Scribd Logo
Upload

Welcome to Scribd!

  • 25 views

    Sanog8 Aspath Analysis Vijay

    Uploaded by

    nazloen
    This document analyzes autonomous system (AS) paths and examines claims of "tier 1" internet status. It finds that more than two ASNs in a path cannot legitimately claim tier 1 status. Testing a list of transit ASNs reveals anomalies like multiple tier 1 ASNs in paths. Further analysis uncovered inconsistencies like non-contiguous repeats and private/unallocated ASNs being leaked. Adding a candidate AS found no new anomalies, supporting its tier 1 status. Differences between regions were also observed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Sanog8 Aspath Analysis Vijay

    Uploaded by

    nazloen
    25 views24 pages
    This document analyzes autonomous system (AS) paths and examines claims of "tier 1" internet status. It finds that more than two ASNs in a path cannot legitimately claim tier 1 status. Testing a list of transit ASNs reveals anomalies like multiple tier 1 ASNs in paths. Further analysis uncovered inconsistencies like non-contiguous repeats and private/unallocated ASNs being leaked. Adding a candidate AS found no new anomalies, supporting its tier 1 status. Differences between regions were also observed.

    Original Description:

    sanog

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document analyzes autonomous system (AS) paths and examines claims of "tier 1" internet status. It finds that more than two ASNs in a path cannot legitimately claim tier 1 status. Testing a list of transit ASNs reveals anomalies like multiple tier 1 ASNs in paths. Further analysis uncovered inconsistencies like non-contiguous repeats and private/unallocated ASNs being leaked. Adding a candidate AS found no new anomalies, supporting its tier 1 status. Differences between regions were also observed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    25 views24 pages

    Sanog8 Aspath Analysis Vijay

    Uploaded by

    nazloen
    This document analyzes autonomous system (AS) paths and examines claims of "tier 1" internet status. It finds that more than two ASNs in a path cannot legitimately claim tier 1 status. Testing a list of transit ASNs reveals anomalies like multiple tier 1 ASNs in paths. Further analysis uncovered inconsistencies like non-contiguous repeats and private/unallocated ASNs being leaked. Adding a candidate AS found no new anomalies, supporting its tier 1 status. Differences between regions were also observed.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 24

    AS-Path Analysis

    Testing Claims of Tier 1 Status and


    Examining BGP Routing Anomalies

    Version 1.1
    August, 2006
    Vijay Kumar Adhikari
    Gaurab Raj Upadhaya, Bill Woodcock
    Packet Clearing House
    Background
    Autonomous systems which claim tier-1
    status differentiate themselves from
    others by claiming that they do not
    receive transit from any other
    autonomous system.
    Background
    Autonomous systems which do not
    receive transit may reach other ASes by
    selling transit to them or by peering with
    them.
    Background
    All AS-paths take one of two forms:
    One in which the center is an AS which
    provides transit to two down-stream
    ASes:
    7823
    7823 /
    / 1239
    1239 \
    \ 7132
    7132 \
    \ 27291
    27291
    7823
    7823 / 1239
    / 1239 \\ 7132
    7132 \\ 27291
    27291
    7823 / 1239 \ 7132 \ 27291
    Dupont buys Sprint sells SBC sells Frys
    Background
    All AS-paths take one of two forms:
    Or one in which the center is a peering
    session between two ASes, each of
    which provides transit to one down-
    stream AS:
    3856 / 2914 | 1239 \ 7132 \ 27291
    3856
    3856 // 2914
    2914 || 1239
    1239 \\ 7132
    7132 \\ 27291
    27291
    3856
    3856 // 2914
    2914 || 1239
    1239 \\ 7132
    7132 \\ 27291
    27291
    PCH buys Verio peers Sprint sells SBC sells Frys
    Proposition
    Since there can exist no more than one
    peering session in any AS-path,
    No more than two ASNs can make a
    legitimate claim to tier-1 status with
    respect to any valid AS-path.
    Seed-list to test
    For an arbitrary starting-point to test our
    proposition, we took the intersection of
    the lists of most commonly-occurring
    transit ASes from a number of routers:
    701 UUNet / MCI 1239 Sprint
    3356 Level 3 2914 NTT / Verio
    7018 AT&T 6461 MFN
    209 Qwest 2828 XO Communications
    3549 Global Crossing 4637 Reach
    Testing the Proposition
    We find anomalous cases, in which three
    or more ASNs from our test list occur in
    the same AS-path:
    65.215.36.0/24 3549 6221 3356 701 22907
    Global Cybersites Level 3 UUNET
    Crossing
    Leaked Routes
    (more than 2 Tier1 ASNs)

    200

    160

    120

    80

    40

    0
    June 1 June 2 June 3 June 4 June 5 June 6
    More Anomalies
    Inconsistent ASNs

    Non-contiguous Repeats

    Private ASNs

    Unallocated ASNs
    Inconsistent Prefix Announcements
    Examples
    12.33.218.0/24
    Announced by more than 1 ASNs:
    22057, 23181

    12.64.255.0/24
    Announced by more than 1 ASNs:
    4264, 17228, 17229, 17233
    0
    12
    24
    36
    48
    60
    A
    S
    A 48
    S2 08
    A 925
    S
    A 70 7
    S1 18
    A 91
    S1 5
    7
    A 911
    S6 5
    A 140
    A S70
    S3 1
    A 05
    S2 3
    3
    A 391
    S
    A 47 8
    S1 55
    A 859
    S8 2
    A 15
    S1 1
    A 23
    S9 9
    A 39
    S3 4
    A 356
    S
    A 17
    S 4
    A 20
    S1 48
    A 13
    S1 4
    0
    A 002
    S
    A 41 9
    S1 34
    A 777
    S9 2
    A 81
    S 1
    A 64
    S3 53
    A 36
    S1 9
    86 7
    18
    Inconsistent Prefix Announcements
    Inconsistent Prefix Announcements
    1500

    1200

    900

    600

    300

    0
    June 1 June 2 June 3 June 4 June 5 June 6
    Non-contiguous Repeats
    Examples:

    1299 7018 12163 12163 12162 12163 12163 12163 12163


    7018 65000 65001 7018 1239 4648 2764 9837 9476
    11608 13768 21548 21548 21548 21548 7018 21548 36231
    Non-contiguous Repeats
    3500

    2800

    2100

    1400

    700

    0
    June 1 June 2 June 3 June 4 June 5 June 6
    0
    300
    600
    900
    1200
    1500
    A
    S9
    A 49
    S4 8
    A 80
    S3 2
    A 26
    S1 7
    A 21
    S1 63
    A 469
    S8 7
    A 69
    S7 7
    A 01
    S3 8
    A 281
    S9 4
    A 05
    S3 0
    A 00
    S1 71
    A 853
    S8 4
    A 55
    S3 3
    A 237
    S7 4
    Non-contiguous Repeats

    A 10
    S3 6
    A 90
    S3 66
    02
    78
    Private AS Number Leak

    7018 65000 65001 7018 1239 4648 2764 9837 9476


    14608 19029 2516 65000 4134
    0
    3
    6
    9
    12
    15
    A
    S3
    A 43
    S2 8
    3
    A 41
    S1 4
    2 1
    A 7 8
    S6 6
    A 45
    S 3
    A 329
    S3 2
    A 12
    S2 1
    6
    A 77
    S1 5
    0
    A 54
    S1 4
    2 4
    A 5 9
    S8 6
    A 55
    S5 1
    A 42
    S 8
    A 451
    S1 3
    A 285
    S 9
    A 325
    S1 7
    A 25
    S1 8
    2
    A 088
    S8 6
    0
    A 01
    S
    A 57
    S8
    A 190
    S2
    A 93
    S
    A 290
    Private AS Number Leak

    S2 1
    A 71
    S2 8
    2
    A 19
    S1 4
    85 7
    92
    Private AS Number Leak
    600

    450

    300

    150

    0
    June 1 June 2 June 3 June 4 June 5 June 6
    Using and Leaking Unallocated ASN
    24587 is the only ASN leaking an unallocated ASN
    81.17.39.128/27 3333 24587 64500

    5
    4
    3
    2
    1
    0
    June 1 June 2 June 3 June 4 June 5 June 6
    Adding a Candidate
    The arbitrary method by which we
    seeded our list does not find content
    providers, only transit providers.

    ATDN is reputed to be tier-1 so we can


    test our proposition by adding them, and
    checking to see whether this yields
    additional anomalies...
    Adding a Candidate
    Adding ATDN (AOL Transit Data
    Network) to our list yields no additional
    observed anomalies. Thus theyre
    probably fairly tier-1.
    Regional Differences
    Reach was included in our seed list because
    it appeared frequently in Asian routing
    tables.

    Looking only at Asian routing tables, Reach


    does not generate a significant number of
    anomalies.

    Therefore, Reach is tier-1 within the Asian


    region, but not globally.
    Thanks, and Questions?

    Copies of this presentation can be found


    in PDF format at:

    http:// www.pch.net / resources / papers / bgp-aspath-analysis /

    Vijay Kumar Adhikari


    Gaurab Raj Upadhaya
    Bill Woodcock

    bgp-anomalies@pch.net

    You might also like