BGPFuzz: Automated Configuration Fuzzing of the Border Gateway Protocol
Chenlu Zhang, Amirmohammad Pasdar, Van-Thuan Pham
TL;DR
The paper tackles the problem of misconfigurations in BGP causing outages by introducing BGPFuzz, a structure-aware and stateful fuzzing framework. It combines grammar-based mutation, runtime state feedback, and multi-oracle anomaly detection to automatically generate and validate BGP configurations in a virtualized environment, avoiding disruption of real networks. The approach yields improved bug discovery and input validity over random fuzzing, demonstrating its potential to uncover realistic misconfiguration-induced faults like max-prefix violations and sub-prefix hijacks. This work lays the groundwork for scalable, automated validation of BGP configurations with practical impact for operators and researchers alike.
Abstract
Telecommunications networks rely on configurations to define routing behavior, especially in the Border Gateway Protocol (BGP), where misconfigurations can lead to severe outages and security breaches, as demonstrated by the 2021 Facebook outage. Unlike existing approaches that rely on synthesis or verification, our work offers a cost-effective method for identifying misconfigurations resulting from BGP's inherent complexity or vendor-specific implementations. We present BGPFuzz, a structure-aware and stateful fuzzing framework that systematically mutates BGP configurations and evaluates their effects in virtualized network. Without requiring predefined correctness properties as in static analysis, BGPFuzz detects anomalies through runtime oracles that capture practical symptoms such as session resets, blackholing, and traffic redirection. Our experiments show that BGPFuzz can reliably reproduce and detect known failures, including max-prefix violations and sub-prefix hijacks.