BGP Info Over DNS (2023)

By Tony Tauber, Comcast; Charlie Helfinstine, Comcast; Mark Feldman, Comcast

Quickly knowing what is happening across one’s network is a crucial, if challenging, task for the scale of any given modern network, particularly large service provider networks. Getting the BGP (Border Gateway Protocol) routing information about how a given node would reach a particular destination and comparing it against the same query gathered from various other vantage points can be transformational. Logging into routers one at a time to execute the specific command for the given vendor and operating system is tedious, error-prone, and needs to be automated to reduce friction. Also, some groups can benefit from this information without needing general access to the devices. Generally, such access is, understandably, under tight control. Our novel scheme exposes BGP routing information via DNS (Domain Name System) queries, which can be structured to query the information for a given router node or location. Network Operations staff can thus quickly gather details from around the network and synthesize it for the matter at hand. If a specific route or set of routes is of interest, one could retrieve that information regularly as a form of monitoring. The data sources inside a given operators network (BGP-speaking routers, Geolocation data stores, etc.) can push data to the DNS server(s) unidirectionally, meaning they are not subject to risk of compromise by outside users. Furthermore, the delegated structure of the DNS namespace allows each network operator to tune the visibility of information according to their needs. Existing techniques for optimizing performance of DNS or other similar services (e.g., load-sharing, horizontal scaling) can be brought to bear. Our paper and presentation will elaborate on this approach and explain the extensible nature of the technique. This technique of information sharing within and among Internet operators will make troubleshooting and problem resolution quicker and more accessible while maintaining infrastructure security and reliability.

By clicking the "Download Paper" button, you are agreeing to our terms and conditions.

Similar Papers

Encrypted DNS From Pilot To Production
By Joe Crowe, Janardhan Bollineni, Charlie Helfinstine, Thomas Modayil Jacob; Comcast
Photon Avatars in the Comcast Cosmos: An End-to-End View of Comcast Core, Metro and Access Networks
By Venk Mutalik, Steve Ruppa, Fred Bartholf, Bob Gaydos, Steve Surdam, Amarildo Vieira, Dan Rice; Comcast
Comcast Underground: Innovative Fiber Deployments Over Existing Underground Critical Infrastructure
By Venk Mutalik, Pat Wike, Doug Combs, Alan Gardiner, Dan Rice; Comcast
DNS Cowboys, On the Edge of a New Frontier
By Charlie Helfinstine, Comcast; De Fu Li, Comcast; Eric Stonfer, Comcast; Joe Crowe, Comcast
Improve Routing Security by validating BGP (Border Gateway Protocol) with RPKI (Resource Public Key Infrastructure)
By Tony Tauber, Courtney Smith; Comcast
Two Years Of Deploying ITV/EBIF Applications – Comcast’s Lessons Learned
By Robert Dandrea, Ph.D., Comcast Cable
Key Learnings from Comcast’s Use of Open Source Software in the Access Network
By Louis Donofrio & Qin Zang, Comcast Cable; Vignesh Ramamurthy, Infosys Consulting
DNS Encryption: Exposure or Opportunity?
By Mark Dokter & Bruce Van Nice, Akamai
Approaches for IPv4 as a Service
By Brian Field Ph.D., Comcast
The Future of Cable Television Audio is Accessible
By Mark Francisco, Comcast Cable
More Results >>