Saturday, August 28, 2010

BGP Research Experiment Disrupts Internet, For Some

Via NY Times -

An experiment run by Duke University and a European group responsible for managing Internet resources went wrong Friday, disrupting a small percentage of Internet traffic.


The problem started just before 9 a.m. Greenwich Mean Time Friday and lasted less than half an hour. It was kicked off when RIPE NCC (Reseaux IP Europeens Network Coordination Centre) and Duke ran an experiment that involved the Border Gateway Protocol (BGP) -- used by routers to know where to send their traffic on the Internet. RIPE started announcing BGP routes that were configured a little differently from normal because they used an experimental data format. RIPE's data was soon passed from router to router on the Internet, and within minutes it became clear that this was causing problems.

"During this announcement, some Internet service providers reported problems with their networking infrastructure," wrote RIPE NCC's Erik Romijn in a note posted to the NANOG (North American Network Operators Group) discussion list. "Immediately after discovering this, we stopped the announcement and started investigating the problem. Our investigation has shown that the problem was likely to have been caused by certain router types incorrectly modifying the experimental attribute and then further announcing the malformed route to their peers."

That shouldn't have happened on systems that were properly configured to support BGP, Romijn said, but nonetheless for a brief period Friday morning, about 1 percent of all the Internet's traffic was affected by the snafu, as routers could not properly process the BGP routes they were being sent.

"Over 3,500 prefixes (announced blocks of IP addresses) became unstable at the exact moment this 'experiment' started," wrote Earl Zmijewski, a general manager with Internet security firm Renesys. "Not surprisingly, they were located all over the world: 832 in the US, 336 in Russia, 277 in Argentina, 256 in Romania and so forth. We saw over 60 countries impacted."


The damage from Friday's experiment was minimal, but if someone had been able to intentionally announce bad routes, it would have been much worse, said Paul Ferguson, a researcher with security firm Trend Micro.

It's unclear why RIPE NCC and Duke were trying out these new route formats.

One of the researchers behind the experiment, Duke assistant professor Xiaowei Yang, declined to talk in detail about the experiment, citing legal concerns. But she said that the work was for a research paper, and the BGP data that was sent was "100 percent standard compliant."

"It is an experiment initiated by my student and I," she wrote in an e-mail message. "It unexpectedly triggered some vendor bugs."

No comments:

Post a Comment