A Measurement Study of BGP Blackhole Routing Performance

Stamatelatos, Nikolaos

A Measurement Study of BGP Blackhole Routing Performance

Active / Technical Report | Accession Number: ADA457366 |

Open PDF

Abstract:

BGP Blackhole routing is a mechanism used to protect networks from DDoS attacks. During the last several years, a number of variations of BGP Blackhole routing have been proposed. However, even though these methods have been used by many organizations and ISPs for some years, the academic community has provided only a limited evaluation of BGP Blackhole routing, using mainly network simulations. The objective of this research was to evaluate the basic methods of BGP Blackhole routing in a real test-bed network in various environments. By using the response time, the CPU load, and the link load as performance metrics, we first evaluated the performance of those methods in networks where the routers CPU load was the limiting factor. Then we examined the effect of the high link load and the effect of routers preconfiguration on the BGP Blackhole routings performance. The results showed that the BGP Blackhole routing may not be effective under stressful situations, that is, a high link load, because its dependence on TCP and the underlying routing protocols. Of the three basic Blackhole routing methods, the best method is the destination-based, followed closely by the source-based. The third method, customer-triggered Blackhole routing, in all cases had very degraded performance.

Author(s):

Stamatelatos, Nikolaos

Author Organization(s):

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Descriptive Note:

Master's thesis

Supplementary Note:

The original document contains color images.

Pagination:

0111

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release; Distribution Is Unlimited. This Document Is Not Available From Dtic In Microfiche.

RECORD

Collection: TR

Identifying Numbers

Monitor Series:

NPS

Subject Terms

Joint Capability Areas:

JCA_6.1.3_Switching and Routing; JCA_6_Net Centric; JCA_6.1_Information Transport; JCA_7_Protection; JCA_5_Command and Control; JCA_7.1_Prevent; JCA_5.3_Planning; JCA_7.2.1_Mitigate Lethal Effects; JCA_7.2_Mitigate; JCA_7.1.1_Prevent Kinetic Attack; JCA_6.4.1_Secure Information Exchange; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.4.5_Intuit

Communities of Interest:

No COI(s) Identified

Descriptor(s):

*ROUTING, *COMPUTER NETWORKS, TEST AND EVALUATION, SIMULATION, MEASUREMENT, INTERNET, INFORMATION SECURITY, BLACK HOLES, TEST BEDS, SCHOOLS, REACTION TIME, LIMITATIONS

Field(s)/Group(s):

Computer Programming and Software, Computer Systems

Keyword(s):

*BLACKHOLE ROUTING

Report Date:

2006 Sep 01

Creation Date:

2006 Dec 06