Search code examples
routesbgp

What exactly is "BGP poisoning"?

I found statements "BGP poisoning" and "poisoned AS" in several papers and sometimes it seems to refer to something that is done the achieve a certain thing sometimes it is considered something bad but it is never explained what exactly "BGP poisoning" actually is.

As I wasn't able to find an answer to this question myself I would appreciate if you could provide me your understanding of the concept.

Solution

  • https://arxiv.org/pdf/1811.03716.pdf has a description

    Summary:

    • Say router Rdst wants to influence the path that inbound traffic takes, say for example traffic from router Rsrc to router Rdst.

    • Say the shortest path from Rsrc to Rdst goes through some intermediate router Rint.

    • Let's say router Rdst in autonomous system ASdst, router Rsrc is autonomous system ASsrc, router Rint is in autonomous system ASint, etc. (see figure below)

    • In particular, router Rdst wants to enforce that the traffic does not go through router Rint but instead takes some longer route, for example through some alternative routers Ralt1 and Ralt2 (once again, see figure below).

    • To achieve this, router Rdst "poisons" its routes when it sends out BGP advertisements for its own destination prefix:

      • Instead of advertising the normal AS-path (ASdst), it instead advertises (ASdst, ASint, ASdst).

      • Note that Rdst is "lying": it claims that the path already went through ASint, when in fact it didn't.

      • It also adds an extra ASdst to make sure that the first AS in the AS-path still looks normal (= the AS of the advertising router).

      • When Rint receives the BGP UPDATE advertised by Rdst, it will see that there is a loop in the AS-path and treat the UPDATE as a withdraw. In particular, not propagate the advertisement to Rsrc.

      • On the other hand, the BGP advertisement will propagate normally from Rdst to Ralt1 to Ralt2 to Rsrc.

      • Hence, from the perspective of Rsrc, the only remaining feasible path is Rsrc -> Ralt2 -> Ralt1 -> Rdst.

    • Ergo: Rdst has achieved its goal of forcing the traffic to avoid Rint.

    
          Rdst (ASdst)
     ____/    \_____
    /               \
Ralt1 (ASalt1)      Rint (ASint)
   |                 |
Ralr2 (ASalt2)       |
    \____       ____/
         \     /
          Rsrc (ASsrc)