A comparative study on IP prefixes and their origin ases in BGP and the IRR

Khan, Akmal; Kim, Hyunchul; Kwon, Taekyoung; Choi, Yanghee

doi:10.1145/2500098.2500101

Cited by 12 publications

(8 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We observe 686 unique ASes from LG servers while IRL has only 181 unique ASes. There are around 6.2 K unique ASes in the IRR; mostly from RIPE and APNIC regions suggesting the popularity of the IRR usage in these regions [17]. We do not find any unique ASes in Ark, which suggests their accurate use of the BGP traces since Ark relies on BGP traces from RouteViews to convert IP-to-AS paths collected from traceroute measurements.…”

Section: Overlapping/unique As Linksmentioning

confidence: 74%

“…On further investigation, we find that these ASes were not operational in BGP in the month of We check the RIR wise distribution of these 686 new ASes found from the LG servers, and find that 548 ASes are operational in ARIN, 71 in RIPE, 31 in APNIC, 28 in LACNIC, and 8 in AfriNIC. Most of the ASes are from the ARIN region, possibly due to the lower popularity of the IRR registration practice in that region, compared with the RIPE and APNIC ones [17]. We also check the length of IP prefixes announced by the new 686 ASes to find that 90% of the ASes announce IP prefixes of length between /19 and /24, which suggests that these IP prefixes are possibly aggregated by their provider ASes.…”

Section: Overlapping/unique As Linksmentioning

confidence: 99%

“…Second, traceroute-based datasets suffer from limited vantage points, selectively probing prefixes, IPto-AS mapping issues [15,16], and can not discover backup links [20]. Finally, many of the ASes, except in the RIPE region, do not actively use the IRR to register their routing policy related information [17,36]. Thus, topology collection from LG servers result in discovering otherwise unobserved part of the Internet as LG servers provide new BGP feeders from geographically diverse locations in the Internet.…”

Section: Overlapping/unique As Linksmentioning

confidence: 99%

“…Request permissions from permissions@acm.org. There have been three main approaches to construct the AS topology, each of which has its own limitations: (i) passive measurements by collecting BGP routing tables and updates [18] suffer from routing policy filters and best path selection decisions made by the neighboring ASes of BGP collectors [22], (ii) active measurements using traceroute [14,19] are error-prone and generate potentially false AS links due to non-responsive hosts or errors in converting IP addresses to AS numbers (IP-to-AS mapping) [15,16], and (iii) Internet routing registry (IRR) [21] is known to have incomplete and/or outdated information and possibly biased towards RIPE region [6,17].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

AS-level topology collection through looking glass servers

Khan

Kwon

Kim

et al. 2013

Proceedings of the 2013 Conference on Internet Measurement Conference

Self Cite

View full text Add to dashboard Cite

While accurate and complete modeling of the Internet topology at the Autonomous System (AS) level is critical for future protocol design, performance evaluation, simulation and analysis, still it remains a challenge to construct its accurate representation. In this paper, we collect BGP route announcements of ASes from Looking glass (LG) servers. By querying LG servers, we build an AS topology estimate of around 116 K AS links, from which we discover 11 K new AS links and 686 new ASes. We conclude that collecting BGP traces from LG servers can help enhance the current view of the AS topology from the BGP collector projects (e.g., RouteViews).

show abstract

Section: Overlapping/unique As Linksmentioning

confidence: 74%

Section: Overlapping/unique As Linksmentioning

confidence: 99%

Section: Overlapping/unique As Linksmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

AS-level topology collection through looking glass servers

Khan

Kwon

Kim

et al. 2013

Proceedings of the 2013 Conference on Internet Measurement Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…The various IRR databases are managed by several independent organizations, including ISPs, RIRs and others [51]. However, not all address space is registered in some registry (only around 50% according to [87]) and information in these registries is known to be significantly inaccurate [52]. Many IRRs allow their participants to introduce essentially any route object without further validation [88].…”

Section: Resource Certification and Enforcementmentioning

confidence: 99%

A Primer on IPv4 Scarcity

Richter

Allman

Bush³

et al. 2015

SIGCOMM Comput. Commun. Rev.

View full text Add to dashboard Cite

With the ongoing exhaustion of free address pools at the registries serving the global demand for IPv4 address space, scarcity has become reality. Networks in need of address space can no longer get more address allocations from their respective registries.In this work we frame the fundamentals of the IPv4 address exhaustion phenomena and connected issues. We elaborate on how the current ecosystem of IPv4 address space has evolved since the standardization of IPv4, leading to the rather complex and opaque scenario we face today. We outline the evolution in address space management as well as address space use patterns, identifying key factors of the scarcity issues. We characterize the possible solution space to overcome these issues and open the perspective of address blocks as virtual resources, which involves issues such as differentiation between address blocks, the need for resource certification, and issues arising when transferring address space between networks.

show abstract

Detecting and analyzing border gateway protocol blackholing activity

Farasat

Khan

2020

Int J Network Mgmt

Self Cite

View full text Add to dashboard Cite

Summary DDoS attack is a traditional malicious attempt to make an authorized system or service inaccessible. Currently, BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to protect from DDoS attacks. BGP enables blackholing by leveraging the BGP community attribute. This paper presents the analysis of BGP blackholing activity and propose a machine learning‐based mechanism to detect BGP blackholing activity. In BGP blackholing analysis, we find that many networks, including Internet service providers (ISPs) and Internet exchange points (IXPs), offer BGP blackholing service to their customers. We collect networks' blackhole communities and make BGP blackhole communities dictionary. Within 3‐month period (from August to October, 2018), we find a significant number of BGP blackhole announcements (97,532) and distinct blackhole prefixes (8,120). Most of the blackhole prefixes are IPv4 (99.1%). Among IPv4 blackhole prefixes, mostly are /32 (79.9%). The daily patterns of BGP blackholing highlight that there is a variable number of blackhole announcements and distinct blackhole prefixes every day. Furthermore, we apply machine learning techniques to design a BGP blackholing detection mechanism based on support vector machine (SVM), decision tree, and long short‐term memory (LSTM) classifiers. The results are compared based on accuracy and F‐score. Experimental results show that LSTM achieves the best classification accuracy of 95.9% and F‐score of 97.2%. This work provides insights for network operators and researchers interested in BGP blackholing service and DDoS mitigation in the Internet.

show abstract

A comparative study on IP prefixes and their origin ases in BGP and the IRR

Cited by 12 publications

References 14 publications

AS-level topology collection through looking glass servers

AS-level topology collection through looking glass servers

A Primer on IPv4 Scarcity

Detecting and analyzing border gateway protocol blackholing activity

Contact Info

Product

Resources

About