Behind IP prefix overlaps in the BGP routing table

Jaquemart, Quentin; Urvoy-Keller, Guillaume; Biersack, Ernst W
PAM 2016, 17th International Conference, Heraklion, Greece, also published in Chapter "Passive and Active Measurement", LNCS, Vol. 961, March 2016

The IP space has been divided and assigned as a set of IP prefixes. Due to the longest prefix match forwarding rule, a single assigned IP prefix can be further divided into multiple distinct IP spaces; resulting in a BGP routing table that contains over half a million distinct, but overlapping entries. Another side-effect of this forwarding rule is that any anomalous announcement can result in a denial of service for the prefix owner. It is thus essential to describe and clarify the use of these overlapping prefixes. In order to do this, we use Internet Routing Registries (IRR) databases as semantic data to group IP prefixes into families of prefixes that are owned by the same organization. We use BGP data in order to populate these families with prefixes that are announced on the Internet. We introduce several metrics which enable us to study how these families behave. With these metrics, we detail how organisations prefer to subdivide their IP space, underlining global trends in IP space management. We show that there is a large amount of information in the IRR that appears to be actively maintained by a number of ISPs.


DOI
Type:
Conference
City:
Heraklion
Date:
2016-03-31
Department:
Digital Security
Eurecom Ref:
4863
Copyright:
© Springer. Personal use of this material is permitted. The definitive version of this paper was published in PAM 2016, 17th International Conference, Heraklion, Greece, also published in Chapter "Passive and Active Measurement", LNCS, Vol. 961, March 2016 and is available at : http://dx.doi.org/10.1007/978-3-319-30505-9_22
See also:

PERMALINK : https://www.eurecom.fr/publication/4863