Both ‘Valid’ and ‘Invalid (Length)’ categories together make up around 75% of all HSPs, which underlines that HSPs are not majorly associated with BGP prefix hijacks. The ‘Invalid (Origin)’ category contains only a small portion of the HSPs. The ‘Invalid (Length)’ category is the largest in IPv4 and IPv6. Invalid (Both): Neither prefix nor origin-AS matches the ROA entryĪs can be seen in Figure 3, we found a higher share of valid ROA entries for IPv6 (right) compared to IPv4 (left).Invalid (Origin): Matching prefix, but invalid origin-AS. ![]() Invalid (Length): Matching origin-AS, but invalid prefix length.We classified HSPs according to their Route Origin Validation (ROV) status into the following categories: We checked each HSP and its origin-AS against Route Origin Authorization (ROA) records using RPKI data. One protocol that aims at hindering prefix hijack attacks is the Resource Public Key Infrastructure (RPKI). Next, we wanted to understand whether HSPs are associated with prefix hijacks or not. The small fraction of /113 – /128 HSP CIDR sizes are possibly associated with IPv6 BGP blackholing. The second largest group is the /29 – /30 CIDR size, a CIDR size used mainly by routing infrastructure (such as peering subnets).įor IPv6 (right), we observed that /49 – /64 is the dominant CIDR size, which we associate with address block assignment. For IPv4 (left), the /31 – /32 group forms the largest group of HSPs, which hints that possibly many IPv4 HSPs are associated with BGP blackholing. ![]() To identify the possible function of HSP, we used the fact that particular Classless Inter-Domain Routing (CIDR) sizes - the size of a prefix - can hint at the use case of HSPs.įigure 2 shows the number of HSPs, coloured by their respective CIDR size over time. We wanted to know whether HSPs are the result of an accidental internal route leakage due to configuration errors or if network operators intentionally advertise HSPs to the public Internet. Even though most of the HSPs propagate only locally (that is, to a few ASes), others are globally visible. We observed that some HSPs have a life span of less than a week, while others are visible throughout the year. The colour (or heat) of a cell represents the number of HSPs within it (using the log10 scale). ![]() Every heatmap cell represents 10 feeder ASes on the y-axis and two weeks duration on the x-axis. In Figure 1, the y-axis shows the visibility of an HSP (the maximum number of peer ASes that saw the prefix), and the x-axis represents the consistency (the duration of time an HSP was visible). Figure 1 - Heatmap showing HSP visibility and consistency for IPv4 (left) and IPv6 (right). We analysed BGP Routing Information Bases (RIBs) and updates for the entire year of 2020 and plotted them in Figure 1 with IPv4 (left) and IPv6 (right) heatmaps. Life span and propagation of HSPsįirst, we looked at how long HSPs are visible and how far they propagate in terms of the number of the peer ASes shown on route collectors. Using 11+ years of BGP data from these route collector projects, we at the Max-Planck Institute for Informatics took a closer look ( paper) at the prevalence of HSPs in the Internet to understand why they can be seen by collectors, and how we might handle them in the future. In reality, the route collectors from RIPE RIS and Routeviews saw around 100,000 IPv4 and 10,000 IPv6 HSPs (approximately 1/10 of all the prefixes they see) by the end of 2021. In theory, HSPs shall not appear in the public Internet routing ecosystem. We refer to the prefixes /25 to /32 in IPv4 and /49 to /128 in IPv6 as hyper-specific prefixes (HSPs). ![]() The BGP guidelines recommend rigorous filtering of prefixes more specific than /24 in IPv4 and /48 in IPv6. BGP configured routers can accept or reject incoming announcements based on their attributes, for example, their prefix, AS-PATH, or its attached BGP communities. These ASes use the Border Gateway Protocol (BGP) to announce ranges of contiguous address space - also referred to as prefixes - to their peers. Today’s Internet is made up of interconnected Autonomous Systems (ASes).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |