The Border Gateway Protocol (BGP) is the protocol that makes the various networks composing the Internet communicate to each other. Routers speaking BGP exchange updates to keep the routing up-to-date and allow such communication. This usually is done to reflect changes in the routing configurations or as a consequence of link failures. In the Internet as a whole it is normal that BGP updates are continuously exchanged, but for any specific IP prefix, these updates are supposed to be concentrated in a short time interval that is needed to react to a network change. On the contrary, in this paper we show that there are many IP prefixes involved in quite long sequences consisting of a large number of BGP updates. Namely, examining ∼30 billion updates collected by 172 observation points distributed worldwide, we estimate that almost 30% of them belong to sequences lasting more than one week. Such sequences involve 222285 distinct IP prefixes, approximately one fourth of the number of announced prefixes. We detect such sequences using a method based on the Discrete Wavelet Transform. We publish an online tool for the exploration and visualization of such sequences, which is open to the scientific community for further research. We group together sequences that exhibit common behaviours. For this purpose, we devise a clusterization algorithm able to group the sequences based on their similarity in time. We highlight four categories of clusters, which are attributable to different types of Internet events. Our online tool allows also to explore and to visualize the computed clusters.
Ariemma, L., Dell'Orco, A., Liotta, S., Candela, M., Di Battista, G. (2023). Long-lasting sequences of BGP updates. COMPUTER NETWORKS, 220, 109481 [10.1016/j.comnet.2022.109481].
Long-lasting sequences of BGP updates
Ariemma L.;Dell'Orco A.;Liotta S.;Di Battista G.
2023-01-01
Abstract
The Border Gateway Protocol (BGP) is the protocol that makes the various networks composing the Internet communicate to each other. Routers speaking BGP exchange updates to keep the routing up-to-date and allow such communication. This usually is done to reflect changes in the routing configurations or as a consequence of link failures. In the Internet as a whole it is normal that BGP updates are continuously exchanged, but for any specific IP prefix, these updates are supposed to be concentrated in a short time interval that is needed to react to a network change. On the contrary, in this paper we show that there are many IP prefixes involved in quite long sequences consisting of a large number of BGP updates. Namely, examining ∼30 billion updates collected by 172 observation points distributed worldwide, we estimate that almost 30% of them belong to sequences lasting more than one week. Such sequences involve 222285 distinct IP prefixes, approximately one fourth of the number of announced prefixes. We detect such sequences using a method based on the Discrete Wavelet Transform. We publish an online tool for the exploration and visualization of such sequences, which is open to the scientific community for further research. We group together sequences that exhibit common behaviours. For this purpose, we devise a clusterization algorithm able to group the sequences based on their similarity in time. We highlight four categories of clusters, which are attributable to different types of Internet events. Our online tool allows also to explore and to visualize the computed clusters.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.