By, Matt Guidry Yashas Shankar

Analyze BGP beacons which are announced and withdrawn, usually within two hour intervals.

The withdraws have an effect on neighboring prefixes and down the line to their neighbors as well. We are conducting analysis on the number of updates that are propagated as a result of these events.

We also analyze the relative convergence period associated with each beacon event and how it is correlated to the number of update messages collected by RouteViews.

3

Internet and Autonomous Systems

AS X AS Y

AS Z

•Autonomous System: a set of routers or networks under the same administration

•Border routers exchange routing updates via Border Gateway Protocol

Assuming all destinations use node B to reach A, and Link A-B fails:

Node B sends a withdraw to node D

Node D sends announcement to C and B and next hop, saying it can reach A through C

Nodes B and C start using backup link C-A to reach A

Here a Single link failure event produced 1 withdraw and 6 announcements.

An unused, globally visible prefix with known Announce/Withdrawal schedule

For long-term, public use for analyzing the behavior of the BGP

Researchers: study BGP dynamics◦ To calibrate and interpret BGP updates◦ To study convergence behavior◦ To analyze routing and data plane interaction

Network operators◦ Serve to debug reachability problems◦ Test effects of configuration changes:

E.g., flap damping setting Less network traffic helps the general

Internet flow faster

Internet

BGP Beacon #1198.133.206.0/24

1:Oregon RouteViews

Stub AS

Upstreamprovider

Upstreamprovider

ISP

ISP

ISP

ISP

Many Observation points:

2. RIPE

ISP

ISP

ISP

ISP

ISPISP

6.Berkeley

4. Verio

3.AT&T

5. MIT

Sendroute update

Active measurement infrastructure

Prefix Src AS

Start date

Upstream provider AS

Beaconhost

Beacon location

198.133.206.0/24

3130 8/10/02 2914, 1239 Randy Bush WA, US

192.135.183.0/24

5637 9/4/02 3701, 2914 Dave Meyer OR, US

203.10.63.0/24 1221 9/25/02 1221 Geoff Huston Australia

198.32.7.0/24 3944 10/24/02

2914, 8001 Andrew Partan

MD, US

192.83.230.0/24

3130 06/12/03

2914, 1239 Randy Bush WA, US

BGP path exploration and a slow convergence in the operational Internet routing system can potentially lead to sever performance problems in data delivery.

This path exploration suggests that some BGP routers, in response to a path failure, may try a number of transient paths before settling and declaring a new best path or declaring a destination unreachable.

This may cause the entire network to take a long time to settle and converge to the final decision, which causes slow routing convergence.

An example of a failed path and resulting path exploration is depicted in figure

To cause these events to occur in predictable and measurable time intervals BGP beacons are used.

This study is conducted by analyzing the BGP log data collected at RouteViews.

The link to this data is at http://www.routeviews.org/.

Routing data collected at the bgp routing tables. The following fields in the routing data were useful to do our analysis.• BGP protocol• Unix time in seconds• Withdraw or Announce• Prefix• AS_PATH• MED• AtomicAGG• AGGREGATOR

5 days of data (from 02/07/2004 to 02/11/2004) with intervals of 2 hrs was analyzed.

Data was then characterized into these categories:• Updates in the routing table caused from genuine

sources (i.e not from the beacons)• Updates in the routing table caused due to the

beacons.• Updates in the routing table caused due to not

employing the route flap damping mechanism.

Data Collected in different tables for intervals of 2 hours for each of the 5

days. Ex for 02/05/2007 data collected between 1-

3 AM, 5-6 AM ….

Total number of Announcements: 262,265,753

Total number Within Withdrawal Periods: 111,357,720

Total Associated with Beacon AS: 10,587,528

Total Number of Distinct Updates: 9,272,232

Number of Repeated Updates: 1,315,296

Number of Updates Sent through 6,336Anchor Prefix:

Used in the BGP to limit the number of announcements sent out by routers.

Keeps a Penalty value associated with every path and whenever that value is above a certain limit, the router will not use that path or propagate updates from that path.

This prevents duplicate messages from being sent out over a short period of time

The Predictor variables were :• The total number of distinct beacon withdrawals• The total number of withdrawals with the anchor prefixes.

The response variable is the total number of beacon withdrawals with the duplicates.

The number of updates sent due to RFD not being set are then predicted from subtracting the response variable with the number of distinct records.

During the regression we got:

• For n = 24• Coefficient of determination as .9864• Thus the regression explains 98.64% of the

variation of the total withdrawals.• Standard deviation of errors as 87.11• The regression passed the F-test

We can notice that here there is no visible trend or clustering of points thus the errors appear to be independent.

From this graph between the error residuals and the experiment number as there are no visible trends, the experiment does not indicate side effects.

From the quantile-quantile graph we can see that there is visible linearity and the errors do seem to be normally distributed.

For any beacon withdrawal there will be some neighbor that sends the associated update first and some neighbor that send the update last, the period between these called the relative convergence period.

For instance: if the first message is received at 1076450513 ( 2004- 02- 10 17:01:53) and the last message is received at 1076450539 ( 2004- 02- 10 17:02:19)

the relative convergence period for this event is 26 seconds

The Predictor variable was :• The total number of beacon withdrawals

The response variable is the Relative Convergence Period.

Through regression we predict the mean of the future Relative Convergence Period.

During the regression we got:

• For n = 24• Mean of Relative Convergence Period is 25.91• Coefficient of determination as .9051• Thus the regression explains 90.51% of the

Relative Convergence Period’s variation.• Standard deviation of errors as 1.32• The regression passed the F-test

The predictions at 90% confidence interval were calculated to be :◦ 27.72529671 ◦ 26.773703

Predicted mean for 5th day = 27.2495

We can notice that here there is no visible trend or clustering of points thus the errors appear to be independent.

From this graph between the error residuals and the experiment number as there are no visible trends, the experiment does not indicate side effects.

Quantile-Quantile graph for the Relative Convergence Period

From the quantile-quantile graph we can see that there is visible linearity and the errors do seem to be normally distributed.

We described the Announce and Withdrawal functions of BGP beacons and how we used them to analyze behaviors of the BGP.

We described how we gathered and processed data from RouteViews

From our analysis we have found the if Route Flap Damping is enabled, less updates are propagated through the BGP.

From our analysis of Relative Convergence Time we predicted the amount of time it would take for an update to propagate through the BGP.