Codification of AS 0 Processing

Patel, Keyur; Schiller, Heather; Bush, Randy; Kumari, Warren

doi:10.17487/rfc7607

Cited by 5 publications

(2 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When such ASPAs have been issued, an adversary cannot bypass ASPV even using the ASPA-aware attack as shown in Figure 21: because the malicious routes composed in the manner of the ASPA-aware attack have AS0 in AS_PATH, but it is not allowed in the BGP protocol specification [30].…”

Section: ) Impact On As Topologymentioning

confidence: 99%

The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial Deployment

Umeda

Kimura

Yanai

2023

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

BGP, the de-facto standard protocol for exchanging routes on a network-wide basis called AS employs invalid routes. Recently, a data object called Autonomous System Provider Authorization (ASPA) was proposed as a new specification for verifying PATH information in BGP security. In this paper, we shed light on the effectiveness of ASPAs in a partial deployment alongside the conventional BGP through experiments based on a real AS topology. To this end, we also present a novel simulation tool, LOTUS, for BGP route exchange, including ASPAs. We then evaluate deployments of ASPAs and their verification with LOTUS for two cases on network topology in Japan: the case in deployment from ASes whose number of connections with other ASes is large, i.e., deployment from top ASes, and the case in deployment from ASes at the end of the network topology, i.e., deployment from leaf-node ASes. As a result, we confirm that the number of victim ASes decreases in the former case, while ASPAs provide no advantage in the latter case. Notably, the number of victim ASes decreases by about 96% on average by deploying the verification with ASPAs in the top-eight ASes. Based on these results, we further conduct extensive experiments in the deployment from the top ASes, whereby ASes outside the network topology advertise malicious routes to the victim ASes. We also discuss a case whereby an adversary tries to leverage ASPAs. Our promising results show that the adversary will no longer obtain an advantage even by leveraging ASPAs.

show abstract

Section: ) Impact On As Topologymentioning

confidence: 99%

The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial Deployment

Umeda

Kimura

Yanai

2023

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

show abstract

“…We split them in two sub-categories: 799 ASNs that at a certain point in time were allocated but had at least one BGP life entirely outside of any administrative life and 868 ASNs that have never been allocated. Note that we exclude from our analysis łbogonž ASNs normally filtered by operators, i.e., ASNs reserved for special use [1,29,40,44,50,75].…”

Section: Operational Lives Without Allocationmentioning

confidence: 99%

The parallel lives of autonomous systems

Nemmi

Sassi

Morgia

et al. 2021

Proceedings of the 21st ACM Internet Measurement Conference

View full text Add to dashboard Cite

Autonomous Systems (ASes) exist in two dimensions on the Internet: the administrative and the operational one. Regional Internet Registries (RIRs) rule the former, while BGP the latter. In this work, we reconstruct the lives of the ASes on both dimensions, performing a joint analysis that covers 17 years of data. For the administrative dimension, we leverage delegation files published by RIRs to report the daily status of Internet resources they allocate. For the operational dimension, we characterize the temporal activity of ASNs in the Internet control plane using BGP data collected by the RouteViews and RIPE RIS projects. We present a methodology to extract insights about AS life cycles, including dealing with pitfalls affecting authoritative public datasets. We then perform a joint analysis to establish the relationship (or lack of) between these two dimensions for all allocated ASNs and all ASNs visible in BGP. We characterize the usual behaviors, specific differences between RIRs and historical resources, as well as measure the discrepancies between the two łparallelž lives. We find discrepancies and misalignment that reveal useful insights, and we highlight through examples the potential of this new lens to help pinpoint malicious BGP activity and various types of misconfigurations. This study illuminates a largely unexplored aspect of the Internet global routing system and provides methods and data to support broader studies that relate to security, policy, and network management.

show abstract

QoS-CM: An Enhanced Version of QoS-CMS and Its Integration in BGP for an End to End Quality of Service

Benaboud

Bakkali

2020

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Codification of AS 0 Processing

Cited by 5 publications

References 2 publications

The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial Deployment

The Juice Is Worth the Squeeze: Analysis of Autonomous System Provider Authorization in Partial Deployment

The parallel lives of autonomous systems

QoS-CM: An Enhanced Version of QoS-CMS and Its Integration in BGP for an End to End Quality of Service

Contact Info

Product

Resources

About