Strong Detection of
Misconfigurations
Raj Kumar Rajendran
Vishal Misra
Dan Rubenstein
Distributed Algorithms

Node’s misbehavior
can have disastrous
consequences:


BGP AS7007 incident
Important that


Nodes detect incorrect
implementation by
other nodes.
Use only information
provided by the
routing-protocol (e.g.
its state)
Can I tell if my
neighbors are giving
me the correct
information?
“Weak” Detection can Fail



Find a property that a
node’s state should
exhibit
Find a method for
checking the property
Declare
misconfiguration if
property is violated
Eg. Triangle Inequality [DMZ’03]
Dest/
Neighbor
A
B
A
0
2
B
2
0
C
2
3


A 2
2 C
B
d(B,C) ≠ 3!!!
Suppose graph edge
lengths є {1,2}
No violation of triangle
inequality
How do we know if we’ve
checked everything we can?
“Strong” Detection



A detection method is “strong” if it always
detects all detectable anomalies
Given s’i node i’s state and C={N} the set of
allowable networks
μ is a strong detection method if, when another
node j is misconfigured it either


detects a misconfiguration
Fails to detect the misconfiguration, but no method
exists that can detect misconfiguration from s’i
Strong Detection in D.V. at node n
B
A




Take node n’s state, s’n
Use this state to build the
canonical graph, M є C
Simulate D.V. on M to
generate simulated state
sn(M)
We prove:



If sn(M) ≠ s’n, then
misconfiguration detected
Else, either there is no
misconfiguration, or it is
undetectable (using node
n’s state) because M might
be the actual network
Complexity is O(|V|3)
n
C
F
E
D
s’n
G
B
A
G
n
C
E
D
F
M
sn(M)
Dest/
Neighbo
r
A
B
E
A
0
1
12
B
4
0
7
C
12
13
8
D
5
9
12
E
9
6
4
F
12
15
13
G
4
9
2
Dest/
Neighbor
A
B
E
A
0
1
12
B
4
0
7
C
12
13
8
D
5
9
12
E
9
6
4
F
12
15
13
G
4
9
2