Pretty good BGP: Improving BGP by cautiously adopting routes

Josh Karlin, Stephanie Forrest, Jennifer Rexford

Research output: Chapter in Book/Report/Conference proceedingConference contribution

108 Citations (Scopus)

Abstract

The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocolpreserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large-scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40% of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.

Original languageEnglish (US)
Title of host publicationProceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006
Pages290-299
Number of pages10
DOIs
StatePublished - Dec 1 2006
Externally publishedYes
Event14th IEEE International Conference on Network Protocols, ICNP 2006 - Santa Barbara, CA, United States
Duration: Nov 12 2006Nov 15 2006

Other

Other14th IEEE International Conference on Network Protocols, ICNP 2006
CountryUnited States
CitySanta Barbara, CA
Period11/12/0611/15/06

Fingerprint

Internet protocols
Routing protocols
Routers
Repair
Internet

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Karlin, J., Forrest, S., & Rexford, J. (2006). Pretty good BGP: Improving BGP by cautiously adopting routes. In Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006 (pp. 290-299). [4110301] https://doi.org/10.1109/ICNP.2006.320179

Pretty good BGP : Improving BGP by cautiously adopting routes. / Karlin, Josh; Forrest, Stephanie; Rexford, Jennifer.

Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006. 2006. p. 290-299 4110301.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Karlin, J, Forrest, S & Rexford, J 2006, Pretty good BGP: Improving BGP by cautiously adopting routes. in Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006., 4110301, pp. 290-299, 14th IEEE International Conference on Network Protocols, ICNP 2006, Santa Barbara, CA, United States, 11/12/06. https://doi.org/10.1109/ICNP.2006.320179
Karlin J, Forrest S, Rexford J. Pretty good BGP: Improving BGP by cautiously adopting routes. In Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006. 2006. p. 290-299. 4110301 https://doi.org/10.1109/ICNP.2006.320179
Karlin, Josh ; Forrest, Stephanie ; Rexford, Jennifer. / Pretty good BGP : Improving BGP by cautiously adopting routes. Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006. 2006. pp. 290-299
@inproceedings{001c188e5a314aba94fafda5494397e2,
title = "Pretty good BGP: Improving BGP by cautiously adopting routes",
abstract = "The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocolpreserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large-scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99{\%} of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40{\%} of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1{\%}. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.",
author = "Josh Karlin and Stephanie Forrest and Jennifer Rexford",
year = "2006",
month = "12",
day = "1",
doi = "10.1109/ICNP.2006.320179",
language = "English (US)",
isbn = "1424405939",
pages = "290--299",
booktitle = "Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006",

}

TY - GEN

T1 - Pretty good BGP

T2 - Improving BGP by cautiously adopting routes

AU - Karlin, Josh

AU - Forrest, Stephanie

AU - Rexford, Jennifer

PY - 2006/12/1

Y1 - 2006/12/1

N2 - The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocolpreserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large-scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40% of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.

AB - The Internet's interdomain routing protocol, BGP, is vulnerable to a number of damaging attacks, which often arise from operator misconfiguration. Proposed solutions with strong guarantees require a public-key infrastructure, accurate routing registries, and changes to BGP. However, BGP routers can avoid selecting and propagating these routes if they are cautious about adopting new reachability information. We describe a protocolpreserving enhancement to BGP, Pretty Good BGP (PGBGP), that slows the dissemination of bogus routes, providing network operators time to respond before problems escalate into large-scale Internet attacks. Simulation results show that realistic deployments of PGBGP could provide 99% of Autonomous Systems with 24 hours to investigate and repair bogus routes without affecting prefix reachability. We also show that without PGBGP, 40% of ASs cannot avoid selecting bogus routes; with PGBGP, this number drops to less than 1%. Finally, we show that PGBGP is incrementally deployable and offers significant security benefits to early adopters and their customers.

UR - http://www.scopus.com/inward/record.url?scp=44049101942&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=44049101942&partnerID=8YFLogxK

U2 - 10.1109/ICNP.2006.320179

DO - 10.1109/ICNP.2006.320179

M3 - Conference contribution

AN - SCOPUS:44049101942

SN - 1424405939

SN - 9781424405930

SP - 290

EP - 299

BT - Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006

ER -