Dongkee LEE (dklee@an.kaist.ac.kr) 1

Understanding BGP MisconfigurationUnderstanding BGP Misconfiguration

Ratul Mahajan, David Wetherall, Tom Anderson

Dongkee LEE (dklee@an.kaist.ac.kr) 2

Overview.Overview.

Motivation

Misconfigurations Impact of Misconfiguations Methodology

Results

Dongkee LEE (dklee@an.kaist.ac.kr) 3

MotivationMotivation

BGP instabilities have widespread impact.

200-1200 prefixes (0.2-1.0% of the BGP table size) suffering from misconfiguration each day.

Close to 3 in 4 of all new prefix advertisements wereresults of misconfiguration.

Dongkee LEE (dklee@an.kaist.ac.kr) 4

MotivationMotivation

Misconfigurations can be a leading cause of unreliability. BGP is complex to configure.

How frequently do these misconfigurations occur?

What is their impact on global connectivity and routing load?

Why do the misconfigurations occur?

What can be done to reduce their frequency and impact?

Dongkee LEE (dklee@an.kaist.ac.kr) 5

Origin MisconfigurationsOrigin Misconfigurations Unintentional insertion of a route into the global BGP ta

bles.

Classification of origin misconfigurations.

Dongkee LEE (dklee@an.kaist.ac.kr) 6

Export MisconfigurationsExport Misconfigurations The AS-path is in violatoin of the policies of one the AS

es in the path.

Violating the valley free condition or contain multiple peering edges as probable export misconfigurations.

Dongkee LEE (dklee@an.kaist.ac.kr) 7

Impact of MisconfigurationsImpact of Misconfigurations Routing load.

Unnecessary BGP updates.

Connectivity disruption.

Policy violation.

Dongkee LEE (dklee@an.kaist.ac.kr) 8

MethodologyMethodology

RouteViews data. (23 peers in 19 Ases)

Identify short-lived (< 24hours) changes as potential misconfigurations.

length of time a new route lasted in the BGP table.

45% of changes lastless than 1 day.

30% of them lasted more than 7 days.

Dongkee LEE (dklee@an.kaist.ac.kr) 9

MethodologyMethodology

For origin misconfigurationsUse historical BGP data from the previous day to determinehow long a new route lasted.

Classify the new routes into …self deaggregation, related origin, foreign origin.

For export misconfigurationsBased on the inferred AS relationships, identify AS-paths withshort-lived subpaths that violate the valley free condition.

Dongkee LEE (dklee@an.kaist.ac.kr) 10

MethodologyMethodology

Email SurveyIt’s not necessary that all short-lived changes are misconfigurations.

Testing Connectivity.Determine the extent of disruption due to misconfigurations. Download the current BGP table from RouteViews.For all the suspect route in the table, it checked if the prefix wa

s reachable from various vantage points in the network.

Dongkee LEE (dklee@an.kaist.ac.kr) 11

Results Results

Cause of Origin misconfiguration

Faulty redistribution (32% prefixes, 5% incidents). Initialization bug (22%, 5%).

Reliance on upstream filtering (14%, 46%). Announcing routes assuming upstream would filter them.

Hijacks (1%, 6%) Announcing somebody else’s address space.

Old configuration (1%, 4%)

Dongkee LEE (dklee@an.kaist.ac.kr) 12

Results Results

Cause of Export misconfiguration Prefix based config (8% path, 22% incidents).

Intended policy: Provide transit to C through A-CConfigured policy: Export all routes originated by C to P1

and P2

Old configuration (2%, 4%) Initialization bug (1%, 4%). Forgotten filter (8% 7%). Bad ACL or route map (34%, 4%) Typo (12%, 6%).

P1 P2

A

C

Dongkee LEE (dklee@an.kaist.ac.kr) 13

Results Results

Connectivity is surprisingly robust to most misconfigutaions. it was affected in only 4% of the misconfigured announcemen

t. 13% of incidents)

But routing load can be significant. It was more than 10% of the total update load, And it went higher than 60% of the total update load.

Dongkee LEE (dklee@an.kaist.ac.kr) 14

Fixes Fixes

Improve User Interfaces.

Configuration Checker.

Automated verication.

Consistent databases and updated registries.

Dongkee LEE (dklee@an.kaist.ac.kr) 15

The END