Detecting BGP Configuration Faults with Static Analysis

Nick Feamster, Hari Balakrishnan
2nd Symp. on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005

The Internet is composed of many independent autonomous systems (ASes) that exchange reachability information to destinations using the Border Gateway Protocol (BGP). Network operators in each AS configure BGP routers to control the routes that are learned, selected, and announced to other routers. Faults in BGP configuration can cause forwarding loops, packet loss, and unintended paths between hosts, each of which constitutes a failure of the Internet routing infrastructure.

This paper describes the design and implementation of rcc, the router configuration checker, a tool that finds faults in BGP configurations using static analysis. rcc detects faults by checking constraints that are based on a high-level correctness specification. rcc detects two broad classes of faults: route validity faults, where routers may learn routes that do not correspond to usable paths, and path visibility faults, where routers may fail to learn routes for paths that exist in the network. rcc enables network operators to test and debug configurations before deploying them in an operational network, improving on the status quo where most faults are detected only during operation. rcc has been downloaded by more than sixty-five network operators to date, some of whom have shared their configurations with us. We analyze network-wide configurations from 17 different ASes to detect a wide variety of faults and use these findings to motivate improvements to the Internet routing infrastructure.

[PDF (348KB)]

Bibtex Entry:

@inproceedings{feamster2005detecting,
   author =       "Nick Feamster and Hari Balakrishnan",
   title =        "{Detecting BGP Configuration Faults with Static Analysis}",
   booktitle =    {2nd Symp. on Networked Systems Design and Implementation (NSDI)},
   year =         {2005},
   month =        {May},
   address =      {Boston, MA}
}