Autonomous Systems

From SI410
Jump to: navigation, search
utonomous Systems
are collections of internet protocol routing systems, which are under the control of one or more network operators, that deal with a given organization's network traffic. They are organized to make setting up routing tables for a group of computers easier while providing a nice level of abstraction for routing services such as Border Gateway Protocol. Autonomous System's are assigned an Autonomous System Number from the Internet Corporation for Assigned Names and Numbers. Ethical issues encountered in this setting often include security and privacy issues, most often relating to the unintentional spread of inaccurate information and misrouting of network traffic.
Autonomous systems make up the internet


The protocol connecting networks to make up the collective Internet is called the Border Gateway Protocol or BGP. With this protocol, comes some well known, but unsolved security vulnerabilities.[1] BGPs are made up of individual networks called autonomous systems and security vulnerabilities lie in the fact that each individual system is trusted to release accurate routing information. "These networks can operate independently, under no authority, inciting self interest and competition. The current success of the Internet and widespread adoption of BGP are evidence that this level of trust is not entirely unwarranted."[1]

Originally, Autonomous Systems were controlled by a single entity - typically an ISP or very large organization that had a large number of private connections to outside networks. The introduction of the BGP changed this, and allowed smaller organizations to use autonomous system numbers (ASNs) in coordination with an ISP to form larger and more unified network systems, both at the local and global levels. These ASNs were originally 16-bit integers, which, using the BGP system, allowed for over sixty-five thousand addresses. More recently, 32-bit ASNs have been introduced to accommodate the increasing number of high traffic, high capacity network organizations - local and regional ISPs and data centers being some of the most common entities. These ASNs are important because each one uniquely identifies each network on the internet.[2] The number of unique autonomous networks in the routing system of the Internet exceeded 5000 in 1999, 30,000 in 2008, and 47,000 in 2014. [3]


Autonomous Systems can fall into one of three categories, depending on their confuguration.

  1. Multi-homed autonomous systems connect to two or more systems. This means that if even if one point goes down, others will continue to function.[4]
  2. Stub autonomous systems are only connected to one other autonomous system. They may have private connections, but only have one publicly available connection on the Internet.[4]
  3. Transit autonomous systems link autonomous systems to each other. Internet Service Providers, for example, provide access to the Internet for their customers and their customers' networks.[4]

Ethical Implications


Because each individual system is responsible for releasing accurate information, little mistakes that are made can have large consequences. Making a typing error when configuring a router can monopolize traffic intended for other networks.[1] People can also hijack maliciously as well. A documented example is when an autonomous system might display that it is the origin for IP addresses that it does not own, and this could spread to other networks.[1]

Private Path

Additionally, another feature of the Border Gateway Protocol is the autonomous system path. The Autonomous System path is a list of autonomous systems that an update message is signified to have traveled through. It is used for detecting loops and selection routes.[1] Autonomous systems that travel along a given route add their own number to the path but leave it in place. Some routers, however, can be made to maliciously manipulate and change the path, making it invalid.[1] Invalid paths can steal multitudes of internet traffic.

Solutions to Ethical Problems

Cryptographic Protection

"Cryptographic approaches involve an authenticated registry that maps IP prefixes to their proper origin autonomous systems."[1] Global cooperation between the autonomous systems is required so that registries can be actively built and maintained, requiring the use of a public key infrastructure that secures and distributes the registry.[1] Because parts of the operational community cannot be trusted and due to some inaccuracies, the creation of registries suffer.[1] Cryptographic solutions, however, are hard to deploy because of the need to change the Border Gateway Protocol system.[1]

Anomaly Detection

Systems have been developed that include anomaly detection algorithms. These algorithms discover origin autonomous system attacks and invalid paths by looking at the past history of valid routes.[1] Another mechanism, called the soft-response mechanism, combines with the algorithm to slow the spread of anomalous routes so that humans can have enough time repair the invalid routes before traffic increases and is spread unnecessarily.[1] Additionally, in combination with the algorithm and mechanism, an alert system has been designed which spreads the alert notifications to multiple operators not including the local operator, because other operators are the ones who have the ability to repair an invalid route.[1]

See Also


  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 Karlin, Josh, Stephanie Forrest, and Jennifer Rexford. "Autonomous Security for Autonomous Systems." Computer Networks 52.15 (2008). SciVerse Science Direct. Web. 15 Dec. 2011.
  2. Wikipedia entry on Autonomous Systems
  3. Tony Bates, Philip Smith, Geoff Huston · (date) · CIDR report · work · 2010-09-17
  4. 4.0 4.1 4.2

(back to index)