|
BGP communities are a popular mechanism used by network operators for traffic
engineering, blackholing, and to realize network policies and business
strategies. In recent years, many research works have contributed to our
understanding of how BGP communities are utilized, as well as how they can
reveal secondary insights into real-world events such as outages and security
attacks. However, one fundamental question remains unanswered: ``Which ASes tag
announcements with BGP communities and which remove communities in the
announcements they receive?'' A grounded understanding of where BGP communities
are added or removed can help better model and predict BGP-based actions in the
Internet and characterize the strategies of network operators.
In this paper we develop, validate, and share data from the first algorithm that can infer BGP community tagging and cleaning behavior at the AS-level. The algorithm is entirely passive and uses BGP update messages and snapshots, e.g. from public route collectors, as input. First, we quantify the correctness and accuracy of the algorithm in controlled experiments with simulated topologies. To validate in the wild, we announce prefixes with communities and confirm that more than 90% of the ASes that we classify behave as our algorithm predicts. Finally, we apply the algorithm to data from four sets of BGP collectors: RIPE, RouteViews, Isolario, and PCH. Tuned conservatively, our algorithm ascribes community tagging and cleaning behaviors to more than 13k ASes, the majority of which are large networks and providers. We make our algorithm and inferences available as a public resource to the BGP research community. |