review of bgp bcp in 2014 seen from ris collectors
play

Review of BGP BCP in 2014 Seen from RIS collectors Guillaume - PowerPoint PPT Presentation

Oct 08, 2022 •21 likes •231 views

Review of BGP BCP in 2014 Seen from RIS collectors Guillaume Valadon Agence nationale de la scurit des systmes dinformation http://www.ssi.gouv.fr/en RIPE 69 - November, 3rd 2014 ANSSI - http://www.ssi.gouv.fr/en 1/19 The observatory

  1. Review of BGP BCP in 2014 Seen from RIS collectors Guillaume Valadon Agence nationale de la sécurité des systèmes d’information http://www.ssi.gouv.fr/en RIPE 69 - November, 3rd 2014 ANSSI - http://www.ssi.gouv.fr/en 1/19

  2. The observatory in a nutshell The observatory is under the supervision of the ANSSI, the French involved in the project. Some of our objectives ANSSI - http://www.ssi.gouv.fr/en 2/19 national cyberdefence agency. French operators and Afnic are also • Study the Internet in France in details: • presented during RIPE 67 plenary. • Develop technical interactions with the networking community; • Publish anonymized results; • see http://www.ssi.gouv.fr/observatoire/ • Publish recommendations and best practices: • BGP BCP presented during RIPE 68 BCOP WG.

  3. ANSSI BGP Best Current Practices guide html ANSSI - http://www.ssi.gouv.fr/en Some BCP can be observed in routing tables ! Recommendations examples About the guide 3/19 new-publication-bgp-configuration-best-practices. gouv.fr/en/the-anssi/events/ http://www.ssi. at: • available • written in collaboration with 7 French operators • confjguration examples for: IOS, Junos, SR-OS, OpenBGPD • contributions are welcome ! • authenticate BGP sessions with TCP-MD5 • fjlter the default route • fjlter special AS numbers (private, documentation, ...) • fjlter too specifjc prefjxes: IPv4 > /24 , IPv6 > /48 • limit the number of prefjxes received from a peer

  4. ANSSI BGP Best Current Practices guide About the guide Recommendations examples Some BCP can be observed in routing tables ! ANSSI - http://www.ssi.gouv.fr/en 3/19 • available at: http://www.ssi.gouv.fr/en • written in collaboration with 7 French operators • confjguration examples for: IOS, Junos, SR-OS, OpenBGPD • contributions are welcome ! • authenticate BGP sessions with TCP-MD5 • fjlter the default route • fjlter special AS numbers (private, documentation, ...) • fjlter too specifjc prefjxes: IPv4 > /24 , IPv6 > /48 • limit the number of prefjxes received from a peer

  5. ANSSI BGP Best Current Practices guide About the guide Recommendations examples Some BCP can be observed in routing tables ! ANSSI - http://www.ssi.gouv.fr/en 3/19 • authenticate BGP sessions with TCP-MD5 • fjlter the default route • fjlter special AS numbers (private, documentation, ...) • fjlter too specifjc prefjxes: IPv4 > /24 , IPv6 > /48 • limit the number of prefjxes received from a peer

  6. Default routes seen by the RIS collectors

  7. Default routes seen by RIS from January to September ceived defaults Some UPDATEs could be legitimate. ANSSI - http://www.ssi.gouv.fr/en 5/19 • ≈ 17000 UPDATEs received • 11/13 active collectors re-

  8. AS PATH length default an- nounced by a RIS peer, or a transit provider of a RIS peer should not be seen an AS PATH length strictly smaller than 3 ANSSI - http://www.ssi.gouv.fr/en 6/19 • len () < = 2 : • len () > 2 : • 40% of the UPDATES have Short AS PATH ( < = 2 ) could identify legitimate announces.

  9. Default routes seen by RIS - no short AS PATH from January to September Some collectors still received much more messages than the others. ANSSI - http://www.ssi.gouv.fr/en 7/19 • ≈ 10000 UPDATEs received • IPv4: 12% • IPv6: 88%

  10. Default routes per day DATEs per day received between 1 and 1436 UPDATEs per day September Collectors see more IPv6 defaults than with IPv4. ANSSI - http://www.ssi.gouv.fr/en 8/19 • IPv4: between 1 and 43 UP- • some days no defaults are • IPv6: • decrease at the end of

  11. Origin and transit AS 52 origin AS announced a default route 35 transit AS did not fjlter a de- fault route All of these transit providers should have fjltered the default route. ANSSI - http://www.ssi.gouv.fr/en 9/19

  12. Open questions ANSSI - http://www.ssi.gouv.fr/en 10/19 • do these UPDATEs are only seen by RIS collectors ? • how many UPDATEs are seen by difgerent RIS collectors ? • …

  13. Too specifjc prefjxes

  14. Number of too specifjc prefjxes per day ANSSI - http://www.ssi.gouv.fr/en 12/19 • IPv6: ≈ 200 distinct prefjxes ≈ 2100 distinct prefjxes seen every day.

  15. Prefjxes lengths Unique IPv4 prefjxes: 7797 Unique IPv6 prefjxes: 261 ANSSI - http://www.ssi.gouv.fr/en 13/19

  16. Unique AS PATH length Most of the too specifjc prefjxes cross the Internet. ANSSI - http://www.ssi.gouv.fr/en 14/19

  17. Origin and transit ASes ANSSI - http://www.ssi.gouv.fr/en 15/19 ≈ 450 distinct origin AS seen every day. ≈ 200 transit AS seen every day.

  18. Can these prefjxes be reached otherwise ? Most of the too specifjc prefjxes can be reached by a less specifjc prefjx. ANSSI - http://www.ssi.gouv.fr/en 16/19 • on June 30th, there are 2089 unique too specifjc IP prefjxes • on July 1st: 125 prefjxes can’t be reached globally: • 46 are only reachable through the specifjc announce • 79 are not reachable at all

  19. Conclusion

  20. Closing remarks Still a work in progress ! Will it be useful to contact operators ? ANSSI - http://www.ssi.gouv.fr/en 18/19 • the observation of BCP adoption is a good awareness tool • the same methodology can be applied to AS numbers, … 28220 3549 3356 8220 23456 198648

  21. Questions? Published material) ANSSI - http://www.ssi.gouv.fr/en 19/19 • 2011 report (French); • 2012 report (French); • 2013 report (French & English - soon); • BGP confjguration best practices (French & English).

Recommend

Welcome to tonights gathering This presentation is about a planned fellow collectors trip to

Welcome to tonights gathering This presentation is about a planned fellow collectors trip to

Welcome to tonights gathering This presentation is about a planned fellow collectors trip to Germany From collectors friends for collectors friends Facts (1): The tour is completely privately organised and no ICCC money or

339 views • 13 slides
A solenoid pion collector for ESSnuSB Maja Olvegrd October 7, 2014 Magnetic Pion Collectors

A solenoid pion collector for ESSnuSB Maja Olvegrd October 7, 2014 Magnetic Pion Collectors

A solenoid pion collector for ESSnuSB Maja Olvegrd October 7, 2014 Magnetic Pion Collectors Positron sources matching to accelerator optics Neutrino factories / Muon colliders nature of focusing? matching? Superbeam

658 views • 10 slides
An Analysis of The Completeness of the Internet AS-level Topology Discovered by Route Collectors

An Analysis of The Completeness of the Internet AS-level Topology Discovered by Route Collectors

An Analysis of The Completeness of the Internet AS-level Topology Discovered by Route Collectors Luca Sani July 21, 2014 . Example of ASes (about . Interconnected ASes 47,000 up to date) . . AS 3269 Telecom Italia AS 12145 Colorado State

569 views • 52 slides
BIG PROJECT LIST PRESENTATION MAIN COLLECTIVE SOLAR INSTALLATIONS MADE BY SOLE Name Collectors

BIG PROJECT LIST PRESENTATION MAIN COLLECTIVE SOLAR INSTALLATIONS MADE BY SOLE Name Collectors

BIG PROJECT LIST PRESENTATION MAIN COLLECTIVE SOLAR INSTALLATIONS MADE BY SOLE Name Collectors type &amp; size Storage Capacity Place Year 1. Arkitsa, Calypso Bungalows Hotel Flat plate collectors (100m) 1975 5.000 ltr GREECE 2.

513 views • 36 slides
TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com 1 TAX COLLECTORS OFFICE

TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com 1 TAX COLLECTORS OFFICE

TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com 1 TAX COLLECTORS OFFICE Orange County, Florida www.octaxcol.com A little bit of history ! How it happened in Orange County, Florida 1868 TAX COLLECTORS BECOME

300 views • 26 slides
Voter Registration Training Overview for D HSMV / Tax Collectors Offices Katrinia Ferguson,

Voter Registration Training Overview for D HSMV / Tax Collectors Offices Katrinia Ferguson,

Voter Registration Training Overview for D HSMV / Tax Collectors Offices Katrinia Ferguson, NVRA Coordinator Maria Matthews, Division Director Last Updated September 23, 2014 Table of Contents 1. Voter Registration Law History NVRA and HAVA

921 views • 58 slides
Tecflote - Novel Chemistry for New Sulfide Collectors Peter Zhou, Andrew Lewis, and Henrik

Tecflote - Novel Chemistry for New Sulfide Collectors Peter Zhou, Andrew Lewis, and Henrik

Tecflote - Novel Chemistry for New Sulfide Collectors Peter Zhou, Andrew Lewis, and Henrik Nordberg SME Denver February 2019 Agenda Nouryon Thiol-based collectors Tecflote non-thiol new chemistry Collector chemistry

546 views • 18 slides
Luk Luke 15: e 15: 1-10 10 Luk Luke 15:1 e 15:1 Now all the tax collectors and sinners

Luk Luke 15: e 15: 1-10 10 Luk Luke 15:1 e 15:1 Now all the tax collectors and sinners

Luk Luke 15: e 15: 1-10 10 Luk Luke 15:1 e 15:1 Now all the tax collectors and sinners were coming near to listen to him. Luk Luke 15:2 e 15:2 And the Pharisees and the scribes were grumbling and saying, This fellow welcomes

1.01k views • 74 slides
The Harmonica Its Evolution, Variety and Beauty For Players, Collectors, And the Curious A

The Harmonica Its Evolution, Variety and Beauty For Players, Collectors, And the Curious A

The Harmonica Its Evolution, Variety and Beauty For Players, Collectors, And the Curious A Presentation for the Members of the Lyncean Group by John Whiteman La Jolla, CA eMail: JohnWhiteman88@gmail.com Mobile Phone: (858) 922-3750 July

600 views • 28 slides
Ethics for County Tax Assessor-Collectors Disclaimer This course is intended as general

Ethics for County Tax Assessor-Collectors Disclaimer This course is intended as general

6/10/2020 Ethics for County Tax Assessor-Collectors Disclaimer This course is intended as general information only and does not carry the force of legal opinion. The Texas Ethics Commission enforces the laws set by the Local Government Code that

246 views • 22 slides
Derivation And Evaluation of Concurrent Collectors Martin T. Vechev University of Cambridge

Derivation And Evaluation of Concurrent Collectors Martin T. Vechev University of Cambridge

Derivation And Evaluation of Concurrent Collectors Martin T. Vechev University of Cambridge David F. Bacon, Perry Cheng and Dave Grove IBM T.J. Watson Research Center Outline Motivation and Benefits New Generalizations Abstract

777 views • 64 slides
Luke 15 - The gospel in the gospel 1 Now the tax collectors and sinners were all drawing

Luke 15 - The gospel in the gospel 1 Now the tax collectors and sinners were all drawing

Luke 15 - The gospel in the gospel 1 Now the tax collectors and sinners were all drawing near to hear him. 2 And the Pharisees and the scribes grumbled, saying, This man receives sinners and eats with them. 3 So he told them this

716 views • 26 slides
Segregation by age Why generational garbage collection Simple tracing collectors suffer from a

Segregation by age Why generational garbage collection Simple tracing collectors suffer from a

Segregation by age Why generational garbage collection Simple tracing collectors suffer from a # of drawbacks All active data must be marked or copy Delays caused by GC can be obtrusive Deferred RC can be used to smooth out cost of

408 views • 16 slides
Vince But Butler @ your service Agenda What is VBU? Dashboard and Host Collectors

Vince But Butler @ your service Agenda What is VBU? Dashboard and Host Collectors

Vince But Butler @ your service Agenda What is VBU? Dashboard and Host Collectors and Publishers Demo Requirements VBU a Proactive System REACTIVE PROACTIVE Hours from errors to action Seconds from error to

185 views • 16 slides
An Experimental Evaluation of Garbage Collectors on Big Data Applications Lijie Xu 1 , Tian Guo 2 ,

An Experimental Evaluation of Garbage Collectors on Big Data Applications Lijie Xu 1 , Tian Guo 2 ,

The 45th International Conference on Very Large Data Bases (VLDB 2019) An Experimental Evaluation of Garbage Collectors on Big Data Applications Lijie Xu 1 , Tian Guo 2 , Wensheng Dou 1 , Wei Wang 1 , Jun Wei 1 1 Institute of Software, Chinese

458 views • 45 slides
CT Tax Collectors Association Spring Meeting 2016 Mike Dugan

CT Tax Collectors Association Spring Meeting 2016 Mike Dugan

CT Tax Collectors Association Spring Meeting 2016 Mike Dugan Capitol Consulting LLC May 12, 2016 Agenda Legislative Overview Budget Crisis

389 views • 17 slides
LLC MP TEKOM First national producer of solar vacuum collectors under Star Energy

LLC MP TEKOM First national producer of solar vacuum collectors under Star Energy

LLC MP TEKOM First national producer of solar vacuum collectors under Star Energy trademark Manufacturing, engineering, realization, installation, maintenance service Founded in 2003, a special division of MP Tekom

587 views • 20 slides
SELECTION OF SOLAR COLLECTORS TECHNOLOGY AND SURFACE FOR A DESICCANT COOLING SYSTEM BASED ON

SELECTION OF SOLAR COLLECTORS TECHNOLOGY AND SURFACE FOR A DESICCANT COOLING SYSTEM BASED ON

SELECTION OF SOLAR COLLECTORS TECHNOLOGY AND SURFACE FOR A DESICCANT COOLING SYSTEM BASED ON ENERGY, ENVIRONMENTAL AND ECONOMIC ANALYSIS G. Angrisani, C. Roselli, M. Sasso, F. Tariello DING, Department of Engineering, Universit degli Studi

597 views • 20 slides
Randomized Algorithms Lecture 4: Two-point Sampling, Coupon Collectors problem Sotiris

Randomized Algorithms Lecture 4: Two-point Sampling, Coupon Collectors problem Sotiris

Randomized Algorithms Lecture 4: Two-point Sampling, Coupon Collectors problem Sotiris Nikoletseas Associate Professor CEID - ETY Course 2013 - 2014 Sotiris Nikoletseas, Associate Professor Randomized Algorithms - Lecture 4 1 / 36

511 views • 36 slides
How well do you hold your wine? ..many tax collectors and sinners came and were reclining with

How well do you hold your wine? ..many tax collectors and sinners came and were reclining with

It s all about the booze . or How well do you hold your wine? ..many tax collectors and sinners came and were reclining with Jesus and his disciples .. When the Pharisees saw this, they said to his disciples, Why does your

213 views • 7 slides
Vocabulary Collectors Welcome! One of the best mentor texts for haikus is Jack This slide

Vocabulary Collectors Welcome! One of the best mentor texts for haikus is Jack This slide

Vocabulary Collectors Welcome! One of the best mentor texts for haikus is Jack This slide presentation will Prelutskys If Not for the Cat . teach you how to create a successful vocabulary haiku The haikus in that book, that uses one of the

503 views • 19 slides
New Hampshire Tax Collectors Assn. Spring Workshops, 2018 WHY WE SEND NOTICES

New Hampshire Tax Collectors Assn. Spring Workshops, 2018 WHY WE SEND NOTICES

New Hampshire Tax Collectors Assn. Spring Workshops, 2018 WHY WE SEND NOTICES (Constitutional Principles of Due Process) Bernard H. Campbell, Esq. NHTCA Counsel Beaumont &amp; Campbell Prof. Assn. One Stiles Road Suite 107

379 views • 9 slides
Rainbow Collectors What are the seven colours of the rainbow and how can we see them? What IS a

Rainbow Collectors What are the seven colours of the rainbow and how can we see them? What IS a

Rainbow Collectors What are the seven colours of the rainbow and how can we see them? What IS a spectrum? Look at this page to find out about the colours of the spectrum and how to spell some important words: 7 Colours of the Rainbow |

666 views • 8 slides
Lost And Found Luke 15 The Parable of the Lost Sheep (Luke 15:1-7) Now the tax collectors and

Lost And Found Luke 15 The Parable of the Lost Sheep (Luke 15:1-7) Now the tax collectors and

6/18/2018 Lost And Found Luke 15 The Parable of the Lost Sheep (Luke 15:1-7) Now the tax collectors and sinners were all gathering around to hear Jesus. But the Pharisees and the teachers of the law muttered, This man welcomes sinners and

529 views • 9 slides

More recommend