BGP Zombies: an Analysis of Beacons Stuck Routes

Abstract : Network operators use the Border Gateway Protocol (BGP) to control the global visibility of their networks. When withdrawing an IP prefix from the Internet, an origin network sends BGP withdraw messages, which are expected to propagate to all BGP routers that hold an entry for that IP prefix in their routing table. Yet network operators occasionally report issues where routers maintain routes to IP prefixes withdrawn by their origin network. We refer to this problem as BGP zombies and characterize their appearance using RIS BGP beacons, a set of prefixes withdrawn every four hours.Across the 27 monitored beacon prefixes, we observe usually more than one zombie outbreak per day.But their presence is highly volatile, on average a monitored peer misses 1.8% withdraws for an IPv4 beacon (2.7% for IPv6). We also discovered that BGP zombies can propagate to other ASes, for example, zombies in a transit network are inevitably affecting its customer networks. We employ a graph-based semi-supervised machine learning technique to estimate the scope of zombies propagation, and found that most of the observed zombie outbreaks are small (i.e. on average 10% of monitored ASes for IPv4 and 17% for IPv6). We also report some large zombie outbreaks with almost all monitored ASes affected.
Complete list of metadatas

https://hal.inria.fr/hal-01970596
Contributor : Paulo Gonçalves <>
Submitted on : Wednesday, January 23, 2019 - 10:23:54 AM
Last modification on : Tuesday, April 9, 2019 - 2:23:05 PM

File

zombie_cr_pam2019.pdf
Files produced by the author(s)

Identifiers

Citation

Romain Fontugne, Esteban Bautista, Colin Petrie, Yutaro Nomura, Patrice Abry, et al.. BGP Zombies: an Analysis of Beacons Stuck Routes. PAM 2019 - 20th Passive and Active Measurements Conference, Mar 2019, Puerto Varas, Chile. pp.197-209, ⟨10.1007/978-3-030-15986-3_13⟩. ⟨hal-01970596⟩

Share

Metrics

Record views

129

Files downloads

203