Submission Deadline:

The goals of this assignment are to:

  1. Develop a detector to identify anomalous BGP announcements
  2. Use your detector to characterize a global routing incident

Incident Details

For this assignment, you will be analyzing evidence of a global routing incident involving DV-LINK-AS that occurred in November 2017. In this incident, DV-LINK-AS (AS39523) suddenly announced routes to a number of US networks. These announcements were regarded as suspicious due to characteristics that suggested an attempt to intentionally perform global “traffic engineering.”

Using the archived set of BGP UPDATE messages available in Canvas as dv-link-as.tar.zstd, develop a tool that detects the DV-LINK-AS incident. You may use third-party libraries that parse MRT archives such as mrtparse to do so.

Use your tool to answer the following questions.

  1. What network prefixes did DV-LINK-AS announce?
  2. Who owns the hijacked network prefixes?
  3. What autonomous systems would hijacked traffic have traversed?
  4. Who owns each of the autonomous systems in the advertised network path?

Submission Instructions

Package your report and tool as a gzipped TAR archive. The root directory must be named 03-bgp, your report should be in, and the source code to your solution should be contained in src/. Your Containerfile should produce an image that runs your solution on a list of bzip2-compressed MRT archive files.

Your submission should have the following directory structure.

$ tree -F 03-bgp
├── Containerfile
└── src/

Submit the solution archive to Canvas.