The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior Articles uri icon

publication date

  • April 2016

start page

  • 1237

end page

  • 1250

issue

  • 2

volume

  • 24

international standard serial number (ISSN)

  • 1063-6692

electronic international standard serial number (EISSN)

  • 1558-2566

abstract

  • In this paper, we propose the BGP Visibility Toolkit, a system for detecting and analyzing anomalous behavior in the Internet. We show that interdomain prefix visibility can be used to single out cases of erroneous demeanors resulting from misconfiguration or bogus routing policies. The implementation of routing policies with BGP is a complicated process, involving fine-tuning operations and interactions with the policies of the other active ASes. Network operators might end up with faulty configurations or unintended routing policies that prevent the success of their strategies and impact their revenues. As part of the Visibility Toolkit, we propose the BGP Visibility Scanner, a tool which identifies limited visibility prefixes in the Internet. The tool enables operators to provide feedback on the expected visibility status of prefixes. We build a unique set of ground-truth prefixes qualified by their ASes as intended or unintended to have limited visibility.

keywords

  • anomaly detection; bgp; internet measurement; machine assembly