Since their deployment, BGP route collectors have played a fundamental role in investigating and detecting routing accidents and hijack attempts. However, an increasing number of detection techniques designed for real-time environments show that the lack of interactivity of route collectors represents a limitation to their efficacy, together with the small amount of sources from which data is collected. Both issues stem from the current implementation of route collectors, which relies on single-threaded and general-purpose routing suites to establish BGP sessions and collect data. With this implementation any interactive operation impacts on the collection process and the number of sessions that can be established is limited by memory usage, which is not optimized for route collecting purposes. In this paper we present ICE, a multi-threaded and memory-efficient BGP collecting engine which allows route collectors to overcome the above mentioned limitations. The multi-threaded environment allows us to solve the lack of interactiveness, allowing concurrent read/write operations. Memory efficiency has been obtained thanks to the design of a variant of the Liv-Zempel compression algorithms specifically tailored to operate within a BGP real-time collecting environment. The proposed technique exploits the high degree of repetitiveness characterizing BGP data and reduces the ICE memory usage by as much as 30%.
ICE: A memory-efficient BGP route collecting engine
Gregori E;Guidi B;Improta A;Sani L
2017
Abstract
Since their deployment, BGP route collectors have played a fundamental role in investigating and detecting routing accidents and hijack attempts. However, an increasing number of detection techniques designed for real-time environments show that the lack of interactivity of route collectors represents a limitation to their efficacy, together with the small amount of sources from which data is collected. Both issues stem from the current implementation of route collectors, which relies on single-threaded and general-purpose routing suites to establish BGP sessions and collect data. With this implementation any interactive operation impacts on the collection process and the number of sessions that can be established is limited by memory usage, which is not optimized for route collecting purposes. In this paper we present ICE, a multi-threaded and memory-efficient BGP collecting engine which allows route collectors to overcome the above mentioned limitations. The multi-threaded environment allows us to solve the lack of interactiveness, allowing concurrent read/write operations. Memory efficiency has been obtained thanks to the design of a variant of the Liv-Zempel compression algorithms specifically tailored to operate within a BGP real-time collecting environment. The proposed technique exploits the high degree of repetitiveness characterizing BGP data and reduces the ICE memory usage by as much as 30%.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.