Routing & Network Management

The Internet is an essential part of most people’s daily life. Its popularity is largely driven by the diverse services it offers. To interact with services, user devices needs to identify and reach the infrastructure they are hosted on. Hosting servers, and their associated interfaces, are identified using IP addresses. While the Domain Name System (DNS) resolves a service’s name—-more specifically, its Fully Qualified Domain Name (FQDN)—to a set of IP addresses, the Border Gateway Protocol (BGP) provides the routes needed to reach those IPs. Those mechanisms have not changed substantially throughout the last two decades, even though they still pose research questions.

The allocation of IP addresses to organizations is managed by the Regional Internet Registries (RIRs). Traditionally, networks received decently-sized sets of 32-bit long (IPv4) addresses from their respective RIR at negligible cost. With the deployment of new services and the growth in Internet organizations, the number of freely-available IPv4 addresses rapidly decreased. To cover the existing need, 128-bit long (IPv6) addresses were introduced. While most RIRs have little-to-none IPv4 addresses left for allocation, only around one-third of all users have yet adopted IPv6. Similarly, many services are only accessible via IPv4. To bridge the gap between availability and need, organizations recently increased their reliance on buying and leasing of IPv4 addresses. Similar to most open markets, brokers
facilitate the matching between selling and buying parties and carry out most of the paperwork in exchange for a certain commission.

When analyzing the (private) transaction data for four of the largest brokers, we found that prices for IPv4 addresses doubled since 2016 regardless of region or block-size; however, they are far lower than previous academic works suggested. Despite the persistent demand and continuously decreasing availability of IPv4 addresses, we find that the market has entered a consolidation period in early 2019. During such a period, the market converges on a fixed price and some brokers hold back assets because they expect “big players” to make a drastic move that dictates future price trends. When analyzing leasing agreements via the lenses of BGP, RPKI, and RDAP, we find that individual data sources complement others with regards to their visible leasing agreements. Further, we showed that,
due to regional incompleteness, even combining all available data sets draws an incomplete picture which leaves room for future research. [2]

To allow others to reach newly acquired IPv4 addresses, networks—also called autonomous systems (ASes)—announce their set of IP addresses (also referred to as “prefixes”) using the BGP to other networks. Every AS that (re-)distributes a prefix adds itself to the AS PATH—the sequence of ASes that needs to be traversed in order to reach the IPs inside the prefix. When an AS receives multiple paths for the same prefix, it has to perform a best-path
selection process to determine its currently used path to addresses within the prefix. The AS PATH length is the first tie-breaker in this process that does not depend on local preference. Manipulating the length of the AS PATH before announcing a prefix is commonly used to influence how traffic from remote ASes ingresses the own network—a process known as AS PATH Prepending (ASPP).

While prior works already analyzed ASPP, our work was the first to characterize its usage policies in the wild. Out of the 35 % of ASes that use ASPP, only around 86 % use effective policies on all of their prefixes. The remaining prefixes announce at least one prefix that uses the “uniform” prepending-policy, i.e., all paths for this prefix show the same artificially increased length which, as a consequence, does not favor any path during the best-path selection process of remote ASes. We further show that this condition is rarely transitional: More than half of all uniformly-prepended prefixes remained in this policy for more than two years. To put importance of this finding into perspective, our large-scale, real-world emulations suggest that even small prepending sizes can substantially amplify the impact of security threats such as BGP hijacks. [1]

References
[1] P. Marcos, L. Prehn, L. Leal, A. Dainotti, A. Feldmann, and M. Barcellos. AS-Path Prepending: There is no rose without a thorn. In IMC’20, 20th ACM Internet Measurement Conference, Virtual Event, USA, 2020, pp. 506–520. ACM.
[2] L. Prehn, F. Lichtblau, and A. Feldmann. When wells run dry: the 2020 IPv4 address market. In D. Han and A. Feldmann, eds., CoNEXT’20, 16th International Conference on Emerging Networking Experiments And Technologies, Barcelona, Spain (Virtual Event), 2020, pp. 46–54. ACM.

Investigators: Lars Prehn in cooperation with Shravan Swaminathan, Pascal Vermeulen (Saarland University), Marcel Flores (Edge.io), Emile Aben (RIPE NCC), Pavlos Sermpezis, Sofia Kostoglou, and Athena Vakali (Aristotle University of Thessaloniki)

Network operators and researchers frequently use Internet measurement platforms (IMPs), such as RIPE Atlas, RIPE RIS, or RouteViews for, e.g., monitoring network performance, detecting routing events, discovering the AS topology, or optimizing routes. To interpret the results of their measurements, users must understand a platform’s limitations and biases. In this project, we first explored the noise within the data of RIPE RIS and Routeviews. We introduced an classification for typical noise patterns and performed a deep-dive into the noise within the data availability. We found that the archives for publicly available route collector projects persistently suffer from unavailable files and dropped peering sessions. Hereby, we found that patterns occur at the peer, route collector, and region level. We further introduced a general framework to analyze the multi-dimensional (e.g., across location, topology, network types, etc.) biases of IMPs. Beyond new insights into currently existing IMP biases, our framework provides methods to sub-sample and extend the current set of IMP vantage points. When blind-testing with a common measurement task, we demonstrate that our framework reduces placement bias and that this reduction leads to a more accurate estimation of end-user performance for a large CDN. Lastly, we conceptualized a system, CorMoRanT, that simplifies the analysis of BGP-based IMP data by generating thousands of pre-computed statistics and partial data views on a daily basis.

Investigators: Fariba Osali, Zubair Khwaja Sediqi, and Oliver Gasser

For several decades, IPv4 address has been used on the Internet to identify network device interfaces, effectively allowing the mapping to individual hosts. With IPv4 address exhaustion in recent years, network operators have increasingly implemented IPv6 in their networks. While IPv4 remains the dominant IP version on the Internet, the adoption of IPv6 is increasing. Each IP address consists of a network portion and a host portion, and an IP prefix represents a range of IP addresses with a shared network portion. While many service providers are incorporating both IPv4 and IPv6 in their network, the relationship between IP prefixes of both versions in the wild is unknown.

In this work, we explore the potential relationship between IPv4 and IPv6 prefixes to identify IPv4 and IPv6 sibling prefixes for hosts and services. Both research communities and network operators can benefit from the detection, identification, and classification of sibling prefixes. For example, if network operators want to filter all services on a specific IPv4 prefix, the corresponding IPv6 equivalent class is an excellent candidate.
To achieve this objective, we plan to conduct an investigation into the correlation between IPv4 and IPv6 prefixes in DNS datasets by looking at domains that have both A and AAAA records, as this will allow us to identify cases where the same domain name is associated with both an IPv4 and an IPv6 prefix. Then we plan a longitudinal study on IP prefix changes by tracking the dynamics of IP address and prefix allocation and usage over time.