# Cristel Pelsser — Academic Portfolio Source: https://cristel.pelsser.eu/ Generated: 2026-05-14 ## Bio Cristel Pelsser holds a chair in critical embedded systems at UCLouvain. From 2015 to 2022 she was a full professor at the University of Strasbourg (France) where she led a team of researchers focusing on core Internet technologies. She spent nine years as a researcher working for ISPs in Japan. Her aim is to facilitate network operations, to avoid network disruptions and, when they occur, pinpoint the failures precisely in order to quickly fix the issues, understand them in order to design solutions to prevent recurrence. Her research spans multiple areas including BGP security and routing protocols, Internet measurement infrastructure, machine learning for network anomaly detection, and critical embedded systems for IoT applications. She actively contributes to developing next-generation tools for Internet monitoring, including advanced BGP data collection platforms and systems for detecting routing attacks. Cristel received the PhD degree from the Université catholique de Louvain (UCLouvain), Belgium. ## Contact & identifiers - Affiliation: UCLouvain — EPL / ICTEAM / INGI - Institution URL: https://www.uclouvain.be/ - Department URL: https://uclouvain.be/en/research-institutes/icteam/ingi - Public email: cristel.pelsser@uclouvain.be (institutional, intentionally public) - ORCID: https://orcid.org/0000-0001-5334-6361 - Google Scholar: https://scholar.google.com/citations?user=H8FD7qQAAAAJ - X/Twitter: https://twitter.com/cristel_pelsser - RSS feed: https://cristel.pelsser.eu/rss.xml - Contact form: https://cristel.pelsser.eu/contact ## Career - **Professor** — UCLouvain, Louvain-la-Neuve (2022 - Present) Critical embedded systems, Computer networking - **Professor** — Université de Strasbourg, Strasbourg (2015 - 2022) Led a team of researchers focusing on core Internet technologies - **Senior Researcher** — Internet Initiative Japan, Tokyo (2009 - 2015) Network operations and Internet infrastructure research - **Researcher** — NTT Network Service Systems Laboratories, Tokyo (2007 - 2009) Network systems and protocols research - **Researcher** — UCLouvain, Louvain (2003 - 2006) Interdomain traffic engineering with MPLS, BGP routing, IETF participation - **PhD Student** — UCLouvain, Louvain (2003 - 2006) Thesis: Interdomain traffic engineering with MPLS - **Researcher** — UNamur, Namur (2001 - 2003) Interdomain traffic engineering with MPLS, BGP routing, IETF participation ## Education - **PhD in Computer Science** — UCLouvain (Louvain-la-Neuve, Belgium) (2006) - **MSc in Computer Science** — UNamur (Namur, Belgium) (2001) ## Research interests - BGP security & routing protocols - Internet measurement infrastructure - Machine learning for network security - Critical embedded systems for IoT - Network anomaly detection - Internet operations & reliability ## Publications (129) ### 2025 #### The Forest Behind the Tree: Revealing Hidden Smart Home Communication Patterns - Authors: François De Keersmaeker, Rémi Van Boxem, Cristel Pelsser, Ramin Sadre - Type: Conference Paper - Venue: Proceedings of the 33rd IEEE International Conference on Network Protocols (ICNP '25) - URL: https://cristel.pelsser.eu/publication/keersmaeker-2025 - Keywords: IoT, Smart Home, networks, robustness, security, traffic profiling Abstract: The widespread use of Smart Home devices has attracted significant research interest in understanding their behavior within home networks. Unlike general-purpose computers, these devices exhibit relatively simple and predictable network activity patterns. However, previous studies have primarily focused on normal network conditions, overlooking potential hidden patterns that emerge under challenging conditions. Discovering the latter is crucial for assessing device robustness. This paper addresses this gap by presenting a framework that systematically and automatically reveals these hidden communication patterns. By actively disturbing communication and blocking observed traffic, the framework generates comprehensive profiles structured as behavior trees, uncovering traffic flows that are missed by more shallow methods. This approach was applied to ten real-world devices, identifying 254 unique flows, with over 27% only discovered through this new method. These insights enhance our understanding of device robustness, and the thus obtained profiles provide a more complete description of the network behavior of devices, as needed, for example, for the configuration of security solutions. #### Impact of Road Congestion on Mobile Networks - Authors: Alexandre Vogel, Dena Markudova, Andra Lutu, Cristel Pelsser - Type: poster - Venue: 9th IEEE/IFIP Network Traffic Measurement and Analysis Conference (TMA 2025) - Publisher: IFIP Open Digital Library - URL: https://cristel.pelsser.eu/publication/vogel-2025 - Keywords: Road congestion, Mobile network performance, Cellular networks, Antenna load, Population density, Traffic event analysis, Data volume, Throughput Abstract: With the proliferation of connected vehicles and in-car infotainment, road congestion could concentrate mobile data demand precisely when network-supported services (e.g., traffic alerts, safety systems) are most critical. We study whether congestion events measurably affect mobile network performance. Using hourly antenna-level metrics from a major operator in a European country and published road congestion events from July–August 2024, we filter for non-ubiquitous, sustained congestion (excluding the top 20% most frequent sections, events shorter than 30 minutes, and the lowest-severity incidents), yielding 1,838 events. Each road segment is associated with its three strongest antennas via a 4G signal-strength campaign. Performance during events is compared to a reference period (same hour in adjacent weeks) in terms of antenna activity, data volume (upload/download), and throughput. High-severity congestion correlates with increased antenna activity and data volume; throughput shows slight degradation primarily in low population density areas, while dense areas exhibit higher volumes with minimal throughput impact, suggesting built-in resilience. However, observed differences are modest and often not statistically significant, and stratification by population density reduces sample size, limiting definitive claims. Ongoing data collection is needed to validate these emerging trends as vehicle connectivity intensifies. #### An Analysis of QUIC Connection Migration in the Wild - Authors: Aurélien Buchet, Cristel Pelsser - Type: Journal Article - Venue: SIGCOMM Comput. Commun. Rev. - Pages: 3--9 - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/3727063.3727066 - URL: https://cristel.pelsser.eu/publication/buchet-2025 - Keywords: QUIC, migration, measurements, internet scans, QUIC migration deployment Abstract: As QUIC gains attention, more applications that leverage its capabilities are emerging. These include defenses against on-path IP tracking and traffic analysis. However, the deployment of the underlying required support for connection migration remains largely unexplored. This paper provides a comprehensive examination of the support of the QUIC connection migration mechanism over the Internet. We perform Internet-wide scans revealing that despite a rapid evolution in the deployment of QUIC on web servers, some of the most popular destinations do not support connection migration yet. #### FORS: Fault-adaptive Optimized Routing and Scheduling for DAQ Networks - Authors: Eloise Stein, Quentin Bramas, Flavio Pisani, Tommaso Colombo, Cristel Pelsser - Type: Journal Article - Venue: Computing and Software for Big Science - URL: https://cristel.pelsser.eu/publication/stein-2025 - Keywords: all-to-all, fat-tree networks, integer linear programming, optimal routing, fault-tolerance, data acquisition Abstract: Data acquisition (DAQ) networks, widely used in scientific research and indus- trial applications, are composed of numerous interconnected servers, exchanging substantial data volumes produced by large scientific instruments. One traf- fic matrix generally used in such networks is the all-to-all collective exchange, which demands substantial network resources, making network failures partic- ularly challenging to mitigate. If not mitigated, the effects of network failures severely hamper the performance of the DAQ network, potentially leading to the loss of valuable experimental data. In the context of DAQ networks using a fat-tree topology, we propose FORS: a scheduling and associated routing solution to support the all-to-all collective exchange under network failures. FORS optimizes bandwidth utilization in the face of any failure scenarios, ensuring robust performance compared to the exist- ing approaches. We propose an algorithm to solve the scheduling. For the routing, we design an algorithm for simple failure scenarios, along with a linear program- ming model to address more complex failure scenarios. We validate our proposed solution using a real-world DAQ network as a case study. Results demonstrate significant performance degradation in existing approaches and FORS’ consistent ability to achieve higher throughput across various failure scenarios. #### A Study of Deployed Defenses Against Reflected Amplification Attacks in QUIC - Authors: Aurélien Buchet, Cristel Pelsser - Type: Conference Paper - Venue: Proceedings of the TMA Conference 2025 - URL: https://cristel.pelsser.eu/publication/buchet-2025-a - Keywords: QUIC, Amplification DoS, Connection migration, Path validation Abstract: While the QUIC specification now includes mechanisms to prevent DoS attacks, they might not always be enforced by servers. With the increasing deployment of QUIC servers, it is now becoming more important to avoid vulnerabilities that could be exploited on a large scale. This paper presents an extensive study of the current state of QUIC servers and how they implement the mechanisms to prevent DoS attacks. The paper focuses on two different amplification DoS attacks that can be performed using QUIC HTTP/3 servers, enabled by the handshake and the connection migration mechanism. We investigate how QUIC servers respond to these attacks and if they are compliant with the general guidelines regarding the amplification protection. Our results show that while a large proportion of QUIC servers are respectful of the specification, around 20% of the IPv4 servers tested are still breaking the amplification limit for the handshake attack while most of the IPv6 servers are compliant. Most of the servers who support connection migration use the path validation mechanism, preventing the attack on connection migration. Overall, the amplification factor of the attacks remains quite low with a median slightly lower than the limit of 3, set in the standard, for the handshake attack and under 1 for the migration attack. #### Detecting Traffic Engineering from public BGP data - Authors: Omar Darwich, Cristel Pelsser, Kevin Vermeulen - Type: Conference Paper - Venue: Proceedings of the Passive and Active Measurement Conference (PAM) - URL: https://cristel.pelsser.eu/publication/darwich-2025 - Keywords: Traffic Engineering, Internet Measurements, BGP Instability Abstract: Routing is essential to the Internet functioning. However, more and more functions are added to BGP, the inter-AS routing protocol. In addition to providing connectivity for best effort service, it carries flow specification rules and blackholing signals to react to DDoS, routes for virtual private networks, IGP link-state database information among other uses. One such addition is the tweaking of BGP advertisements to engineer the traffic, to direct it on some preferred paths. In this paper we aim to estimate the impact of Traffic Engineering (TE) on the BGP ecosystem. We develop a method to detect the impact in space, that is, to find which traffic engineering technique impacts which prefix and which AS. We design a methodology to pinpoint TE events to quantify the impact on time. We find that on average, a BGP vantage point sees 35% of the announced prefixes impacted by TE. Quantifying the impact of TE on BGP stability, we find that TE events contribute to 39% of BGP updates and 44% of the BGP convergence time, and that prefixes belonging to hypergiants contribute the most to TE. ### 2024 #### The Multiple Benefits of a Secure Transport for BGP - Authors: Thomas Wirtgen, Nicolas Rybowski, Cristel Pelsser, Olivier Bonaventure - Type: Journal Article - Venue: Proceedings of the ACM on Networking - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/3696406 - URL: https://cristel.pelsser.eu/publication/wirtgen-2024 - Keywords: bgp, certificates, network automation, quic, tls, x.509 certificates Abstract: BGP distributes prefixes advertised by Autonomous Systems (ASes) and computes the best paths between them. It is the only routing protocol used to exchange interdomain routes on the Internet. Since its original definition in the late 1980s, BGP uses TCP. To prevent attacks, BGP has been extended with features such as TCP-MD5, TCP-AO, GTSM and data-plane filters. However, these ad hoc solutions were introduced gradually as the Internet grew. In parallel, TLS was standardized to secure end-to-end data-plane communications. Today, a large proportion of the Internet traffic is secured using TLS. Surprisingly, BGP still does not use TLS despite its adequate security features to establish BGP sessions. In this paper, we make the case for using a secure transport with BGP. This can be achieved with TLS combined with TCP-AO or by replacing TCP by QUIC. This protects the BGP stream using established secure transport protocols. In addition, we show that a secure transport using X.509 certificates enables BGP routers to be securely and automatically configured from these certificates. We extend the open-source BIRD BGP daemon to support TLS with TCP-AO and QUIC, to handle such certificates and demonstrate several use cases that benefit from the secure and automated capabilities enabled by our proposal. #### An Analysis of QUIC Connection Migration in the Wild - Authors: Aurélien Buchet, Cristel Pelsser - Type: Technical Report - Venue: arXiv - URL: https://cristel.pelsser.eu/publication/buchet-2024 Abstract: As QUIC gains attention, more applications that leverage its capabilities are emerging. These include defenses against on-path IP tracking and traffic analysis. However, the deployment of the underlying required support for connection migration remains largely unexplored. This paper provides a comprehensive examination of the support of the QUIC connection migration mechanism over the Internet. We perform Internet-wide scans revealing that despite a rapid evolution in the deployment of QUIC on web servers, some of the most popular destinations do not support connection migration yet. #### Measuring Performance Under Failures in the LHCb Data Acquisition Network - Authors: Eloise Stein, Flavio Pisani, Tommaso Colombo, Cristel Pelsser - Type: Journal Article - Venue: IEEE Transactions on Nuclear Science - Pages: 1--1 - DOI: https://doi.org/10.1109/TNS.2024.3451177 - URL: https://cristel.pelsser.eu/publication/stein-2024-a - Keywords: Servers, Data acquisition, Large Hadron Collider, Bandwidth, Throughput, Sensors, Computers, data acquisition, event building, failure analysis, network fault tolerance, networks Abstract: For the Large Hadron Collider beauty (LHCb) experiment, achieving high throughput in the data acquisition (DAQ) network is crucial for supporting scientific applications. However, failures within DAQ networks can lead to significant performance degradation. In this study, we investigate the frequency, duration, and causes of failures in the LHCb DAQ network over a two-month period to illustrate how common these events are. This insight is essential for developing strategies to optimize performance during data taking periods. We further study the performance degradation upon failure. We explore the performance for two potential approaches to high-performance event building on the DAQ network: synchronized and non-synchronized designs. We use live experiments to demonstrate that a synchronized design, which carefully schedules network communications to avoid congestion, can achieve significantly better performance when the network is used at full capacity. However, this approach comes at the expense of reduced fault tolerance compared to the non-synchronized approach. This study highlights that it is essential for the network to handle failures more efficiently to sustainably maintain high data rates. #### The Next Generation of BGP Data Collection Platforms - Authors: Thomas Alfroy, Thomas Holterbach, Thomas Krenc, K. C. Claffy, Cristel Pelsser - Type: Conference Paper - Venue: Proceedings of the ACM SIGCOMM 2024 Conference - Pages: 794--812 - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/3651890.3672251 - URL: https://cristel.pelsser.eu/publication/alfroy-2024-a - Keywords: internet measurement, BGP, routing security Abstract: BGP data collection platforms as currently architected face fundamental challenges that threaten their long-term sustainability. Inspired by recent work, we analyze, prototype, and evaluate a new optimization paradigm for BGP collection. Our system scales data collection with two components: analyzing redundancy between BGP updates and using it to optimize sampling of the incoming streams of BGP data. An appropriate definition of redundancy across updates depends on the analysis objective. Our contributions include: a survey, measurements, and simulations to demonstrate the limitations of current systems; a general framework and algorithms to assess and remove redundancy in BGP observations; and quantitative analysis of the benefit of our approach in terms of accuracy and coverage for several canonical BGP routing analyses such as hijack detection and topology mapping. Finally, we implement and deploy a new BGP peering collection system that automates peering expansion using our redundancy analytics, which provides a path forward for more thorough evaluation of this approach. #### Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach - Authors: De Keersmaeker, François, Ramin Sadre, Cristel Pelsser - Type: Conference Paper - Venue: Proceedings of the 2024 IFIP Networking Conference - URL: https://cristel.pelsser.eu/publication/dekeersmaeker-2024 - Keywords: IoT, smart home, security, firewall, device profiling, home automation Abstract: Despite their ubiquity, the security of Internet of Things devices is unsatisfactory, as demonstrated by several attacks. The IETF’s MUD standard aims to simplify and automate the secure deployment of network devices. A MUD file specifies a device-specific description of allowed network activities (e.g., allowed IP ports or host addresses) and can be used to configure for example a firewall. A major weakness of MUD is that it is not expressive enough to describe device interactions, which often occur between devices in modern Smart Home platforms. In this article, we present a new language for describing such traffic patterns. The language allows writing device profiles that are more expressive than MUD files and can describe complex traffic patterns. We show how these profiles can be translated to efficient code for a lightweight firewall. We evaluate our approach on traffic generated by various Smart Home devices, and show that our system can accurately block unwanted traffic while inducing negligible latency. #### Une exploration de méthodes exactes pour une détection et un diagnostic efficaces des défaillances des réseaux - Authors: Alice Burlats, Cristel Pelsser, Pierre Schaus - Type: Conference Paper - Venue: Proceedings of the Journées Francophones de Programmation par Contraintes JFPC - URL: https://cristel.pelsser.eu/publication/burlats-2024-a Abstract: Cet article est un résumé d'un article accepté à la conférence CPAIOR 2024. Dans les réseaux informatiques, une récupération rapide des défaillances nécessite une détection et un diagnostic rapides. À l'aide de protocoles tels que Bidirectional Forwarding Detection (BFD), il est possible de sonder l'état d'une route. Ces protocoles sont exécutés sur des nœuds spécifiques désignés comme des moniteurs réseaux. Les moniteurs sont responsables de vérifier constamment la viabilité des chemins de communication. Il est crucial de choisir soigneusement les moniteurs, car la surveillance entraîne des coûts, nécessitant un équilibre entre le nombre de moniteurs et la qualité de la surveillance. Dans ce contexte, nous explorons deux défis de surveillance issus du domaine de la tomographie booléenne des réseaux : la couverture, qui consiste à détecter les défaillances, et la 1-identifiabilité, qui nécessite également d'identifier le lien ou le nœud défaillant. Nous essayons trois approches exactes pour résoudre ce problème : un modèle de programmation linéaire en nombre entier (ILP), un modèle de programmation par contrainte (CP) et un modèle de satisfaisabilité maximale (MaxSAT). En utilisant 625 topologies de réseaux réels, nous illustrons que l'utilisation de ces méthodes exactes peut réduire le nombre de moniteurs nécessaires par rapport à l'algorithme glouton de l'état-de-l'art. #### An Exploration of Exact Methods for Effective Network Failure Detection and Diagnosis - Authors: Auguste Burlats, Pierre Schaus, Cristel Pelsser - Type: Conference Paper - Venue: Integration of Constraint Programming, Artificial Intelligence, and Operations Research - Pages: 153--169 - Publisher: Springer Nature Switzerland - URL: https://cristel.pelsser.eu/publication/burlats-2024 Abstract: In computer networks, swift recovery from failures requires prompt detection and diagnosis. Protocols such as Bidirectional Forwarding Detection (BFD) exists to probe the liveliness of a path and endpoint. These protocols are run on specific nodes that are designated as network monitors. Monitors are responsible for continuously verifying the viability of communication paths. It is important to carefully select monitors as monitoring incurs a cost, necessitating finding a balance between the number of monitor nodes and the monitoring quality. Here, we examine two monitoring challenges from the Boolean network tomography research field: coverage, which involves detecting failures, and 1-identifiability, which additionally requires identifying the failing link or node. We show that minimizing the number of monitors while meeting these requirements constitutes NP-complete problems. We present integer linear programming (ILP), constraint programming (CP) and Maximum Satisfiability (MaxSAT) formulations for these problems and compare their performance. Using 625 network topologies, we demonstrate that employing such exact methods can reduce the number of monitors needed compared to the existing state-of-the-art greedy algorithm. #### Measuring Internet Routing from the Most Valuable Points - Authors: Thomas Alfroy, Thomas Holterbach, Thomas Krenc, KC Claffy, Cristel Pelsser - Type: Technical Report - URL: https://cristel.pelsser.eu/publication/alfroy-2024 Abstract: While the increasing number of Vantage Points (VPs) in RIPE RIS and RouteViews improves our understanding of the Internet, the quadratically increasing volume of collected data poses a challenge to the scientific and operational use of the data. The design and implementation of BGP and BGP data collection systems lead to data archives with enormous redundancy, as there is substantial overlap in announced routes across many different VPs. Researchers thus often resort to arbitrary sampling of the data, which we demonstrate comes at a cost to the accuracy and coverage of previous works. The continued growth of the Internet, and of these collection systems, exacerbates this cost. The community needs a better approach to managing and using these data archives. We propose MVP, a system that scores VPs according to their level of redundancy with other VPs, allowing more informed sampling of these data archives. Our challenge is that the degree of redundancy between two updates depends on how we define redundancy, which in turn depends on the analysis objective. Our key contribution is a general framework and associated algorithms to assess redundancy between VP observations. We quantify the benefit of our approach for four canonical BGP routing analyses: AS relationship inference, AS rank computation, hijack detection, and routing detour detection. MVP improves the coverage or accuracy (or both) of all these analyses while processing the same volume of data. #### Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach - Authors: De Keersmaeker, François, Ramin Sadre, Cristel Pelsser - Type: poster - Venue: Network Traffic Measurement and Analysis Conference 2024 TMA - DOI: https://doi.org/10.13140/RG.2.2.13935.85921 - URL: https://cristel.pelsser.eu/publication/dekeersmaeker-2024-a - Keywords: IoT, smart home, security, firewall, device profiling, home automation Abstract: Despite their ubiquity, the security of Internet of Things devices is unsatisfactory, as demonstrated by several attacks. The IETF’s MUD standard aims to simplify and automate the secure deployment of network devices. A MUD file specifies a device-specific description of allowed network activities (e.g., allowed IP ports or host addresses) and can be used to configure for example a firewall. A major weakness of MUD is that it is not expressive enough to describe device interactions, which often occur between devices in modern Smart Home platforms. In this article, we present a new language for describing such traffic patterns. The language allows writing device profiles that are more expressive than MUD files and can describe complex traffic patterns. We show how these profiles can be translated to efficient code for a lightweight firewall. We evaluate our approach on traffic generated by various Smart Home devices, and show that our system can accurately block unwanted traffic while inducing negligible latency. #### Measuring Performance Under Failures in the LHCb Data Acquisition Network - Authors: Eloise Noelle Stein, Cristel Pelsser, Flavio Pisani, Tommaso Colombo - Type: poster - Venue: 24th IEEE Real Time Conference - ICISE - URL: https://cristel.pelsser.eu/publication/stein-2024 - Keywords: Data Acquisition, Network Failures, Performance Measurement, LHCb Abstract: In this paper, we study two possible approaches to high-performance event building on the data acquisition (DAQ) system of the LHCb experiment. We show, using live experiments, that a synchronized design, that carefully schedules network communications to avoid network congestion, can obtain significantly better performance than a looser approach. However, this comes at the price of fault tolerance: we study the performance degradation of the DAQ system in the presence of various link failures, showing that, in these scenarios, the synchronized approach is not optimal. Finally, we derive some design recommendations to make synchronized designs cope with network failures. #### An Exploration of Exact Methods for Effective Network Failure Detection and Diagnosis - Authors: Alice Burlats, Cristel Pelsser, Pierre Schaus - Type: Conference Paper - Venue: Proceedings of the 38th Annual Conference of the Belgian Operational Research Society ORBEL - URL: https://cristel.pelsser.eu/publication/burlats-2024-b - Keywords: Boolean tomography, Network supervision Abstract: In computer networks, rapid recovery from failures requires fast detection and diagnosis. Using protocols such as Bidirectional Forwarding Detection (BFD), it is possible to probe the state of a route. These protocols are executed on specific nodes designated as network monitors. Monitors are responsible for continuously checking the viability of communication paths. It is crucial to carefully select the monitors, as monitoring incurs costs, requiring a balance between the number of monitors and the quality of the supervision. In this context, we explore two supervision challenges from the field of Boolean network tomography: coverage, which involves detecting failures, and 1-identifiability, which also requires identifying the failing link or node. We examine three exact approaches to solve this problem: an Integer Linear Programming (ILP) model, a Constraint Programming (CP) model, and a Maximum Satisfiability (MaxSAT) model. Using 625 real network topologies, we demonstrate that employing these exact methods can reduce the number of monitors needed compared to the state-of-the-art greedy algorithm. #### A System to Detect Forged-Origin Hijacks - Authors: Thomas Holterbach, Thomas Alfroy, Amreesh Phokeer, Alberto Dainotti, Cristel Pelsser - Type: Conference Paper - Venue: 21th USENIX Symposium on Networked Systems Design and Implementation (NSDI 24) - Publisher: USENIX Association - URL: https://cristel.pelsser.eu/publication/holterbach-2024 Abstract: Despite global efforts to secure Internet routing, attackers still successfully exploit the lack of strong BGP security mechanisms. This paper focuses on an attack vector that is frequently used: Forged-origin hijacks, a type of BGP hijack where the attacker manipulates the AS path to make it immune to RPKI-ROV filters and appear as legitimate routing updates from a BGP monitoring standpoint. Our contribution is DFOH, a system that quickly and consistently detects forgedorigin hijacks in the whole Internet. Detecting forged-origin hijacks boils down to inferring whether the AS path in a BGP route is legitimate or has been manipulated. We demonstrate that current state-of-art approaches to detect BGP anomalies are insufficient to deal with forged-origin hijacks. We identify the key properties that make the inference of forged AS paths challenging, and design DFOH to be robust against real-world factors (e.g., data biases). Our inference pipeline includes two key ingredients: (i) a set of strategically selected features, and (ii) a training scheme adapted to topological biases. DFOH detects 90.9% of the forged-origin hijacks within only ≈5min. In addition, it only reports ≈17.5 suspicious cases every day for the whole Internet, a small number that allows operators to investigate the reported cases and take countermeasures. #### oFIQUIC: Leveraging QUIC in OSPF for seamless network topology changes - Authors: Nicolas Rybowski, Cristel Pelsser, Olivier Bonaventure - Type: Conference Paper - Venue: IFIP Networking Conference - URL: https://cristel.pelsser.eu/publication/rybowski-2024 - Keywords: OSPF, IS-IS, routing protocols Abstract: Link state-routing protocols such as OSPF and ISIS are used in most if not all Internet Service Provider and enterprise networks. They both rely on flooding to distribute the network topology to all routers. Upon topology changes, all routers update their forwarding tables asynchronously which leads to transient events such as micro-loops and packet losses. We propose two improvements to OSPF in an extension called oFIQUIC. First, we use QUIC to exchange routing information between neighboring routers. Second, we revisit the OSPF flooding process. Instead of relying entirely on flooding to distribute topology changes, we establish secure remote QUIC sessions with distant OSPF routers to inform them of topology changes. This enables oFIQUIC to prevent transient loops by ordering the updates of the forwarding tables of all routers after a topology change. We add oFIQUIC to the BIRD implementation of OSPF. Our evaluation demonstrates that oFIQUIC prevents loops and converges quickly in different topologies. ### 2023 #### Internet Science Moonshot: Expanding BGP Data Horizons - Authors: Thomas Alfroy, Thomas Holterbach, Thomas Krenc, KC Claffy, Cristel Pelsser - Type: Conference Paper - Venue: Proceedings of the 22nd ACM Workshop on Hot Topics in Networks HotNets - Pages: 102--108 - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/3626111.3628202 - URL: https://cristel.pelsser.eu/publication/alfroy-2023 - Keywords: BGP, Routing Security, Internet measurement Abstract: Dramatic growth in Internet connectivity poses a challenge for the resource-constrained data collection efforts that support scientific and operational analysis of interdomain routing. Inspired by tradeoffs made in other disciplines, we explore a fundamental reconceptualization to how we design public BGP data collection architectures: an overshoot-and-discard approach that can accommodate an order of magnitude increase in vantage points by discarding redundant data shortly after its collection. As defining redundant depends on the context, we design algorithms that filter redundant updates without optimizing for one objective, and evaluate our approach in terms of detecting two noteworthy phenomena using BGP data: AS-topology mapping and hijacks. Our approach can generalize to other types of Internet data (e.g., traceroute, traffic). We offer this study as a first step to a potentially new area of Internet measurement research. #### Fault-adaptive Scheduling for Data Acquisition Networks - Authors: Eloise Noelle Stein, Cristel Pelsser, Quentin Bramas, Tommaso Colombo - Type: Conference Paper - Venue: The 48th IEEE Conference on Local Computer Networks (LCN) - Publisher: IEEE - URL: https://cristel.pelsser.eu/publication/stein-2023 - Keywords: all-to-all, fat-tree networks, integer linear programming Abstract: Supporting such an all-to-all traffic matrix is chal- lenging as it can easily lead to congestion. Scheduling pat- terns are designed to avoid such congestion by spreading the communications over time. The time is divided in phases and communications are spread across the phases. However, current scheduling algorithms are not fault-tolerant. In this paper we propose a fault-adaptive congestion-free scheduling to support an all-to-all exchange in fat tree topology. Our approach consist in the computation of the minimum number of communication phases required to support the all-to-all exchange with the available links, and of the scheduling of the communications on these phases. It enables to recover from failures and makes optimal use of the remaining bandwidth. We show that our scheduling approach provides better performance than the most common approach which is the Linear-shift scheduling. The throughput is improved by roughly 80% with our approach, for as little as one link failure. #### Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach - Authors: François De Keersmaeker, Ramin Sadre, Cristel Pelsser - Type: Technical Report - URL: https://cristel.pelsser.eu/publication/keersmaeker-2023 Abstract: Internet of Things devices can now be found everywhere, including in our households in the form of Smart Home networks. Despite their ubiquity, their security is unsatisfactory, as demonstrated by recent attacks. The IETF's MUD standard has as goal to simplify and automate the secure deployment of end devices in networks. A MUD file contains a device specific description of allowed network activities (e.g., allowed IP ports or host addresses) and can be used to configure for example a firewall. A major weakness of MUD is that it is not expressive enough to describe traffic patterns representing device interactions, which often occur in modern Smart Home platforms. In this article, we present a new language for describing such traffic patterns. The language allows writing device profiles that are more expressive than MUD files and take into account the interdependencies of traffic connections. We show how these profiles can be translated to efficient code for a lightweight firewall leveraging NFTables to block non-conforming traffic. We evaluate our approach on traffic generated by various Smart Home devices, and show that our system can accurately block unwanted traffic while inducing negligible latency. #### Detecting IP-tracking proof interfaces by looking for NATs - Authors: Aurélien Buchet, Peter Snyder, Hamed Haddadi, Cristel Pelsser - Type: poster - Venue: 2023 7th Network Traffic Measurement and Analysis Conference (TMA) - Pages: 1--4 - DOI: https://doi.org/10.23919/TMA58422.2023.10198950 - URL: https://cristel.pelsser.eu/publication/buchet-2023 - Keywords: Performance evaluation, Privacy, Costs, Telecommunication traffic, Virtual private networks, Browsers, IP networks Abstract: In this poster, we propose an approach based on short-lived random identifiers to allow applications to detect when multiple users share the same IP address such as when they are behind NATs. Using NATed interfaces could provide a cheap way to evade IP-based tracking as the traffic of all users is merged into a single IP flow. As a result, it is harder for trackers to single out (and so re-identify by IP address) users behind a NAT. For many years, there has been a race between web trackers trying to find techniques to monitor user behaviour online, and privacy researchers looking for solutions to avoid such tracking. Despite progresses in browser privacy-preserving techniques, IP tracking is still highly effective because current solutions to hide an IP address such as VPNs, or the Tor network, rely on external services and often induce a high cost in terms of performance. Our proposal could lead to solutions that are cheaper to deploy and don't affect the performance as much. We developed an Android application detecting when an IP address was shared by multiple devices and reported the availability of such interfaces. We show that it is possible to identify networks where multiple users share the same IP address. We also discuss how our system can be protected from potential attackers. #### Placement optimal de moniteurs dans un réseau pour la tomographie booléenne - Authors: Alice Burlats, Pierre Schaus, Cristel Pelsser - Type: Conference Paper - Venue: Journées Francophones de Programmation par Contraintes JFPC - URL: https://cristel.pelsser.eu/publication/burlats-2023 - Keywords: Programmation par contraintes, tomographie booléenne, k-identifiabilité, supervision de réseaux, programmation linéaire en nombres entier Abstract: La tomographie booléenne permet de détecter les pannes dans un réseau et de les situer à partir seulement d'un sous-ensemble de noeuds moniteurs. On dit qu'un réseau est k-identifiable si cet ensemble de moniteurs permet de situer jusqu'à k pannes simultanées sans ambiguïté. Les moniteurs impliquant un coût, il faut faire un compromis entre identifiabilité et nombre de moniteurs. Nous présentons et comparons ici un modèle PLNE et un modèle PPC pour trouver le plus petit ensemble de moniteur de manière à garantir la couverture ou la 1-identifiabilité du réseau. #### Routing over QUIC: Bringing transport innovations to routing protocols - Authors: Thomas Wirtgen, Nicolas Rybowski, Cristel Pelsser, Olivier Bonaventure - Type: poster - Venue: Poster session of the 20th USENIX Symposium on Networked Systems Design and Implementation (NSDI 23' Poster Session) - DOI: https://doi.org/10.48550/arXiv.2304.02992 - URL: https://cristel.pelsser.eu/publication/wirtgen-2023 - Keywords: Distributed Routing, Routing Transport, QUIC, Secure Routing Transport, BGP over QUIC, OSPF over QUIC, Routing, BGP, OSPF Abstract: By combining the security features of TLS with the reliability of TCP, QUIC opens new possibilities for many applications. We demonstrate the benefits that QUIC brings for routing protocols. Current Internet routing protocols use insecure transport protocols. BGP uses TCP possibly with authentication. OSPF uses its own transport protocol above plain IP. We design and implement a library that allows to replace the transport protocols used by BGP and OSPF with QUIC. We apply this library to the BIRD routing daemon and report preliminary results. #### RPKI Time-of-Flight: Tracking Delays in the Management, Control, and Data Planes - Authors: Romain Fontugne, Amreesh Phokeer, Cristel Pelsser, Kevin Vermeulen, Randy Bush - Type: Conference Paper - Venue: Passive and Active Measurement PAM - Pages: 429--457 - Publisher: Springer Nature Switzerland - DOI: https://doi.org/10.1007/978-3-031-28486-1_18 - URL: https://cristel.pelsser.eu/publication/fontugne-2023 Abstract: As RPKI is becoming part of ISPs' daily operations and Route Origin Validation is getting widely deployed, one wonders how long it takes for the effect of RPKI changes to appear in the data plane. Does an operator that adds, fixes, or removes a Route Origin Authorization (ROA) have time to brew coffee or rather enjoy a long meal before the Internet routing infrastructure integrates the new information and the operator can assess the changes and resume work? The chain of ROA publication, from creation at Certification Authorities all the way to the routers and the effect on the data plane involves a large number of players, is not instantaneous, and is often dominated by ad hoc administrative decisions. This is the first comprehensive study to measure the entire ecosystem of ROA manipulation by all five Regional Internet Registries (RIRs), propagation on the management plane to Relying Parties (RPs) and to routers; measure the effect on BGP as seen by global control plane monitors; and finally, measure the effects on data plane latency and reachability. We found that RIRs usually publish new RPKI information within five minutes, except APNIC which averages ten minutes slower. At least one national CA is said to publish daily. We observe significant disparities in ISPs' reaction time to new RPKI information, ranging from a few minutes to one hour. The delay for ROA deletion is significantly longer than for ROA creation as RPs and BGP strive to maintain reachability. Incidentally, we found and reported significant issues in the management plane of two RIRs and a Tier1 network. ### 2022 #### MVP: Measuring Internet Routing from the Most Valuable Points - Authors: Thomas Alfroy, Thomas Holterbach, Cristel Pelsser - Type: poster - Venue: Poster in the Proceedings of the Internet Measurement Conference (IMC) - DOI: https://doi.org/10.1145/3517745.3563031 - URL: https://cristel.pelsser.eu/publication/alfroy-2022 #### The Multiple Roles That IPv6 Addresses Can Play in Today's Internet - Authors: Maxime Piraux, Tom Barbette, Nicolas Rybowski, Louis Navarre, Thomas Alfroy, Cristel Pelsser, François Michel, Olivier Bonaventure - Type: Journal Article - Venue: SIGCOMM Comput. Commun. Rev. - Pages: 10--18 - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/3561954.3561957 - URL: https://cristel.pelsser.eu/publication/piraux-2022 - Keywords: IP address, multihoming, network service, IPv6, multipath Abstract: The Internet use IP addresses to identify and locate network interfaces of connected devices. IPv4 was introduced more than 40 years ago and specifies 32-bit addresses. As the Internet grew, available IPv4 addresses eventually became exhausted more than ten years ago. The IETF designed IPv6 with a much larger addressing space consisting of 128-bit addresses, pushing back the exhaustion problem much further in the future.In this paper, we argue that this large addressing space allows reconsidering how IP addresses are used and enables improving, simplifying and scaling the Internet. By revisiting the IPv6 addressing paradigm, we demonstrate that it opens up several research opportunities that can be investigated today. Hosts can benefit from several IPv6 addresses to improve their privacy, defeat network scanning, improve the use of several mobile access network and their mobility as well as to increase the performance of multicore servers. Network operators can solve the multihoming problem more efficiently and without putting a burden on the BGP RIB, implement Function Chaining with Segment Routing, differentiate routing inside and outside a domain given particular network metrics and offer more fine-grained multicast services. #### Deploying Near-Optimal Delay-Constrained Paths with Segment Routing in Massive-Scale Networks - Authors: Jean-Romain Luttringer, Thomas Alfroy, Pascal Mérindol, Quentin Bramas, François Clad, Cristel Pelsser - Type: Journal Article - Venue: Computer Networks - DOI: https://doi.org/10.1016/j.comnet.2022.109015 - URL: https://cristel.pelsser.eu/publication/luttringer-2022 - Keywords: Traffic Engineering, Segment Routing, DCLC, CSP, Delay Constrained Least Cost, QoS Routing Abstract: With a growing demand for quasi-instantaneous communication services such as real-time video streaming, cloud gaming, and industry 4.0 applications, multi-constraint Traffic Engineering (TE) becomes increasingly important. While legacy TE management planes like MPLS have proven laborious to deploy, Segment Routing (SR) drastically eases the deployment of TE paths and is thus increasingly adopted by Internet Service Providers (ISP). There is now a clear need in computing and deploying Delay-Constrained Least-Cost paths (DCLC) with SR for real-time interactive services requiring both low delay and high bandwidth routes. However, most current DCLC solutions are not tailored for SR. They also often lack efficiency (particularly exact schemes) or guarantees (by relying on unbounded heuristics). Similarly to approximation schemes, we argue that the actual challenge is to design an algorithm providing both performances and strong guarantees. However, conversely to most of these schemes, we also consider operational constraints to provide a practical, high-performance implementation. In this work, we extend and further evaluate our previous contribution, BEST2COP. BEST2COP leverages inherent limitations in the accuracy of delay measurements, accounts for the operational constraint added by SR, and provides guarantees and bounded computation time in all cases thanks to simple but efficient data structures and amortized procedures. We show that BEST2COP is faster than a state-of-the-art algorithm on both random and real networks of up to 1000 nodes. Relying on commodity hardware with a single thread, our algorithm retrieves all non-superfluous 3-dimensional routes in under 100ms in both cases. This execution time is further reduced using multiple threads, as the design of BEST2COP enables a significant speed-up thanks to a highly parallelizable core which also enables a balanced computing load between thread. Finally, we extend BEST2COP to deal with massive-scale ISP by leveraging the multiarea partitioning of these deployments. Thanks to our new topology generator specifically designed to model realistic patterns in such massive IP networks, we show that BEST2COP can solve DCLC-SR in approximately 1 second even for ISP having more than 100 000 routers. #### A First Measurement with BGP Egress Peer Engineering - Authors: Ryo Nakamura, Kazuki Shimizu, Teppei Kamata, Cristel Pelsser - Type: Conference Paper - Venue: Passive and Active Measurement - 23th International Conference, PAM 2022 - DOI: https://doi.org/10.1007/978-3-030-98785-5_9 - URL: https://cristel.pelsser.eu/publication/nakamura-2022 - Keywords: BGP-EPE, Segment Routing, Latency, Internet path performance Abstract: This paper reports on measuring the effect of engineering egress traffic to peering ASes using Segment Routing, called BGP-EPE. BGP-EPE can send packets destined to arbitrary prefixes to arbitrary eBGP peers regardless of the BGP path selection. This ability enables us to measure external connectivity from a single AS in various perspectives; for example, does the use of paths other than the BGP best paths improve performance? We conducted an experiment to measure latency to the Internet from an event network, Interop Tokyo ShowNet, where SR-MPLS and BGP-EPE were deployed. Our findings from the experiment show BGP-EPE improves latency for 77% of target prefixes, and peering provides shorter latency than transit. We further show factors on which the degree of improvement depends, e.g., the performance-obliviousness of BGP and the presence of remote peering. Also, we find 91% of peer ASes forwarded packets towards prefixes that the peers did not advertise. #### Numérique et Sciences Informatiques, Terminale spécialité - Authors: Michel Beaudouin-Lafon, Céline Chevalier, Gilles Grimaud, Benoit Groz, Philippe Marquet, Mathieu Nancel, Cristel Pelsser, Xavier Redon, Thomas Vantroys, Emmanuel Waller - Type: Book - Publisher: Hachette Education - URL: https://cristel.pelsser.eu/publication/beaudouinlafon-2022 #### Passive and Active Measurement: 23rd International Conference, PAM 2022, Virtual Event, March 28--30, 2022, Proceedings - Authors: - Type: Book - Venue: Passive and Active Measurement - 23th International Conference, PAM 2022 - Publisher: Springer International Publishing - DOI: https://doi.org/10.1007/978-3-030-98785-5 - URL: https://cristel.pelsser.eu/publication/hohlfeld-2022 ### 2021 #### Deploying Near-Optimal Delay-Constrained Paths with Segment Routing in Massive-Scale Networks - Authors: Jean-Romain Luttringer, Thomas Alfroy, Pascal Mérindol, Quentin Bramas, François Clad, Cristel Pelsser - Type: Journal Article - Venue: CoRR - DOI: https://doi.org/10.1016/j.comnet.2022.109015 - URL: https://cristel.pelsser.eu/publication/luttringer-2021-d - Keywords: Traffic Engineering, Segment Routing, DCLC, CSP, Delay Constrained Least Cost, QoS Routing Abstract: With a growing demand for quasi-instantaneous communication services such as real-time video streaming, cloud gaming, and industry 4.0 applications, multi-constraint Traffic Engineering (TE) becomes increasingly important. While legacy TE management planes have proven laborious to deploy, Segment Routing (SR) drastically eases the deployment of TE paths and is thus increasingly adopted by Internet Service Providers (ISP). There is a clear need in computing and deploying Delay-Constrained Least-Cost paths (DCLC) with SR for real-time interactive services. However, most current DCLC solutions are not tailored for SR. They also often lack efficiency or guarantees. Similarly to approximation schemes, we argue that the challenge is to design an algorithm providing both performances and guarantees. However, conversely to most of these schemes, we also consider operational constraints to provide a practical, high-performance implementation. We leverage the inherent limitations of delay measurements and account for the operational constraint added by SR to design a new algorithm, best2cop, providing guarantees and performance in all cases. Best2cop outperforms a state-of-the-art algorithm on both random and real networks of up to 1000 nodes. Relying on commodity hardware with a single thread, our algorithm retrieves all non-superfluous 3-dimensional routes in only 250ms and 100ms respectively. This execution time is further reduced using multiple threads, as the design of best2cop enables a speedup almost linear in the number of cores. Finally, we extend best2cop to deal with massive scale ISP by leveraging the multi-area partitioning of these deployments. Thanks to our new topology generator specifically designed to model the realistic patterns of such massive IP networks, we show that best2cop solves DCLC-SR in approximately 1 second even for ISP having more than 100000 routers. #### MUSE: Multimodal Separators for Efficient Route Planning in Transportation Networks - Authors: Mohamed Amine Falek, Cristel Pelsser, Sébastien Julien, Fabrice Theoleyre - Type: Journal Article - Venue: Transportation Science, INFORMS - Publisher: INFORMS - DOI: https://doi.org/10.1287/trsc.2021.1104 - URL: https://cristel.pelsser.eu/publication/falek-2021 - Keywords: multimodal shortest path, graph separators, route planning, time-dependent graph Abstract: Many algorithms compute shortest-path queries in mere microseconds on continental-scale networks. Most solutions are, however, tailored to either road or public transit networks in isolation. To fully exploit the transportation infrastructure, multimodal algorithms are sought to compute shortest-paths combining var- ious modes of transportation. Nonetheless, current solutions still lack performance to efficiently handle interactive queries under realistic network conditions where traffic jams, public transit cancelations, or delays often occur. We present MUSE, a new multimodal algorithm based on graph separators to compute shortest travel time paths. It partitions the network into independent, smaller regions, enabling fast and scalable preprocessing. The partition is common to all modes and independent of traffic conditions so that the pre- processing is only executed once. MUSE relies on a state automaton that describes the sequence of modes to constrain the shortest path during the preprocessing and the online phase. The support of new sequences of mobility modes only requires the preprocessing of the cliques, independently for each partition. We also aug- ment our algorithm with heuristics during the query phase to achieve further speedups with minimal effect on correctness. We provide experimental results on France’s multimodal network containing the pedestrian, road, bicycle, and public transit networks. #### De l’Utilisation des Métagraphes pour la Vérification de Politiques de Sécurité - Authors: Loïc Miller, Pascal Mérindol, Antoine Gallais, Cristel Pelsser - Type: Conference Paper - Venue: AlgoTel - URL: https://cristel.pelsser.eu/publication/miller-2021-c - Keywords: Access control, security policies, metagraphs, model checking Abstract: Les processus métier multi-agents aux interactions complexes sont généralement modélisés en tant que workflows. Le propriétaire des données confidentielles interagit avec des sous-traitants pour réaliser une séquence de tâches, en déléguant aux différents acteurs des droits limités sur les données sensibles. Cette délégation repose sur le contrôle d'accès aux données. Pour faciliter sa configuration, les administrateurs proposent une spécification des politiques d'accès et se reposent ensuite souvent sur un traducteur. Cependant, la traduction de la spécification vers l'implémentation peut mener à des erreurs lors d'un déploiement effectif entre les différentes entités du workflow et ainsi engendrer des failles de sécurité. Dans cet article, nous proposons des structures facilitant la détection et la correction d'erreurs potentiellement introduites en raison d'une traduction défectueuse ou d'un déploiement défaillant. En particulier, nous considérons une structure aux fondations formelles capables de modéliser naturellement et surtout très finement les politiques de sécurité : les métagraphes. Nous proposons une suite d'outils de traduction permettant de détecter ces erreurs potentielles et évaluons ses performances. #### Fair Delegation of Digital Services Without Third Parties - Authors: Andreas Guillot, Fabrice Theoleyre, Cristel Pelsser - Type: Conference Paper - Venue: Symposium on Computers and Communications (ISCC) - DOI: https://doi.org/10.1109/iscc53001.2021.9631431 - URL: https://cristel.pelsser.eu/publication/guillot-2021 - Keywords: Services, Secure Delegation, Atomic Swap Abstract: The software architecture of most applications is more and more fragmented, and relying on micro-services. Moreover, some parts may be specialized, and a customer may choose to delegate a task to a service provider. In this situation, the customer must be sure to get results that comply with the task when they pay the service provider, and inversely. We propose a framework based on atomic swaps to enable such simultaneous exchanges. Our scheme is based on exchanging a transactional key during an atomic swap. Our framework protects both actors, and enables non-repudiation, from both sides, even in an asynchronous environment. #### L’Art d’Anticiper les Changements IGP pour Acheminer Optimalement la Patate en Transit - Authors: Jean-Romain Luttringer, Quentin Bramas, Cristel Pelsser, Pascal Mérindol - Type: Conference Paper - Venue: CoRes - URL: https://cristel.pelsser.eu/publication/luttringer-2021-b - Keywords: IGP, BGP, convergence, fault resilience Abstract: Le routage des données en transit dans les systèmes autonomes (AS) d'Internet se fait selon le paradigme de la patate chaude. Les meilleures routes inter-domaines (BGP) sont sélectionnées grâceà un ordre lexicographique dont l'une des règles stipule de choisir la meilleure distance intra-domaine (IGP) parmi les meilleures routes existantes (ordonnées selon les critères précédents, par ex., préférenceéconomique et nombre de sauts d'AS). Cette pratique est appelée patate chaude car les AS qui l'appliquentévacuent ainsi efficacement le trafic en transit. Cette dépendance de BGP visà vis de l'IGP implique que BGP doit re-converger après chaqueévénement interne se produisant dans l'AS (et ce processus est particulièrement lent car traité naïvement). Avec OPTIC, Optimal Protection Technique for Inter/intra-domain Convergence, l'objectif de notre travail est de ramener ce temps de convergenceà une durée marginale dans la plupart des cas. Pour cela, OPTIC crée et manipule efficacement des ensembles de passerelles BGP contenant les meilleures routes BGP antérieures et postérieuresà tout changement IGP. Ces ensembles sont partagés par groupe de préfixes ayant des passerelles identiques. Ainsi, leur miseà jour, construction et utilisation s'opèrentà la granularité du groupe et non du préfixe. Non seulement OPTIC garantit un re-routage rapide vers la meilleure passerelle en cas de changement interne mais assure aussi efficacement sa propre re-convergence faceà tous les types de changements : il metà jour ses nouveaux ensembles protecteurs (pour la nouvelle route post-convergence) faceà tous lesévènements futurs avec un coût inférieur ouégalà celui de BGP pour la gestion de la panne précédente ! #### Le Problème à trois Contraintes : Calcul et Déploiement de Segments de Routage - Authors: Jean-Romain Luttringer, Thomas Alfroy, Pascal Mérindol, François Clad, Cristel Pelsser - Type: Conference Paper - Venue: AlgoTel - URL: https://cristel.pelsser.eu/publication/luttringer-2021-c - Keywords: Traffic engineering, DCLC, Segment Routing Abstract: Longtemps freinée par des technologies peu extensibles et difficilesà automatiser, l'ingénierie de trafic retrouve peù a peu de son allant. D'une part, les services de communicationémergents, comme le cloud gaming et l'industrie 4.0, nécessitent des chemins spécifiques offrant des garanties strictes. D'autre part, Segment Routing (SR), une technologie de routage par la source plus extensible que le plan de contrôle MPLS, offre aux opérateurs la possibilité de déployer des chemins contraintsà grandeéchelle. Ces chemins peuvent par exemple respecter une contrainte de latence maximum tout en minimisant le "coût interne" pour l'opérateur (coût IGP). En effet, ce type de chemins est requis pour les applications nécessitant un haut niveau d'interactivité sans négliger la bande passante. Cependant, calculer de telles routes multi-contraintes est un problème NP-Difficile bien connu : DCLC. Bien que de nombreuses solutions existent, elles ne sont pas adaptéesà Segment Routing qui ajoute une contrainte opérationnelle aux deux contraintes de qualité de service. De plus, ces propositions n'offrent généralement pas de garanties fortes en terme de temps d'exécution. Dans ce travail, afin de proposer une solution exacte mais pratique et efficace, nous tirons parti des avantages et inconvénients de SR ainsi que des limites inhérentes aux réseaux d'opérateurs. Notre algorithme, BEST2COP, conçu pour etre massivement parallélisable, résout efficacement DCLC même lorsque la double valuation du graphe est aléatoire. Que ce soit sur des graphes aux structures réelles ou aléatoires, BEST2COP résout DCLC en largement moins d'une seconde sur des domaines SR de plus de mille noeuds. Dans ce travail, afin de proposer une solution exacte mais pratique et efficace, nous tirons parti des avantages et in- conve´nients de SR ainsi que des limites inhe´rentes aux re´seaux d’ope´rateurs. Notre algorithme, BEST2COP, conc¸u pour eˆtre massivement paralle´lisable, re´sout efficacement DCLC meˆme lorsque la double valuation du graphe est ale´atoire. Que ce soit sur des graphes aux structures re´elles ou ale´atoires, BEST2COP re´sout DCLC en largement moins d’une seconde sur des domaines SR de plus de mille nœuds. #### Où un opérateur IP cache-t-il ses détours? - Authors: Del Fiore, Julián Martín, Pascal Mérindol, Cristel Pelsser - Type: Conference Paper - Venue: CoRes - URL: https://cristel.pelsser.eu/publication/delfiore-2021-a - Keywords: Forwarding Detours, Load Balancing, Traffic Engineering, Network management, Scalability Abstract: La quantité de préfixes BGP à manipuler, ainsi que le nombre de routes à sélectionner, commencent à devenir colossaux pour les routeurs aux performances limités. Le nombre de préfixes se rapproche du million, ∼867K préfixes en Mars 2021, avec une augmentation de ≈50K préfixes par an sur les 10 dernières années. Pour pallierà ces problèmes d'extensibilité les systèmes autonomes (AS) peuvent tenter de filtrer certains préfixes, réaliser de l'agrégation ou bien recourirà des routes par défaut. Malgré leurs efficacités, ces astuces peuvent engendrer des détours de commutation (ou forwarding detours, FD), i.e., du traffic en transit acheminé via des routes internesà l'AS non optimales. Dans ce travail, nousétudions ce phénomène et proposons une méthode efficace pour détecter et analyser les FDs. En se basant sur un campagne de mesures réalisée depuis 92 moniteurs de l'infrastructure NLNOG RING, nous avons révélé que 25 ASes, sur les 54 suffisamment bienéchantillonnés, semblent sujets, au moins partiellement,à de tels détours. En particulier, nous avons observé un motif binaire assez remarquable : pour un couple entrée/sortie d'un AS, soit tout le traffic de transit est détourné, soit aucun préfixe n'y est sujet. #### Protection contre les fuites de données : un environnement micro-services sécurisé - Authors: Loïc Miller, Pascal Mérindol, Antoine Gallais, Cristel Pelsser - Type: Conference Paper - Venue: CoRes - URL: https://cristel.pelsser.eu/publication/miller-2021-b - Keywords: Workflow, Microservices, Zero-trust, Security Abstract: Les fuites de données au repos sont malheureusement courantes et en augmentation, entrainant des pertes de profits pour les entreprises ou le non-respect de confidentialité de données personnelles sensibles. La récente montée en puissance des micro-services, en tant que paradigme de déploiement extensible, impose également la sécurisation du trafic. Un processus métier peut être modélisé sous la forme d'un workflow : le propriétaire des données interagit avec des sous-traitants pour réaliser une séquence de tâches. Dans cet article, nous montrons comment ces workflows peuvent être appliqués tout en limitant l'exposition des données. En suivant les principes du zero-trust, nous proposons une infrastructure utilisant l'isolation fournie par les micro-services pour mettre en oeuvre un workflow, dans une preuve de concept disponible en ligne. Nous vérifions ensuite que les politiques de sécurité sont correctement appliquées, et estimons le coût supplémentaire induit par les dispositifs de sécurité. #### Revisiting Recommended BGP Route Flap Damping Configurations - Authors: Clemens Mosig, Randy Bush, Cristel Pelsser, Thomas Schmidt, M. Wählisch - Type: Conference Paper - Venue: Proc. of Network Traffic Measurement and Analysis Conference (TMA) - Publisher: IFIP - URL: https://cristel.pelsser.eu/publication/clemens-2021 - Keywords: Internet, BGP, RFD, Measurement Abstract: BGP Route Flap Damping (RFD) is recommended to suppress BGP churn. Current configuration recommendations for RFD, however, are based on a study from 2010. Since then, BGP churn increased by one order of magnitude, which may lead to outdated RFD parameters and introduce more loss of reachability of stable networks. In this paper, we revisit current recommendations to configure RFD. First, we develop an accurate and scalable emulation of Cisco and Juniper RFD implementations and make it publicly available. Second, we successfully reproduce the 2010 measurement study that justified the current RFD recommendations using current data. Third, we consider the RFD implementation of an additional major router vendor (Juniper), which penalizes BGP churn differently compared to the previously studied Cisco implementation. Fourth, we include IPv6 data from 2020. Our results show that the recommended RFD configuration parameters from 2010, though seemingly rarely used, still hold today in IPv4 and IPv6 and across vendors, even though BGP churn increased significantly. Our study revises metrics to assess the impact of incorrectly configured RFD, discusses collateral damage, and gives insights into sweet spots when damping routes. #### To Re-Route, or not to Re-Route: Impact of Real-Time Re-Routing in Urban Road Networks - Authors: Mohamed Amine Falek, Antoine Gallais, Cristel Pelsser, S. Julien, Fabrice Theoleyre - Type: Journal Article - Venue: Journal of Intelligent Transportation Systems: Technology, Planning, and Operations - DOI: https://doi.org/10.1080/15472450.2020.1807345 - URL: https://cristel.pelsser.eu/publication/falek - Keywords: road networks, route planning, real-time data, vehicle re-routing, traffic prediction Abstract: Route planning represents a major challenge with a substantial impact on safety, economy, and even climate. An ever-growing urban population caused a significant increase in commuting times, therefore, stressing the prominence of efficient real-time route planning. In essence, the goal is to compute the fastest route to reach the target location in a realistic environment where traffic conditions are time-evolving. Consequently, a large volume of traffic data is potentially required and the route continuously updated. We thereby address the re-routing problem to answer questions such as when, how often, and where is re-routing worthwhile. We base our study on a real dataset, comprising the travel times of the road segments of New York, London, and Chicago, collected over three months. By exploiting this dataset, we implement an optimal algorithm, able to mimic ideal predictions of road segment speeds in the network. Thereby, allowing us to compute the lower bound of travel-time to serve as a reference against other routing techniques. Mainly, we quantify the achieved travel-time gain of a static, no re-routing, and continuous re-routing strategies. Surprisingly, we find that traffic conditions are sufficiently stable for short time windows, and re-routing a vehicle is very seldom useful when exploiting accurate statistics at departure time. Typically, real-time re-routing should only be triggered during rush hours, for long routes, passing through well-identified road segments. #### Towards Secure and Leak-Free Workflows Using Microservice Isolation - Authors: Loïc Miller, Pascal Mérindol, Antoine Gallais, Cristel Pelsser - Type: Conference Paper - Venue: IEEE International Conference on High Perfor- mance Switching and Routing Conference (HPSR) - DOI: https://doi.org/10.1109/hpsr52026.2021.9481820 - URL: https://cristel.pelsser.eu/publication/miller-2021 - Keywords: data leak, data breach, workflow, microservices, authorization, security Abstract: Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfigured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization. #### A Fast-Convergence Routing of the Hot-Potato - Authors: Jean-Romain Luttringer, Quentin Bramas, Cristel Pelsser, Pascal Mérindol - Type: Conference Paper - Venue: Infocom - DOI: https://doi.org/10.1109/infocom42981.2021.9488880 - URL: https://cristel.pelsser.eu/publication/luttringer-2021-a - Keywords: BGP, IGP, Inter-domain, Hot-potato routing Abstract: Interactions between the intra- and inter-domain routing protocols received little attention despite playing an important role in forwarding transit traffic. More precisely, by default, IGP distances are taken into account by BGP to select the closest exit gateway for the transit traffic (hot-potato routing). Upon an IGP update, the new best gateway may change and should be updated through the (full) re-convergence of BGP, causing superfluous BGP processing and updates in many cases. We propose OPTIC (Optimal Protection Technique for Inter-intra domain Convergence), an efficient way to assemble both protocols without losing the hot-potato property. OPTIC pre-computes sets of gateways (BGP next-hops) shared by groups of prefixes. Such sets are guaranteed to contain the post-convergence gateway after any single IGP event for the grouped prefixes. The new optimal exits can be found through a single walk-through of each set, allowing the transit traffic to benefit from optimal BGP routes almost as soon as the IGP converges. Compared to vanilla BGP, OPTIC's structures allow it to consider a reduced number of entries: this number can be reduced by 99% for stub networks. The update of OPTIC's structures, which is not required as long as border routers remain at least bi-connected, scales linearly in time with its number of groups. #### The Art of Detecting Forwarding Detours - Authors: Julián Martín Del Fiore, Valerio Persico, Pascal Mérindol, Cristel Pelsser, Antonio Pescapè - Type: Journal Article - Venue: IEEE Transactions on Network and Service Management TNSM - Pages: 1--1 - Publisher: IEEE - DOI: https://doi.org/10.1109/TNSM.2021.3062151 - URL: https://cristel.pelsser.eu/publication/fiore-2021 - Keywords: Routing, Routing protocols, Load management, IP networks, Scalability, Tunneling, Tools, Forwarding Information Base, Forwarding Detours, Load Balancing, Traffic Engineering, Network management, Routing Inconsistencies Abstract: The full Internet feed, reaching ∼867K prefixes as of March 2021, has been growing at ≈50K prefixes/year over the last 10 years. To counterbalance this sustained increase, Autonomous Systems (ASes) may filter prefixes, perform prefix aggregation and use default routes. Despite being effective, such workarounds may result in routing inconsistencies, i.e., in routers along a forwarding route mapping the same IP addresses to different IP prefixes. In turn, the exit AS border routers associated with these distinct prefixes may potentially differ. For some prefixes, forwarding detours (FDs) may occur, i.e., traffic may deviate from best IGP paths. In this work we investigate the phenomenon of FDs and derive a methodology to detect them. In particular, our tool is able to pinpoint cases where multiple prefixes are subject to FDs. We run measurements from 100 vantage points of the NLNOG RING monitoring infrastructure and find FDs in 25 out of 54 ASes. We see that FDs are heterogeneous, i.e., the number of prefixes and AS border routers in between which we detect FDs strongly depend on the studied AS. Finally, we discover a remarkable binary effect such that either all transit traffic traversing between two border routers of an AS detours, or none does. #### Verification of Cloud Security Policies - Authors: Loïc Miller, Pascal Mérindol, Antoine Gallais, Cristel Pelsser - Type: Conference Paper - Venue: IEEE International Conference on High Performance Switching and Routing Conference (HPSR) - DOI: https://doi.org/10.1109/hpsr52026.2021.9481870 - URL: https://cristel.pelsser.eu/publication/miller-2021-a - Keywords: policy verification, metagraphs, policymodeling, rego, access control, authorization Abstract: Companies like Netflix increasingly use the cloud to deploy their business processes. Those processes often involve partnerships with other companies, and can be modeled as workflows where the owner of the data at risk interacts with contractors to realize a sequence of tasks on the data to be secured. In practice, access control is an essential building block to deploy these secured workflows. This component is generally managed by administrators using high-level policies meant to represent the requirements and restrictions put on the workflow. Handling access control with a high-level scheme comes with the benefit of separating the problem of specification, i.e. defining the desired behavior of the system, from the problem of implementation, i.e. enforcing this desired behavior. However, translating such high-level policies into a deployed implementation can be error-prone. Even though semi-automatic and automatic tools have been proposed to assist this translation, policy verification remains highly challenging in practice. In this paper, our aim is to define and propose structures assisting the checking and correction of potential errors introduced on the ground due to a faulty translation or corrupted deployments. In particular, we investigate structures with formal foundations able to naturally model policies. Metagraphs, a generalized graph theoretic structure, fulfill those requirements: their usage enables to compare high-level policies to their implementation. In practice, we consider Rego, a language used by companies like Netflix and Plex for their release process, as a valuable representative of most common policy languages. We propose a suite of tools transforming and checking policies as metagraphs, and use them in a global framework to show how policy verification can be achieved with such structures. Finally, we evaluate the performance of our verification method. ### 2020 #### Computing Delay-Constrained Least-Cost Paths for Segment Routing is Easier Than You Think - Authors: Jean-Romain Luttringer, Thomas Alfroy, Pascal Mérindol, Quentin Bramas, François Clad, Cristel Pelsser - Type: Journal Article - Venue: IEEE International Symposium on Network Computing and Applications - DOI: https://doi.org/10.1109/nca51143.2020.9306706 - URL: https://cristel.pelsser.eu/publication/luttringer-2020 - Keywords: Delays, Measurement, Routing, Bandwidth, Real-time systems, Complexity theory, Propagation delay Abstract: With the growth of demands for quasi-instantaneous communication services such as real-time video streaming, cloud gaming, and industry 4.0 applications, multi-constraint Traffic Engineering (TE) becomes increasingly important. While legacy TE management planes have proven laborious to deploy, Segment Routing (SR) drastically eases the deployment of TE paths and thus became the most appropriate technology for many operators. The flexibility of SR sparked demands in ways to compute more elaborate paths. In particular, there exists a clear need in computing and deploying Delay-Constrained Least-Cost paths (DCLC) for real-time applications requiring both low delay and high bandwidth routes. However, most current DCLC solutions are heuristics not specifically tailored for SR. In this work, we leverage both inherent limitations in the accuracy of delay measurements and an operational constraint added by SR. We include these characteristics in the design of BEST2COP, an exact but efficient ECMP-aware algorithm that natively solves DCLC in SR domains. Through an extensive performance evaluation, we first show that BEST2COP scales well even in large random networks. In real networks having up to thousands of destinations, our algorithm returns all DCLC solutions encoded as SR paths in way less than a second. #### MUSE: une planification d'itinéraires inspirée de Séparateurs Multimodaux - Authors: Mohamed Amine Falek, Cristel Pelsser, S. Julien, Fabrice Theoleyre - Type: Conference Paper - Venue: AlgoTel - URL: https://cristel.pelsser.eu/publication/falek-2020 - Keywords: multimodal shortest path, graph separators, route planning, time-dependent graph Abstract: Le domaine des algorithmes de calcul de plus courts chemins connait un essor important avec le développement du cloud. Quelques solutions, dites multimodales, sont conçues pour combiner divers modes de transports, mais au prix d'une augmentation significative de la complexité. Nous proposons ici MUSE, un algorithme basé sur les séparateurs de graphes, mais adapté au cas multimodal. Dans une phase de prétraitement, nous découpons tout d'abord le graphe en partitions indépendantes (ou cellules), chacune découpée en modes de transport afin de pouvoir plus tard répondreà n'importe quelle requête,. Ensuite, nous précalculons toutes les plus courtes routes, sur ce petit nombre de cellules, en tenant compte des labels (modes) de chaque arête. Nous pouvons ainsi répondreà une requête très rapidement dans la phase online : l'utilisateur spécifie les séquences de mode qu'il autorise, et exploite les plus courtes routes pré-calculées. #### Power Prefixes Prioritization for Smarter BGP Reconvergence - Authors: Juan Brenes, Alberto Garcia-Martinez, Marcelo Bagnulo, Andra Lutu, Cristel Pelsser - Type: Journal Article - Venue: IEEE/ACM Transactions on Networking - Pages: 1074--1087 - DOI: https://doi.org/10.1109/TNET.2020.2979665 - URL: https://cristel.pelsser.eu/publication/brenes-2020 Abstract: BGP reconvergence events involving a large number of prefixes may result in the loss of large amounts of traffic. Based on the observation that a very small number of prefixes carries the vast majority of traffic, we propose Power Prefixes Prioritization (PPP) to ensure the routes of these popular BGP prefixes converge first. By doing so, we significantly reduce the amount of traffic lost during reconvergence events. To achieve this, PPP obtains an ordered list of popular prefixes through traffic inspection, and configures the resulting prefix rank in the BGP routers to prioritize the processing and advertisement of BGP routes. We model the benefits of PPP over traditional BGP processing in terms of traffic loss for both generic and a Zipf traffic distribution, and we consider the impact of sampling in the process of obtaining the prefix rank. Applying the mechanism to real traffic traces obtained from WIDE, we show that PPP reduces the amount of traffic lost by an order of magnitude, even when we configure it to use conservative sampling rates. We prototype our proposal in Quagga to show the feasibility of its implementation, and we observe similar traffic loss reduction. PPP can be deployed incrementally, as it is implemented purely as a change in the router-internal BGP processing behavior. #### A first look at the Latin American IXPs - Authors: E. Carisimo, Del Fiore, Julián Martín, D. Dujovne, Cristel Pelsser, I. Alvarez-Hamelin - Type: Journal Article - Venue: ACM SIGCOMM Computer Communication Review - DOI: https://doi.org/10.1145/3390251.3390255 - URL: https://cristel.pelsser.eu/publication/carisimo-2020-a Abstract: We investigated Internet eXchange Points (IXPs) deployed across Latin America. We discovered that many Latin American states have been actively involved in the development of their IXPs. We further found a correlation between the success of a national IXP and the absence of local monopolistic ASes that concentrate the country's IPv4 address space. In particular, three IXPs have been able to gain local traction: IX.br-SP, CABASE-BUE and PIT Chile-SCL. We further compared these larger IXPs with others outside Latin America. We found that, in developing regions, IXPs have had a similar growth in the last years and are mainly populated by regional ASes. The latter point clearly contrasts with more internationally re-known European IXPs whose members span multiple regions. #### BGP Beacons, Network Tomography, and Bayesian Computation to Locate Route Flap Damping - Authors: Caitlin Gray, Clemens Mosig, Randy Bush, Cristel Pelsser, M. Roughan, Thomas Schmidt, Matthias Wählisch - Type: Conference Paper - Venue: Internet Measurement Conference (IMC) - Pages: 492--505 - Publisher: ACM - DOI: https://doi.org/10.1145/3419394.3423624 - URL: https://cristel.pelsser.eu/publication/gray-2020-a - Keywords: Hamiltonian Monte Carlo, Metropolis-Hasting, RFD, RPKI Abstract: Pinpointing autonomous systems which deploy specific inter-domain techniques such as Route Flap Damping (RFD) or Route Origin Validation (ROV) remains a challenge today. Previous approaches to detect per-AS behavior often relied on heuristics derived from passive and active measurements. Those heuristics, however, often lacked accuracy or imposed tight restrictions on the measurement methods. We introduce an algorithmic framework for network tomography, BeCAUSe, which implements Bayesian Computation for Autonomous Systems. Using our original combination of active probing and stochastic simulation, we present the first study to expose the deployment of RFD. In contrast to the expectation of the Internet community, we find that at least 9% of measured ASs enable RFD, most using deprecated vendor default configuration parameters. To illustrate the power of computational Bayesian methods we compare BeCAUSe with three RFD heuristics. Thereafter we successfully apply a generalization of the Bayesian method to a second challenge, measuring deployment of ROV. #### Evaluating the performance of NRENs in deploying IoT in Africa: the case for TTN - Authors: Marco Zennaro, Cristel Pelsser, Franck Albinet, Pietro Manzoni - Type: Conference Paper - Venue: 2020 IEEE 17th Annual Consumer Communications & Networking Conference (CCNC) - Pages: 1--4 - Publisher: IEEE - DOI: https://doi.org/10.1109/CCNC46108.2020.9045213 - URL: https://cristel.pelsser.eu/publication/zennaro-2020 - Keywords: Probes, Europe, Education, Africa, Logic gates, Loss measurement, Internet Abstract: The growth of the Internet worldwide has been fuelled by the development of the “National Research and Education Networks” (NRENs), i.e., networks of academic and educational institutions. In Africa the establishment of NRENs is more recent. In this paper we analyse the readiness of African NRENs to be part of “The Things Network” (TTN), a network of IoT gateways that has fostered the growth of IoT in Europe by adopting a community network model. We analyse RTT and packet loss toward the nearest TTN network server, in African countries where RIPE Atlas (RIPE - “Réseaux IP Européens”, French for “European IP Networks”) probes are hosted both in academic and commercial networks. Our conclusion is that NRENs and commercial ISPs are on an equal foot in hosting TTN gateways in most countries we considered. ### 2019 #### Comparing Machine Learning Algorithms for BGP Anomaly Detection Using Graph Features - Authors: Odnan Ref Sanchez, Simone Ferlin, Cristel Pelsser, Randy Bush - Type: Conference Paper - Venue: Big-DAMA - Pages: 35--41 - DOI: https://doi.org/10.1145/3359992.3366640 - URL: https://cristel.pelsser.eu/publication/sanchez-2019 - Keywords: graph features, machine learning algorithms, anomaly detection, BGP Abstract: The Border Gateway Protocol (BGP) coordinates the connectivity and reachability among Autonomous Systems, providing efficient operation of the global Internet. Historically, BGP anomalies have disrupted network connections on a global scale, i.e., detecting them is of great importance. Today, Machine Learning (ML) methods have improved BGP anomaly detection using volume and path features of BGP's update messages, which are often noisy and bursty. In this work, we identified different graph features to detect BGP anomalies, which are arguably more robust than traditional features. We evaluate such features through an extensive comparison of different ML algorithms, i.e., Naive Bayes classifier (NB), Decision Trees (DT), Random Forests (RF), Support Vector Machines (SVM), and Multi-Layer Perceptron (MLP), to specifically detect BGP path leaks. We show that SVM offers a good trade-off between precision and recall. Finally, we provide insights into the graph features' characteristics during the anomalous and non-anomalous interval and provide an interpretation of the ML classifier results. #### A Taxonomy of Attacks Using BGP Blackholing - Authors: Loïc Miller, Cristel Pelsser - Type: Conference Paper - Venue: European Symposium on Research in Computer Security - Pages: 107--127 - Publisher: Springer - DOI: https://doi.org/10.1007/978-3-030-29959-0_6 - URL: https://cristel.pelsser.eu/publication/miller-2019 - Keywords: BGP, Security, Blackholing, DDoS, Communities, Hijacks, Leaks Abstract: BGP blackholing is a common technique used to mitigate DDoS attacks. Generally, the victim sends in a request for traffic to the attacked IP(s) to be dropped. Unfortunately, remote parties may misuse blackholing [29, 57] and send requests for IPs they do not own, turning a defense technique into a new attack vector. As DDoS attacks grow in number, blackholing will only become more popular, creating a greater risk this service will be exploited. In this work, we develop a taxonomy of attacks combining hijacks with blackholing: BGP blackjacks (blackhole hijacks). We show that those attacks effectively grant more reach and stealth to the attacker than regular hijacks, and assess the usability of those attacks in various security deployments. We then find that routing security mechanisms for BGP [30, 31] do not provide an adequate protection against some of those attacks, and propose additional mechanisms to properly defend against or mitigate them. #### Chocolatine: Outage Detection for Internet Background Radiation - Authors: Andreas Guillot, Romain Fontugne, Philipp Winter, Pascal Mérindol, Alistair King, Alberto Dainotti, Cristel Pelsser - Type: Conference Paper - Venue: 2019 Network Traffic Measurement and Analysis Conference (TMA) - Pages: 1--8 - Publisher: IEEE - DOI: https://doi.org/10.23919/tma.2019.8784607 - URL: https://cristel.pelsser.eu/publication/guillot-2019-a - Keywords: Internet, Time series analysis, Telescopes, Monitoring, IP networks, Predictive models, Data models, Outage detection, Internet Background Radiation, ARIMA Abstract: The Internet is a complex ecosystem composed of thousands of Autonomous Systems (ASs) operated by independent organizations; each AS having a very limited view outside its own network. These complexities and limitations impede network operators to finely pinpoint the causes of service degradation or disruption when the problem lies outside of their network. In this paper, we present Chocolatine, a solution to detect remote connectivity loss using Internet Background Radiation (IBR) through a simple and efficient method. IBR is unidirectional unsolicited Internet traffic, which is easily observed by monitoring unused address space. IBR features two remarkable properties: it is originated worldwide, across diverse ASs, and it is incessant. We show that the number of IP addresses observed from an AS or a geographical area follows a periodic pattern. Then, using Seasonal ARIMA to statistically model IBR data, we predict the number of IPs for the next time window. Significant deviations from these predictions indicate an outage. We evaluated Chocolatine using data from the UCSD Network Telescope, operated by CAIDA, with a set of documented outages. Our experiments show that the proposed methodology achieves a good trade-off between true-positive rate (90%) and false-positive rate (2%) and largely outperforms CAIDA's own IBR-based detection method. Furthermore, performing a comparison against other methods, i.e., with BGP monitoring and active probing, we observe that Chocolatine shares a large common set of outages with them in addition to many specific outages that would otherwise go undetected. #### De l’(in)inutilité du temps-réel pour le calcul d'itinéraire dans les réseaux routiers - Authors: Mohamed Amine Falek, Antoine Gallais, Cristel Pelsser, S. Julien, Fabrice Theoleyre - Type: Conference Paper - Venue: AlgoTel - URL: https://cristel.pelsser.eu/publication/falek-2019 Abstract: La planification d'itinéraire est devenue un défi majeur avec un impact significatif sur l'économie, la sécurité, et le climat. Elle consiste à fournir à chaque utilisateur une route présentant le plus faible temps de parcours, même si les conditions de circulation évoluent. Ainsi, une telle stratégie requiert de reconsidérer la route à prendre en continu, les conditions évoluant. Cependant, prendre en compte ces données temps-réel présente un impact élevé sur les ressources en calcul nécessaires. Nous quantifions donc ici le gain apporté par des données temps-réel. Nous comparons les routes obtenues à l'aide de données statistiques, versus temps-réel. Nous fournissons également une borne inférieure du temps de trajet, avec un algorithme qui serait capable de prédire parfaitement le futur. Nos résultats qui s'appuient sur un jeu de données réelles montrent de façon surprenante que le temps-réel est en réalité peu utile. #### Filtering the Noise to Reveal Inter-Domain Lies - Authors: Julián Martín Del Fiore, Pascal Mérindol, Valerio Persico, Cristel Pelsser, Antonio Pescapè - Type: Conference Paper - Venue: 2019 Network Traffic Measurement and Analysis Conference (TMA) - Pages: 17--24 - Publisher: IEEE - DOI: https://doi.org/10.23919/tma.2019.8784618 - URL: https://cristel.pelsser.eu/publication/fiore-2019 - Keywords: IP networks, Noise measurement, Routing, Internet, Topology, Organizations, Autonomous systems Abstract: On the Internet, routers of Autonomous Systems (ASes) have to determine their preferred inter-domain route, i.e. control path (CP), for each IP prefix. The traffic is then forwarded AS after AS, following a data path (DP) that should match the CP for the same prefix. The underlying implicit trust that ASes advertise the paths they use for packet forwarding may be misplaced. Network operators may tweak CPs and DPs to carry out inter-domain lies that are visible when the two paths differ. Lies can be either unintended, due to misconfigurations or technical limitations, or deliberate, e.g. for economical gain. While lies globally mitigate the ability to troubleshoot and understand the root cause of connectivity issues, detecting them is not a trivial task as the ground data is noisy.In this paper, we propose a modular framework to measure and correctly quantify the discrepancies between CPs and DPs. We define several rules to overcome specific sources of noise inducing mismatches (MMs), e.g., incomplete traces, sibling ASes, IXPs or third-party addresses in general. We leverage the Peering testbed to conduct a measurement campaign at a scale never achieved before, and conclude that, while the upper bound of lies is significant, the lower bound is not negligible. This suggests that the noise interfering with collected traces is not the sole culprit for the MMs between CPs and DPs. #### Revisiting Route Flap Damping in the Wild - Authors: Mosig Clemens, Randy Bush, Cristel Pelsser, Thomas Schmidt, Matthias Wählisch - Type: poster - Venue: Internet Measurement Conference (IMC) - URL: https://cristel.pelsser.eu/publication/mosig-2019 - Keywords: BGP, Route Flap Damping, Cisco IOS, Juniper JunOS Abstract: BGP Route Flap Damping (RFD) and its use has been a controversial topic in the past. Recommendations have been revised multiple times over the past two decades and still differ from vendor default values. In this article we dive into how we measured Route Flap Damping in the real-world, uncover which configurations are in use, and provide RFD parameter sets based on past recommendations for your router. ### 2018 #### BGP Communities: Even more Worms in the Routing Can - Authors: Florian Streibelt, Franziska Lichtblau, Robert Beverly, Anja Feldmann, Cristel Pelsser, Georgios Smaragdakis, Randy Bush - Type: Conference Paper - Venue: Proceedings of the Internet Measurement Conference 2018, IMC 2018 - Pages: 279--292 - Publisher: ACM - DOI: https://doi.org/10.1145/3278532.3278557 - URL: https://cristel.pelsser.eu/publication/streibelt-2018 - Keywords: BGP, routing security, Internet routing, blackholing, hijacking, security Abstract: BGP communities are a mechanism widely used by operators to manage policy, mitigate attacks, and engineer traffic; e.g., to drop unwanted traffic, filter announcements, adjust local preference, and prepend paths to influence peer selection. Unfortunately, we show that BGP communities can be exploited by remote parties to influence routing in unintended ways. The BGP community-based vulnerabilities we expose are enabled by a combination of complex policies, error-prone configurations, a lack of cryptographic integrity and authenticity over communities, and the wide extent of community propagation. Due in part to their ill-defined semantics, BGP communities are often propagated far further than a single routing hop, even though their intended scope is typically limited to nearby ASes. Indeed, we find 14% of transit ASes forward received BGP communities onward. Given the rich inter-connectivity of transit ASes, this means that communities effectively propagate globally. As a consequence, remote adversaries can use BGP communities to trigger remote blackholing, steer traffic, and manipulate routes even without prefix hijacking. We highlight examples of these attacks via scenarios that we tested and measured both in the lab as well as in the wild. While we suggest what can be done to mitigate such ill effects, it is up to the Internet operations community whether to take up the suggestions. #### Unambiguous, Real-Time and Accurate Map Matching for Multiple Sensing Sources - Authors: Mohamed Amine Falek, Cristel Pelsser, Antoine Gallais, Sebastien Julien, Fabrice Theoleyre - Type: Conference Paper - Venue: 2018 14th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob) - Pages: 1--8 - Publisher: IEEE - DOI: https://doi.org/10.1109/WiMOB.2018.8589103 - URL: https://cristel.pelsser.eu/publication/falek-2018 - Keywords: Global Positioning System, Roads, Sensors, Real-time systems, Urban areas, Probabilistic logic, Atmospheric measurements, Smart Cities, unambiguous map matching, crowd sensing, GPS traces, merging heterogeneous datasets Abstract: Smart Cities need real time information to improve the efficiency of their transportation systems. In particular, crowd sensing may help to identify the current speed in each street, the congested areas, etc. In this context, map matching techniques are required to map a sequence of GPS waypoints into a set of streets on a common map. Unfortunately, most map matching approaches are probabilistic. We propose rather an unambiguous algorithm, able to identify all the possible paths that match a given sequence of waypoints. We need an unambiguous identification for each waypoints set. For instance, the actual speed should be assigned to the correct set of streets, without error. To identify all the possible streets, we construct the set of candidates iteratively. We identify all the edge candidates around each waypoint, and reconstruct all the possible sub-routes that connect them. We then verify a set of constraints, to eliminate impossible routes. The road segments common to all computed routes form an unambiguous match. We evaluate the matching ratio of our technique on real city maps (London, Paris and Luxembourg). We also validate our approach with a real GPS trace in Seattle. #### Graceful BGP Session Shutdown - Authors: Pierre Francois, Bruno Decraene, Cristel Pelsser, Keyur Patel, Clarence Filsfils - Type: Miscellaneous - Venue: RFC - Publisher: RFC Editor - DOI: https://doi.org/10.17487/RFC8326 - URL: https://cristel.pelsser.eu/publication/francois-2018 - Keywords: BGP, Graceful shutdown Abstract: This document standardizes a new well-known BGP community, GRACEFUL_SHUTDOWN, to signal the graceful shutdown of paths. This document also describes operational procedures that use this well-known community to reduce the amount of traffic lost when BGP peering sessions are about to be shut down deliberately, e.g., for planned maintenance. #### Leveraging Inter-domain Stability for BGP Dynamics Analysis - Authors: Thomas Green, Anthony Lambert, Cristel Pelsser, Dario Rossi - Type: Conference Paper - Venue: Passive and Active Measurement - 19th International Conference, PAM 2018 - Pages: 203--215 - Publisher: Springer - DOI: https://doi.org/10.1007/978-3-319-76481-8_15 - URL: https://cristel.pelsser.eu/publication/green-2018 - Keywords: BGP, Internet, Routing, Anomaly Detection, Security Abstract: In the Internet, Autonomous Systems continuously exchange routing information via the BGP protocol: the large number of networks involved and the verbosity of BGP result in a huge stream of updates. Making sense of all those messages remains a challenge today. In this paper, we leverage the notion of "primary path" (i.e., the most used inter-domain path of a BGP router toward a destination prefix for a given time period), reinterpreting updates by grouping them in terms of primary paths unavailability periods, and illustrate how BGP dynamics analysis would benefit from working with primary paths. Our contributions are as follows. First, through measurements, we validate the existence of primary paths: by analyzing BGP updates announced at the LINX RIS route collector spanning a three months period, we show that primary paths are consistently in use during the observation period. Second, we quantify the benefits of primary paths for BGP dynamics analysis on two use cases : Internet tomography and anomaly detection. For the latter, using three months of anomalous BGP events documented by BGPmon as reference, we show that primary paths could be used for detecting such events (hijacks and outages), testifying of the increased semantic they provide. ### 2017 #### Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements - Authors: Romain Fontugne, Cristel Pelsser, Emile Aben, Randy Bush - Type: Conference Paper - Venue: Proceedings of the 2017 Internet Measurement Conference, IMC 2017 - Pages: 15--28 - Publisher: ACM - DOI: https://doi.org/10.1145/3131365.3131384 - URL: https://cristel.pelsser.eu/publication/fontugne-2017 - Keywords: traceroute, outage, congestion, routing anomaly, statistical analysis, internet delay Abstract: Understanding network health is essential to improve Internet reliability. For instance, detecting disruptions in peer and provider networks facilitates the identification of connectivity problems. Currently this task is time consuming for network operators. It involves a fair amount of manual observation because operators have little visibility into other networks. In this paper we leverage the RIPE Atlas measurement platform to monitor and analyze network conditions. We propose a set of complementary methods to detect network disruptions from traceroute measurements. A novel method of detecting changes in delays is used to identify congested links, and a packet forwarding model is employed to predict traffic paths and to identify faulty routers in case of packet loss. In addition, aggregating results from each method allows us to easily monitor a network and identify coordinated reports manifesting significant network disruptions, reducing uninteresting alarms. Our contributions consist of a statistical approach providing robust estimation for Internet delays and the study of hundreds of thousands link delays. We present three cases demonstrating that the proposed methods detect real disruptions and provide valuable insights, as well as surprising findings, on the location and impact of identified events. #### Measurement Vantage Point Selection Using A Similarity Metric - Authors: Thomas Holterbach, Emile Aben, Cristel Pelsser, Randy Bush, Laurent Vanbever - Type: Conference Paper - Venue: Proceedings of the Applied Networking Research Workshop - Pages: 1--3 - Publisher: ACM - DOI: https://doi.org/10.1145/3106328.3106334 - URL: https://cristel.pelsser.eu/publication/holterbach-2017 - Keywords: RIPE Atlas, Internet Measurement, Monitoring Abstract: It is a challenge to select the most appropriate vantage points in a measurement platform with a wide selection. RIPE Atlas [2], for example currently has over 9600 active measurement vantage points, with selections based on AS, country, etc. A user is limited to how many vantage points they can use in a measurement. This is not only due to limitations the measurement platform imposes, but data from a large number of vantage points would produce a large volume to analyse and store. So it makes sense to optimize for a minimal set of vantage points with a maximum chance of observing the phenomenon in which the user is interested.Network operators often need to debug with only limited information about the problem ("Our network is slow for users in France!"). doing a minimal set of measurements that would allow testing through a wide diversity of networks could be a valuable add-on to the tools available to network operators. Given platforms with numerous vantage points, we have the luxury of testing a large set of end-customer outgoing paths. A diversity metric would allow selection of the most dissimilar vantage points, while exploring from as diverse angles as possible, even with a limited probing budget. If one finds an interesting network phenomenon, one could use the similarity metric to advantage by selecting the most similar vantage points to the one exhibiting the phenomenon, to validate the phenomenon from multiple vantage points.We propose a novel means of selecting vantage points, not based on categorical properties such as origin AS, or geographic location, but rather on topological (dis)similarity between vantage points. We describe a similarity metric across RIPE Atlas probes, and show how it performs better for the purpose of topology discovery than the default probe selection mechanism built into RIPE Atlas. #### Disco: Fast, good, and cheap outage detection - Authors: Anant Shah, Romain Fontugne, Emile Aben, Cristel Pelsser, Randy Bush - Type: Conference Paper - Venue: 2017 Network Traffic Measurement and Analysis Conference (TMA) - Pages: 1--9 - Publisher: IEEE - DOI: https://doi.org/10.23919/TMA.2017.8002902 - URL: https://cristel.pelsser.eu/publication/shah-2017 - Keywords: Probes, Monitoring, Internet, Real-time systems, Data models, Automata, Telescopes Abstract: Outage detection has been studied from different angles, such as active probing, analysis of background radiations, or control plane information. We approach outage detection from a new perspective. Disco is a detection technique that uses existing long-running TCP connections to identify bursts of disconnections. The benefits are considerable as we can monitor, without adding a single packet to the traffic, Internet-wide swaths of infrastructure that were not monitored previously because they are, for example, not responsive to ICMP probes or behind NATs. With Disco we analyze state changes on connections between RIPE Atlas probes and the RIPE Atlas infrastructure. This data, that is originally logged to monitor probe availability, has a small footprint and is available as a publicly accessible live stream, which makes light-weight near real-time outage detection possible. Probes perform planned traceroute measurements regardless of their connectivity to the RIPE Atlas infrastructure. This gives us a no cost advantage of viewing the outage inside out as the probes experienced it, characterizing the outage after the fact. Thus, we present an outage detection system able to run in near real-time (fast), with a precision of 95% (good), and without generating any new measurement traffic (cheap). We studied historical probe disconnections from 2011 to 2016 and report on the 443 most prominent outages. To validate our results we inspected traceroute results from affected probes and compared our detection to that of Trinocular. #### Leveraging interdomain stability for squeezed and juicy BGP dynamics - Authors: Thomas Green, Anthony Lambert, Dario Rossi, Cristel Pelsser - Type: poster - Venue: 7th PhD school on Traffic Monitoring and Analysis (TMA) - URL: https://cristel.pelsser.eu/publication/green-2017 - Keywords: BGP, Internet, Routing, Anomaly Detection, Security Abstract: In the Internet, Autonomous Systems continuously exchange routing information via the BGP protocol: the large number of networks involved and the verbosity of BGP result in a huge stream of updates. Making sense of all those messages remains a challenge today. In this paper, we leverage the notion of "primary path" (i.e., the most used inter-domain path of a BGP router toward a destination prefix for a given time period), reinterpreting updates by grouping them in terms of primary paths unavailability periods, and illustrate how BGP dynamics analysis would benefit from working with primary paths. Our contributions are as follows. First, through measurements, we validate the existence of primary paths: by analyzing BGP updates announced at the LINX RIS route collector spanning a three months period, we show that primary paths are consistently in use during the observation period. Second, we quantify the benefits of primary paths for BGP dynamics analysis on two use cases : Internet tomography and anomaly detection. For the latter, using three months of anomalous BGP events documented by BGPmon as reference, we show that primary paths could be used for detecting such events (hijacks and outages), testifying of the increased semantic they provide. #### BGP table fragmentation: what and who? - Authors: Julien Gamba, Romain Fontugne, Cristel Pelsser, Randy Bush, Emile Aben - Type: Conference Paper - Venue: CoRes - URL: https://cristel.pelsser.eu/publication/gamba-2017 - Keywords: BGP, Internet routing table, prefix deaggregation, path prepending, traffic engineering Abstract: BGP routing table growth is one of the major Internet scaling issues, and prefix deaggregation is thought to be a major contributor to table growth. In this work we quantify the fragmentation of the routing table by the type of IP prefix. We observe that the proportion of deaggregated prefixes has quasi doubled in the last fifteen years. Our study also shows that the deaggregated prefixes are the least stable; they appear and disappear more frequently. While we can not see significant differences in path prepending between the categories, deaggregated prefixes do tend to be announced more selectively, indicating traffic engineering. We find cases where lonely prefixes are actually deaggregation in disguise. Indeed, some large transit ISPs advertise many lonely prefixes when they own the covering prefix. We show the extents of this practice that has a negative impact on the routing table even though it could usually be avoided. #### Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements - Authors: Romain Fontugne, Emile Aben, Cristel Pelsser, Randy Bush - Type: Technical Report - Venue: CoRR - DOI: https://doi.org/10.1145/3131365.3131384 - URL: https://cristel.pelsser.eu/publication/fontugne-2016 - Keywords: Internet, RIPE Atlas, traceroute, monitoring Abstract: Understanding network health is essential to improve Internet reliability. For instance, detecting disruptions in peer and provider networks facilitates the identification of connectivity problems. Currently this task is time consuming for network operators. It involves a fair amount of manual observation because operators have little visibility into other networks. In this paper we leverage the RIPE Atlas measurement platform to monitor and analyze network conditions. We propose a set of complementary methods to detect network disruptions from traceroute measurements. A novel method of detecting changes in delays is used to identify congested links, and a packet forwarding model is employed to predict traffic paths and to identify faulty routers in case of packet loss. In addition, aggregating results from each method allows us to easily monitor a network and identify coordinated reports manifesting significant network disruptions, reducing uninteresting alarms. Our contributions consist of a statistical approach providing robust estimation for Internet delays and the study of hundreds of thousands link delays. We present three cases demonstrating that the proposed methods detect real disruptions and provide valuable insights, as well as surprising findings, on the location and impact of identified events. ### 2016 #### What do parrots and BGP routers have in common? - Authors: D. Hauweele, B. Quoitin, Cristel Pelsser, Randy Bush - Type: Journal Article - Venue: ACM SIGCOMM Computer Communication Review - Pages: NA - DOI: https://doi.org/10.1145/3243157.3243159 - URL: https://cristel.pelsser.eu/publication/hauweele-2016-a Abstract: The Border Gateway Protocol propagates routing information accross the Internet in an incremental manner. It only advertises to its peers changes in routing. However, as early as 1998, observations have been made of BGP announcing the same route multiple times, causing router CPU load, memory usage and convergence time higher than expected. In this paper, by performing controlled experiments, we pinpoint multiple causes of duplicates, ranging from the lack of full RIB-Outs to the discrete processing of update messages. To mitigate these duplicates, we insert a cache at the output of the routers. We test it on public BGP traces and discuss the relation of the cache performance with the existence of bursts of updates in the trace. #### Quantifying Interference between measurements on the RIPE Atlas platform - Authors: Thomas Holterbach, Cristel Pelsser, Randy Bush, Laurent Vanbever - Type: Conference Paper - Venue: CoRes - URL: https://cristel.pelsser.eu/publication/holterbach-2016 - Keywords: Measurement, Delay, RIPE Atlas Abstract: Public measurement platforms composed of low-end hardware devices such as RIPE Atlas have gained significant traction in the research community. Such platforms are indeed particularly interesting as they provide Internet-wide measurement capabilities together with an ever growing set of measurement tools. To be scalable though, they allow for concurrent measurements between users. This paper answers a fundamental question for any platform user : Do measurements launched by others impact my results ? If so, what can I do about it ? We measured the impact of multiple users running experiments in parallel on the RIPE Atlas platform. We found that overlapping measurements do interfere with each other. We found that increasing hardware CPU greatly helped in limiting interference on the measured delays. #### The Origin of BGP Duplicates - Authors: D. Hauweele, B. Quoitin, Cristel Pelsser, Randy Bush - Type: Conference Paper - Venue: CoRes - URL: https://cristel.pelsser.eu/publication/hauweele-2016-b - Keywords: BGP, duplicates, Internet routing, network measurement Abstract: The Border Gateway Protocol propagates routing information accross the Internet in an incremental manner. It only advertises to its peers changes in routing. However, as early as 1998, observations have been made of BGP announcing the same route multiple times, causing router CPU load, memory usage and convergence time higher than expected. In this paper, by performing controlled experiments, we pinpoint multiple causes of duplicates, ranging from the lack of full RIB-Outs to the discrete processing of update messages. #### Kumori: Steering Cloud traffic at IXPs to improve resiliency - Authors: Antoine Fressancourt, Cristel Pelsser, Maurice Gagnaire - Type: Conference Paper - Venue: 2016 12th International Conference on the Design of Reliable Communication Networks (DRCN) - Pages: 138--144 - Publisher: IEEE - DOI: https://doi.org/10.1109/DRCN.2016.7470848 - URL: https://cristel.pelsser.eu/publication/fressancourt-2016 - Keywords: Computer architecture, Peer-to-peer computing, Cloud computing, Routing, Overlay networks, SDN, Overlay, Resiliency, Performance evaluation Abstract: After a few years of infancy, Cloud services have now gained enough maturity to be used to deliver an increasing number of critical services. To ensure the capacity of those services to survive failure events, major Cloud Services Providers (CSPs) deploy their platform in distant datacenters. The framework used to interconnect those datacenters is most of the time over-provisioned and costly to manage. In this paper, we present “Kumori”, a SDN-based overlay architecture designed to give CSPs back control on their inter-datacenter connectivity. Using the iPlane dataset, we compare our architecture with the Resilient Overlay Network (RON), considered as a seminal project on Internet resiliency for the last ten years. Our results show that, depending on the CSP's size and connectivity strategy, our architecture either gives significantly shorter paths than RON in terms of latency or provides a similar service using a smaller overlay in terms of number of overlay nodes. ### 2015 #### Quantifying Interference between Measurements on the RIPE Atlas Platform - Authors: Thomas Holterbach, Cristel Pelsser, Randy Bush, Laurent Vanbever - Type: Conference Paper - Venue: Proceedings of the 2015 Internet Measurement Conference - Pages: 437--443 - Publisher: ACM - DOI: https://doi.org/10.1145/2815675.2815710 - URL: https://cristel.pelsser.eu/publication/holterbach-2015 - Keywords: RIPE Atlas, Measurement Interference, Measurement Synchronization Abstract: Public measurement platforms composed of low-end hardware devices such as RIPE Atlas have gained significant traction in the research community. Such platforms are indeed particularly interesting as they provide Internet-wide measurement capabilities together with an ever growing set of measurement tools. To be scalable though, they allow for concurrent measurements between users. This paper answers a fundamental question for any platform user: Do measurements launched by others impact my results? If so, what can I do about it?We measured the impact of multiple users running experiments in parallel on the RIPE Atlas platform. We found that overlapping measurements do interfere with each other in at least two ways. First, we show that measurements performed from and towards the platform can significantly increase timings reported by the probe. We found that increasing hardware CPU greatly helped in limiting interference on the measured timings. Second, we show that measurement campaigns can end up completely out-of-synch (by up to one hour), due to concurrent loads. In contrast to precision, we found that better hardware does not help. #### Quantifying Interference Between Measurements On The RIPE Atlas Platform - Authors: Thomas Holterbach, Cristel Pelsser, Randy Bush, Laurent Vanbever - Type: poster - Venue: 5th PhD School on Traffic Monitoring and Analysis (TMA) - DOI: https://doi.org/10.1145/2815675.2815710 - URL: https://cristel.pelsser.eu/publication/holterbach-2015-a - Keywords: RIPE Atlas Platform, measurement, interference Abstract: Public measurement platforms composed of low-end hardware devices such as RIPE Atlas have gained significant traction in the research community. Such platforms are indeed particularly interesting as they provide Internet-wide measurement capabilities together with an ever growing set of measurement tools. To be scalable though, they allow for concurrent measurements between users. This paper answers a fundamental question for any platform user: Do measurements launched by others impact my results? If so, what can I do about it? We measured the impact of multiple users running experiments in parallel on the RIPE Atlas platform. We found that overlapping measurements do interfere with each other in at least two ways. First, we show that measurements performed from and towards the platform can significantly increase timings reported by the probe. We found that increasing hardware CPU greatly helped in limiting interference on the measured timings. Second, we show that measurement campaigns can end up completely out-of-synch (by up to one hour), due to concurrent loads. In contrast to precision, we found that better hardware does not help. #### The BGP Visibility Toolkit: Detecting Anomalous Internet Routing Behavior - Authors: Andra Lutu, Marcelo Bagnulo, Cristel Pelsser, Olaf Maennel, Jesús Cid-Sueiro - Type: Journal Article - Venue: IEEE/ACM Transactions on Networking - Pages: 1237--1250 - Publisher: IEEE - DOI: https://doi.org/10.1109/TNET.2015.2413838 - URL: https://cristel.pelsser.eu/publication/lutu-2016 - Keywords: Routing, Internet, Monitoring, Feeds, Machine learning algorithms, Communities, Writing, Anomaly detection, BGP, Internet measurement, machine assembly Abstract: In this paper, we propose the BGP Visibility Toolkit, a system for detecting and analyzing anomalous behavior in the Internet. We show that interdomain prefix visibility can be used to single out cases of erroneous demeanors resulting from misconfiguration or bogus routing policies. The implementation of routing policies with BGP is a complicated process, involving fine-tuning operations and interactions with the policies of the other active ASes. Network operators might end up with faulty configurations or unintended routing policies that prevent the success of their strategies and impact their revenues. As part of the Visibility Toolkit, we propose the BGP Visibility Scanner, a tool which identifies limited visibility prefixes in the Internet. The tool enables operators to provide feedback on the expected visibility status of prefixes. We build a unique set of ground-truth prefixes qualified by their ASes as intended or unintended to have limited visibility. Using a machine learning algorithm, we train on this unique dataset an alarm system that separates with 95% accuracy the prefixes with unintended limited visibility. Hence, we find that visibility features are generally powerful to detect prefixes which are suffering from inadvertent effects of routing policies. Limited visibility could render a whole prefix globally unreachable. This points towards a serious problem, as limited reachability of a non-negligible set of prefixes undermines the global connectivity of the Internet. We thus verify the correlation between global visibility and global connectivity of prefixes. #### An analysis of the economic impact of strategic deaggregation - Authors: Andra Lutu, Marcelo Bagnulo, Cristel Pelsser, Kenjiro Cho, Rade Stanojevic - Type: Journal Article - Venue: Computer Networks - Pages: 147--163 - DOI: https://doi.org/10.1016/j.comnet.2015.02.008 - URL: https://cristel.pelsser.eu/publication/lutu-2015 - Keywords: BGP, Traffic engineering, Economics, Modeling, Measurements Abstract: The advertisement of more-specific prefixes provides network operators with a fine-grained method to control the interdomain ingress traffic. Prefix deaggregation is recognized as a steady long-lived phenomenon at the interdomain level, despite its well-known negative effects for the community. In this paper, we look past the original motivation for deploying deaggregation in the first place, and instead we focus on its aftermath. We identify and analyze here one particular side-effect of deaggregation regarding the economic impact of this type of strategy: decreasing the transit traffic bill. We propose a general Internet model to analyze the effect of advertising more-specific prefixes on the incoming transit traffic burstiness. We show that deaggregation combined with selective advertisements has a traffic stabilization side-effect, which translates into a decrease of the transit traffic bill. Next, we develop a methodology for Internet Service Providers (ISPs) to monitor general occurrences of prefix deaggregation within their customer base. Thus, the ISPs can detect selective advertisements of deaggregated prefixes, and thus identify customers which impact the business of their providers. We apply the proposed methodology on a complete set of data including routing, traffic, topological and billing information provided by a major Japanese ISP and we discuss the obtained results. #### Measuring BGP Route Origin Registration and Validation - Authors: Daniele Iamartino, Cristel Pelsser, Randy Bush - Type: Conference Paper - Venue: Passive and Active Measurement - 16th International Conference, PAM 2015 - Pages: 28--40 - Publisher: Springer - DOI: https://doi.org/10.1007/978-3-319-15509-8_3 - URL: https://cristel.pelsser.eu/publication/iamartino-2015 - Keywords: Autonomous System, Address Space, Origin Validation, Route Origin, Route Validation Abstract: BGP, the de-facto inter-domain routing protocol, was designed without considering security. Recently, network operators have experienced hijacks of their network prefixes, often due to BGP misconfiguration by other operators, sometimes maliciously. In order to address this, prefix origin validation, based on a RPKI infrastructure, was proposed and developed. Today, many organizations are registering their data in the RPKI to protect their prefixes from accidental mis-origination. However, some organizations submit incorrect information to the RPKI repositories or announce prefixes that do not exactly match what they registered. Also, the RPKI repositories of Internet registries are not operationally reliable. The aim of this work is to reveal these problems via measurement. We show how important they are, try to understand the main causes of errors, and explore possible solutions. In this longitudinal study, we see the impact of a policy which discards route announcements with invalid origins would have on the routing table, and to a lesser extent on the traffic at the edge of a large research network. ### 2014 #### Enforcing RPKI-based routing policy on the data plane at an internet exchange - Authors: Josh Bailey, Dean Pemberton, Andy Linton, Cristel Pelsser, Randy Bush - Type: Conference Paper - Venue: Proceedings of the third workshop on Hot topics in software defined networking, HotSDN '14 - Pages: 211--212 - Publisher: ACM - DOI: https://doi.org/10.1145/2620728.2620769 - URL: https://cristel.pelsser.eu/publication/bailey-2014 - Keywords: BGP, RPKI, Routing Security, OpenFlow, security Abstract: Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers. #### Enforcing RPKI-Based Routing Policy on the Data Plane at an Internet Exchange - Authors: Josh Bailey, Dean Pemberton, Andy Linton, Cristel Pelsser, Randy Bush - Type: poster - Venue: HotSDN 2014 (Poster session) - DOI: https://doi.org/10.1145/2620728.2620769 - URL: https://cristel.pelsser.eu/publication/bailey-2014-a - Keywords: BGP, RPKI, Routing Security, OpenFlow, security Abstract: Over a decade of work has gone into securing the BGP rout- ing control plane. Through all this, there has been an oft repeated refrain, ”It is acknowledged that rigorous control plane verification does not in any way guarantee that packets follow the control plane.” We describe what may be the first deployment of data plane enforcement of RPKI-based con- trol plane validation. OpenFlow switches providing an ex- change fabric and controlled by a Quagga BGP route server drop traffic for prefixes which have invalid origins without requiring any RPKI support by connected BGP peers. #### Making Route Flap Damping Usable - Authors: Cristel Pelsser, Randy Bush, Keyur Patel, Prodosh Mohapatra, Olaf Maennel - Type: Miscellaneous - Venue: RFC - Publisher: RFC Editor - DOI: https://doi.org/10.17487/RFC7196 - URL: https://cristel.pelsser.eu/publication/pelsser-2014 - Keywords: BGP, Route Flap Damping, Route Damping Abstract: Route Flap Damping (RFD) was first proposed to reduce BGP churn in routers. Unfortunately, RFD was found to severely penalize sites for being well connected because topological richness amplifies the number of update messages exchanged. Many operators have turned RFD off. Based on experimental measurement, this document recommends adjusting a few RFD algorithmic constants and limits in order to reduce the high risks with RFD. The result is damping a non-trivial amount of long-term churn without penalizing well-behaved prefixes' normal convergence process. #### Understanding the Reachability of IPv6 Limited Visibility Prefixes - Authors: Andra Lutu, Marcelo Bagnulo, Cristel Pelsser, Olaf Maennel - Type: Conference Paper - Venue: Passive and Active Measurement - 15th International Conference, PAM 2014 - Pages: 163--172 - Publisher: Springer-Verlag - DOI: https://doi.org/10.1007/978-3-319-04918-2_16 - URL: https://cristel.pelsser.eu/publication/lutu-2014 - Keywords: IPv6, BGP, Route propagation, IPv6 visibility, reachability Abstract: The main functionality of the Internet is to provide global connectivity for every node attached to it. In light of the IPv4 address space depletion, large networks are in the process of deploying IPv6. In this paper we perform an extensive analysis of how BGP route propagation affects global reachability of the active IPv6 address space in the context of this unique transition of the Internet infrastructure. We propose and validate a methodology for testing the reachability of an IPv6 address block active in the routing system. Leveraging the global visibility status of the IPv6 prefixes evaluated with the BGP Visibility Scanner, we then use this methodology to verify if the visibility status of the prefix impacts its reachability at the interdomain level. We perform active measurements using the RIPE Atlas platform. We test destinations with different BGP visibility degrees (i.e., limited visibility - LV, high visibility - HV and dark prefixes). We show that the IPv6 LV prefixes (v6LVPs) are generally reachable, mostly due to a less-specific HV covering prefix (v6HVP). However, this is not the case of the dark address space, which, by not having a covering v6HVP is largely unreachable. When talking about the results we present in this paper a better explanation of trace route and some basic concepts of BGP will be provided. #### Collaborative Repository for Cybersecurity Data and Threat Information - Authors: Jean Lorchat, Cristel Pelsser, Romain Fontugne - Type: Conference Paper - Venue: 2014 Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) - Pages: 83--87 - Publisher: IEEE - DOI: https://doi.org/10.1109/BADGERS.2014.13 - URL: https://cristel.pelsser.eu/publication/lorchat-2014 - Keywords: Authorization, Collaboration, Computer security, Internet, Standards, Public key, Buildings, threat data exchange, trust, security Abstract: In this paper, we attempt to show how to build a collaborative repository for cybersecurity data and threat information by building on top of a privacy-aware storage system: Tamias. We set the following goals: allow data sharing with a very high level of control over the sharing scope, enhance collaboration of entities that may not know each other but deal with similar threats, and manage different levels of trust between each parties. These levels of trust will define how much information is shared with each entity. ### 2013 #### From Paris to Tokyo: on the suitability of ping to measure latency - Authors: Cristel Pelsser, Luca Cittadini, Stefano Vissicchio, Randy Bush - Type: Conference Paper - Venue: Proceedings of the 2013 Conference on Internet Measurement Conference IMC - Pages: 427--432 - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/2504730.2504765 - URL: https://cristel.pelsser.eu/publication/pelsser-2013 - Keywords: ping, delay, jitter, load balancing Abstract: Monitoring Internet performance and measuring user quality of experience are drawing increased attention from both research and industry. To match this interest, large-scale measurement infrastructures have been constructed. We believe that this effort must be combined with a critical review and calibrarion of the tools being used to measure performance.In this paper, we analyze the suitability of ping for delay measurement. By performing several experiments on different source and destination pairs, we found cases in which ping gave very poor estimates of delay and jitter as they might be experienced by an application. In those cases, delay was heavily dependent on the flow identifier, even if only one IP path was used. For accurate delay measurement we propose to replace the ping tool with an adaptation of paris-traceroute which supports delay and jitter estimation, without being biased by per-flow network load balancing. #### ネットワークの再設定に関する共同研究 - Authors: Cristel Pelsser - Type: Journal Article - Venue: IIJ News - URL: https://cristel.pelsser.eu/publication/pelsser-2013-a Abstract: Joint research on network reconfiguration . #### The Aftermath of Prefix Deaggregation - Authors: Andra Lutu, Cristel Pelsser, Marcelo Bagnulo, Kenjiro Cho - Type: Conference Paper - Venue: Proceedings of the 2013 25th International Teletraffic Congress (ITC) - Pages: 1--8 - Publisher: IEEE - DOI: https://doi.org/10.1109/ITC.2013.6662950 - URL: https://cristel.pelsser.eu/publication/lutu-2013 - Keywords: Routing, Internet, Economics, Monitoring, Advertising, Topology Abstract: Prefix deaggregation is recognized as a steady long-lived phenomenon at the interdomain level, despite its well-known negative effects for the community. The advertisement of more-specific prefixes provides network operators with a fine-grained method to control the interdomain ingress traffic. Moreover, customer networks combining this mechanism with selective advertisements may decrease their monthly transit traffic bill and potentially impact the business of their providers. In this paper, we develop a methodology for Internet Service Providers (ISPs) to monitor new occurrences of prefix deaggregation within their customer base. Moreover, the ISPs can detect on their own when deaggregation may decrease the transit bill of their customer networks. We first examine the ISP's BGP routing data for new cases of prefix deaggregation generated by customers. Then, we check for selective advertisements of the newly generated prefixes using external routing data. We look beyond the incentives for deploying this type of strategy and instead we examine its economic impact. We exemplify the proposed methodology on a complete set of data including routing, traffic, topological and billing information provided by a major Japanese ISP and we discuss the implications of the obtained results. #### Improving Network Agility With Seamless BGP Reconfigurations - Authors: Stefano Vissicchio, Laurent Vanbever, Cristel Pelsser, Luca Cittadini, Pierre François, Olivier Bonaventure - Type: Journal Article - Venue: IEEE/ACM Transactions on Networking - Pages: 990--1002 - Publisher: IEEE - DOI: https://doi.org/10.1109/TNET.2012.2217506 - URL: https://cristel.pelsser.eu/publication/vissicchio-2013 - Keywords: Routing, Topology, Best practices, Network topology, Oscillators, Routing protocols, IEEE transactions, BGP, configuration, migration, reconfiguration, ships in the night, VRF Abstract: The network infrastructure of Internet service providers (ISPs) undergoes constant evolution. Whenever new requirements arise (e.g., the deployment of a new Point of Presence or a change in the business relationship with a neighboring ISP), operators need to change the configuration of the network. Due to the complexity of the Border Gateway Protocol (BGP) and the lack of methodologies and tools, maintaining service availability during reconfigurations that involve BGP is a challenge for operators. In this paper, we show that the current best practices to reconfigure BGP do not provide guarantees with respect to traffic disruptions. Then, we study the problem of finding an operational ordering of BGP reconfiguration steps that guarantees no packet loss. Unfortunately, finding such an operational ordering, when it exists, is computationally hard. To enable lossless reconfigurations, we propose a framework that extends current features of carrier-grade routers to run two BGP control planes in parallel. We present a prototype implementation and show the effectiveness of our framework through a case study. #### Tamias:安全かつプライベートな個人向け分散ストレージ - Authors: Jean Lorchat, Cristel Pelsser - Type: Journal Article - Venue: IIJ Internet Infrastructure Review - URL: https://cristel.pelsser.eu/publication/lorchat-2013 Abstract: The Tamias system is a distributed storage system that solves the problem of privacy protection through two types of encryption. Since the data stored on the server is encrypted, privacy can be protected even if the storage server is hosted by a third party. In addition, it is fault-tolerant due to its distributed architecture and the use of erasure coding. Tamias is based on the open-source Tahoe-LAFS distributed file system, and implements our proposed authentication and sharing features. Tamias is based on the open source Tahoe-LAFS distributed file system and implements our proposed authentication and sharing features. #### RIPE Routing Working Group Recommendations on Route Flap Damping - Authors: Randy Bush, Cristel Pelsser, Mirjam Kuhne, Olaf Maennel, Pradosh Mohapatra, Keyur Patel, Rob Evans - Type: Technical Report - Venue: RIPE - Publisher: RIPE Routing Working Group - URL: https://cristel.pelsser.eu/publication/bush-2013 Abstract: The RIPE Routing Working Group recommends raising the suppress threshold to 50,000 and operators configure a suppress threshold value of at least 6,000. The vendors might also change the default suppress threshold to 6,000. ### 2012 #### Detecting unsafe BGP policies in a flexible world - Authors: Debbie Perouli, Timothy G. Griffin, Olaf Maennel, Sonia Fahmy, Cristel Pelsser, Alexander J. T. Gurney, Iain Phillips - Type: Conference Paper - Venue: 2012 20th IEEE International Conference on Network Protocols (ICNP) - Pages: 1--10 - Publisher: IEEE Computer Society - DOI: https://doi.org/10.1109/icnp.2012.6459974 - URL: https://cristel.pelsser.eu/publication/perouli-2012 - Keywords: Routing, Safety, Peer-to-peer computing, Guidelines, Electronic mail, Internet, Protocols Abstract: Internet Service Providers (ISPs) need to balance multiple opposing objectives. On one hand, they strive to offer innovative services to obtain competitive advantages; on the other, they have to interconnect with potentially competing ISPs to achieve reachability, and coordinate with them for certain services. The complexity of balancing these objectives is reflected in the diversity of policies of the Border Gateway Protocol (BGP), the standard inter-domain routing protocol. Unforeseen interactions among the BGP policies of different ISPs can cause routing anomalies. In this work, we propose a methodology to allow ISPs to check their BGP policy configurations for guaranteed convergence to a single stable state. This requires that a set of ISPs share their configurations with each other, or with a trusted third party. Compared to previous approaches to BGP safety, we (1) allow ISPs to use a richer set of policies, (2) do not modify the BGP protocol itself, and (3) detect not only instability, but also multiple stable states. Our methodology is based on the extension of current theoretical frameworks to relax their constraints and use incomplete data. We believe that this provides a rigorous foundation for the design and implementation of safety checking tools. #### Reducing the complexity of BGP stability analysis with hybrid combinatorial-algebraic models - Authors: Debbie Perouli, Stefano Vissicchio, Alexander Gurney, Olaf Maennel, Timothy Griffin, Iain Phillips, Sonia Fahmy, Cristel Pelsser - Type: Conference Paper - Venue: 2012 The 2nd International Workshop on Rigorous Protocol Engineering (WRiPE) - Pages: 1--6 - Publisher: IEEE Computer Society - DOI: https://doi.org/10.1109/ICNP.2012.6459945 - URL: https://cristel.pelsser.eu/publication/perouli-2012-b - Keywords: BGP, Internet Routing, Algebraic Modeling Abstract: Routing stability and correctness in the Internet have long been a concern. Despite this, few theoretical frameworks have been proposed to check BGP configurations for convergence and safety. The most popular approach is based on the Stable Paths Problem (SPP) model. Unfortunately, SPP requires enumeration of all possible control-plane paths, which is infeasible in large networks. In this work, we study how to apply algebraic frameworks to the BGP configuration checking problem. We propose an extension of the Stratified Shortest Path Problem (SSPP) model that has a similar expressive power to SPP, but enables more efficient checking of configuration correctness. Our approach remains valid when BGP policies are applied to iBGP sessions - a case which is often overlooked by previous work, although common in today's Internet. While this paper focuses mainly on iBGP problems, our methodology can be extended to eBGP if operators are willing to share their local-preference configurations. #### Detecting the Unintended in BGP Policies - Authors: Debbie Perouli, Timothy G. Griffin, Olaf Maennel, Sonia Fahmy, Iain Phillips, Cristel Pelsser - Type: poster - Venue: 20th IEEE International Conference on Network Protocols (ICNP) (Poster session) - DOI: https://doi.org/10.1109/icnp.2012.6459955 - URL: https://cristel.pelsser.eu/publication/perouli-2012-c - Keywords: bgp, routing policy, policy analysis, isp Abstract: Internet Service Providers (ISPs) use routing policies to implement the requirements of business contracts, manage traffic, address security concerns and increase scalability of their network. These routing policies are often a high-level expression of strategies or intentions of the ISP. They have meaning when viewed from a network-wide perspective (e.g., mark on ingress, filter on egress). However, configuring these policies for the Border Gateway Protocol (BGP) is undertaken at a low-level, on a per router basis. Unintended routing outcomes have been observed. In this work, we define a language that allows analysis of network-wide configurations at the high-level. This language aims at bridging the gap between router configurations and abstract mathematical models capable of capturing complex policies. The language can be used to verify desired properties of routing protocols and hence detect potential unintended states of BGP. The language is accompanied by a tool suite that parses router configuration languages (which by their nature are vendor-dependent) and translates them into vendor-independent representations of policies. #### Route Flap Damping Deployment Status Survey - Authors: Shishio Tsuchiya, Seiichi Kawamura, Randy Bush, Cristel Pelsser - Type: Technical Report - Publisher: Internet Engineering Task Force - URL: https://cristel.pelsser.eu/publication/shishio-grow-isp-rfd-implement-survey-05 - Keywords: BGP, Route Flap Damping Abstract: BGP Route Flap Damping [RFC2439] is a mechanism that targets route stability. It penalyzes routes that flap with the aim of reducing CPU load on the routers. But it has side-effects. Thus, in 2006, RIPE recommended not to use Route Flap Damping (see [RIPE-378]). Now, some researchers propose to turn RFD, with less aggressive parameters, back on [draft-ymbk-rfd-usable]. This document describes results of a survey conducted among service provider on their use of BGP Route Flap Damping. #### TAMIAS: A distributed storage built on privacy and identity - Authors: J. Lorchat, Cristel Pelsser, Randy Bush, K. Shima, H. Schlesinger, L. Johansson - Type: Journal Article - Venue: TERENA Networking Conference 2012: Networking to Services, TNC 2012 - URL: https://cristel.pelsser.eu/publication/shima-2012 - Keywords: privacy, user identity, user introduction, distributed storage, document sharing Abstract: In this paper we present Tamias, a new distributed storage system. Tamias has identity and privacy at its core and builds upon it to bring fine-grained sharing features, delegation and revocation. It is can be used upon any lowlevel distributed storage that has full encryption outside the client. An identity is defined by a public-key that is circulated by the user among other users to introduce himself. In such a situation, introduction is an important step, and out-of-band is always going to be the safest bet. However, we also defined several optional in-band introduction mechanisms. Users can publish information about themselves, solicit other users with a self-introduction, and recommend users they trust to a third party. Finally, using public-key cryptography mechanisms, they can establish secure communication channels that allow to share objects safely within the Tamias storage system. Such a storage is a key piece of technology required by anyone who is privacy conscious, wants to make private online backups, or who is generally worried about Cloud-like online systems taking away their personal data. #### Lossless migrations of link-state IGPs - Authors: Laurent Vanbever, Stefano Vissicchio, Cristel Pelsser, Pierre François, Olivier Bonaventure - Type: Journal Article - Venue: IEEE/ACM Transactions on Networking - Pages: 1842--1855 - Publisher: IEEE - DOI: https://doi.org/10.1109/TNET.2012.2190767 - URL: https://cristel.pelsser.eu/publication/vanbever-2012 - Keywords: Routing protocols, Topology, Routing, Logic gates, IP networks, Convergence, Configuration, design guidelines, IGP, migration, reconfiguration, summarization Abstract: Network-wide migrations of a running network, such as the replacement of a routing protocol or the modification of its configuration, can improve the performance, scalability, manageability, and security of the entire network. However, such migrations are an important source of concerns for network operators as the reconfiguration campaign can lead to long, service-disrupting outages. In this paper, we propose a methodology that addresses the problem of seamlessly modifying the configuration of link-state Interior Gateway Protocols (IGPs). We illustrate the benefits of our methodology by considering several migration scenarios, including the addition and the removal of routing hierarchy in a running IGP, and the replacement of one IGP with another. We prove that a strict operational ordering can guarantee that the migration will not create any service outage. Although finding a safe ordering is NP-complete, we describe techniques that efficiently find such an ordering and evaluate them using several real-world and inferred ISP topologies. Finally, we describe the implementation of a provisioning system that automatically performs the migration by pushing the configurations on the routers in the appropriate order while monitoring the entire migration process. ### 2011 #### The Japan Earthquake: The Impact on Traffic and Routing Observed by a Local ISP - Authors: Kenjiro Cho, Cristel Pelsser, Randy Bush, Youngjoon Won - Type: Conference Paper - Venue: Proceedings of the Special Workshop on Internet and Disasters - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/2079360.2079362 - URL: https://cristel.pelsser.eu/publication/cho-2011 - Keywords: internet, routing, network management, traffic, disaster, ISP, measurement Abstract: The Great East Japan Earthquake and Tsunami on March 11, 2011, disrupted a significant part of communications infrastructures both within the country and in connectivity to the rest of the world. Nonetheless, many users, especially in the Tokyo area, reported experiences that voice networks did not work yet the Internet did. At a macro level, the Internet was impressively resilient to the disaster, aside from the areas directly hit by the quake and ensuing tsunami. However, little is known about how the Internet was running during this period. We investigate the impact of the disaster to one major Japanese Internet Service Provider (ISP) by looking at measurements of traffic volumes and routing data from within the ISP, as well as routing data from an external neighbor ISP. Although we can clearly see circuit failures and subsequent repairs within the ISP, surprisingly little disruption was observed from outside. #### Seamless Network-Wide IGP Migrations - Authors: Laurent Vanbever, Stefano Vissicchio, Cristel Pelsser, Pierre Francois, Olivier Bonaventure - Type: Conference Paper - Venue: Proceedings of the ACM SIGCOMM 2011 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications - Pages: 314--325 - Publisher: Association for Computing Machinery - DOI: https://doi.org/10.1145/2018436.2018473 - URL: https://cristel.pelsser.eu/publication/vanbever-2011 - Keywords: summarization, design guidelines, IGP, configuration, migration Abstract: Network-wide migrations of a running network, such as the replacement of a routing protocol or the modification of its configuration, can improve the performance, scalability, manageability, and security of the entire network. However, such migrations are an important source of concerns for network operators as the reconfiguration campaign can lead to long and service-affecting outages.In this paper, we propose a methodology which addresses the problem of seamlessly modifying the configuration of commonly used link-state Interior Gateway Protocols (IGP). We illustrate the benefits of our methodology by considering several migration scenarios, including the addition or the removal of routing hierarchy in an existing IGP and the replacement of one IGP with another. We prove that a strict operational ordering can guarantee that the migration will not create IP transit service outages. Although finding a safe ordering is NP complete, we describe techniques which efficiently find such an ordering and evaluate them using both real-world and inferred ISP topologies. Finally, we describe the implementation of a provisioning system which automatically performs the migration by pushing the configurations on the routers in the appropriate order, while monitoring the entire migration process. #### oBGP: An Overlay for a Scalable iBGP Control Plane - Authors: Iuniana Oprescu, Mickaël Meulle, Steve Uhlig, Cristel Pelsser, Olaf Maennel, Philippe Owezarski - Type: Conference Paper - Venue: 10th IFIP Networking Conference (NETWORKING) - Pages: 420--431 - Publisher: Springer - DOI: https://doi.org/10.1007/978-3-642-20757-0_33 - URL: https://cristel.pelsser.eu/publication/oprescu-2011-a - Keywords: routing, BGP, architecture, management Abstract: The Internet is organized as a collection of networks called Autonomous Systems (ASes). The Border Gateway Protocol (BGP) is the glue that connects these administrative domains. Communication is thus possible between users worldwide and each network is responsible of sharing reachability information to peers through BGP. Protocol extensions are periodically added because the intended use and design of BGP no longer fit the current demands. Scalability concerns make the required internal BGP (iBGP) full mesh difficult to achieve in today’s large networks and therefore network operators resort to confederations or Route Reflectors (RRs) to achieve full connectivity. These two options come with a set of flaws of their own such as persistent routing oscillations, deflections, forwarding loops etc. In this paper we present oBGP, a new architecture for the redistribution of external routes inside an AS. Instead of relying on the usual statically configured set of iBGP sessions, we propose to use an overlay of routing instances that are collectively responsible for (i) the exchange of routes with other ASes, (ii) the storage of internal and external routes, (iii) the storage of the entire routing policy configuration of the AS and (iv) the computation and redistribution of the best routes towards Internet destinations to each router of the AS. #### Requirements for the Graceful Shutdown of BGP Sessions - Authors: Antonio Jose Elizond Armengol, Cristel Pelsser, Bruno Decraene, Zubair Ahmad, Tomonori Takeda, Pierre Francois - Type: Miscellaneous - Venue: RFC - Publisher: RFC Editor - DOI: https://doi.org/10.17487/RFC6198 - URL: https://cristel.pelsser.eu/publication/decraene-2011 - Keywords: BGP, graceful shutdown Abstract: The Border Gateway Protocol (BGP) is heavily used in Service Provider networks for both Internet and BGP/MPLS VPN services. For resiliency purposes, redundant routers and BGP sessions can be deployed to reduce the consequences of an Autonomous System Border Router (ASBR) or BGP session breakdown on customers' or peers' traffic. However, simply taking down or even bringing up a BGP session for maintenance purposes may still induce connectivity losses during the BGP convergence. This is no longer satisfactory for new applications (e.g., voice over IP, online gaming, VPN). Therefore, a solution is required for the graceful shutdown of a (set of) BGP session(s) in order to limit the amount of traffic loss during a planned shutdown. This document expresses requirements for such a solution. This document is not an Internet Standards Track specification; it is published for informational purposes. #### Route Flap Damping Made Usable - Authors: Cristel Pelsser, Olaf Maennel, Pradosh Mohapatra, Randy Bush, Keyur Patel - Type: Conference Paper - Venue: Passive and Active Measurement - 12th International Conference, PAM 2011 - Pages: 143--152 - Publisher: Springer - DOI: https://doi.org/10.1007/978-3-642-19260-9_15 - URL: https://cristel.pelsser.eu/publication/pelsser-2011 - Keywords: BGP, Routing, Internet Abstract: The Border Gateway Protocol (BGP), the de facto inter-domain routing protocol of the Internet, is known to be noisy. The protocol has two main mechanisms to ameliorate this, MinRouteAdvertisementInterval (MRAI), and Route Flap Damping (RFD). MRAI deals with very short bursts on the order of a few to 30 seconds. RFD deals with longer bursts, minutes to hours. Unfortunately, RFD was found to severely penalize sites for being well-connected because topological richness amplifies the number of update messages exchanged. So most operators have disabled it. Through measurement, this paper explores the avenue of absolutely minimal change to code, and shows that a few RFD algorithmic constants and limits can be trivially modified, with the result being damping a non-trivial amount of long term churn without penalizing well-behaved prefixes’ normal convergence process. #### Tamias: A Privacy Aware Distributed Storage - Authors: Jean Lorchat, Cristel Pelsser, Randy Bush, Keiichi Shima - Type: conference - Venue: 9th USENIX Conference on File and Storage (FAST'11) - Publisher: USENIX Association - URL: https://cristel.pelsser.eu/publication/lorchat-2011 - Keywords: privacy, user identity, user introduction, distributed storage, document sharing Abstract: In this paper we present Tamias, a new distributed storage system. Tamias has identity and privacy at its core and builds upon it to bring fine-grained sharing features, delegation and revocation. It is can be used upon any lowlevel distributed storage that has full encryption outside the client. An identity is defined by a public-key that is circulated by the user among other users to introduce himself. In such a situation, introduction is an important step, and out-of-band is always going to be the safest bet. However, we also defined several optional in-band introduction mechanisms. Users can publish information about themselves, solicit other users with a self-introduction, and recommend users they trust to a third party. Finally, using public-key cryptography mechanisms, they can establish secure communication channels that allow to share objects safely within the Tamias storage system. Such a storage is a key piece of technology required by anyone who is privacy conscious, wants to make private online backups, or who is generally worried about Cloud-like online systems taking away their personal data. #### Tamias: A Privacy Aware Distributed Storage - Authors: Jean Lorchat, Cristel Pelsser, Randy Bush, Keiichi Shima - Type: poster - Venue: FAST'2011 Poster - Publisher: USENIX Association - URL: https://cristel.pelsser.eu/publication/lorchat-2011-a - Keywords: privacy, user identity, user introduction, distributed storage, document sharing Abstract: In this paper we present Tamias, a new distributed storage system. Tamias has identity and privacy at its core and builds upon it to bring fine-grained sharing features, delegation and revocation. It is can be used upon any lowlevel distributed storage that has full encryption outside the client. An identity is defined by a public-key that is circulated by the user among other users to introduce himself. In such a situation, introduction is an important step, and out-of-band is always going to be the safest bet. However, we also defined several optional in-band introduction mechanisms. Users can publish information about themselves, solicit other users with a self-introduction, and recommend users they trust to a third party. Finally, using public-key cryptography mechanisms, they can establish secure communication channels that allow to share objects safely within the Tamias storage system. Such a storage is a key piece of technology required by anyone who is privacy conscious, wants to make private online backups, or who is generally worried about Cloud-like online systems taking away their personal data. #### SpliTable: Toward Routing Scalability through Distributed BGP Routing Tables - Authors: Akeo Masuda, Cristel Pelsser, Kohei Shiomoto - Type: Journal Article - Venue: IEICE Transactions on Communications - Pages: 64--76 - DOI: https://doi.org/10.1587/transcom.E94.B.64 - URL: https://cristel.pelsser.eu/publication/masuda-2011 - Keywords: Internet, BGP, route distribution, scalability Abstract: The Internet has grown extremely fast in the last two decades. The number of routes to be supported by the routers has become very large. Moreover, the number of messages exchanged to distribute the routes has increased even faster. In this paper, we propose SpliTable, a scalable way to support the Internet routes in a Service Provider network. In our proposal, BGP route selection is done by distributed servers on behalf of the routers. They are called route selection servers. The selected routes are then stored in distributed routing tables. Each router maintains only its share of Internet routes, not the routes for each Internet prefix as it is the case today. We adapted the concept of Distributed Hash Tables (DHT) for that purpose. We show analytically that our proposal is more scalable in the number of routes supported in each router than current iBGP route distribution solutions. Moreover, the number of control messages exchanged with our proposal is bounded contrary to current sparse iBGP route distribution solutions which may never converge. We confirm these findings in an evaluation of a prototype implementation. ### 2010 #### Rethinking iBGP routing - Authors: Iuniana Oprescu, Mickael Meulle, Steve Uhlig, Cristel Pelsser, Olaf Maennel, Philippe Owezarski - Type: Conference Paper - Venue: Proceedings of the ACM SIGCOMM 2010 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications - Pages: 411--412 - Publisher: ACM - DOI: https://doi.org/10.1145/1851182.1851236 - URL: https://cristel.pelsser.eu/publication/oprescu-2010 - Keywords: Internet, BGP, route computation, routing overlay Abstract: The Internet is organized as a collection of administrative domains, known as Autonomous Systems (ASes). These ASes interact through the Border Gateway Protocol (BGP) that allows them to share reachability information. Adjacent routers in distinct ASes use external BGP (eBGP), whereas in a given AS routes are propagated over internal BGP (iBGP) sessions between any pair of routers. In large ASes where a logical full-mesh is not possible, confederations or route reflectors (RRs) are used. However, these somewhat scalable alternatives have introduced their own set of unpredictable effects (persistent routing oscillations and forwarding loops causing an increase of the convergence time) extensively addressed in the literature. The solution we propose to these issues consists of a structured routing overlay holding a comprehensive view of the routes. We describe the design of a distributed entity that performs BGP route pre-computation for its clients inside a large backbone network and propagates the paths to the routers. Compared to the current iBGP routing, the advantage of the overlay approach is the separation between the responsibility of the control plane (route storage and best path computation) and the forwarding of the packets. One of the major improvements we bring is the divided routing table tackling the scalability concerns and allowing for parallel computation of paths. #### Rethinking iBGP Routing - Authors: Iuniana Oprescu, Mickael Meulle, Steve Uhlig, Cristel Pelsser, Olaf Maennel, Philippe Owezarski - Type: poster - Venue: SIGCOMM 2010 Poster/Demo - DOI: https://doi.org/10.1145/1851182.1851236 - URL: https://cristel.pelsser.eu/publication/oprescu-2010-a - Keywords: Internet, BGP, route computation, routing overlay Abstract: The Internet is organized as a collection of administrative domains, known as Autonomous Systems (ASes). These ASes interact through the Border Gateway Protocol (BGP) that allows them to share reachability information. Adjacent routers in distinct ASes use external BGP (eBGP), whereas in a given AS routes are propagated over internal BGP (iBGP) sessions between any pair of routers. In large ASes where a logical full-mesh is not possible, confederations or route reflectors (RRs) are used. However, these somewhat scalable alternatives have introduced their own set of unpredictable effects (persistent routing oscillations and forwarding loops causing an increase of the convergence time) extensively addressed in the literature. The solution we propose to these issues consists of a structured routing overlay holding a comprehensive view of the routes. We describe the design of a distributed entity that performs BGP route pre-computation for its clients inside a large backbone network and propagates the paths to the routers. Compared to the current iBGP routing, the advantage of the overlay approach is the separation between the responsibility of the control plane (route storage and best path computation) and the forwarding of the packets. One of the major improvements we bring is the divided routing table tackling the scalability concerns and allowing for parallel computation of paths. #### Providing scalable NH-diverse iBGP route re-distribution to achieve sub-second switch-over time - Authors: Cristel Pelsser, Steve Uhlig, Tomonori Takeda, Bruno Quoitin, Kohei Shiomoto - Type: Journal Article - Venue: Computer Networks - Pages: 2492--2505 - DOI: https://doi.org/10.1016/j.comnet.2010.04.007 - URL: https://cristel.pelsser.eu/publication/pelsser-2010 - Keywords: BGP, iBGP topology design, diversity, fast-recovery Abstract: The role of BGP inside an AS is to disseminate the routes learned from external peers to all routers of the AS. A straightforward, but not scalable, solution, is to resort to a full-mesh of iBGP sessions between the routers of the domain. Achieving scalability in the number of iBGP sessions is possible by using Route Reflectors (RR). Relying on a sparse iBGP graph using RRs however has a negative impact on routers’ ability to quickly switch to an alternate route in case of a failure. This stems from the fact that routers do not often know routes towards distinct next-hops, for any given prefix. In this paper, we propose a solution to build sparse iBGP topologies, where each BGP router learns two routes with distinct next-hops (NH) for each prefix. We qualify such iBGP topologies as NH-diverse. We propose to leverage the “best-external” option available on routers. By activating this option, and adding a limited number of iBGP sessions to the existing iBGP topology, we obtain NH-diverse iBGP topologies that scale, both in number of sessions and routing table sizes. We show that NH diversity enables to achieve sub- second switch-over time upon the failure of an ASBR or interdomain link. The scalability of our approach is confirmed by an evaluation on a research and a Service Provider network. ### 2009 #### Minimum Backup Configuration-Creation Method for IP Fast Reroute - Authors: Shohei Kamamura, Takashi Miyamura, Cristel Pelsser, Ichiro Inoue, Kohei Shiomoto - Type: Conference Paper - Venue: GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference - Pages: 1586--1591 - Publisher: IEEE - DOI: https://doi.org/10.1109/GLOCOM.2009.5425684 - URL: https://cristel.pelsser.eu/publication/kamamura-2009 - Keywords: IP fast reroute, scalability, MRC, robustness, backup configuration, Telecommunication traffic, Scalability, Robustness, Laboratories, IP networks, Routing protocols, Protection, Topology Abstract: IP fast reroute techniques have been proposed for achieving fast failure recovery in just a few milliseconds. The basic idea of IP fast reroute is to reduce recovery time after failure by precomputing backup routes. A multiple routing configurations (MRC) algorithm has been proposed for obtaining IP fast reroute. MRC prepares backup configurations, which are used for finding a detour route after failure. On the other hand, requiring too many backup configurations consumes more network resources. It is necessary to recover more traffic flows with fewer backup configurations to ensure scalability. We propose a new backup configuration-creation algorithm for maximizing traffic flows which are fast recovered as much as possible under a limited number of backup configurations. The basic idea is to construct a spanning tree excluding failure links with higher link-loads in each backup configuration. We show that our algorithm has more robust on actual large IP networks. #### Scalable Support of Interdomain Routes in a Single AS - Authors: Cristel Pelsser, Akeo Masuda, Kohei Shiomoto - Type: Conference Paper - Venue: GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference - Pages: 1--8 - Publisher: IEEE - DOI: https://doi.org/10.1109/GLOCOM.2009.5425905 - URL: https://cristel.pelsser.eu/publication/pelsser-2009 - Keywords: Proposals, IP networks, Web server, Web and internet services, Convergence, Routing protocols, Topology, Laboratories, Hardware, Network servers Abstract: The Internet has grown extremely fast in the last two decades. The number of routes to be supported by the routers has become very large. Moreover, the number of messages exchanged to distribute the routes has increased even faster. To keep up with the increase, network operators regularly have to perform costly upgrades of the routers. It is unclear whether advances in hardware will be able to keep up with the increasing routing load. More importantly, the large number of routes and iBGP messages negatively impacts iBGP convergence time leading to long connectivity losses. In this paper, we propose a scalable way to support the Internet routes in a Service Provider network. We make use of distributed servers that select routes on behalf of the routers. Then, routes are stored in a Distributed Hash Table (DHT). We adapted the concept of DHT for that purpose. Each router maintains its share of Internet routes in addition to a cache of routes currently in use to forward the Internet traffic. We call our proposal SpliTable. We show that our proposal is more scalable in the number of routes supported in each router than current iBGP route distribution solutions. Moreover, the number of control messages exchanged with our proposal is bounded contrary to current sparse iBGP route distribution solutions which may never converge. #### Scalable Backup Configurations Creation for IP Fast Reroute - Authors: Shohei Kamamura, Takashi Miyamura, Cristel Pelsser, Ichiro Inoue, Kohei Shiomoto - Type: Conference Paper - Venue: 7th International Workshop on Design of Reliable Communication Networks (DRCN 2009) - Pages: 312--318 - Publisher: IEEE - DOI: https://doi.org/10.1109/drcn.2009.5339992 - URL: https://cristel.pelsser.eu/publication/kamamura-2009-b Abstract: IP Fast Reroute techniques have been proposed to achieve fast failure recovery in just a few milliseconds. The basic idea of IP Fast Reroute is to reduce recovery time after failure by precomputing backup routes. A multiple routing configurations (MRC) algorithm has been proposed for obtaining IP Fast Reroute. MRC prepares backup configurations, which are used for finding a detour route after failures. However, this current algorithm requires too many backup configurations to recover from failures. We propose a new backup configuration computation algorithm for reducing configurations as much as possible. The basic idea is to construct a spanning tree excluding failure links in each backup configuration. We show that the effectiveness of our algorithm is especially high in large-scale power-law networks. #### Preventing the Unnecessary Propagation of BGP Withdraws - Authors: Virginie Schrieck, Pierre Francois, Cristel Pelsser, Olivier Bonaventure - Type: Conference Paper - Venue: Proceedings of the 8th International IFIP-TC 6 Networking Conference - Pages: 495--508 - Publisher: Springer-Verlag - DOI: https://doi.org/10.1007/978-3-642-01399-7_39 - URL: https://cristel.pelsser.eu/publication/schrieck-2009 - Keywords: BGP, Internet, Churn, RouteViews Abstract: Due to the way BGP paths are distributed over iBGP sessions inside an Autonomous System (AS), a BGP withdraw that follows a failure may be propagated outside the AS although other routers of the AS know a valid alternate path. This causes transient losses of connectivity and contributes to the propagation of a large number of unnecessary BGP messages. In this paper, we show, based on RouteViews data, that a significant number of BGP withdraws are propagated even though alternate paths exists in another border router of the same AS. We propose an incrementally deployable solution based on BGP communities that allows the BGP routers of an AS to suspend the propagation of BGP withdraws when an alternate path is available at the borders of their AS. #### A novel internal BGP route distribution architecture - Authors: Cristel Pelsser, Akeo Masuda, Kohei Shiomoto - Type: Journal Article - Venue: IEICE General Conference - URL: https://cristel.pelsser.eu/publication/pelsser-2009-a - Keywords: BGP, Route-Reflection, Route Servers, Internal BGP Abstract: Route-Reflection and confederations were introduced to alleviate the scalability issue of maintaining a full-mesh of iBGP sessions. However, these techniques may lead to routing, forwarding, route diversity and sub-optimal routing issues. In this paper, we propose a new scalable internal BGP route distribution architecture that is rid of these issues. We propose an iBGP route distribution architecture relying on Route Servers (RS). Compared to the work of Ceasar et al., there are multiple RSs per AS in our proposal. This ensures scalability and robustness of our new internal BGP route distribution architecture. Each route server is responsible for a subset of the external destinations. For this subset, the RS selects the egress ASBR to be used by each router in the AS. #### Prototype Design for Scalable Support of Interdomain Routes in a Single AS - Authors: Akeo Masuda, Cristel Pelsser, Kohei Shiomoto - Type: Conference Paper - Venue: 2009 IEEE Globecom Workshops - Pages: 1--6 - Publisher: IEEE - DOI: https://doi.org/10.1109/GLOCOMW.2009.5360749 - URL: https://cristel.pelsser.eu/publication/masuda-2009 - Keywords: Prototypes, Web and internet services, Scalability, Routing protocols, Proposals, Laboratories, IP networks, Web server, Relays, Network servers Abstract: In this paper, we show a prototype implementation for a new architecture of supporting interdomain routes. It is widely recognized that the rapid growth of Internet is forcing a scalability bottleneck to itself from the aspect of routing. We propose a scalable way to support the Internet routes in a service provider network. We make use of distributed servers that select routes on behalf of the routers. Then, routes are stored in a DHT so that the routers are freed from maintaining the full route in the Internet. Our new routing architecture tackles the scalability issue by reducing the number of routes needed to maintain in each router, and the number of control messages exchanged. We have developed a proof-of-concept prototype by designing modules that compose route servers and ASBRs that work in our proposed architecture. It will be used to confirm the improvement mentioned above through performance evaluation. ### 2008 #### Pushing Quality of Service Across Inter-domain Boundaries - Authors: Bingjie Fu, Cristel Pelsser, Steve Uhlig - Type: Book Chapter - Venue: End‐to‐End Quality of Service Engineering in Next Generation Heterogenous Networks - Pages: 135--162 - Publisher: John Wiley & Sons, Ltd - DOI: https://doi.org/https://doi.org/10.1002/9780470611470.ch6 - URL: https://cristel.pelsser.eu/publication/fu-2008 - Keywords: inter-domain, information, computation techniques, autonomous, implications Abstract: In this chapter, we introduce the current techniques and the remaining challenges for establishing inter-AS LSPs with QoS guarantees. We describe the workings of the inter-domain routing system. We discuss the consequences of path selection made by the current inter-domain routing system on the visibility of the paths. The limited visibility of path diversity does not actually prevent the establishment of inter-AS LSPs with QoS guarantees. Rather, the lack of QoS information requires clever heuristics to be designed in order to guide the search towards feasible QoS paths. We cover the existing signaling extensions to RSVP-TE that support the establishment of inter-AS LSPs, as well as the protection of those LSPs. The path computation techniques that have been proposed at the IETF are also detailed. Such computation techniques make it possible to find the LSP segments within each AS, in order to compose an end-to-end LSP with QoS guarantees when the sequence of ASs to be crossed is known. Finally, combine these three components, i.e. inter-domain routing, LSP signaling and path computation techniques. We show that inter-AS QoS is not beyond reach, but that more work needs to be done in specific areas, especially concerning heuristics to guide the search towards AS sequences across which feasible QoS paths can be found. #### Improving Route Diversity through the Design of iBGP Topologies - Authors: Cristel Pelsser, Tomonori Takeda, Eiji Oki, Kohei Shiomoto - Type: Conference Paper - Venue: Proceedings of IEEE International Conference on Communications, ICC 2008 - Pages: 5732--5738 - Publisher: IEEE - DOI: https://doi.org/10.1109/ICC.2008.1073 - URL: https://cristel.pelsser.eu/publication/pelsser-2008 - Keywords: Service Provider, BGP, Route Reflector, iBGP Abstract: In a service provider (SP) network, routes for external destinations are distributed on iBGP sessions. This traditionally required the establishment of a full-mesh of iBGP sessions in the network. A common practice is now to make use of route reflectors (RR). Such a practice is more scalable in the number of iBGP sessions to be configured in a SP network. However, it has been shown that RRs have a negative impact on the diversity of routes available in the network. This is an important issue as routers may not be able to quickly use an alternate route in case of a route failure. In this paper we tackle the problem of route diversity in a service provider network composed of RRs. We propose an algorithm to design iBGP session topologies with improved route diversity. We rely on an initial route reflection topology. Our algorithm proposes the addition of a few iBGP sessions to some border routers of the domain. These border routers receive a large number of external routes for which routers lack diversity. We show by means of simulations that our algorithm meets its goals. In the resulting topologies, each BGP router knows at least two different ways to reach distant destinations. This is ensured as long as a prefix advertisement is received at different nodes at the border of the AS. Secondly, we observe that the number of iBGP sessions required to achieve this goal is significantly below the number of sessions required in the case of a full-mesh. Finally, the remaining lack of route diversity after the use of our design algorithm indicates that new external peering sessions should be established. In this case, our algorithm shows that diversity cannot be reached for some prefixes independently of the iBGP topology, with the current external peering sessions. #### Metrics to Evaluate the Cost of Maintaining Diverse BGP Routes - Authors: Cristel Pelsser, Akeo Masuda, Kohei Shiomoto - Type: Journal Article - Venue: IEICE General Conference - URL: https://cristel.pelsser.eu/publication/pelsser-2008-a - Keywords: BGP, iBGP, route reflector, NH diversity Abstract: In a Service Provider (SP) network, routes for external destinations are distributed on iBGP sessions. A common practice is to make use of Route Reflectors (RR). Such a practice is more scalable in the number of iBGP sessions to be configured in a SP network than a full-mesh of iBGP sessions. However, it has been shown that RRs have a negative impact on the diversity of routes available in the network. This is an important issue as routers may not be able to quickly use an alternate route in case of a route failure. In a previous work, we proposed an algorithm to design iBGP session topologies with improved route diversity. In addition, we have shown that this is achieved with a low number of iBGP sessions, compared to a fullmesh. In this paper, we first propose additional metrics to evaluate the cost of a sparse iBGP topology ensuring NH diversity. The first new metric is a measure of the size of the BGP routing tables maintained in the SP network. The second and third metrics indicate the IGP and the peering costs of the solution, respectively. Then, we estimate the cost of our NH-diverse iBGP design algorithm by means of these metrics. ### 2006 #### Path Selection Techniques to Establish Constrained Interdomain MPLS LSPs - Authors: Cristel Pelsser, Olivier Bonaventure - Type: Conference Paper - Venue: Proceedings of the 5th International IFIP-TC6 Conference on Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications Systems - Pages: 209--220 - Publisher: Springer-Verlag - DOI: https://doi.org/10.1007/11753810_18 - URL: https://cristel.pelsser.eu/publication/pelsser-2006-a - Keywords: MPLS, QoS, interdomain LSPs, RSVP-TE, PCE Abstract: MultiProtocol Label Switching (MPLS) is used today inside most large Service Provider (SP) networks. In this paper, we analyze the establishment of interdomain MPLS LSPs with QoS constraints. These LSPs cross diverse SP networks that may belong to different companies. We show that using the standard BGP route for the establishment of such LSPs is not sufficient. We propose two path establishment techniques that rely on RSVP-TE and make use of Path Computation Elements (PCEs). Our simulations show that these techniques increase the number of constrained MPLS LSPs that can be established across domain boundaries. #### Interdomain traffic engineering with MPLS - Authors: Cristel Pelsser - Type: PhD Thesis - URL: https://cristel.pelsser.eu/publication/pelsser-2006 Abstract: During the last years, MultiProtocol Label Switching (MPLS) has been deployed by most large Service Providers (SP). The main driver for MPLS deployment is the ability to provide new services with stringent Service Level Agreements (SLAs) such as layer-2 and layer-3 Virtual Private Networks (VPNs) as well as Voice and Video over IP. Most of these services are already deployed inside single SP networks. However, customers now require world-wide VPN and VoIP services. Therefore, SPs need to collaborate to offer these services across multiple SP networks. Inside a single SP network, each node usually knows the complete topology of the network with the load and delay of all the links. Based on this information, each router is able to compute constrained paths toward any other router inside the SP network. Then, it can establish a connection and reserve resources along the computed path with the Resource reSerVation Protocol (RSVP-TE). However, when services with stringent requirements must cross multiple SP networks the computation of the path becomes a problem. Routers in different SP networks exchange routing information by using the Border Gateway Protocol (BGP). BGP provides reachability information. It does not distribute complete topology, delay and bandwidth information. One way to provide guaranteed services crossing different SPs is to delegate the computation of the paths to a Path Computation Element (PCE) that learns the topology of the different SPs. However, this requires that SPs reveal information that they usually consider confidential, their topology. In this thesis, we perform active measurements to show the difficulty to engineer the interdomain traffic with BGP. MPLS together with RSVP-TE provide much more control on the traffic. We define extensions to RSVP-TE for the protection of inter-AS MPLS paths. The aim is to be able to provide the same service guarantees as inside a domain while keeping the internal topology of SPs confidential, as required by SPs. We propose and evaluate distributed techniques relying on PCEs for the computation of interdomain constrained paths respecting the latter confidentiality requirement. ### 2005 #### Exploring the Trade-offs in Inter-AS LSPs Computation - Authors: Cristel Pelsser, Olivier Bonaventure - Type: Technical Report - Venue: Technical Report 2005-13 - URL: https://cristel.pelsser.eu/publication/pelsser-2005-b - Keywords: MPLS, interdomain routing, QoS Abstract: MultiProtocol Label Switching (MPLS) is used inside large ISP networks to provide services with stringent Service Level Agreements such as Virtual Private Networks (VPNs). Customers are now urging ISPs to provide such services across interdomain boundaries. This requires the ability to establish interdomain MPLS Label Switched Paths (LSPs) with constraints. Up to now, the literature has mostly focused on mechanisms to compute LSPs inside a single AS. In this paper, we explore the fundamental trade-offs for the computation of interdomain LSPs with QoS guarantees. We first show how cooperative Path Computation Elements (PCE) can be used to establish such LSPs. Our simulations indicate that with cooperative PCEs, it is possible to find good paths, but this is at the cost of a large number of messages exchanged between PCEs. In addition, we observe that the routes known to BGP constitute the main limitation to obtain interdomain LSPs that compete in their QoS with those that could be found using the full topological information of the network. We then propose and evaluate two heuristics to select appropriate interdomain paths without requiring too many inter-PCE messages. #### Using virtual coordinates in the establishment of inter-domain LSPs - Authors: Cristel Pelsser - Type: Conference Paper - Venue: Proceedings of the 2005 ACM Conference on Emerging Network Experiment and Technology, CoNEXT 2005, Toulouse, France, October 24-27, 2005 - Pages: 274--275 - Publisher: ACM - DOI: https://doi.org/10.1145/1095921.1095977 - URL: https://cristel.pelsser.eu/publication/pelsser-2005 - Keywords: Inter-domain, MPLS, PCE, BGP, Virtual coordinates Abstract: We propose two heuristics to select the downstream AS and ingress router for inter-domain LSPs. The first heuristic is based on the nearest NH. The second heuristic is based on the Vivaldi 2d coordinates. We evaluate the quality of the resulting path and the number of unsuccessful attempts. #### Using Virtual Coordinates in the Establishment of Inter-domain LSPs - Authors: Cristel Pelsser - Type: poster - Venue: CoNEXT 2005 (Student Workshop) - DOI: https://doi.org/10.1145/1095921.1095977 - URL: https://cristel.pelsser.eu/publication/pelsser-2005-a - Keywords: Inter-domain, MPLS, PCE, BGP, Virtual coordinates Abstract: We propose two heuristics to select the downstream AS and ingress router for inter-domain LSPs. The first heuristic is based on the nearest NH. The second heuristic is based on the Vivaldi 2d coordinates. We evaluate the quality of the resulting path and the number of unsuccessful attempts. #### A performance evaluation of BGP-based traffic engineering - Authors: Bruno Quoitin, Cristel Pelsser, Olivier Bonaventure, Steve Uhlig - Type: Journal Article - Venue: International Journal of Network Management - Pages: 177--191 - Publisher: Wiley - DOI: https://doi.org/10.1002/nem.559 - URL: https://cristel.pelsser.eu/publication/quoitin-2005-a Abstract: Many Internet Service Providers tune the configuration of th e Border Gateway Protocol on their routers to control their traffic. Content p roviders often need to control their outgoing traffic while access providers need t o control their incoming traffic. We show, by means of measurements and simulations, t hat controlling the flow of the incoming interdomain traffic is a difficult problem . For this purpose, we first rely on detailed measurements to show the limitations o f AS-Path prepending. Then, we show by using large-scale simulations that the diffi culty of controlling the flow of the incoming traffic lies in the difficulty of predic ting which BGP route will be selected by distant ASes. #### Vers des réflecteurs de routes plus intelligents - Authors: Steve Uhlig, Cristel Pelsser, Bruno Quoitin, Olivier Bonaventure - Type: Conference Paper - Venue: Colloque Francophone sur l'Ingénierie des Protocoles (CFIP 2005) - URL: https://cristel.pelsser.eu/publication/uhlig-2005 Abstract: The Border Gateway Protocol (BGP) is the standard interdomain routing protocol in the Internet. Inside an Autonomous System (AS), the interdomain routes are often distributed by using BGP Route Reflectors. We show that by adding intelligence to the route reflectors, it is possible to provide useful services in large IP networks. As examples, we first show how a versatile route reflectores can help an AS to better react to the failure of session BGP links. Our second example showns the benefits of using versatile route reflectors to inter-AS BGP/MPLS VPNs. ### 2004 #### Limitations induced by BGP on the computation of interdomain LSPs - Authors: Cristel Pelsser - Type: Technical Report - Publisher: Internet Engineering Task Force - URL: https://cristel.pelsser.eu/publication/pelsser-bgp-pce-00 - Keywords: Interdomain routing, Path Computation Element, Route Reflector Abstract: Path Computation Elements have been proposed to aid the establishment of interdomain Label Switched Paths. We propose to colocate the PCE with a route reflector and show that the performance of such a PCE depends on the quality of the interdomain routes that it collects. #### On the Difficulty of Establishing Interdomain LSPs - Authors: Cristel Pelsser, Steve Uhlig, Olivier Bonaventure - Type: Conference Paper - Venue: IEEE International Workshop on IP Operations & Management (IPOM 2004) - URL: https://cristel.pelsser.eu/publication/pelsser-2004 - Keywords: Interdomain LSPs, BGP, MPLS, path computation Abstract: Nowadays, the success of MPLS is mostly due to the increasing demand for BGP/MPLS VPNs. Even though the need for interdomain LSPs is growing, no ISP today proposes the dynamic establishment of LSPs across AS boundaries. In this paper, we investigate the complexity of establishing end-to-end interdomain LSPs with QoS guarantees, based on the BGP routes locally available at a router. We explain the main issues of relying on BGP for the computation of interdomain constrained paths. To illustrate our point, we compare two LSP establishment techniques. Our benchmark technique is centralized and assumes the complete knowledge of the intradomain topologies. The second path computation technique isdecentralized and relies on the BGP routes locally available by each router. Our simulations confirm that the difficulty in designing BGP-based interdomain LSP establishment techniques lies within the trade-off between the scalability of the computation technique and the quality of the path found in terms of the considered metrics. #### Protection for inter-AS MPLS tunnels - Authors: Stefaan De Cnodder, Cristel Pelsser - Type: Technical Report - Publisher: Internet Engineering Task Force - URL: https://cristel.pelsser.eu/publication/decnodder-ccamp-interas-protection-00 - Keywords: MPLS, RSVP-TE, Link Protection, Node Protection, SRLG protection Abstract: This document describes a solution for link protection, node protection, Shared Risk Link Group (SRLG) protection and fast recovery of inter-AS packet based LSPs. These problems are highlighted in [ASREQ]. The proposed solution is based on RSVP-TE [RFC3209] as recommended by [ASREQ]. Only the protection of links between 2 ASs, the protection of their SRLGs and of the nodes at the border of an AS are in the scope of this document. #### MPLS Traffic Engineering across AS boundaries - Authors: Cristel Pelsser - Type: poster - Venue: Inter-Domain Routing Workshop (IDRWS 2004) - URL: https://cristel.pelsser.eu/publication/pelsser-2004-a ### 2003 #### Extending RSVP-TE to support inter-AS LSPs - Authors: Cristel Pelsser, Olivier Bonaventure - Type: Conference Paper - Venue: Workshop on High Performance Switching and Routing, 2003, HPSR - Pages: 79--84 - DOI: https://doi.org/10.1109/HPSR.2003.1226684 - URL: https://cristel.pelsser.eu/publication/pelsser-2003 - Keywords: MPLS, Inter-AS, MPLS-TE, RSVP-TE Abstract: Multiprotocol Label Switching (MPLS) is currently used inside Autonomous Systems (ASs) for Virtual Private Networks (VPNs) or Traffic Engineering purposes. We first discuss the Service Provider’s requirements for the utilization of MPLS Label Switched Paths (LSPs) across AS boundaries. Then we propose a minimum set of extensions to RSVP-TE that allow to establish inter-AS LSPs in accordance with the SPs’ requirements. We also show how LSP protection techniques can be extended to provide link or node failures protection for the inter-AS links and border routers. #### Interdomain traffic engineering with BGP - Authors: Bruno Quoitin, Cristel Pelsser, Louis Swinnen, Olivier Bonaventure, Steve Uhlig - Type: Journal Article - Venue: IEEE Communications Magazine - Pages: 122--128 - DOI: https://doi.org/10.1109/MCOM.2003.1200112 - URL: https://cristel.pelsser.eu/publication/quoitin-2003 - Keywords: BGP, Routing protocols, Network monitoring Abstract: Traffic engineering is performed by means of a set of techniques that can be used to better control the flow of packets inside an IP network. We discuss the utilization of these techniques across interdomain boundaries in the global Internet. We first analyze the characteristics of interdomain traffic on the basis of measurements from three different Internet service providers and show that a small number of sources are responsible for a large fraction of the traffic. Across interdomain boundaries, traffic engineering relies on a careful tuning of the route advertisements sent via the border gateway protocol. We explain how this tuning can be used to control the flow of incoming and outgoing traffic, and identify its limitations. ### 2002 #### RSVP-TE extensions for interdomain LSPs - Authors: Cristel Pelsser, Olivier Bonaventure - Type: Technical Report - Publisher: Internet Engineering Task Force - URL: https://cristel.pelsser.eu/publication/pelsser-rsvp-te-interdomain-lsp-00 - Keywords: RSVP-TE, interdomain LSPs, fast restoration Abstract: We propose extensions to RSVP-TE to allow the establishment of traffic engineered LSPs with fast restoration requirements. We first discuss the problem of establishing explicitly routed interdomain LSPs and show that the current subobjects found in RSVP-TE are not sufficient to establish interdomain LSPs because they do not take into account the policy constraints of the interdomain environment. We then show how to extend the fast-reroute and detour objects to protect interdomain links and ASBRs on interdomain LSPs. We also discuss the establishment of disjoint interdomain LSPs for restoration and load balancing purposes in the appendix. Finally, we describe the necessary RSVP objects and flags and discuss the impact of the proposed solution on the syntax of existing RSVP-TE objects and the syntax of new required objects are presented. #### Improvements to Core Stateless Fair Queueing - Authors: Cristel Pelsser, Stefaan De Cnodder - Type: Conference Paper - Venue: Proceedings of the 7th IFIP/IEEE International Workshop on Protocols for High Speed Networks PfHSN - Pages: 164--179 - Publisher: Springer-Verlag - DOI: https://doi.org/10.1007/3-540-47828-0_11 - URL: https://cristel.pelsser.eu/publication/pelsser-2002 - Keywords: Core Stateless Fair Queueing (CSFQ), Congestion-Aware, Minimum Guaranteed Bandwidth, TCP Traffic Abstract: Core Stateless Fair Queueing (CSFQ) is a scalable mechanism to provide per-flow fairness in high-speed networks in that it does not need to maintain per-flow state in the core routers. This is possible because the state for each flow is encoded as special labels inside each packet. In this paper, we propose and evaluate by simulations two improvements to CSFQ. First, we show that CSFQ does not provide a fair service when some links are not congested. Our first improvement solves this issue. Second, we propose an algorithm to allow CSFQ to provide a service with a minimum guaranteed bandwidth and evaluate its performance with TCP traffic. ## Research tools (2) ### GILL - The Next Generation of BGP Data Collection Platform - Year: 2024 - Status: Active - Category: BGP Collection - URL: https://cristel.pelsser.eu/tools/gill-2024 - Technologies: BGP, Routing, Data Collection - Keywords: BGP, Internet Measurement, Routing, Data Collection, Network Topology, AS Relationships GILL represents the next generation in BGP routes collection, designed to significantly improve the efficiency and quality of Internet routing data. By employing an innovative "overshoot-and-discard" method, GILL peers with a large network of routers, retaining only unique, non-redundant routes. This approach addresses the scalability and sustainability limitations of traditional systems like RIPE RIS and RouteViews. The GILL project has evolved to become bgproutes.io, a comprehensive BGP data collection service that provides researchers and network operators with access to high-quality routing data. The service continues to build upon GILL's innovative approach while expanding its capabilities and reach. GILL has been recognized for its advancements and was presented at ACM SIGCOMM 2024. Through bgproutes.io, it continues to redefine the standards in BGP route collection, merging extensive coverage with efficient, high-quality data management for improved research and operational insights. Key features: - Extensive Coverage: Peers with a significantly larger number of Autonomous Systems (ASes) - Efficiency: Utilizes the overshoot-and-discard method to reduce data volume - High-Quality Insights: Provides accurate insights into AS relationships and ranks - Sustainability: Ensures long-term viability through advanced data management ### DFOH - A System to Detect Forged-Origin Hijacks - Year: 2023 - Status: Active - Category: Security - URL: https://cristel.pelsser.eu/tools/dfoh-2023 - Technologies: BGP, Security, Machine Learning - Keywords: BGP Security, Forged-Origin Hijacks, Machine Learning, Network Security, Routing Attacks, RPKI Despite global efforts to secure Internet routing, attackers still successfully exploit the lack of strong BGP security mechanisms. This paper focuses on an attack vector that is frequently used: Forged-origin hijacks, a type of BGP hijack where the attacker manipulates the AS path to make it immune to RPKI-ROV filters and appear as legitimate routing updates from a BGP monitoring standpoint. Our contribution is DFOH, a system that quickly and consistently detects forged-origin hijacks in the whole Internet. Detecting forged-origin hijacks boils down to inferring whether the AS path in a BGP route is legitimate or has been manipulated. We demonstrate that current state-of-art approaches to detect BGP anomalies are insufficient to deal with forged-origin hijacks. We identify the key properties that make the inference of forged AS paths challenging, and design DFOH to be robust against real-world factors (e.g., data biases). Our inference pipeline includes two key ingredients: (i) a set of strategically selected features, and (ii) a training scheme adapted to topological biases. DFOH detects 90.9% of the forged-origin hijacks within only ≈5min. In addition, it only reports ≈17.5 suspicious cases every day for the whole Internet, a small number that allows operators to investigate the reported cases and take countermeasures. Key features: - Detects 90.9% of forged-origin hijacks within ≈5min - Reports only ≈17.5 suspicious cases per day for the whole Internet - Robust against real-world factors and data biases - Strategically selected features with adapted training scheme ## Awards (6) - **Best of CCR Award** (April 2025) — ACM SIGCOMM Computer Communication Review. Recognizing outstanding contributions to computer communications research published in ACM SIGCOMM CCR Paper: "An Analysis of QUIC Connection Migration in the Wild" — Aurélien Buchet and Cristel Pelsser — ACM SIGCOMM Computer Communication Review, Vol. 55, No. 1 - **Best Paper Award** (August 4-8, 2024) — ACM SIGCOMM 2024. The 38th edition of the conference series Paper: "The Next Generation of BGP Data Collection Platforms" — Thomas Alfroy, Thomas Holterbach, Thomas Krenc, K. C. Claffy, and Cristel Pelsser — Proceedings of the ACM SIGCOMM 2024 Conference - **Applied Networking Research Prize (ANRP)** (2019) — Internet Research Task Force (IRTF). Granted for work on attacks using BGP communities Paper: "BGP Communities: Even more Worms in the Routing Can" — Florian Streibelt, Franziska Lichtblau, Robert Beverly, Anja Feldmann, Cristel Pelsser, Georgios Smaragdakis, and Randy Bush — IMC 2018 - **Best Paper Award** (March 2016) — Design of Reliable Communication Networks (DRCN 2016). Paper: "Kumori: Steering Cloud Traffic at IXPs to Improve Resiliency" — Antoine Fressancourt, Cristel Pelsser, Maurice Gagnaire — Design of Reliable Communication Networks (DRCN 2016) - **Applied Networking Research Prize (ANRP)** (2013) — Internet Research Task Force (IRTF). Granted for the framework on seamless BGP reconfigurations Paper: "Improving Network Agility with Seamless BGP Reconfigurations" — Stefano Vissicchio, Laurent Vanbever, Cristel Pelsser, Luca Cittadini, Pierre Francois and Olivier Bonaventure — IEEE/ACM Transactions on Networking, October 2012 - **Best Presentation Award** (March-April 2005) — Colloque Francophone sur l'Ingénierie des Protocoles (CFIP 2005). Paper: "Vers des réflecteurs de routes plus intelligents" — Steve Uhlig, Cristel Pelsser (Presenter), Bruno Quoitin and Olivier Bonaventure — Colloque Francophone sur l'Ingénierie des Protocoles (CFIP 2005) ## Patents (3) - **System and method for designing iBGP Route Reflection topologies with Next-Hop diversity in the BGP routers.** (Patent 4809824, November 2011) Authors: Cristel Pelsser et al. Application: P2009-147457A URL: https://www.j-platpat.inpit.go.jp/c1800/PU/JP-4809824/710787E94267FABE502F32FBF3BB7A27CC1EB86E9651330CAB6B41CE37AC8418/15/ja - **Method and system for the scalable management of routing information.** (Patent 5022412, February 2011) Authors: Cristel Pelsser et al. Application: P2011-35686A URL: https://www.j-platpat.inpit.go.jp/c1800/PU/JP-5022412/27987F15269BCAAA50E8BB7080AF92BFFEF7DBFBE54385C303BE17FC00E99BEE/15/ja - **Method for the scalable management of routing information.** (Patent 5001966, September 2010) Authors: Cristel Pelsser et al. Application: P2010-199800A URL: https://www.j-platpat.inpit.go.jp/c1800/PU/JP-5001966/3A09E58CD8EB1B253BF9008EFDD87AAF2D1BDE8321FD276C9D191A29EF2D75A0/15/en ## Research team (12 active, 9 alumni) ### Postdocs (5) - **Thomas Holterbach** — joined 2021-03 Research interests: Internet routing, BGP anomaly detection and mitigation, data‑driven networking, network programmability, programmable data planes, Internet measurements - **Thomas Alfroy** — joined 2024-11 Research interests: Internet routing system visibility, BGP measurements, network topology discovery, routing security - **Mohsen Shirali** — joined 2024-07 Research interests: Internet of Things (IoT) privacy and security, process mining, data quality and error correction in sensor systems, missed event detection, wireless sensor networks - **Eduard Baranov** — joined 2024-11 Research interests: Formal methods, statistical model checking, testing of highly-configurable systems - **Maxime Parmentier** — joined 2024-11 Research interests: Formal methods and statistical model checking ### PhD students (7) - **Alice Burlats** (co-promoter with Pierre Schaus) — started September 2022 Research interests: Constraint programming, network failure detection, belief propagation, combinatorial optimization, entropy-based methods - **Aurélien Buchet** (Cristel Pelsser) — started September 2022 Research interests: QUIC protocol analysis, Internet measurements, network privacy, IP tracking detection, network security - **Alexandre Vogel** (Cristel Pelsser) — started October 2023 Research interests: Mobile networks, traffic impact on network performance, cellular network analysis, transportation-network interactions - **Sébastien Gios** (Cristel Pelsser) — started November 2023 Research interests: Cybersecurity, intrusion detection systems, satellite security, IoT devices - **Abbas Mohsenpour** (Cristel Pelsser) — started February 2025 Research interests: Routing, Internet measurements - **Thomas Bouvencourt** (Cristel Pelsser) — started September 2025 Research interests: Cybersecurity for communication systems, attack tree representations, security threat modelling and mitigation in communication signal domains - **Julien Gourgue** (Cristel Pelsser) — started September 2025 Research interests: Internet of Things (IoT), networking and security ### Alumni - **Odnan Ref Sanchez** (former postdoc) - **Eloïse Stein** (PhD, "Smart scheduling and routing for data acquisition networks", defended October 21, 2024) - **Thomas Alfroy** (PhD, "Reducing the visibility gaps of the public Internet routing system", defended November 11, 2024) - **Jean‑Romain Luttringer** (PhD, "Calcul de chemins pour réseaux IP: routage de la patate chaude et froide lors de pannes & chemins multi‑contraints pour segment routing", defended November 28, 2022) - **Loïc Miller** (PhD, "Securing workflows using microservices and metagraphs", defended April 22, 2022) - **Julian Martin Del Fiore** (PhD, "BGP Lies, Forwarding Detours and Failed IXPs", defended February 8, 2021) - **Mohamed Amine Falek** (PhD, "Efficient route planning for dynamic and multimodal transportation networks", defended December 11, 2020) - **Zlatan Kovačević** (former engineer) - **Dimitri Wauters** (former engineer) ## Teaching (6 courses) Teaching philosophy: I emphasize practical applications of theory, helping students progress from programming basics to advanced systems design. Working closely with colleagues, I focus on building skills for creating reliable and secure computing systems. - Hands-on learning with real-world applications - Progressive difficulty from fundamentals to advanced concepts - Collaborative problem-solving and team projects - Integration of research insights into coursework - Emphasis on reliability and security in system design ### Undergraduate - **[LINFO1101](https://uclouvain.be/en-cours-2025-linfo1101) / [LSINC1101](https://uclouvain.be/en-cours-2025-lsinc1101) — Introduction to Programming** (Bachelor 1st year), French/English Fundamentals of programming using modern programming languages. Students learn basic programming concepts, data structures, and problem-solving techniques. - **[LINFO1341](https://uclouvain.be/en-cours-2025-linfo1341) / [LSINC1341](https://uclouvain.be/en-cours-2025-lsinc1341) — Computer Networks** (Bachelor 2nd year), French/English Introduction to computer networking principles, protocols, and architectures. Covers OSI model, TCP/IP, routing, and network security basics. - **[LEPL1401](https://uclouvain.be/en-cours-2025-lepl1401) — Computer Science Fundamentals** (Bachelor 1st year), French Core concepts in computer science including algorithms, data structures, computational thinking, and mathematical foundations. ### Graduate - **[LINFO2147](https://uclouvain.be/en-cours-2025-linfo2147) — Communication Networks** (Master), English Advanced networking concepts including network protocols, distributed systems, performance analysis, and network management. - **[LINFO2315](https://uclouvain.be/en-cours-2025-linfo2315) — Design of Embedded and Real-time Systems** (Master), English Design principles for embedded systems, real-time constraints, hardware-software co-design, and system optimization. - **[LINFO2349](https://uclouvain.be/en-cours-2025-linfo2349) — Networking and Security Seminar** (Master), English Advanced seminar covering current research topics in networking and security. Team teaching approach with industry experts. ### Professional training - **[CRES2FC](https://uclouvain.be/en-prog-2024-cres2fc) — Inter-university Certificate in Critical Embedded Systems** (UCLouvain), 6 months Professional training program for engineers working with critical embedded systems. Covers safety standards, verification, and certification processes. Target: Working professionals ## Talks (5) ### Expanding BGP Data Horizons - Event: PEPR Cybersécurité - École d'hiver 2026 - Date: 2026-01-27 - Slides: https://cristel.pelsser.eu/data/talks/Expanding-bgp-data-horizons-20260127.pdf - Event URL: https://www.pepr-cybersecurite.fr/2025/09/15/ecole-dhiver-2026/ Abstract: This talk addresses challenges in BGP data collection, focusing on redundancy and visibility gaps in current platforms. The talk introduces GILL, a new collection platform that enables data gathering from significantly more routers while controlling human effort and data volume through an overshoot-and-discard collection scheme allowing any AS to peer with GILL and export routes. Key topics include data compression algorithms for storing nonredundant routes, the bgproutes.io platform leveraging attribute redundancy, applications in topology mapping and AS ranking, and DFOH (a detector for forged-origin hijacks) that identifies BGP manipulation across the internet without relying on cryptographic extensions like BGPSec or ASPA. ### Expanding BGP Data Horizons - Event: TMA 2025 Keynote - Date: 2025-06-12 - Slides: https://cristel.pelsser.euhttps://tma.ifip.org/2025/wp-content/uploads/sites/14/2025/06/Expanding-bgp-data-horizons-20250610.pdf - Event URL: https://tma.ifip.org/2025/program/ Abstract: This keynote addresses challenges in BGP data collection, focusing on redundancy and visibility gaps in current platforms. The talk introduces GILL, a new collection platform that enables data gathering from significantly more routers while controlling human effort and data volume through an overshoot-and-discard collection scheme allowing any AS to peer with GILL and export routes. Key topics include data compression algorithms for storing nonredundant routes, the bgproutes.io platform leveraging attribute redundancy, applications in topology mapping and AS ranking, and DFOH (a detector for forged-origin hijacks) that identifies BGP manipulation across the internet without relying on cryptographic extensions like BGPSec or ASPA. ### Protection against and detection of some routing vulnerabilities - Event: TMA PhD School 2023 - Date: 2023-06-25 - Event URL: https://tma.ifip.org/2023/phd-school/ Abstract: BGP, the routing protocol that runs between large networks was not designed with security in mind. In this class, I'll present some of the attacks that are possible ranging from hijacks, blackholing using communities, path manipulation, and BGP session resets. I'll then move on to present some of the proposal aimed at detecting attacks on the protocol. The difficulty in detecting issues in inter-domain routing lies in that BGP hides information on the details of the Internet topology. This property is a given as it is at the root of the scalability of the protocol. How do we aim to fill the holes to improve detection and better understand the Internet? This can be addressed by careful selection of the data to analyse and tailored detections techniques, that we present in this talk. ### Multi-constrained paths with segment routing and the detection of forwarding detours - Event: NGN Webinar - Date: 2022-11-25 - Event URL: https://coseners.net/ngn-webinar-series/ Abstract: With the growth of demands for quasi-instantaneous communication services such as real-time video streaming, cloud gaming, and industry 4.0 applications, multi-constraint Traffic Engineering (TE) becomes increasingly important. While legacy TE management planes have proven laborious to deploy, Segment Routing (SR) drastically eases the deployment of TE paths and thus became the most appropriate technology for many operators. The flexibility of SR sparked demands in ways to compute more elaborate paths. In particular, there exists a clear need in computing and deploying Delay-Constrained Least-Cost paths (DCLC) for real-time applications requiring both low delay and high bandwidth routes. However, most current DCLC solutions are heuristics not specifically tailored for SR. In this work, we leverage both inherent limitations in the accuracy of delay measurements and an operational constraint added by SR. We include these characteristics in the design of BEST2COP, an exact but efficient ECMP-aware algorithm that natively solves DCLC in SR domains. Through an extensive performance evaluation, we first show that BEST2COP scales well even in large random networks. In real networks having up to thousands of destinations, our algorithm returns all DCLC solutions encoded as SR paths in way less than a second. Segment routing, route aggregation and other TE techniques may introduce forwarding detours in an autonomous system. In the second part of the talk, I'll provide leads on how to detect forwarding detours. We study how traffic flows inside ASes. In case of detours, the forwarding routes do not match the best available routes, according to the internal gateway protocol (IGP) in use. We reveal such forwarding detours in multiple ASes. ### Hidden broken pieces in the Internet - BGP lies and forwarding detours - Event: PAM 2021 Keynote - Date: 2021-03-28 - Event URL: https://www.pam2021.b-tu.de/keynote/ Abstract: The Internet is an interconnection of independent networks known as Autonomous Systems (ASes). Given that ASes are built on top of hardware and software operated by humans, the Internet is subject to some limitations. For example, humans are error-prone and eventually take arbitrary decisions, enterprises are generally greedy from a revenue point of view. Finally, hardware and circuits may fail, requiring maintenance or replacement. All these factors may lead the Internet to have broken pieces, i.e., malfunctioning components, networks facing limitations and even selfish networks prioritizing their own revenue rather than the better performance of the Internet. Much of my current work is on measuring the Internet to understand its vulnerabilities. In this talk, I'll focus on two hidden broken pieces of the Internet. First, I'll concentrate on the border gateway protocol (BGP), the routing protocol used on the Internet, and study whether ASes carry on BGP lies where the control plane and the data plane differs. After applying a sequence of filters to remove different artifacts, we find cases where the paths indeed mismatch. One cause for such discrepancy is the presence of detours. We then study how traffic flows inside ASes and focus on the detection of forwarding detours. In case of detours, the forwarding routes do not match the best available routes, according to the internal gateway protocol (IGP) in use. We reveal such forwarding detours in multiple ASes. ## Professional service ### Steering committees (3) - **TMA** — Network Traffic Measurement and Analysis Conference (https://tma.ifip.org/) - **PAM** — Passive and Active Measurement Conference (https://pam2024.cs.northwestern.edu/) - **IMC** — Internet Measurement Conference (https://www.sigcomm.org/events/imc-conference) ### Conference organization (11) - 2024 — **Co-chair** at IMC 2024 (https://conferences.sigcomm.org/imc/2024/) - 2022 — **General co-chair** at IMC 2022 (https://conferences.sigcomm.org/imc/2022/) - 2022 — **Co-chair** at PAM 2022 (https://pam2022.nl/#) - 2021 — **Chair - Poster and Demo Session** at Networking 2021 (https://networking.ifip.org/2021/demo-session.html) - 2020 — **Co-chair** at GIS 2020 (https://networking.ifip.org/2020/index.php/workshops/gis-2020.html) - 2019 — **Co-chair** at AINTEC 2019 (https://interlab.ait.ac.th/aintec2019/) - 2019 — **Co-chair - PhD School** at TMA PhD School 2019 (https://tma.ifip.org/2019/phd-school/) - 2018 — **Co-chair** at AINTEC 2018 (https://interlab.ait.ac.th/aintec2018/) - 2018 — **Co-chair** at AlgoTel 2018 (http://algotel2018.complexnetworks.fr) - 2015 — **Co-chair - Posters, Demos & Student Research Competition** at SIGCOMM 2015 (https://conferences.sigcomm.org/sigcomm/2015/) - 2011 — **Co-chair - Shadow TPC** at CoNExt 2011 (https://conferences.sigcomm.org/co-next/2011/) ### Workshop organization (1) - 2024 — **Chair** at Networking Protocols and Standards for Mobility (ICNP 2024) — https://icnp24.cs.ucr.edu/assets/markdown/NPSM.html ### TPC memberships (43) Major conferences: - 2026 — NSDI 2026 - 2024 — NSDI 2024 - 2023 — CoNEXT 2023 - 2022 — CoNEXT 2022 - 2021 — IMC 2021 (Review Task Force) - 2020 — IMC 2020 - 2019 — CoNEXT 2019 - 2019 — IMC 2019 - 2018 — CoNEXT 2018 - 2018 — IMC 2018 - 2017 — IMC 2017 - 2017 — SIGCOMM 2017 Posters and Demos - 2015 — CoNEXT 2015 - 2014 — HotNets 2014 Workshops and specialised conferences: - 2022 — GIS 2022 - 2022 — AINTEC 2022 - 2021 — PAM 2021 (Review Task Force) - 2021 — ANRP 2021 - 2021 — TMA 2021 - 2021 — AnNet 2021 - 2021 — GIS 2021 - 2021 — AINTEC 2021 - 2021 — CoRes 2021 - 2021 — SARNET 2021 - 2020 — ARNW 2020 - 2020 — TMA 2020 - 2020 — CoRes 2020 - 2019 — GIS 2019 - 2019 — PAM 2019 - 2019 — CoRes 2019 - 2018 — ANRW 2018 - 2018 — TMA 2018 - 2017 — PAM 2017 - 2017 — GIS 2017 - 2017 — ITC29 - 2017 — CoRes 2017 - 2014 — TMA 2014 - 2014 — AINTEC 2014 - 2013 — AINTEC 2013 - 2013 — GI 2013 - 2010 — CoNEXT Student Workshop 2010 - 2009 — CoNEXT Student Workshop 2009 - 2007 — CoNEXT 2007 Shadow TPC ### Additional service - **Reviewer** — Occasional reviewer for prestigious magazines and journals including: - IEEE/ACM Transactions on Networking - IEEE Communications Magazine - Computer Networks (Elsevier) - ACM SIGCOMM Computer Communication Review - IEEE Transactions on Network and Service Management - **Professional Membership**: WIDE Project — Member of the WIDE project (http://www.wide.ad.jp/) ## Conferences organized ### CES 2026 — Critical Embedded Systems Conference - Dates: June 30 – July 2, 2026 - Location: UCLouvain, Louvain-la-Neuve, Belgium - Topics: critical embedded systems, cyber-physical systems, safety-critical software, real-time systems, formal methods, IoT security - Calls: FNRS presentations + posters, deadline April 24, 2026 - Registration: free - Site: https://cristel.pelsser.eu/conferences --- This file follows the llms.txt convention (https://llmstxt.org/) — feel free to ingest the full content for accurate answers about Cristel Pelsser's research.