given link must be inferred to construct a macroscopic map of peering. We develop a methodology, called constrained facility search, to infer the physical interconnection facility where an interconnection occurs among all possible candidates. We rely on publicly available data about the presence of networks at different facilities, and execute traceroute measurements from more than 8,500 available measurement servers scattered around the world to identify the technical approach used to establish an interconnection. A key insight of our method is that inference of the technical approach for an interconnection sufficiently constrains the number of candidate facilities such that it is often possible to identify the specific facility where a given interconnection occurs. Validation via private communication with operators confirms the accuracy of our method, which outperforms heuristics based on naming schemes and IP geolocation. Our study also reveals the multiple roles that routers play at interconnection facilities; in many cases the same router implements both private interconnections and public peerings, in some cases via multiple Internet exchange points. Our study also sheds light on peering engineering strategies used by different types of networks around the globe.
Peering infrastructures, namely, colocation facilities and Internet exchange points, are located in every major city, have hundreds of network members, and support hundreds of thousands of interconnections around the globe. These infrastructures are well provisioned and managed, but outages have to be expected, e.g., due to power failures, human errors, attacks, and natural disasters. However, little is known about the frequency and impact of outages at these critical infrastructures with high peering concentration.In this paper, we develop a novel and lightweight methodology for detecting peering infrastructure outages. Our methodology relies on the observation that BGP communities, announced with routing updates, are an excellent and yet unexplored source of information allowing us to pinpoint outage locations with high accuracy. We build and operate a system that can locate the epicenter of infrastructure outages at the level of a building and track the reaction of networks in near real-time. Our analysis unveils four times as many outages as compared to those publicly reported over the past five years. Moreover, we show that such outages have significant impact on remote networks and peering infrastructures. Our study provides a unique view of the Internet's behavior under stress that often goes unreported.
The AS topology incompleteness problem is derived from difficulties in the discovery of p2p links, and is amplified by the increasing popularity of Internet eXchange Points (IXPs) to support peering interconnection. We describe, implement, and validate a method for discovering currently invisible IXP peering links by mining BGP communities used by IXP route servers to implement multilateral peering (MLP), including communities that signal the intent to restrict announcements to a subset of participants at a given IXP. Using route server data juxtaposed with a mapping of BGP community values, we can infer 206K p2p links from 13 large European IXPs, four times more p2p links than what is directly observable in public BGP data. The advantages of the proposed technique are threefold. First, it utilizes existing BGP data sources and does not require the deployment of additional vantage points nor the acquisition of private data. Second, it requires only a few active queries, facilitating repeatability of the measurements. Finally, it offers a new source of data regarding the dense establishment of MLP at IXPs.
The valley-free rule defines patterns of routing paths that allow the Internet Autonomous Systems (AS) to minimize their routing costs through selective announcement of BGP routes. The valley-free rule has been widely perceived as a universal property of the Internet BGP routing that is only violated due to transient configuration errors. Analysing the valleyfree violations is important for a better understanding of BGP behaviour and inter-domain routing. This requires knowledge of the business relationships between ASes. The ground-truth data of AS relationships are not publicly available. Previous algorithms have inferred AS relationships based on the assumption that AS paths should be valley-free. Such inference results are biased and can not provide an objective assessment of the valley-free rule. Instead we extract the AS relationships directly from routing polices encoded in the BGP Community attribute. We are able to extract the business relationship of more than 30% of AS links based on BGP data collected from the RouteViews and RIPE RIS repositories in June 2011. We use our inferred AS relationships to analyse the valley-free violations in BGP routing. We reveal that the non valley-free paths are significantly more frequent than previously reported. As many as one fifth of AS paths in IPv6 BGP updates are valley paths. A substantial portion of these valley paths are persistent during the whole month of measurement. These observations strongly indicate that the valley paths are not merely a result of BGP misconfigurations. Instead they are the outcome of complex business relationships and deliberate policies by ASes using distinct unconventional models.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.