inferring country level transit influence of autonomous
play

Inferring Country-Level Transit Influence of Autonomous Systems - PDF document

Inferring Country-Level Transit Influence of Autonomous Systems Alexander Gamero-Garrido * , Esteban Carisimo 3* , Shuai Hao * , Bradley Hufgaker * , kc clafgy * , Alex C. Snoeren 2 , Alberto Dainotti * , and Amogh Dhamdhere * * CAIDA/UC San Diego


  1. Inferring Country-Level Transit Influence of Autonomous Systems Alexander Gamero-Garrido * , Esteban Carisimo 3* , Shuai Hao * , Bradley Hufgaker * , kc clafgy * , Alex C. Snoeren 2 , Alberto Dainotti * , and Amogh Dhamdhere * * CAIDA/UC San Diego 3 Universidad de Buenos Aires, CONICET 2 UC San Diego ABSTRACT to infer country-level transit infmuence from these BGP mea- surements and address four major technical challenges. We tackle the problem of identifying the most infmuential The fjrst challenge is that BGP data collection is heav- transit providers in each country that may have the poten- ily biased towards paths seen from the (small sample of) tial to observe, manipulate or disrupt Internet traffjc fmowing monitor ASes. As monitors are not distributed uniformly towards that country. We develop two new Internet cartog- across and between countries, and many countries and most raphy metrics to overcome several challenges with making ASes have none, the inferences of transit infmuence built with such inferences using BGP data. The transit infmuence (TI) these measurements will heavily oversample paths towards metric estimates the share of addresses of an origin AS served monitor ASes. We mitigate this sample bias, and improve by the transit AS. The Aggregate Transit Infmuence (ATI) cap- on the state of the art [ 9 ] by implementing novel fjlters. We tures the aggregate of all fractions of each country’s origin concentrate on the transit infmuence of inferred providers ASes’ addresses that the transit AS serves. We apply these of each origin AS, allowing us to determine who serves as two metrics to identify the most infmuential ASes in each direct or indirect transit providers of the organizations in country, and the origin ASes in those countries that heavily each country for their international connectivity. We also depend on transit ASes. We include extended case studies of prioritize the diversity of ASes hosting observation points the transit ecosystems of countries in Latin America, Africa in our computation, limiting the oversampling of BGP paths and Europe, and we also investigate the role of state-owned towards ASes who host multiple monitors. Finally, we limit ASes in the Internet ecosystem of their home country and our analysis to paths going from monitors which we infer to in foreign countries. We believe these metrics advance our be outside each country to prefjxes in the country, resulting ability to characterize structural weaknesses in the global in more consistency of our study of individual countries. Internet topology. A second major challenge is that there is no direct way to map the IP addresses in a BGP prefjx (block of addresses) 1 INTRODUCTION to a geographic location [ 8 ]. Without accounting for the ge- The central question of this work is the automatic iden- ographic presence of a prefjx, it is impossible to determine tifjcation of the most infmuential transit providers in each which ASes are most infmuential in each country: paths reach- country, those who potentially have the largest capability ing ASes in Central Asia may have little if any relevance for to observe, manipulate or disrupt Internet traffjc, or whose the connectivity of Central Africa, for example. We tackle accidental misconfjguration would afgect the connectivity of this issue by leveraging commercial geolocation datasets many users and organizations ( e.g., [ 1 , 2 ]). This transit infmu- from Netacuity [ 4 ] along with a study of delegated IP blocks ence characterization requires studying the Internet global published by Regional Internet Registries [ 6 ], to identify the routing ecosystem, including its Border Gateway Protocol set of prefjxes that are relevant to each country. We also de- (BGP) routing infrastructure, the system relied upon by op- velop analysis techniques to determine the primary country erators to announce and implement their routing policies. of operation of transit ASes from these datasets, and fjnd The largest compendia of publicly-available BGP routing countries overwhelmingly served by foreign providers for data are collected by RouteViews [ 7 ] and RIPE RIS [ 5 ], who their international connectivity. As a consequence, these aggregate BGP messages from actual operational routers countries may be in a vulnerable position with little leverage (BGP monitors) at cooperating Autonomous Systems ( moni- tor ASes ). In this paper, we develop novel analysis techniques

Recommend


More recommend