Loading…

Path stability in partially deployed secure BGP routing

Border Gateway Protocol (BGP), as the current de-facto routing protocol connecting various cooperating domains on the Internet, did not consider security when it was originally designed. With the expansion of the Internet, security is increasingly valued and many BGP enhancement mechanisms are propo...

Full description

Saved in:
Bibliographic Details
Published in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2022-04, Vol.206, p.108762, Article 108762
Main Authors: Yang, Yan, Shi, Xingang, Ma, Qiang, Li, Yahui, Yin, Xia, Wang, Zhiliang
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Border Gateway Protocol (BGP), as the current de-facto routing protocol connecting various cooperating domains on the Internet, did not consider security when it was originally designed. With the expansion of the Internet, security is increasingly valued and many BGP enhancement mechanisms are proposed and experimented. Some of them like BGPsec have been standardized and promoted by the IETF. However, the deployment of these inter-domain secure routing mechanisms is subject to many economic and political restrictions. Consequently, there will be a long period of partial deployment, during which instability of BGP can be observed. Specifically, when some networks start deploying secure BGP mechanisms, they may be involved in some temporary or persistent route oscillations. In this paper, we systematically study the stability problem induced by partially deployed secure BGP mechanisms. We analyze the characteristics of topology and routing strategies when BGP oscillations will be introduced. In particular, we propose dispute chain, a derived structure of dispute wheel proposed in Griffin et al. (2002), to formally analyze this problem. Based on dispute chain, we analyze how different security adoption strategies can cause BGP oscillations under the general Gao–Rexford model. Our analysis shows that, even in a situation when there is no dispute wheel, dispute chains may widely appear, indicating that BGP oscillation problems will be introduced when security mechanisms are casually deployed, affecting the security and quality of inter-domain communications. To avoid possible oscillations, we also propose some deployment guidelines from different perspectives of the operator and the Internet, so that a wider deployment of security mechanisms will not blindly disrupt the Internet.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2022.108762