ABSTRACT
It is well-known that simple, accidental BGP configuration errors can disrupt Internet connectivity. Yet little is known about the frequency of misconfiguration or its causes, except for the few spectacular incidents of widespread outages. In this paper, we present the first quantitative study of BGP misconfiguration. Over a three week period, we analyzed routing table advertisements from 23 vantage points across the Internet backbone to detect incidents of misconfiguration. For each incident we polled the ISP operators involved to verify whether it was a misconfiguration, and to learn the cause of the incident. We also actively probed the Internet to determine the impact of misconfiguration on connectivity.Surprisingly, we find that configuration errors are pervasive, with 200-1200 prefixes (0.2-1.0% of the BGP table size) suffering from misconfiguration each day. Close to 3 in 4 of all new prefix advertisements were results of misconfiguration. Fortunately, the connectivity seen by end users is surprisingly robust to misconfigurations. While misconfigurations can substantially increase the update load on routers, only one in twenty five affects connectivity. While the causes of misconfiguration are diverse, we argue that most could be prevented through better router design.
- C. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessens, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra. Routing Policy Specification Language (RPSL). RFC 2622, IETF, June 1999. Google ScholarDigital Library
- T. Bates. The CIDR Report. http://www.employees.org/tbates/cidr-report.html.Google Scholar
- A. Brown and D. A. Patterson. Embracing Failure: A Case for Recovery-Oriented Computing (ROC). In High Performance Transaction Processing Symposium, Oct. 2001.Google Scholar
- N. Brownlee, kc Claffy, and E. Nemeth. DNS Measurements at a Root Server. In Globecom, Nov. 2001.Google ScholarCross Ref
- E. Chen and T. Bates. An Application of the BGP Community Attribute in Multi-home Routing. RFC 1998, IETF, Aug. 1996. Google ScholarDigital Library
- J. M. Christensen and J. M. Howard. Field Experience in Maintenance. In NATO Symposium on Human Detection and Diagnosis of System Failures, 1981.Google Scholar
- Cisco Documentation. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/icsbgp4.htm.Google Scholar
- T. Cormen, C. Leiserson, and R. Rivest. Introduction to Algorithms. McGraw Hill, 1993. Google ScholarDigital Library
- J. Cowie, A. Ogielski, B. Premore, and Y. Yuan. Global Routing Instabilities during Code Red II and Nimda Worm Propagation. http://www.renesys.com/projects/bgp_instability.Google Scholar
- P. B. Danzig, K. Obraczka, and A. Kumar. An Analysis of Wide-area Name Server Traffic: A Study of the Domain Name System. In ACM SIGCOMM, Sep. 2000. Google ScholarDigital Library
- D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code. In SOSP, Oct. 2001. Google ScholarDigital Library
- J. Farrar. C & W Routing Instability. NANOG mail archives. http://www.merit.edu/mail.archives/nanog/2001-04/msg00209.html.Google Scholar
- A. Feldmann and J. Rexford. IP Network Configuration for Intradomain Traffic Engineering. IEEE Network Magazine, Sep. 2001. Google ScholarDigital Library
- L. Gao. On Inferring Autonomous System Relationships in the Internet. In IEEE Global Internet Symposium, Nov. 2000.Google Scholar
- J. Gray. Why Do Computers Stop and What Can Be Done About It? Technical Report 85.7, Tandem Computers, June 1985.Google Scholar
- J. Gray. A Census of Tandem System Availability Between 1985 and 1990. Technical Report 90.1, Tandem Computers, Jan. 1990.Google Scholar
- B. Greene and P. Smith. Essential IOS Features Every ISP Should Consider (v 2.9), June 2001.Google Scholar
- T. Griffin and G. T. Wilfong. An Analysis of BGP Convergence Properties. In ACM SIGCOMM, pages 277--288, Aug. 1999. Google ScholarDigital Library
- G. Huston. BGP Table Statistics. http://www.telstra.net/ops/bgp/index.html.Google Scholar
- IPMA Project. http://www.merit.edu/ipma/.Google Scholar
- B. H. Kantowitz and R. D. Sorkin. Human Factors: Understanding People-System Relationships. Wiley, 1983.Google Scholar
- S. Kent, C. Lynn, and K. Seo. Secure Border Gateway Protocol (Secure-BGP). IEEE JSAC, 18(4), Apr. 2000. Google ScholarDigital Library
- T. Kernen. Traceroute.org. http://www.traceroute.org/.Google Scholar
- C. Labovitz, A. Ahuja, A. Bose, and F. Jahanian. Delayed Internet Routing Convergence. In ACM SIGCOMM, Sep. 2000. Google ScholarDigital Library
- C. Labovitz, A. Ahuja, and F. Jahanian. Experimental Study of Internet Stability and Wide-Area Network Failures. In Fault-Tolerant Computing Symposium (FTCS), June 1999. Google ScholarDigital Library
- C. Labovitz, G. R. Malan, and F. Jahanian. Origins of Internet Routing Instability. In IEEE INFOCOM, June 1999.Google ScholarCross Ref
- N. G. Leveson. Safeware: System Safety and Computers. Addison-Wesley, 1995. Google Scholar
- O. Maennel and A. Feldman. Realistic BGP traffic for test labs. In ACM SIGCOMM, Aug. 2002. Google ScholarDigital Library
- C. D. Marsan. Faster 'Net growth rate raises fears about routers. http://www.nwfusion.com/news/2001/0402routing.html, Apr. 2001.Google Scholar
- D. Meyer. RouteViews Project. http://www.routeviews.org.Google Scholar
- S. A. Misel. Wow, AS7007! NANOG mail archives. http://www.merit.edu/mail.archives/nanog/1997-04/msg00340.html.Google Scholar
- D. A. Norman. Design Rules Based on Analyses of Human Error. Communications of the ACM, 1983. Google ScholarDigital Library
- J. Reason. Human Error. Cambridge University Press, 1990.Google Scholar
- Y. Rekhter and T. Li. A Border Gateway Protocol 4 (BGP-4). RFC 1771, IETF, Mar. 1995. Google ScholarDigital Library
- Y. Rekhter, B. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear. Address Allocation for Private Internets. RFC 1918, IETF, February 1996. Google ScholarDigital Library
- Routing registry consistency check. http://www.ripe.net/ripe/docs/rr-consistencycheck.html, Dec. 2001.Google Scholar
- J. Senders and N. Moray. Human Error: Cause, Prediction and Reduction. LEA Publishers, 1991.Google Scholar
- Skitter project. http://www.caida.org/tools/measurement/skitter/.Google Scholar
- J. Stone and C. Partridge. When the Checksum and the Data Disagree. In ACM SIGCOMM, Aug. 2000.Google ScholarCross Ref
- K. Varadhan, R. Govindan, and D. Estrin. Persistent Route Oscillations in Inter-Domain Routing. Computer Networks, 32(1), 1999.Google Scholar
- X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang. An Analysis of BGP Multiple Origin AS (MOAS) Conflicts. In ACM SIGCOMM Internet Measurement Workshop, Nov. 2001. Google ScholarDigital Library
Index Terms
- Understanding BGP misconfiguration
Recommendations
Understanding BGP misconfiguration
Proceedings of the 2002 SIGCOMM conferenceIt is well-known that simple, accidental BGP configuration errors can disrupt Internet connectivity. Yet little is known about the frequency of misconfiguration or its causes, except for the few spectacular incidents of widespread outages. In this paper,...
Detecting BGP Misconfiguration for BGP/MPLS VPNs
PDCAT '05: Proceedings of the Sixth International Conference on Parallel and Distributed Computing Applications and TechnologiesIn BGP/MPLS VPNs, Border Gateway Protocol (BGP) is used to exchange Virtual Private Network (VPN) routing information throughout the provider network consisting of Autonomous Systems (ASes). Configuration errors in BGP/MPLS VPNs can increase Autonomous ...
An online scheme for the isolation of BGP misconfiguration errors
Being the primary interdomain routing protocol, border gateway protocol (BGP) is the singular means of path establishment across the Internet. Therefore, misconfiguration errors in BGP routers result in failure to establish paths which in turn can cause ...
Comments