This paper presents a quantitative study on BGP misconfigurations. Specifically, it focuses on the frequency of misconfiguration and its impact to global connectivity and routing load, causes of misconfigurations, and some proposed resolution to reduce frequency and impact.
The paper starts off with an overview of BGP. BGP is a path vector routing and policy based protocol used by autonomous systems to exchange routing information with each other. This protocol is used to ensure connectivity of customers to the Internet. However misconfiguration of BGP may result in network outages, isolation of web-based services, and redirection of traffic to different paths. The authors categorized BGP misconfigurations into two: origin misconfiguration and export misconfiguration. Origin misconfiguration happens when AS accidentally injects a prefix into global BGP tables. This includes failure of summarizing an address space, hijacking, and propagating private network prefixes. Export misconfiguration, on the other hand, is more inclined to policy violation of one of the ASes in the AS-path. The authors choose to focus on these two kinds of misconfigurations because they have the greatest potential to disrupt connectivity in the network.
To analyze these misconfigurations, the authors used RouteView’s BGP listener. They identified misconfigurations based on short-lived changes that lasts less than a day. To further understand the nature of these short-lived routes, the misconfigurations were further classified into various categories such as self-deaggregation, related origin, and foreign origin for origin misconfiguration. For export misconfiguration, since the AS relationships are closely guarded secrets by commercial ASes, they used Gao’s inference on AS relationship and commonly observed behaviors. With this, they also classified export misconfiguration into four categories: Provider-AS-Provider, Provider-AS-Peer, Peer-AS-Provider, and Peer-AS-peer.
Aside from just observing the data from the BGP listener, they also conducted email surveys to operators and conducted connectivity testing. The email survey is to disambiguate the intentions of the network provider and the connectivity testing was used to verify the results of the email surveys.
Result shows that at least 72% of new routes seen by routers are short-lived, meaning, they can be results of misconfiguration. The results also show 0.2-1% of the global table size suffer from misconfiguration each day. The routing load also shoots up to 60% for extreme cases, however, connectivity was found to be robust to these misconfigurations.
After measuring the extent of misconfiguration in the network, the author tried to find the causes of these misconfiguration. They found out that most misconfiguration are due to human error whether in execution (slips) or in the plan (mistakes). They also uncovered potential bug in the software of major router vendors. They also found out that common practice that led to undesired behavior during failures were the ultimate cause of export misconfiguration.
Lastly, the authors proposed techniques to lessen BGP misconfiguration. First they proposed user interface to lessen human error instead of command line interfaces. Next is to create software to check routing policies and database consistency. Lastly, they propose to extend the BGP protocol to prevent misconfiguration.
- The authors described difficulties they encounter in their data gathering and analysis and they were honest enough to discuss possible inaccuracies in their work.
- They were also optimistic and their proposed solution is now being used in software defined networks (SDN).
- Tables and graphs were helpful in summarizing the discussion.
- Flow of discussion is easy to follow.