RACI

Sawsan El Zahr, University of Oxford

Exploring the Benefits of Carbon-Aware Routing

Every click, swipe and scroll leaves an impact on the environment. As we rely more on the Internet in many sectors and for many applications, the carbon footprint of the internet is rising, and it is unclear if we can achieve the net zero goals by 2050. Introducing carbon awareness to computer networks is one promising solution, yet with many challenges. This work is in the context of fixed wired networks, where accounting for their emissions is hard, requires changes to deployed equipment, and has contentious benefits. It sheds light on the benefits of carbon aware networks, by exploring a set of potential carbon-related metrics and their use to define link-cost in carbon-aware link-state routing algorithms. Using realistic network topologies, traffic patterns and grid carbon intensity, we identify useful metrics and limitations to carbon emissions reduction. Consequently, a new heuristic carbon-aware traffic engineering algorithm, CATE, is proposed. CATE takes advantage of carbon intensity and routers’ dynamic power consumption, combined with ports power down, to minimise carbon emissions. Our results show that there is no silver bullet to significant carbon reductions, yet there are promising directions without changes to existing routers’ hardware. This work uncovers some of the challenges that Internet Service Providers (ISPs) will need to face as we move towards net-zero networks.

Yury Zhauniarovich, TU Delft

Peering into the Darkness – The Use of UTRS in Combating DDoS Attacks

Distributed denial of service (DDoS) attacks continue to threaten the availability of Internet-based services. To mitigate DDoS attacks, network operators and service providers have various techniques at their disposal, such as clean pipe, Content Delivery Network attack dilution, and antiDDoS proxy. However, in the last two decades, Remotely Triggered
Black Hole (RTBH) has become very popular among Autonomous Systems (ASes). RTBH leverages the Border Gateway Protocol (BGP) to reroute attack traffic to places that minimise harm, typically by dropping it. Unfortunately, RTBH is typically a paid service and requires contractual agreements between the parties.

The Unwanted Traffic Removal Service (UTRS), developed and deployed by Team Cymru about 10 years ago, offers a global, free and easy-to-join and operate RTBH implementation. Considering this exceptional value proposition, in this work, we present the first Internet-wide investigation of participation in UTRS as a popular DDoS mitigation technique based on RTBH. Specifically, we delve into the application of this service in combating reflection and IoT-based DDoS attacks by correlating time and IP addresses from UTRS announcements with the information from AmpPot and IoT Milker datasets.

Savvas Kastanaki, Lancaster University

20 Years of Inferring Inter-domain Routing Policies

The Internet, a web of thousands of interconnected networks, relies on the Border Gateway Protocol (BGP) for routing decisions among Autonomous Systems (ASes). Over the years, understanding and predicting these routing policies have been pivotal for network operators. In 2003, Wang and Gao introduced an algorithm to infer and characterise routing policies, revealing the phenomenon of selectively announced prefixes, where ASes manipulate traffic by announcing prefixes selectively. Since then, the Internet has undergone a transformative shift from hierarchical to a flat and dense structure, yet the impact of these changes on routing policies remains unclear despite decades of research.

To address this gap, we embark on a replicability study of Wang and Gao’s seminal work. Our study illuminates the evolution and current state of selectively announced prefixes, demonstrating their persistence across time and networks. Furthermore, we unveil
shifts in path selection dynamics, where local preference values are inconsistently assigned among neighbouring AS relationships. These findings underscore the necessity for continuous BGP policy inference to adapt to the dynamic nature of AS connectivity and evolving routing policies. By combining insights from past research with contemporary analysis, our study not only sheds light on the intricate evolution of routing policies but also emphasises the need for ongoing monitoring and adaptation in network operations. We believe that our findings will contribute to a deeper understanding of inter-domain routing dynamics and inform future efforts to improve network reliability and security in the ever-evolving landscape of the Internet

Pawel Foremski, Institute of Theoretical and Applied Informatics

bgpipe – open source BGP reverse proxy

bgpipe is a novel reverse proxy and firewall tool for BGP sessions. It facilitates control-plane connections between routers and empowers administrators to audit, filter, and modify exchanged BGP messages on-the-fly. For researchers, bgpipe offers a new tool for data collection and analysis, as well as for experimentation with modifying the BGP protocol.

The open-source project available at bgpipe.org is in an early stage of development, but already proves itself valuable and ready for experimentation. The eventual goal of bgpipe is to provide a versatile and robust tool for fixing BGP issues in production environments, particularly in scenarios where router vendors are unresponsive to grave flaws in their BGP implementations. Additionally, bgpipe aims to enable the integration of new features such as RPKI or ASPA validation into older yet still functional BGP routers.

In our talk, we will delve into the motivation and objectives driving bgpipe, introduce the underlying Golang library, and provide practical demonstrations of bgpipe CLI usage, including session filtering and modification with Python scripts.

Radu Anghel, TU Delft

Beyond Numbers – Navigating the “end-user” part of the AS Ecosystem

This presentation will show a perspective on Autonomous System Numbers (ASNs) and their management within the Internet ecosystem. ASNs are an important but invisible part of how the Internet works because they play a role in the way networks interconnect, allowing routers to make decisions about where to send packets so that they can reach their destination. In 2008, around 30.000 such numbers were in use, and, after ten years – in 2018 – they doubled to around 60.000. Today, over 75.000 ASes are present in the Global Routing Table.

Traditionally, such numbers were obtained by large companies due to the size of their networks and their unique routing requirements; however, in recent years, this has changed, and an increasing number of natural persons are requesting and registering ASNs, for which the term “Personal ASNs” is frequently used.

According to IANA, the RIPE NCC region leads the other RIRs with the most ASN assignments, possibly due to the lack of maintenance fees for ASNs, making it also attractive for out-of-region requests. Registration of AS numbers has both direct and indirect costs that are very hard to measure. This presentation highlights some of the direct and indirect costs and risks generated by the increase in ASN registrations that extend beyond the RIPE NCC membership, service region, and the RIPE Community due to the global nature of Internet operations.

Khwaja Zubair Sediq, Max Planck Institute for Informatics and Saarland University

Syncing with RPKI – Exploring Causes of Delay in Relying Party Synchronisation

The Internet operation relies heavily on the interplay between ASes using BGP for routing information exchange. The Resource Public Key Infrastructure (RPKI) provides attestation objects that help network operators validate the authenticity of IP prefixes and AS associations of BGP announcements. Despite operating independently, RPKI and BGP are interdependent, with delays in RPKI potentially impacting BGP’s reactivity.

This study we’re presenting investigates the RPKI synchronisation delay, which is the time it takes for Relying Party (RP) software to download RPKI objects, perform a validation cycle, and produce a set of Validated ROA Payloads (VRPs). We analyse factors contributing to the RPKI synchronisation delay, including the Route Origin Authorisations (ROAs) structure, depth of certificate chain in RPKI resource management, and network latency to publication points.

The findings have practical implications. They suggest that consolidating multiple prefixes of an AS into a single ROA can reduce synchronisation time by a factor of three. Additionally, we show that a small number of ROAs from delegated Certificate Authorities (CAs) can increase synchronisation delay by 25-50% for Trusted Anchor (TA).