Border Gateway Protocol System



abstract— Border gateway protocol （BGP） is a routing protocol in internet, which is used to manage the route reachability of autonomous system (AS) and select the best route of distance vector routing protocol. BGP guarantees the security, stability, reliability and efficiency of network links from many aspects, but BGP also has many problems and challenges, especially in the area of network security. In this report, I summarize the working principle, problems， challenges and opportunities of BGP, and discuss the new security technologies of BGP.

Index Terms— BGP, Autonomous system, security.

I.     INTRODUCTION

Explain problems(s), challenge(s), and motivation for chosen topic.  Please back up your facts from reputable sources (no Wiki).

To achieve higher communication efficiency in the expanding network, the network is divided into a block of autonomous systems. Initially, the external gateway protocol (EGP) was used to realize dynamic exchange of routing information between AS. However, due to the limited technical level at that time, EGP could only publish the accessible route information on the network, but it could not make the best choice of route information. At the same time, there were loop problems. Compared with EGP, BGP can optimize routing information and avoid routing loops, which improves the transmission efficiency between routes.

BGP is a path vector protocol that manages network reachability information (NRI) between autonomous systems (AS). BGP is divided into external boundary gateway protocol (eBGP) and internal gateway protocol (iBGP). BGP between different AS is called eBGP. To prevent the generation of loops between AS, when BGP devices receive routes sent by eBGP peers, the routes with local AS numbers will be discarded. BGP running inside AS is called iBGP. To prevent loops from occurring in AS, BGP devices do not notify other IBGP peers of the route the information which gets from IBGP peers. BGP device also does not establish full connections with all IBGP peers. To solve the problem of too many connections between IBGP peers, BGP designed a routing reflector. Figure 1 [1] shows the relationship between BGP and AS in the Internet.

Figure 1: BGP router

With the development of communication network technology, the application of the Internet has become very extensive. It provides a communication basis for modern commerce, entertainment, transportation and medical services. With the increasing dependence on the Internet, the reliability and security of the Internet have become a very important issue. The proven ways of Internet attack are Denial of service (DoS), hostage hijacking and threats to routing protocols.

Today, although BGP has been widely deployed, it is not perfect and still has many shortcomings in the security performance area. Exceptions are part of the security world. BGP is vulnerable to abnormal attacks caused by hijacking, misconfiguration and DoS attacks. These exceptions can result in BGP updates from single to thousands of exceptions. These situations have threatened the reliability of the Internet [2]. Statistics show that about 20% of hijackings and misconfiguration last less than 10 minutes but can pollute 90% of the Internet in less than 2 minutes [3].

The rest of this paper is organized as follows. Section II describes several different types of BGP anomalies and the specific methods of detecting BGP anomalies. Section III summarise two state-of-art technologies related to BGP. Section IV concludes this paper.

II.   System Description

A. BGP anomalies

In [4], anomalies are defined as harmful change behavior of BGP. Understanding the various situations of BGP anomalies is helpful for network operators to avoid the negative impact of anomalies. Anomalies are mainly classified into four categories: Direct intended anomaly, Direct unintended anomaly, Indirect anomaly and Link failure. These all cause different consequences.

Direct Intended BGP Anomaly is defined as all kinds of BGP hijacking. BGP Hijacking means that the attacker changes the transmission route of data from source to the destination according to his idea by operating BGP, to intercept or modify the data. To hijack Internet-level BGP, a boundary router needs to be configured to send notifications containing prefixes that are not assigned to it. If malicious announcements are more specific than legitimate announcements or claim to provide shorter paths, traffic may be directed to the attacker. Attackers often use discarded prefixes to hijack in order not to attract the attention of legitimate owners. By sending notifications containing false prefixes, the attacked router may contaminate the routing information base of other routers，and then polluted routers will infect other more routers, eventually polluting autonomous system or the main Internet. Although it is known that BGP hijacking will bring serious consequences, it is difficult to prevent, which is determined by the characteristics of BGP itself, because BGP does not provide the ability to check the accuracy of routing information.

Direct unintended anomaly refers to the BGP configuration error of router operators and this is a very prone error [4]. BGP configuration errors are usually classified as original configuration errors and export configuration errors. the original configuration error occurs when the operator accidentally announces that they do not own or fail to filter prefixes/prefixes for private AS，and operators accidentally configure BGP policies could lead to export configuration errors.

Indirect anomaly refers to the malicious activities of web components against network components. A typical representative of indirect anomalies is the computer worm, which can infect a large number of vulnerable hosts in a short time.

Link failure is well understood as a failure on the link line. But in some cases, this anomaly will have serious consequences. For example, a failure of a connection link (private or public) or one of the Internet’s cores AS may lead to national or global instability in many AS systems.

B. BGP anomaly detection method

III. State-of-the-art

Please summaries two (five for ECTE982 students) research papers.

IV.    Conclusion

References

[1]    M O. Nicholes and B. Mukherjee, “A survey of security techniques for the border gateway protocol (BGP),” IEEE Communications Surveys & Tutorials, vol. 11, no. 1, pp. 52-65, March. 2009.

[2]    B. Al-Musawi, P. Branch and G. Armitage, “Detecting BGP instability using recurrence quantification analysis (RQA)”, Proc. IEEE 34th international performance computing and communications (IPCCC), pp. 14-16, Dec. 2015.

[3]    X. Shi et. al, “Detecting prefix hijackings in the Internet with Argus”, Proc. ACM Conf. Internet Meas. Conf. (IMC), pp. 15-28, 2012

[4]    B. Al-Musawi, P. Branch and G. Armitage, “BGP anomaly detection techniques: A survey,” Communications Surveys & Tutorials, vol. 19, no. 1, pp. 377-396, Oct. 2016.

