SlideShare a Scribd company logo

BGP zombie routes

Redge Technologies
Redge Technologies

The document discusses BGP zombie routes, which occur when an active routing table entry remains for a prefix that has been withdrawn by its origin network. This can cause issues like partial outages or routing loops. The document provides examples of real-world incidents involving zombie routes, including outages at Telia, Interoute, and CenturyLink/Level3. It also covers ways to detect and debug zombie routes, such as looking for routing loops or inconsistencies using traceroute. Mitigation strategies are also discussed.

1 of 40
Zombie routes Paweł Małachowski, 2020.09.29 @pawmal80
Agenda 1. BGP withdrawals and zombie routes 2. Real life cases 3. Detection and debugging 4. Zombie risk mitigation
whoami(1)  Atende Software  redGuardian DDoS mitigation  my previous talks: DPDK, DPI/regexp, DUT perftesting, BGP hijacks https://www.slideshare.net/atendesoftware/presentations  Previously  Netia S.A.  ATM S.A.  local hosting and ISP companies, community network  Roles: system engineer, IT operations lead, business analyst @pawmal80
BGP withdrawals and zombie routes
BGP zombie / ghost route  „an active routing table entry for a prefix that has been withdrawn by its origin network” source: https://labs.ripe.net/Members/romain_fontugne/bgp-zombies (2019) see also: „BGP Zombies: an Analysis of Beacons Stuck Routes” (2019), https://www.iij-ii.co.jp/en/members/romain/pdf/romain_pam2019.pdf  not a new phenomenon  Ghost Route Hunter (2003): https://www.sixxs.net/tools/grh/what/  „An overview of the global IPv6 routing table” (2005): https://meetings.ripe.net/ripe-50/presentations/ripe50-plenary-tue-ipv6-routing.pdf  may take hours/days to „expire”
BGP zombie / ghost route  Who cares? It was withdrawn anyway!  Unless we are talking about  partial withdrawal and some ingress traffic goes via different path you may expect / does not converge or even loops  more-specific route and zombie sits in Tier1/Tier2/NSP/IXP infrastructure causing partial or complete outage
More-specific prefix usage examples  Traffic engineering  Announce 10.0.0.0/23 into global table  Announce 10.0.0.0/24 to some IXP peers to override their local prefs  Customer delegation  ISP1 announces 10.0.0.0/16 PA block  ISP1 delegates 10.1.2.0/24 to customer  Customer runs own BGP, announces 10.1.2.0/24 via ISP1, ISP2 and IXP
Real life cases
2016 (TPNET-OTI loop)  Orange PL (5617) – Opentransit (5511)  Zombie AS path: 5511 1299 24724 57811 201029 x  Looking glass:  TPNET sees (zombie) more specific via OTI  OTI has less specific via TPNET  I gave up after 20 minute outage and reannounced more specific to save „x”  Withdrawn later with no issues
2016 (Interoute/AS8928 hijack) 1. Warsaw: PLIX, THINX, NASK 2. Interoute: Prague, Paris, Madrid 3. NTT Madrid 4. Telia: Madrid, Hamburg 5. Warsaw: TPNET 6. Customer
2016 (Interoute/AS8928 hijack) • zombie /24 route via NTT at former Interoute/Madrid hijacked significant part of ingress traffic • luckily, no loop; trace reaches customer in Warsaw • many hours, finally „fixed” by announce/withdraw flaps
2018 (Telia loop) Massive outage after „1299 3356 …” path withdrawal
2018 (Telia loop)
2018 (Telia loop) • 1299 announces zombie route • hijacks and loops large portion of ingress traffic • we reproduced this problem with another, non-production prefix • ~two days of disaster! • „Routeprocessor Switchover in one of our backbone router in Chicago solved the issue”
2020 (TATA-Level3 loop) Router: gin-n0v-tcore1 Site: US, New York, N0V Command: traceroute inet4 x as-number-lookup traceroute to x (x), 30 hops max, 52 byte packets 1 if-ae-7-5.tcore1.nto-newyork.as6453.net (63.243.128.141) 2.990 ms 1.545 ms 1.369 ms MPLS Label=415563 CoS=0 TTL=1 S=1 2 if-ae-9-2.tcore1.n75-newyork.as6453.net (63.243.128.122) 1.653 ms 1.704 ms 1.439 ms 3 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 3.038 ms 1.118 ms 3.086 ms 4 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 82.672 ms 81.989 ms 82.221 ms 5 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 82.072 ms 81.949 ms 81.731 ms 6 if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 87.154 ms if-ae-59-2.tcore2.fnm- frankfurt.as6453.net (195.219.87.194) 87.064 ms 87.038 ms MPLS Label=486720 CoS=0 TTL=1 S=1 7 if-ae-30-2.tcore1.pvu-paris.as6453.net (80.231.153.89) 86.645 ms if-ae-9-3.tcore1.pvu- paris.as6453.net (195.219.87.14) 87.036 ms if-ae-9-2.tcore1.pvu-paris.as6453.net (195.219.87.10) 87.412 ms MPLS Label=345609 CoS=0 TTL=1 S=1 8 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 87.357 ms 87.522 ms 86.774 ms MPLS Label=525823 CoS=0 TTL=1 S=1 9 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 87.089 ms 86.984 ms 87.120 ms MPLS Label=558832 CoS=0 TTL=1 S=1 10 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 86.711 ms 86.872 ms 87.689 ms MPLS Label=300093 CoS=0 TTL=1 S=1 11 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 86.838 ms 86.749 ms 86.667 ms 12 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 87.039 ms 86.777 ms 108.465 ms 13 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 167.903 ms 167.436 ms 167.919 ms 14 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 167.316 ms 167.016 ms 167.156 ms 15 if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 172.082 ms 172.347 ms if-ae-59- 2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 172.688 ms MPLS Label=486720 CoS=0 TTL=1 S=1 16 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 172.403 ms if-ae-9-2.tcore1.pvu- paris.as6453.net (195.219.87.10) 177.623 ms 172.588 ms MPLS Label=345609 CoS=0 TTL=1 S=1 17 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 173.956 ms 176.402 ms 172.581 ms MPLS Label=525823 CoS=0 TTL=1 S=1 18 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 172.784 ms 172.592 ms 172.921 ms MPLS Label=558832 CoS=0 TTL=1 S=1 19 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 172.660 ms 172.503 ms 172.937 ms MPLS Label=300093 CoS=0 TTL=1 S=1 20 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 172.258 ms 172.540 ms 171.995 ms 21 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 183.732 ms 171.950 ms 172.068 ms 22 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 252.748 ms 252.855 ms 252.719 ms 23 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 253.215 ms 253.049 ms 252.474 ms 24 if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 258.598 ms if-ae-4- 2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 258.467 ms 257.584 ms MPLS Label=486720 CoS=0 TTL=1 S=1 25 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 257.906 ms 257.857 ms if-ae-9- 2.tcore1.pvu-paris.as6453.net (195.219.87.10) 258.308 ms MPLS Label=345609 CoS=0 TTL=1 S=1 26 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 257.546 ms 257.812 ms 268.691 ms MPLS Label=525823 CoS=0 TTL=1 S=1 27 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 261.149 ms 257.873 ms 258.124 ms MPLS Label=558832 CoS=0 TTL=1 S=1 28 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 257.746 ms 257.491 ms 258.035 ms MPLS Label=300093 CoS=0 TTL=1 S=1 29 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 257.737 ms 258.226 ms 257.614 ms 30 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 257.587 ms 259.322 ms 258.347 ms
2020 (TATA-Level3 loop) … 20 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 172.258 ms 172.540 ms 171.995 ms 21 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 183.732 ms 171.950 ms 172.068 ms 22 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 252.748 ms 252.855 ms 252.719 ms 23 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 253.215 ms 253.049 ms 252.474 ms 24 if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 258.598 ms if-ae-4-2.tcore2.fnm- frankfurt.as6453.net (195.219.87.17) 258.467 ms 257.584 ms MPLS Label=486720 CoS=0 TTL=1 S=1 25 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 257.906 ms 257.857 ms if-ae-9-2.tcore1.pvu- paris.as6453.net (195.219.87.10) 258.308 ms MPLS Label=345609 CoS=0 TTL=1 S=1 26 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 257.546 ms 257.812 ms 268.691 ms MPLS Label=525823 CoS=0 TTL=1 S=1 27 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 261.149 ms 257.873 ms 258.124 ms MPLS Label=558832 CoS=0 TTL=1 S=1 28 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 257.746 ms 257.491 ms 258.035 ms MPLS Label=300093 CoS=0 TTL=1 S=1 29 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 257.737 ms 258.226 ms 257.614 ms …
2020 (TATA-Level3 loop) 1. TATA/US „sees” more specific via Level3/US 2. Level3/US does not have this zombie route and uses „cold potato” routing to reach Level3/Frankfurt 3. Level3 passes packets to TATA in Frankfurt (less specific route, destination is TATAs customer in Poland) 4. once passed to TATA, „zombie more specific via Level3” kicks in – traffic goes to Tata/US where it is passed to Level3/US once again…
2020 (Level3 loop and zombie resurrection) • First outage directly after withdrawal • Finally BGP converges • However, few hours later zombie route resurrects in AS3356 core and causes another 1h outage
2020 (Level3 loop and zombie resurrection)
2020 Aug (well known Centurylink/Level3-related outage) NANOG mailing list threads:  „Centurylink having a bad morning?”  „[outages] Major Level3 (CenturyLink) Issues” https://mailman.nanog.org/pipermail/nanog/2020-August/thread.html https://mailman.nanog.org/pipermail/nanog/2020-September/thread.html https://puck.nether.net/pipermail/outages/2020-August/013204.html
2020 Aug (well known Centurylink/Level3-related outage) Analysis:  https://blog.thousandeyes.com/centurylink-level-3-outage-analysis/ „Level 3 continues to advertise stale routes despite services withdrawing routes”  https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/  https://radar.qrator.net/blog/another-centurylink-bgp-incident
Detection and debugging
Detection & debugging  Complete outage  should be easy to spot  Partial outage, suboptimal routing  traces from the outer world  BGP tables: Tier1s, NSP, ISP, IXP, HE.net, Qrator Radar and NLNOG Ring looking glasses / route servers  BGP updates log
Toolbox: traces  http://ping.pe/  simple and quick  https://mtr.sh/  fancy  https://www.globaltraceroute.com/  RIPE Atlas probes  wide range of locations, very slow
ping.pe
mtr.sh
Toolbox: looking glasses  http://lg.ring.nlnog.net/  https://lg.he.net/  https://radar.qrator.net/  https://www.pch.net/tools/looking_glass/
NLNOG Ring Looking glass
BGP maps: HE vs. Qrator Radar
Toolbox: BGP updates  PCH  https://www.pch.net/resources/Routing_Data/IPv4_daily_snapshots/  https://www.pch.net/resources/Raw_Routing_Data/  RIPE  https://stat.ripe.net/  https://stat.ripe.net/special/bgplay (history)  https://ris-live.ripe.net/ (live BGP stream)  https://www.ripe.net/analyse/internet-measurements/routing- information-service-ris/ris-raw-data
RIPE RIS Live
RIPE BGPlay
Zombie risk mitigation
Zombie risk mitigation  Fix all Tier1 routers   Gradual more specific withdrawal  stage 1: withdraw from distant locations and transits  stage 2: withdraw from local/national peerings  Selective more specific announcements  by continent/peer  no transit, just peerings  gratis: faster convergence!
Selective announcements / traffic steering  Use the communities, Luke!  Features  excellent customer BGP communities (NTT, Telia, GTT, DE-CIX)  good enough  ~nothing (HE)  secret  Transition  transparent  partial clear/override  full clear  overlap risk! (EC/LC still not widely adopted)
Example: add GTT leak to the mix (via RETN) Note: covers all RETN, Telia, GTT and TATA customers (not visible here)
Example: leak to Telia (via Level3) Note: leaks to all Level3 customers (incl. RETN) and Telia customers
Per customer announcement tailoring (BIRD filter syntax) case bgp_path.last { # ASx Customer Foo (uses: Level3, Telia) x: if pop = "PLIX" then bgp_community.add(level3_yes_telia); if pop = "THINX" then bgp_community.add(retn_yes_telia); if pop = "LINX" then {…} # ASy Customer Bar (uses: GTT, Cogent) y: if pop = "PLIX" then bgp_community.add(level3_yes_cogent); if pop = "THINX" then bgp_community.add(retn_yes_gtt); if pop = "LINX" then {…} # ASz Customer Baz... } docs: https://bird.network.cz/?get_doc&v=20&f=bird-5.html#ss5.4
Summary  Still not well understood  BGP update queueing, races/reordering, losses?  BGP optimizers/stabilizers, broken damping?  In $vendors we trust  Avoid more-specifics in global table  Monitor your reachability/visibility
e–Q&A @redguardianeu

Recommended

Monitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksMonitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 Networks
Vance Shipley
 
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PROIDEA
 
Cisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Meraki- Simplifying IT
Cisco Meraki- Simplifying IT
Cisco Canada
 
IPv6 in the Telco Cloud and 5G
IPv6 in the Telco Cloud and 5GIPv6 in the Telco Cloud and 5G
IPv6 in the Telco Cloud and 5G
APNIC
 
Agile 5G Deployment
Agile 5G DeploymentAgile 5G Deployment
Agile 5G Deployment
Ericsson
 
UCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCEUCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCE
NovelVox
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancer
xKinAnx
 
5G slicing and management tmf contribution
5G slicing and management tmf contribution 5G slicing and management tmf contribution
5G slicing and management tmf contribution
Saurabh Verma
 

Recommended

Monitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 NetworksMonitoring Dual Stack IPv4/IPv6 Networks
Monitoring Dual Stack IPv4/IPv6 Networks
Vance Shipley
 
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin WangPLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PLNOG16: IP/MPLS for Fixed and Mobile Convergence, Kevin Wang
PROIDEA
 
Cisco Meraki- Simplifying IT
Cisco Meraki- Simplifying ITCisco Meraki- Simplifying IT
Cisco Meraki- Simplifying IT
Cisco Canada
 
IPv6 in the Telco Cloud and 5G
IPv6 in the Telco Cloud and 5GIPv6 in the Telco Cloud and 5G
IPv6 in the Telco Cloud and 5G
APNIC
 
Agile 5G Deployment
Agile 5G DeploymentAgile 5G Deployment
Agile 5G Deployment
Ericsson
 
UCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCEUCCX vs PCCE vs UCCE
UCCX vs PCCE vs UCCE
NovelVox
 
Presentation f5 – beyond load balancer
Presentation f5 – beyond load balancerPresentation f5 – beyond load balancer
Presentation f5 – beyond load balancer
xKinAnx
 
5G slicing and management tmf contribution
5G slicing and management tmf contribution 5G slicing and management tmf contribution
5G slicing and management tmf contribution
Saurabh Verma
 
Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
Alexander Petrovskiy
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
Febrian ‎
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Aruba, a Hewlett Packard Enterprise company
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIDifferences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HI
Huanetwork
 
Alcatel - 7750 SR & CGNAT SR-OS Fundamental
Alcatel - 7750 SR & CGNAT SR-OS FundamentalAlcatel - 7750 SR & CGNAT SR-OS Fundamental
Alcatel - 7750 SR & CGNAT SR-OS Fundamental
Wilson Vicente Júnior
 
Next Generation Network Automation
Next Generation Network AutomationNext Generation Network Automation
Next Generation Network Automation
Laurent Ciavaglia
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
Robb Boyd
 
ECMS2 Training Slides.pdf
ECMS2 Training Slides.pdfECMS2 Training Slides.pdf
ECMS2 Training Slides.pdf
aplic1
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
Moises Silva
 
10 Slides to SMS
10 Slides to SMS10 Slides to SMS
10 Slides to SMS
seanraz
 
Building on TAP sync resiliency for the cloud
Building on TAP sync resiliency for the cloud Building on TAP sync resiliency for the cloud
Building on TAP sync resiliency for the cloud
Adtran
 
Enterprise network
Enterprise networkEnterprise network
Enterprise network
Santanu Mukhopadhyay
 
Vaishnavi Serene Yelahanka Brochure
Vaishnavi Serene Yelahanka BrochureVaishnavi Serene Yelahanka Brochure
Vaishnavi Serene Yelahanka Brochure
Dream Earth
 
IMS Registration Flow
IMS Registration FlowIMS Registration Flow
IMS Registration Flow
Kent Loh
 
Sip architecture
Sip architectureSip architecture
Sip architecture
Raghunath M D
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
Understanding Open Protocols in Building Automation
Understanding Open Protocols in Building AutomationUnderstanding Open Protocols in Building Automation
Understanding Open Protocols in Building Automation
Schneider Electric
 
Unix 4 en
Unix 4 enUnix 4 en
Unix 4 en
Simonas Kareiva
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2
Eduardo Narvaez
 

More Related Content

What's hot

Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
Alexander Petrovskiy
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
Febrian ‎
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Aruba, a Hewlett Packard Enterprise company
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIDifferences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HI
Huanetwork
 
Alcatel - 7750 SR & CGNAT SR-OS Fundamental
Alcatel - 7750 SR & CGNAT SR-OS FundamentalAlcatel - 7750 SR & CGNAT SR-OS Fundamental
Alcatel - 7750 SR & CGNAT SR-OS Fundamental
Wilson Vicente Júnior
 
Next Generation Network Automation
Next Generation Network AutomationNext Generation Network Automation
Next Generation Network Automation
Laurent Ciavaglia
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
Robb Boyd
 
ECMS2 Training Slides.pdf
ECMS2 Training Slides.pdfECMS2 Training Slides.pdf
ECMS2 Training Slides.pdf
aplic1
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
Moises Silva
 
10 Slides to SMS
10 Slides to SMS10 Slides to SMS
10 Slides to SMS
seanraz
 
Building on TAP sync resiliency for the cloud
Building on TAP sync resiliency for the cloud Building on TAP sync resiliency for the cloud
Building on TAP sync resiliency for the cloud
Adtran
 
Enterprise network
Enterprise networkEnterprise network
Enterprise network
Santanu Mukhopadhyay
 
Vaishnavi Serene Yelahanka Brochure
Vaishnavi Serene Yelahanka BrochureVaishnavi Serene Yelahanka Brochure
Vaishnavi Serene Yelahanka Brochure
Dream Earth
 
IMS Registration Flow
IMS Registration FlowIMS Registration Flow
IMS Registration Flow
Kent Loh
 
Sip architecture
Sip architectureSip architecture
Sip architecture
Raghunath M D
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
KlausSchwegler
 
Understanding Open Protocols in Building Automation
Understanding Open Protocols in Building AutomationUnderstanding Open Protocols in Building Automation
Understanding Open Protocols in Building Automation
Schneider Electric
 

What's hot (20)

Open Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network designOpen Ethernet: an open-source approach to modern network design
Open Ethernet: an open-source approach to modern network design
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturing
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1Barry Hesk: Cisco Unified Communications Manager training deck 1
Barry Hesk: Cisco Unified Communications Manager training deck 1
 
Differences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HIDifferences of Huawei S5700 Series LI, SI, EI and HI
Differences of Huawei S5700 Series LI, SI, EI and HI
 
Alcatel - 7750 SR & CGNAT SR-OS Fundamental
Alcatel - 7750 SR & CGNAT SR-OS FundamentalAlcatel - 7750 SR & CGNAT SR-OS Fundamental
Alcatel - 7750 SR & CGNAT SR-OS Fundamental
 
Next Generation Network Automation
Next Generation Network AutomationNext Generation Network Automation
Next Generation Network Automation
 
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design ConsiderationsTechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
TechWiseTV Workshop: Cisco Catalyst 9600: Deep Dive and Design Considerations
 
ECMS2 Training Slides.pdf
ECMS2 Training Slides.pdfECMS2 Training Slides.pdf
ECMS2 Training Slides.pdf
 
Media Handling in FreeSWITCH
Media Handling in FreeSWITCHMedia Handling in FreeSWITCH
Media Handling in FreeSWITCH
 
10 Slides to SMS
10 Slides to SMS10 Slides to SMS
10 Slides to SMS
 
Building on TAP sync resiliency for the cloud
Building on TAP sync resiliency for the cloud Building on TAP sync resiliency for the cloud
Building on TAP sync resiliency for the cloud
 
Enterprise network
Enterprise networkEnterprise network
Enterprise network
 
Vaishnavi Serene Yelahanka Brochure
Vaishnavi Serene Yelahanka BrochureVaishnavi Serene Yelahanka Brochure
Vaishnavi Serene Yelahanka Brochure
 
IMS Registration Flow
IMS Registration FlowIMS Registration Flow
IMS Registration Flow
 
Sip architecture
Sip architectureSip architecture
Sip architecture
 
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdfAryaka Bringing SASE to Life with a Zero Trust WAN.pdf
Aryaka Bringing SASE to Life with a Zero Trust WAN.pdf
 
Understanding Open Protocols in Building Automation
Understanding Open Protocols in Building AutomationUnderstanding Open Protocols in Building Automation
Understanding Open Protocols in Building Automation
 

Similar to BGP zombie routes

Unix 4 en
Unix 4 enUnix 4 en
Unix 4 en
Simonas Kareiva
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2
Eduardo Narvaez
 
Day2
Day2Day2
Day2
Jai4uk
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
Sneha Inguva
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
JUNICHI YOSHISE
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domain
Phu Nguyen
 
Quic illustrated
Quic illustratedQuic illustrated
Quic illustrated
Alexander Krizhanovsky
 
Seqüestro de dados na Internet
Seqüestro de dados na InternetSeqüestro de dados na Internet
Seqüestro de dados na Internet
João S Magalhães
 
Linux networking
Linux networkingLinux networking
Linux networking
Armando Reis
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networking
Sreenatha Reddy K R
 
Lecture 06 and 07.pptx
Lecture 06 and 07.pptxLecture 06 and 07.pptx
Lecture 06 and 07.pptx
HanzlaNaveed1
 
The Internet
The InternetThe Internet
The Internet
David Evans
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined Access
Robb Boyd
 
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsBlack Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Wang Kang
 
Data centre networking at London School of Economics and Political Science - ...
Data centre networking at London School of Economics and Political Science - ...Data centre networking at London School of Economics and Political Science - ...
Data centre networking at London School of Economics and Political Science - ...
Jisc
 
NUSE (Network Stack in Userspace) at #osio
NUSE (Network Stack in Userspace) at #osioNUSE (Network Stack in Userspace) at #osio
NUSE (Network Stack in Userspace) at #osio
Hajime Tazaki
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUT
Redge Technologies
 
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...
PROIDEA
 
Ground to ns3 - Basic wireless topology implementation
Ground to ns3 - Basic wireless topology implementationGround to ns3 - Basic wireless topology implementation
Ground to ns3 - Basic wireless topology implementation
Jawad Khan
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Frank Brockners
 

Similar to BGP zombie routes (20)

Unix 4 en
Unix 4 enUnix 4 en
Unix 4 en
 
How to use mtr 2
How to use mtr 2How to use mtr 2
How to use mtr 2
 
Day2
Day2Day2
Day2
 
Handy Networking Tools and How to Use Them
Handy Networking Tools and How to Use ThemHandy Networking Tools and How to Use Them
Handy Networking Tools and How to Use Them
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
 
Chapter 3. sensors in the network domain
Chapter 3. sensors in the network domainChapter 3. sensors in the network domain
Chapter 3. sensors in the network domain
 
Quic illustrated
Quic illustratedQuic illustrated
Quic illustrated
 
Seqüestro de dados na Internet
Seqüestro de dados na InternetSeqüestro de dados na Internet
Seqüestro de dados na Internet
 
Linux networking
Linux networkingLinux networking
Linux networking
 
Introduction to tcp ip linux networking
Introduction to tcp ip linux networkingIntroduction to tcp ip linux networking
Introduction to tcp ip linux networking
 
Lecture 06 and 07.pptx
Lecture 06 and 07.pptxLecture 06 and 07.pptx
Lecture 06 and 07.pptx
 
The Internet
The InternetThe Internet
The Internet
 
TechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined AccessTechWiseTV Workshop: Software-Defined Access
TechWiseTV Workshop: Software-Defined Access
 
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source ProjectsBlack Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
Black Hat Europe 2015 - Time and Position Spoofing with Open Source Projects
 
Data centre networking at London School of Economics and Political Science - ...
Data centre networking at London School of Economics and Political Science - ...Data centre networking at London School of Economics and Political Science - ...
Data centre networking at London School of Economics and Political Science - ...
 
NUSE (Network Stack in Userspace) at #osio
NUSE (Network Stack in Userspace) at #osioNUSE (Network Stack in Userspace) at #osio
NUSE (Network Stack in Userspace) at #osio
 
Stress your DUT
Stress your DUTStress your DUT
Stress your DUT
 
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...
PLNOG20 - Paweł Małachowski - Stress your DUT–wykorzystanie narzędzi open sou...
 
Ground to ns3 - Basic wireless topology implementation
Ground to ns3 - Basic wireless topology implementationGround to ns3 - Basic wireless topology implementation
Ground to ns3 - Basic wireless topology implementation
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
 

More from Redge Technologies

[PL] DDoS na sieć ISP (KIKE 2023)
[PL] DDoS na sieć ISP (KIKE 2023)[PL] DDoS na sieć ISP (KIKE 2023)
[PL] DDoS na sieć ISP (KIKE 2023)
Redge Technologies
 
100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS
100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS
100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS
Redge Technologies
 
BGP hijacks and leaks
BGP hijacks and leaksBGP hijacks and leaks
BGP hijacks and leaks
Redge Technologies
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
Redge Technologies
 
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...
Redge Technologies
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platform
Redge Technologies
 
100Mpps czyli jak radzić sobie z atakami DDoS?
100Mpps czyli jak radzić sobie z atakami DDoS?100Mpps czyli jak radzić sobie z atakami DDoS?
100Mpps czyli jak radzić sobie z atakami DDoS?
Redge Technologies
 
SCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa IT
SCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa ITSCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa IT
SCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa IT
Redge Technologies
 
Na froncie walki z DDoS
Na froncie walki z DDoSNa froncie walki z DDoS
Na froncie walki z DDoS
Redge Technologies
 
100 M pps on PC.
100 M pps on PC.100 M pps on PC.
100 M pps on PC.
Redge Technologies
 
100 M pakietów na sekundę dla każdego.
100 M pakietów na sekundę dla każdego. 100 M pakietów na sekundę dla każdego.
100 M pakietów na sekundę dla każdego.
Redge Technologies
 

More from Redge Technologies (11)

[PL] DDoS na sieć ISP (KIKE 2023)
[PL] DDoS na sieć ISP (KIKE 2023)[PL] DDoS na sieć ISP (KIKE 2023)
[PL] DDoS na sieć ISP (KIKE 2023)
 
100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS
100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS
100M pakietów na sekundę czyli jak radzić sobie z atakami DDoS
 
BGP hijacks and leaks
BGP hijacks and leaksBGP hijacks and leaks
BGP hijacks and leaks
 
redGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solutionredGuardian DP100 large scale DDoS mitigation solution
redGuardian DP100 large scale DDoS mitigation solution
 
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...
Ochrona przed atakami DDoS na platformie x86. Czy można mieć jednocześnie wyd...
 
Spy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platformSpy hard, challenges of 100G deep packet inspection on x86 platform
Spy hard, challenges of 100G deep packet inspection on x86 platform
 
100Mpps czyli jak radzić sobie z atakami DDoS?
100Mpps czyli jak radzić sobie z atakami DDoS?100Mpps czyli jak radzić sobie z atakami DDoS?
100Mpps czyli jak radzić sobie z atakami DDoS?
 
SCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa IT
SCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa ITSCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa IT
SCAP – standaryzacja formatów wymiany danych w zakresie bezpieczeństwa IT
 
Na froncie walki z DDoS
Na froncie walki z DDoSNa froncie walki z DDoS
Na froncie walki z DDoS
 
100 M pps on PC.
100 M pps on PC.100 M pps on PC.
100 M pps on PC.
 
100 M pakietów na sekundę dla każdego.
100 M pakietów na sekundę dla każdego. 100 M pakietów na sekundę dla każdego.
100 M pakietów na sekundę dla każdego.
 

Recently uploaded

7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 

Recently uploaded (20)

7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 

BGP zombie routes

  • 1. Zombie routes Paweł Małachowski, 2020.09.29 @pawmal80
  • 2. Agenda 1. BGP withdrawals and zombie routes 2. Real life cases 3. Detection and debugging 4. Zombie risk mitigation
  • 3. whoami(1)  Atende Software  redGuardian DDoS mitigation  my previous talks: DPDK, DPI/regexp, DUT perftesting, BGP hijacks https://www.slideshare.net/atendesoftware/presentations  Previously  Netia S.A.  ATM S.A.  local hosting and ISP companies, community network  Roles: system engineer, IT operations lead, business analyst @pawmal80
  • 4. BGP withdrawals and zombie routes
  • 5. BGP zombie / ghost route  „an active routing table entry for a prefix that has been withdrawn by its origin network” source: https://labs.ripe.net/Members/romain_fontugne/bgp-zombies (2019) see also: „BGP Zombies: an Analysis of Beacons Stuck Routes” (2019), https://www.iij-ii.co.jp/en/members/romain/pdf/romain_pam2019.pdf  not a new phenomenon  Ghost Route Hunter (2003): https://www.sixxs.net/tools/grh/what/  „An overview of the global IPv6 routing table” (2005): https://meetings.ripe.net/ripe-50/presentations/ripe50-plenary-tue-ipv6-routing.pdf  may take hours/days to „expire”
  • 6. BGP zombie / ghost route  Who cares? It was withdrawn anyway!  Unless we are talking about  partial withdrawal and some ingress traffic goes via different path you may expect / does not converge or even loops  more-specific route and zombie sits in Tier1/Tier2/NSP/IXP infrastructure causing partial or complete outage
  • 7. More-specific prefix usage examples  Traffic engineering  Announce 10.0.0.0/23 into global table  Announce 10.0.0.0/24 to some IXP peers to override their local prefs  Customer delegation  ISP1 announces 10.0.0.0/16 PA block  ISP1 delegates 10.1.2.0/24 to customer  Customer runs own BGP, announces 10.1.2.0/24 via ISP1, ISP2 and IXP
  • 9. 2016 (TPNET-OTI loop)  Orange PL (5617) – Opentransit (5511)  Zombie AS path: 5511 1299 24724 57811 201029 x  Looking glass:  TPNET sees (zombie) more specific via OTI  OTI has less specific via TPNET  I gave up after 20 minute outage and reannounced more specific to save „x”  Withdrawn later with no issues
  • 10. 2016 (Interoute/AS8928 hijack) 1. Warsaw: PLIX, THINX, NASK 2. Interoute: Prague, Paris, Madrid 3. NTT Madrid 4. Telia: Madrid, Hamburg 5. Warsaw: TPNET 6. Customer
  • 11. 2016 (Interoute/AS8928 hijack) • zombie /24 route via NTT at former Interoute/Madrid hijacked significant part of ingress traffic • luckily, no loop; trace reaches customer in Warsaw • many hours, finally „fixed” by announce/withdraw flaps
  • 12. 2018 (Telia loop) Massive outage after „1299 3356 …” path withdrawal
  • 14. 2018 (Telia loop) • 1299 announces zombie route • hijacks and loops large portion of ingress traffic • we reproduced this problem with another, non-production prefix • ~two days of disaster! • „Routeprocessor Switchover in one of our backbone router in Chicago solved the issue”
  • 15. 2020 (TATA-Level3 loop) Router: gin-n0v-tcore1 Site: US, New York, N0V Command: traceroute inet4 x as-number-lookup traceroute to x (x), 30 hops max, 52 byte packets 1 if-ae-7-5.tcore1.nto-newyork.as6453.net (63.243.128.141) 2.990 ms 1.545 ms 1.369 ms MPLS Label=415563 CoS=0 TTL=1 S=1 2 if-ae-9-2.tcore1.n75-newyork.as6453.net (63.243.128.122) 1.653 ms 1.704 ms 1.439 ms 3 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 3.038 ms 1.118 ms 3.086 ms 4 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 82.672 ms 81.989 ms 82.221 ms 5 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 82.072 ms 81.949 ms 81.731 ms 6 if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 87.154 ms if-ae-59-2.tcore2.fnm- frankfurt.as6453.net (195.219.87.194) 87.064 ms 87.038 ms MPLS Label=486720 CoS=0 TTL=1 S=1 7 if-ae-30-2.tcore1.pvu-paris.as6453.net (80.231.153.89) 86.645 ms if-ae-9-3.tcore1.pvu- paris.as6453.net (195.219.87.14) 87.036 ms if-ae-9-2.tcore1.pvu-paris.as6453.net (195.219.87.10) 87.412 ms MPLS Label=345609 CoS=0 TTL=1 S=1 8 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 87.357 ms 87.522 ms 86.774 ms MPLS Label=525823 CoS=0 TTL=1 S=1 9 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 87.089 ms 86.984 ms 87.120 ms MPLS Label=558832 CoS=0 TTL=1 S=1 10 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 86.711 ms 86.872 ms 87.689 ms MPLS Label=300093 CoS=0 TTL=1 S=1 11 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 86.838 ms 86.749 ms 86.667 ms 12 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 87.039 ms 86.777 ms 108.465 ms 13 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 167.903 ms 167.436 ms 167.919 ms 14 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 167.316 ms 167.016 ms 167.156 ms 15 if-ae-4-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 172.082 ms 172.347 ms if-ae-59- 2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 172.688 ms MPLS Label=486720 CoS=0 TTL=1 S=1 16 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 172.403 ms if-ae-9-2.tcore1.pvu- paris.as6453.net (195.219.87.10) 177.623 ms 172.588 ms MPLS Label=345609 CoS=0 TTL=1 S=1 17 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 173.956 ms 176.402 ms 172.581 ms MPLS Label=525823 CoS=0 TTL=1 S=1 18 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 172.784 ms 172.592 ms 172.921 ms MPLS Label=558832 CoS=0 TTL=1 S=1 19 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 172.660 ms 172.503 ms 172.937 ms MPLS Label=300093 CoS=0 TTL=1 S=1 20 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 172.258 ms 172.540 ms 171.995 ms 21 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 183.732 ms 171.950 ms 172.068 ms 22 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 252.748 ms 252.855 ms 252.719 ms 23 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 253.215 ms 253.049 ms 252.474 ms 24 if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 258.598 ms if-ae-4- 2.tcore2.fnm-frankfurt.as6453.net (195.219.87.17) 258.467 ms 257.584 ms MPLS Label=486720 CoS=0 TTL=1 S=1 25 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 257.906 ms 257.857 ms if-ae-9- 2.tcore1.pvu-paris.as6453.net (195.219.87.10) 258.308 ms MPLS Label=345609 CoS=0 TTL=1 S=1 26 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 257.546 ms 257.812 ms 268.691 ms MPLS Label=525823 CoS=0 TTL=1 S=1 27 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 261.149 ms 257.873 ms 258.124 ms MPLS Label=558832 CoS=0 TTL=1 S=1 28 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 257.746 ms 257.491 ms 258.035 ms MPLS Label=300093 CoS=0 TTL=1 S=1 29 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 257.737 ms 258.226 ms 257.614 ms 30 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 257.587 ms 259.322 ms 258.347 ms
  • 16. 2020 (TATA-Level3 loop) … 20 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 172.258 ms 172.540 ms 171.995 ms 21 ae-7.edge2.NewYorkCity6.Level3.net (4.68.39.49) [AS 3356] 183.732 ms 171.950 ms 172.068 ms 22 ae-1-3103.ear3.Frankfurt1.Level3.net (4.69.163.86) [AS 3356] 252.748 ms 252.855 ms 252.719 ms 23 ix-ae-18-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.49) 253.215 ms 253.049 ms 252.474 ms 24 if-ae-59-2.tcore2.fnm-frankfurt.as6453.net (195.219.87.194) 258.598 ms if-ae-4-2.tcore2.fnm- frankfurt.as6453.net (195.219.87.17) 258.467 ms 257.584 ms MPLS Label=486720 CoS=0 TTL=1 S=1 25 if-ae-9-3.tcore1.pvu-paris.as6453.net (195.219.87.14) 257.906 ms 257.857 ms if-ae-9-2.tcore1.pvu- paris.as6453.net (195.219.87.10) 258.308 ms MPLS Label=345609 CoS=0 TTL=1 S=1 26 if-ae-11-2.tcore1.pye-paris.as6453.net (80.231.153.50) 257.546 ms 257.812 ms 268.691 ms MPLS Label=525823 CoS=0 TTL=1 S=1 27 if-ae-3-2.tcore1.l78-london.as6453.net (80.231.154.143) 261.149 ms 257.873 ms 258.124 ms MPLS Label=558832 CoS=0 TTL=1 S=1 28 if-ae-66-2.tcore2.nto-newyork.as6453.net (80.231.130.106) 257.746 ms 257.491 ms 258.035 ms MPLS Label=300093 CoS=0 TTL=1 S=1 29 if-ae-12-2.tcore1.n75-newyork.as6453.net (66.110.96.5) 257.737 ms 258.226 ms 257.614 ms …
  • 17. 2020 (TATA-Level3 loop) 1. TATA/US „sees” more specific via Level3/US 2. Level3/US does not have this zombie route and uses „cold potato” routing to reach Level3/Frankfurt 3. Level3 passes packets to TATA in Frankfurt (less specific route, destination is TATAs customer in Poland) 4. once passed to TATA, „zombie more specific via Level3” kicks in – traffic goes to Tata/US where it is passed to Level3/US once again…
  • 18. 2020 (Level3 loop and zombie resurrection) • First outage directly after withdrawal • Finally BGP converges • However, few hours later zombie route resurrects in AS3356 core and causes another 1h outage
  • 19. 2020 (Level3 loop and zombie resurrection)
  • 20. 2020 Aug (well known Centurylink/Level3-related outage) NANOG mailing list threads:  „Centurylink having a bad morning?”  „[outages] Major Level3 (CenturyLink) Issues” https://mailman.nanog.org/pipermail/nanog/2020-August/thread.html https://mailman.nanog.org/pipermail/nanog/2020-September/thread.html https://puck.nether.net/pipermail/outages/2020-August/013204.html
  • 21. 2020 Aug (well known Centurylink/Level3-related outage) Analysis:  https://blog.thousandeyes.com/centurylink-level-3-outage-analysis/ „Level 3 continues to advertise stale routes despite services withdrawing routes”  https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/  https://radar.qrator.net/blog/another-centurylink-bgp-incident
  • 23. Detection & debugging  Complete outage  should be easy to spot  Partial outage, suboptimal routing  traces from the outer world  BGP tables: Tier1s, NSP, ISP, IXP, HE.net, Qrator Radar and NLNOG Ring looking glasses / route servers  BGP updates log
  • 24. Toolbox: traces  http://ping.pe/  simple and quick  https://mtr.sh/  fancy  https://www.globaltraceroute.com/  RIPE Atlas probes  wide range of locations, very slow
  • 27. Toolbox: looking glasses  http://lg.ring.nlnog.net/  https://lg.he.net/  https://radar.qrator.net/  https://www.pch.net/tools/looking_glass/
  • 29. BGP maps: HE vs. Qrator Radar
  • 30. Toolbox: BGP updates  PCH  https://www.pch.net/resources/Routing_Data/IPv4_daily_snapshots/  https://www.pch.net/resources/Raw_Routing_Data/  RIPE  https://stat.ripe.net/  https://stat.ripe.net/special/bgplay (history)  https://ris-live.ripe.net/ (live BGP stream)  https://www.ripe.net/analyse/internet-measurements/routing- information-service-ris/ris-raw-data
  • 34. Zombie risk mitigation  Fix all Tier1 routers   Gradual more specific withdrawal  stage 1: withdraw from distant locations and transits  stage 2: withdraw from local/national peerings  Selective more specific announcements  by continent/peer  no transit, just peerings  gratis: faster convergence!
  • 35. Selective announcements / traffic steering  Use the communities, Luke!  Features  excellent customer BGP communities (NTT, Telia, GTT, DE-CIX)  good enough  ~nothing (HE)  secret  Transition  transparent  partial clear/override  full clear  overlap risk! (EC/LC still not widely adopted)
  • 36. Example: add GTT leak to the mix (via RETN) Note: covers all RETN, Telia, GTT and TATA customers (not visible here)
  • 37. Example: leak to Telia (via Level3) Note: leaks to all Level3 customers (incl. RETN) and Telia customers
  • 38. Per customer announcement tailoring (BIRD filter syntax) case bgp_path.last { # ASx Customer Foo (uses: Level3, Telia) x: if pop = "PLIX" then bgp_community.add(level3_yes_telia); if pop = "THINX" then bgp_community.add(retn_yes_telia); if pop = "LINX" then {…} # ASy Customer Bar (uses: GTT, Cogent) y: if pop = "PLIX" then bgp_community.add(level3_yes_cogent); if pop = "THINX" then bgp_community.add(retn_yes_gtt); if pop = "LINX" then {…} # ASz Customer Baz... } docs: https://bird.network.cz/?get_doc&v=20&f=bird-5.html#ss5.4
  • 39. Summary  Still not well understood  BGP update queueing, races/reordering, losses?  BGP optimizers/stabilizers, broken damping?  In $vendors we trust  Avoid more-specifics in global table  Monitor your reachability/visibility