impact of prefix hijacking on payments of providers pradeep bangera and sergey gorinsky institute...

Impact of Prefix Hijacking on Payments of Providers

Pradeep Bangera and Sergey Gorinsky

Institute IMDEA Networks, Madrid, Spain

Developing the Science of

Networks

COMSNETS 2011, 6 January 2011

Pradeep Bangera and Sergey Gorinsky, "Impact of Prefix Hijacking on Payments of Providers"

2

Outline Background

Internet structure

IP and BGP

Prefix hijacking

Contribution Economic perspective on traffic attraction via prefix hijacking

Methodology Real AS-level topology data set

Internet-scale simulations in C-BGP

Results BGP connectivity, inter-AS link traffic, payments of providers

Conclusions

Internet Structure Internet entities

More than a billion users

Tens of thousands of Internet Service Providers (ISPs)

Own infrastructure organized as ASes (Autonomous Systems)

Form a hierarchy: local, regional, global ASes

Operate as commercial entities

Inter-AS relationships

Transit links

Result in payments from the customer to the provider

for the traffic exchanged in both directions

Peering links

Exchange traffic of own customers at reduced costs


3

Internet Protocol (IP) Forwarding

IP identifies destinations with 32-bit addresses

A prefix compactly represents a block of IP addresses

Forwarding table of a router maps prefixes to output links

A router uses the forwarding table to forward IP packets

Based on the longest-prefix match rule

e.g.,


4

Prefix output_link

192.168.128.0/26 e0

192.168.128.0/24 e1

Border Gateway Protocol (BGP) Routing

Constructs and maintain forwarding tables in routers

Relies on AS announcements of paths to prefixes

Does not have a mechanism for verifying

the validity of path announcements


5

Prefix Hijacking Refers to BGP announcements that attract traffic to different paths

e.g., by pretending to own a more specific prefix than the one

announced by the prefix owner

Has been studied from security perspectives prevention is difficult


6

208.65.153.0/24

Our Contribution

Economic perspective on prefix hijacking as

a mechanism for sustainable traffic attraction

that boosts ISP revenues


7

Methodology Internet-scale simulations in C-BGP

Before and after prefix hijacking

Real Internet data Real 2008 incident of YouTube prefix hijacking by

Pakistan Telecommunication Company Limited (PTCL)

Cooperative Association for Internet Data Analysis (CAIDA) data set

for the contemporary AS-level topology

Synthetic traffic Uniform YouTube-addressed video uploads from 27084 ASes

No other traffic for simulation scalability reasons


8

Microsoft Office PowerPoint 97-2003 Pres

Link Pricing and Provider Payments

Price pt for a transit link [Amogh et al.]: pt = mt (V 0.75)

V is the 95th percentile of the traffic volume in Kbps mt = 0.0675 is such that 1 Mbps is priced at $12

Price pe for a peering link [H. Chang et al.]: pe = me (V 0.4)

me = 0.0631 is such that 1 Mbps is priced at $1

Payment P of an AS: P = ∑t є R pt - ∑t є C pt - ∑e є E pe

Set R contains the transit links where the AS is a provider Set C contains the transit links where the AS is a customer Set E contains the peering links of the AS


9

Three Levels of Simulation Results

BGP path counts of transit ASes

Transit AS is an AS that serves a BGP path between other ASes

BGP path count of a transit AS is the number of BGP paths traversing the AS

Inter-AS link traffic

Provider payments


10

BGP Path Counts of Transit ASes


11

Distributions are similar but some ASes are significantly affected

Before prefix hijacking After prefix hijacking

2878 transit ASes: 64,213 BGP paths 2760 transit ASes: 68,962 BGP paths

9,733

5219

12,942

Losers and Winners of BGP Paths


12

9,728

12,723

Inter-AS Link Traffic


13


PTCL (AS 17557) successfully attracts YouTube (AS 36561) traffic from all the BGP-connected ASes

traffic to YouTube YouTube traffic hijacked by PTCL

YouTube (AS 36561)

PTCL (AS 17557)

Payments of Providers


14

Realistic traffic matrices and pricing functions are important

YouTubeTransitRail PTCL


Financial Losers and Gainers


15

Economic incentive

Low in absolute terms but relatively high, e.g., Verizon Business gains $476 which is 58% of the YouTube payments Higher if multiple prefixes are hijacked

Biggest financial winners and losers Top-tier provider-free ASes

$708

$476 $823

Viability of Traffic Attraction via Prefix Hijacking


16

Technical feasibility Detection is limited Prevention is very difficult especially if all the ISPs along the hijacked path are comfortable with the traffic attraction

Legal feasibility Global nature of Internet complicates the judicial process ISPs operate within different national boundaries

Business feasibility Reputation and negotiation power are important factors

Future Work


17

Realistic traffic matrices

Realistic link pricing functions

Traffic-interception scenarios where top-tier ISPs hijack traffic to deliver it to the destinations

Economic tussle as a dynamic game

Conclusions


18

First economic perspective on prefix hijacking as a mechanism for sustainable traffic attraction that boosts ISP revenues

Internet-scale simulations in C-BGP using a real CAIDA data set

Quantitative impact of prefix hijacking on payments of providers

Technical, legal and business feasibility of traffic attraction via prefix hijacking

Top-tier provider-free ASes as the biggest financial beneficiaries and other directions for future work

Thank you


19

impact of prefix hijacking on payments of providers pradeep bangera and sergey gorinsky institute...

Documents