Routing SIG

Minutes

Wednesday 1 March 2006, Perth Convention and Exhibition Centre, Perth, Australia

Meeting commenced: 2:05 pm

Chair: Philip Smith

The Chair introduced the session and explained the agenda. He encouraged people to subscribe to the Routing SIG mailing list.

BGP Convergence : Better handling of silent peer failures
Routing update
Routing security - an oversimplification
APNIC resource certification update
Complexity: The Internet and telco philosophies
Real-world use of route analytics technology
ASNs MIA: A comparison of RIR statistics and RIS reality

BGP Convergence : Better handling of silent peer failures

David Hughes, WebCentral

Presentation [pdf]

This presentation explained the concept of a silent peer failure, where two routers are separated by a switch, and one router continues to believe that the other router is still up because the switch is up, when, in fact, the other router is down.

The presenter suggested that there were two timers of interest when handling silent peer failures: hold timer and keep-alive timer. Under common implementation, it is possible for traffic to be blackholed for 179 seconds on a Cisco router.

To solve this issue, there is next-hop tracking for BGP, which works well for internal networks. However, it is not as useful for eBGP and has limited vendor support. The second solution is bi-directional forwarding detection (BFD), which is basically a Hello protocol. However, BFD only works if the upstream provider supports it. BFD also interacts with routing protocols and there is work in the IETF on the interaction between BGP and BFD.

The speaker explained that the short-term solution to silent peer failures is to decrease the timers. While this is not perfect, it is the best solution currently available. Problems associated with decreasing timers are that the upstream may reject the session if they do not like the minimum hold times your network sets and that if you have large aggregation routers, it may increase the load on those routers. The speaker reported that he had tested this solution internally, then rolled it out to his upstreams using five second keepalives, and 14 second blackholing of traffic if there is a failure. Within the network, the speaker's organisation plans to roll out one second keepalives.

The speaker suggested using BFD for eBGP and next-hop tracking for iBGP. As an interim solution, he suggested reducing BGP timers.

Questions and discussion

None.

Action items

None.

Top

Routing update

Geoff Huston, APNIC

Presentation [ppt | pdf]

The speaker presented a status report on BGP statistics during 2005. At the end of 2005, there were 175,000 prefixes in the global routing table and 1.5 billion /32 equivalent IP addresses in use. The presenter pointed out /8s in the routing table that still continue to flap. The speaker noted seasonal variation in the number of addresses appearing in the table: after the European summer, the number of IP addresses increased. In the past year, 14 percent more Autonomous Systems have been added.

300 IPv6 prefixes were added to the table in 2005. The presenter noted that there were signs that people were de-aggregating IPv6 prefixes. The speaker asked networks to stop this practice.

The speaker then examined how the rate of BGP announcements may grow over the next five year based on recent trends. In the last year, the daily rate of BGP update messages has grown to 600,000 updates (almost twice as many as at the beginning of 2005), with the individual daily update rate varying considerably.

The speaker compared the number of prefixes announced with the number of daily BGP updates and withdrawals. He noted that updates are growing faster than withdrawals.

The speaker noted that the default free zone is growing at a rate of N squared. This means that it will consist of 275,000 RIB entries in three years, and grow to 375,000 in five years.

The speaker predicted that within 3 years, 1.7 million prefixes will be changed per day, and within five years, this would be up to 3 million. In summary, the speaker suggested that four times as much processing power would be needed in 5 years to cope with the updates.

The presenter noted that 1 percent of prefixes are contributing 15 percent of the update load. The presenter gave examples of some of the networks producing the most updates on the Internet. For example, one particular prefix is creating 1500 update messages per day.

The speaker noted that 50 Autonomous Systems were responsible for half of the updates. The speaker suggested that the biggest source of these updates appeared to be trying to balance their traffic load amongst their six upstreams. The speaker explained that if this was the case, the problem could be better fixed by buying more bandwidth.

The speaker explained that there was no uniformity of update rates across the Autonomous Systems. As only a few Autonomous Systems contribute most of the updates, the speaker suspected that the cause of the problem in the few networks generating the most updates is automated software used to balance traffic.

Questions and discussion

It was stated that there are a number of /8s being used by spammers. Spammers use the dark space within the /8s to send spam, then withdraw them.

Action items

None.

Top

Routing security - an oversimplification

Randy Bush, IIJ

Presentation [pdf]

The presenter gave an overview of one way that resource certification could be implemented to secure networks against attacks on routing protocols. The presenter explained that that there had been a lack of progress on routing security to date because it is technically very difficult to implement.

The speaker explained that hop by hop authentication is insufficient because a secure connection does not mean that the network at the other end of the connection has good intentions. The speaker described how a diversion attack works in routing and noted that currently, the "enable" password on an ISP router could be bought for five credit cards so neighbours should be assumed to be corrupt.

The presenter explained that validating prefix ownership does not help in a diversion attack because nobody lied about who owns the addresses. One approach is to cryptographically sign paths, but this option is cryptographically CPU intense. To solve this, the speaker suggested the use of caching or delayed validation.

Trust issues related to address ownership and address announcements were also explored. The speaker suggested that while address ownership has a hierarchy from IANA to RIRs to LIRs, there needed to be discussion about who could certify IANA, RIRs, and LIRs, and how certificates could be distributed.

Questions and discussion

There was a comment that the presenter's method of signing certificates did not conform to any certificate signing standard.
The speaker clarified that in his PKI model, a paper contract with an RIR could be used to bind the member's identity and that at that same time, a digital identity certificate could be handed over to the RIR as well. The speaker suggested that if people don't have their own certificate, they could pay the RIR to create one for them. However, the speaker noted that many big ISPs would pay a commercial CA to obtain their own CA credentials.
There was a comment that the speaker's model bound both public key certificates and attribute certificates, but that attribute certificates cannot be chained under the current PKI specification.
The speaker clarified that the hierarchical chain of resource certificates should apply equally to both IP addresses and AS numbers.

Action items

None.

Top

APNIC resource certification update

George Michaelson, APNIC

Presentation [pdf]

This was an update on APNIC's project to develop a working resource certification process. The speaker outlined the short-term goal, which is to use FOSS (Free/Open Source Software) to get demonstration code out into the community.

The speaker discussed the use of OpenSSL in the project.

The speaker explained that, currently, APNIC has generated test certificates covering all APNIC managed space and has made both the public and private keys of the test available for the community to use for trying out the next resource certificates.

Questions and discussion

There was a comment thanking APNIC for doing the groundwork on the resource certification code since it would help secure routing in the future.

Action items

None.

[Break 3:40 - 4:05 pm]

Top

Complexity: The Internet and telco philosophies

Randy Bush, IIJ

Presentation [pdf]

This presentation examined how the Internet works: reliability and resilience are core strengths; its weakness is security; and, the only real problem is scaling. The speaker stated that complexity is the archenemy of scaling as costs are non-linear as complexity increases.

The speaker explained that telecommunications companies glorified complexity in the 1970s, but that, in reality, complexity raised operational and capital costs.

The presenter explained that traditional voice networks have all the smarts at the core while at the ends of the network are dumb end phones. However, the Internet is the other way around, with the smart devices at the edge. In terms of areas of vulnerability, the presenter explained that the voice network has a smart core protected by heavy armour, while the Internet assumes problems will occur and builds redundancy to route around any problems (for example, DNS roots have been attacked without users noticing).

The speaker noted that trademark and copyright lawyers are trying to label content as property so telecommunications companies can be protected as carrying a product (content) rather than a service. The speaker suggested that telecommunications companies needed to save themselves by getting in front of the technology, and provide innovative services.

Questions and discussion

In regards to the suggestion that telecommunications companies are trying to defend their territory, there was a comment that Google had proved that the media industry is strippable, and that BitTorrent had proved that existing distribution services are inefficient. It was noted however, that advertisements will still show up, but embedded in movies or other forms of entertainment rather than as stand alone commercials.
In response to a question about emergency phone services over the Internet, the speaker suggested that perhaps too much was being expected of the Internet. The speaker stated that just as there is no demand for a television to offer emergency services, maybe VOIP should not be expected to offer emergency phone services.

Action items

None.

Top

Real-world use of route analytics technology

Greg Hooten, Packet Design

Presentation [ppt | pdf]

This presentation gave an overview of how Packet Design's product, Route Explorer can be used to analyse routes.

Questions and discussion

None.

Action items

None.

Top

ASNs MIA: A comparison of RIR statistics and RIS reality

Presentation [ppt | pdf]

The presentation compared the total number of AS numbers allocated by RIRs to the total number of AS numbers actually in use.

The speaker explained how networks can apply for an AS number and that policy mandates that networks have to return AS numbers that are no longer needed.

The presenter explained that in theory all assigned AS numbers should be in the RIB, but that in reality, this is not the case. The speaker noted that the work to compare assigned versus used AS numbers used data from the RIR statistics files, the CIDR Report, and RIS. The speaker stated that 436 AS numbers currently in use are not registered in any whois database.

Trends demonstrate that before the Internet bubble burst, the difference between assigned and used AS numbers was pretty stable. However, since the bubble burst, there has been a linear growth in the difference between assigned and used AS numbers.

In total, the speaker explained that only 60 to 63 percent of all assigned AS numbers are visible on the Internet over time. On average, an AS number is generally in use for 50 to 60 months, then disappears. The presenter suggested that reasons for these disappearances are that businesses go out of business and do not have time to return AS numbers to the RIRs, that networks merge and have no incentive to return unused AS numbers to the RIRs, and that there is little effort by the RIRs to recover unused AS numbers.

The speaker noted that while RIRs expect AS numbers to be used within three months of assignments, AS numbers often remain unused after this time.

The speaker stated that there are currently still 30,830 AS numbers available for assignment and projected that there are approximately 108 months until the pool of 16-bit AS numbers are exhausted. The speaker explained that if RIRs reclaimed AS numbers that disappear from use, the available pool could be extended until somewhere between 2016 and 2024. In addition, if RIRs could reclaim AS numbers that have been assigned but not used, the available pool would last until somewhere between the year 2023 and 2033.

Questions and discussion

There was a question about whether there should be a globally consistent AS number reclamation policy. The speaker responded that it would be useful if all five RIRs did have AS number reclamation policies, but had no opinion on whether such policies should be consistent.

Action items

None.

Top

Meeting closed: 5:25 pm

Minuted by: Sam Dickinson

Open action items

None.

Minutes | Routing SIG

Minutes Programme SIGs Database DNS operations IX IPv6 technical NIR Policy Routing Tutorials - Day 1 Tutorials - Day 2 APOPS & BoFs APNIC Member Meeting HM consultation Sponsorship EC election Events APRICOT 2006 APNIC meetings Past meetings APNIC 20 APNIC 19 APNIC 18 APNIC 17 APNIC 16 APNIC 15 More... APNIC 21 home APNIC home
	APNIC 21 home » Program » SIGs » Routing » Minutes Routing SIG Minutes Wednesday 1 March 2006, Perth Convention and Exhibition Centre, Perth, Australia Meeting commenced: 2:05 pm Chair: Philip Smith The Chair introduced the session and explained the agenda. He encouraged people to subscribe to the Routing SIG mailing list. Contents BGP Convergence : Better handling of silent peer failures Routing update Routing security - an oversimplification APNIC resource certification update Complexity: The Internet and telco philosophies Real-world use of route analytics technology ASNs MIA: A comparison of RIR statistics and RIS reality BGP Convergence : Better handling of silent peer failures David Hughes, WebCentral Presentation [pdf] This presentation explained the concept of a silent peer failure, where two routers are separated by a switch, and one router continues to believe that the other router is still up because the switch is up, when, in fact, the other router is down. The presenter suggested that there were two timers of interest when handling silent peer failures: hold timer and keep-alive timer. Under common implementation, it is possible for traffic to be blackholed for 179 seconds on a Cisco router. To solve this issue, there is next-hop tracking for BGP, which works well for internal networks. However, it is not as useful for eBGP and has limited vendor support. The second solution is bi-directional forwarding detection (BFD), which is basically a Hello protocol. However, BFD only works if the upstream provider supports it. BFD also interacts with routing protocols and there is work in the IETF on the interaction between BGP and BFD. The speaker explained that the short-term solution to silent peer failures is to decrease the timers. While this is not perfect, it is the best solution currently available. Problems associated with decreasing timers are that the upstream may reject the session if they do not like the minimum hold times your network sets and that if you have large aggregation routers, it may increase the load on those routers. The speaker reported that he had tested this solution internally, then rolled it out to his upstreams using five second keepalives, and 14 second blackholing of traffic if there is a failure. Within the network, the speaker's organisation plans to roll out one second keepalives. The speaker suggested using BFD for eBGP and next-hop tracking for iBGP. As an interim solution, he suggested reducing BGP timers. Questions and discussion None. Action items None. Top Routing update Geoff Huston, APNIC Presentation [ppt \| pdf] The speaker presented a status report on BGP statistics during 2005. At the end of 2005, there were 175,000 prefixes in the global routing table and 1.5 billion /32 equivalent IP addresses in use. The presenter pointed out /8s in the routing table that still continue to flap. The speaker noted seasonal variation in the number of addresses appearing in the table: after the European summer, the number of IP addresses increased. In the past year, 14 percent more Autonomous Systems have been added. 300 IPv6 prefixes were added to the table in 2005. The presenter noted that there were signs that people were de-aggregating IPv6 prefixes. The speaker asked networks to stop this practice. The speaker then examined how the rate of BGP announcements may grow over the next five year based on recent trends. In the last year, the daily rate of BGP update messages has grown to 600,000 updates (almost twice as many as at the beginning of 2005), with the individual daily update rate varying considerably. The speaker compared the number of prefixes announced with the number of daily BGP updates and withdrawals. He noted that updates are growing faster than withdrawals. The speaker noted that the default free zone is growing at a rate of N squared. This means that it will consist of 275,000 RIB entries in three years, and grow to 375,000 in five years. The speaker predicted that within 3 years, 1.7 million prefixes will be changed per day, and within five years, this would be up to 3 million. In summary, the speaker suggested that four times as much processing power would be needed in 5 years to cope with the updates. The presenter noted that 1 percent of prefixes are contributing 15 percent of the update load. The presenter gave examples of some of the networks producing the most updates on the Internet. For example, one particular prefix is creating 1500 update messages per day. The speaker noted that 50 Autonomous Systems were responsible for half of the updates. The speaker suggested that the biggest source of these updates appeared to be trying to balance their traffic load amongst their six upstreams. The speaker explained that if this was the case, the problem could be better fixed by buying more bandwidth. The speaker explained that there was no uniformity of update rates across the Autonomous Systems. As only a few Autonomous Systems contribute most of the updates, the speaker suspected that the cause of the problem in the few networks generating the most updates is automated software used to balance traffic. Questions and discussion It was stated that there are a number of /8s being used by spammers. Spammers use the dark space within the /8s to send spam, then withdraw them. Action items None. Top Routing security - an oversimplification Randy Bush, IIJ Presentation [pdf] The presenter gave an overview of one way that resource certification could be implemented to secure networks against attacks on routing protocols. The presenter explained that that there had been a lack of progress on routing security to date because it is technically very difficult to implement. The speaker explained that hop by hop authentication is insufficient because a secure connection does not mean that the network at the other end of the connection has good intentions. The speaker described how a diversion attack works in routing and noted that currently, the "enable" password on an ISP router could be bought for five credit cards so neighbours should be assumed to be corrupt. The presenter explained that validating prefix ownership does not help in a diversion attack because nobody lied about who owns the addresses. One approach is to cryptographically sign paths, but this option is cryptographically CPU intense. To solve this, the speaker suggested the use of caching or delayed validation. Trust issues related to address ownership and address announcements were also explored. The speaker suggested that while address ownership has a hierarchy from IANA to RIRs to LIRs, there needed to be discussion about who could certify IANA, RIRs, and LIRs, and how certificates could be distributed. Questions and discussion There was a comment that the presenter's method of signing certificates did not conform to any certificate signing standard. The speaker clarified that in his PKI model, a paper contract with an RIR could be used to bind the member's identity and that at that same time, a digital identity certificate could be handed over to the RIR as well. The speaker suggested that if people don't have their own certificate, they could pay the RIR to create one for them. However, the speaker noted that many big ISPs would pay a commercial CA to obtain their own CA credentials. There was a comment that the speaker's model bound both public key certificates and attribute certificates, but that attribute certificates cannot be chained under the current PKI specification. The speaker clarified that the hierarchical chain of resource certificates should apply equally to both IP addresses and AS numbers. Action items None. Top APNIC resource certification update George Michaelson, APNIC Presentation [pdf] This was an update on APNIC's project to develop a working resource certification process. The speaker outlined the short-term goal, which is to use FOSS (Free/Open Source Software) to get demonstration code out into the community. The speaker discussed the use of OpenSSL in the project. The speaker explained that, currently, APNIC has generated test certificates covering all APNIC managed space and has made both the public and private keys of the test available for the community to use for trying out the next resource certificates. Questions and discussion There was a comment thanking APNIC for doing the groundwork on the resource certification code since it would help secure routing in the future. Action items None. [Break 3:40 - 4:05 pm] Top Complexity: The Internet and telco philosophies Randy Bush, IIJ Presentation [pdf] This presentation examined how the Internet works: reliability and resilience are core strengths; its weakness is security; and, the only real problem is scaling. The speaker stated that complexity is the archenemy of scaling as costs are non-linear as complexity increases. The speaker explained that telecommunications companies glorified complexity in the 1970s, but that, in reality, complexity raised operational and capital costs. The presenter explained that traditional voice networks have all the smarts at the core while at the ends of the network are dumb end phones. However, the Internet is the other way around, with the smart devices at the edge. In terms of areas of vulnerability, the presenter explained that the voice network has a smart core protected by heavy armour, while the Internet assumes problems will occur and builds redundancy to route around any problems (for example, DNS roots have been attacked without users noticing). The speaker noted that trademark and copyright lawyers are trying to label content as property so telecommunications companies can be protected as carrying a product (content) rather than a service. The speaker suggested that telecommunications companies needed to save themselves by getting in front of the technology, and provide innovative services. Questions and discussion In regards to the suggestion that telecommunications companies are trying to defend their territory, there was a comment that Google had proved that the media industry is strippable, and that BitTorrent had proved that existing distribution services are inefficient. It was noted however, that advertisements will still show up, but embedded in movies or other forms of entertainment rather than as stand alone commercials. In response to a question about emergency phone services over the Internet, the speaker suggested that perhaps too much was being expected of the Internet. The speaker stated that just as there is no demand for a television to offer emergency services, maybe VOIP should not be expected to offer emergency phone services. Action items None. Top Real-world use of route analytics technology Greg Hooten, Packet Design Presentation [ppt \| pdf] This presentation gave an overview of how Packet Design's product, Route Explorer can be used to analyse routes. Questions and discussion None. Action items None. Top ASNs MIA: A comparison of RIR statistics and RIS reality Presentation [ppt \| pdf] The presentation compared the total number of AS numbers allocated by RIRs to the total number of AS numbers actually in use. The speaker explained how networks can apply for an AS number and that policy mandates that networks have to return AS numbers that are no longer needed. The presenter explained that in theory all assigned AS numbers should be in the RIB, but that in reality, this is not the case. The speaker noted that the work to compare assigned versus used AS numbers used data from the RIR statistics files, the CIDR Report, and RIS. The speaker stated that 436 AS numbers currently in use are not registered in any whois database. Trends demonstrate that before the Internet bubble burst, the difference between assigned and used AS numbers was pretty stable. However, since the bubble burst, there has been a linear growth in the difference between assigned and used AS numbers. In total, the speaker explained that only 60 to 63 percent of all assigned AS numbers are visible on the Internet over time. On average, an AS number is generally in use for 50 to 60 months, then disappears. The presenter suggested that reasons for these disappearances are that businesses go out of business and do not have time to return AS numbers to the RIRs, that networks merge and have no incentive to return unused AS numbers to the RIRs, and that there is little effort by the RIRs to recover unused AS numbers. The speaker noted that while RIRs expect AS numbers to be used within three months of assignments, AS numbers often remain unused after this time. The speaker stated that there are currently still 30,830 AS numbers available for assignment and projected that there are approximately 108 months until the pool of 16-bit AS numbers are exhausted. The speaker explained that if RIRs reclaimed AS numbers that disappear from use, the available pool could be extended until somewhere between 2016 and 2024. In addition, if RIRs could reclaim AS numbers that have been assigned but not used, the available pool would last until somewhere between the year 2023 and 2033. Questions and discussion There was a question about whether there should be a globally consistent AS number reclamation policy. The speaker responded that it would be useful if all five RIRs did have AS number reclamation policies, but had no opinion on whether such policies should be consistent. Action items None. Top Meeting closed: 5:25 pm Minuted by: Sam Dickinson Open action items None. Minutes \| Routing SIG

Routing SIG

Minutes

Wednesday 1 March 2006, Perth Convention and Exhibition Centre, Perth, Australia

Contents

BGP Convergence : Better handling of silent peer failures

Routing update

Routing security - an oversimplification

APNIC resource certification update

Complexity: The Internet and telco philosophies

Real-world use of route analytics technology

ASNs MIA: A comparison of RIR statistics and RIS reality