A Longitudinal Study of BGP MOAS Prefixes

An IP prefix can be announced on the Internet from multiple endpoints, possibly leading to so-called MOAS (MultipleOrigin AS) prefixes. Long-lived MOASes are traditionally considered to be the result of network topology engineering such as prefix multihoming. Short-lived MOAS are commonly attributed to be the result of router misconfigurations. In this article, we look at MOAS prefixes in the long term and seek the patterns behind these situations. We first revisit previous work by looking at the duration of MOAS events. We group these events according to the prefix announced and show that shortlived MOASes are not due to misconfigurations, but to origin instability or route flapping. We also identify topology patterns that result in MOAS prefixes and use them to classify these events. We show that, contrary to popular belief, multihoming is neither the main use case leading to MOAS, nor the most popular pattern. Finally, we look at the evolution of these observations by analysing data collected 10 years apart.