Is BGP Update Storm a Sign of Trouble: Observing the Internet Control and Data Planes During Internet Worms

In this paper, we studied BGP update storms during three well-known Internet worms—Code Red, Nimda, and Slammer—and found that while BGP update storms occurred in all three worms, the performance of the data plane degraded during the Slammer worm but did not during the Code Red and Nimda worms. While it is certainly important to pay attention to the occurrence of BGP update storms, our results show that a BGP update storm does not necessarily map to data plane disruption.
Future work includes further investigation on exactly what factors from the control plane caused the data plane degradation during the Slammer worm, especially given that there is no significant degradation during the other two worms. We have also studied the impact on the data plane by artificially introducing routing changes, which we call “mild stress,” and it would be useful to compare the results from both severe stress and mild stress.

Read the article in pdf format and related post on wormblog.