Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
1/40
Isolario: the real-time Internet routingobservatory
Alessandro Improta Luca [email protected] [email protected]
2/40
What we aim to do
Research field
Internet inter-domain measurementand analysis
Why?
- 1969 - ARPANET
- 1985 - NSFNET
- 1995 - Commercial Internet
Since then, its real structure became hidden, as well as its potentialstructural weaknesses
3/40
Why is it important to reveal the Internet structure?
To understand how packets are routed in the InternetIdentify routes involving non-national ISPsIdentify the importance of each AS in the ecosystemUnderstand the effects of catastrophic events (or malicious attacks)
To create economy-based models of the global Internet growthStudy the effectiveness of p2p connectionsBuild more realistic topology generators to simulate the Internet
To properly select peers and diversify upstream providers basedon their connectivity
Increase network robustnessSelect data centers for server replicas...
4/40
Why is it important to reveal the Internet structure?
... plan an optimal inter-domain network configuration to maintain anacceptable level of service in case of malicious or unintentional faults
5/40
The AS-level abstraction
Example of ASes
AS 137 GARR
AS 2598 Isolario
AS 15169 Google
AS 16667 MGM Resorts Intl
AS 21115 Nestle Italia
AS 38474 AU Government(Antarctic Division)
Interconnected ASes
Why the AS-level?
The AS-level Internet ecosystem is a gold mine of problems whosesolutions can provide a deep understanding of critical issues (e.g.,resilience, behavior under real-world threats, future evolution) [1]
[1] M. Roughan et al., 10 Lessons from 10 Years of Measuring and Modeling the Internet’s Autonomous Systems, JSAC 2012
6/40
Classic BGP route collector concept
A Route Collector (RC) is adevice which collects BGP
routing data fromco-operating ASes
RCs only collect routing information and not user traffic
7/40
BGP route collector projects
University of Oregon Route Views ProjectRoute Views was originally conceived as a tool for Internet operators to obtain real-timeinformation about the global routing system from the perspectives of several differentbackbones and locations around the Internet. It collects BGP packets since 1997, in MRTformat since 1997http://www.routeviews.org
RIPE NCC Routing Information Service (RIS)The RIPE NCC collects and stores Internet routing data from several locations around theglobe, using RIS. It collects BGP packets in MRT format since 1999https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris
Packet Clearing House (PCH)PCH is the international organization responsible for providing operational support andsecurity to critical Internet infrastructure, including Internet exchange points and the coreof the domain name system. It operates route collectors at more than 100 IXPs aroundthe world and its data is made available in MRT format since 2011https://www.pch.net/resources/Raw Routing Data
8/40
BGP Route Collector Status (Oct 2016)
TotalN. of RC 19 17 123 159
N. of v4 feeders 281 358 1887 2526N. of v6 feeders 197 228 1148 1573
9/40
Feeder Contribution (v4)
0
0.2
0.4
0.6
0.8
1
100 101 102 103 104 105 106 107 108 109 1010
P(X
>x)
x = Number of IP addresses
RouteViewsRIS
PCH
Only 343 IPv4 feeders announce to the RCs their full routing table
10/40
Feeder Contribution (v6)
0
0.2
0.4
0.6
0.8
1
100 105 1010 1015 1020 1025 1030 1035
P(X
>x)
x = Number of IP addresses
RouteViewsRIS
PCH
Only 267 IPv6 feeders announce to the RCs their full routing table
11/40
Full feeder geographical distribution
Data collected represent mostly the Internet as viewedfrom Europe and North America than the real Internet
12/40
Feeder characterization
About 80% of full feeders have a degree higher than 100
13/40
Conclusions on data analysis
Conclusions
Several p2p-connectivity is hidden from RC sight
Several Internet regions are basically uncovered
The typical profile of an ideal feeder is a multi-homed stub AS
Questions
Why there is a scarcity of participation to classical route collectorprojects?
How to attract new participants?
Is it just a case poor “marketing”?
14/40
Isolario project
Objective: push more ASes to join
The more the ASes, the more the completeness of public BGP data
Isolario - The Book of Islands
”where we discuss about all islands of theworld, with their ancient and modern names,
histories, tales and way of living...”
Benedetto Bordone(Italian cartographer)
Approach: Do-ut-des
Participants open a BGP session with Isolario providing the BGP fullrouting table and its evolution over time
In change, Isolario offers real-time and historic analysis applicationsbased on the aggregation of every routing information collected
15/40
Data we plan to provide to research community
MRT data (same format as RIPE RIS, Route Views, · · · )1 RIB feeder snapshots every 2 hours
2 UPDATE collections every 5 minutes
https://isolario.it/Isolario_MRT_data/
Periodic analyses (daily, weekly, monthly, · · · )1 AS-level Topologies (Global and Geographic)
2 AS characteristics
3 Feeder contribution
4 Total coverage of RCs
16/40
Enhanced BGP Route Collector
Incoming flows are duplicated as soon as they arrive and feed both theInteractive Collecting Engine (ICE) and service modules
As usual, RCs only collect routing information and not user traffic
17/40
Isolario system overview
Incoming BGP flows are used as real-time streamsfor services dedicated to participants
Results are provided to users via WebSockets
18/40
Isolario free services for feeders
Every feeder has free access to a set of services tailored to monitor andanalyse BGP data coming into Isolario system
Real-time services
BGP flow viewer
Routing table viewer
Website reachability
Subnet reachability
Historic services
Routing table viewer
Subnet reachability
Diagnostic services
Alerting system
Daily report
19/40
Real-time services
Real-time services allow to monitor BGPdata flowing into Isolario system
20/40
Routing table viewer
Allows to analyse in real-time the routes that a feeder is currentlyannouncing to Isolario to reach a portion of the IP space
21/40
BGP flow view
Allows to monitor the flow of BGP UPDATE packets arriving to Isolario
Reports in real-time flapping events occuring on any subnetadvertised into the flow
22/40
Subnet reachability
Allows to analyse in real-time the routes that every Isolario feederis announcing to Isolario to reach a portion of the IP space
The more the feeders, the more SR is useful!
23/40
Isolario real-time visualisation with BGPlay
BGPlay is an open-source tool for the visualisation of BGP routing
Thanks to the close collaboration with Massimo Candela (RIPE NCC)we integrated in Isolario the BGPlay real-time version(http://bgplay.massimocandela.com)
BGPlay is currentlyintegrated in SR
24/40
BGPlay real-time
http://bgplay.massimocandela.com
25/40
Diagnostic services
Diagnostic services exploit incoming BGP flows and/or historicdata to report anomalies of the inter-domain routing status
26/40
Alerting system
Alerting system
BGP attributes: BGP UPDATEs matching attributes of interest
Flap events: a prefix UPDATE rate is larger than a threshold
Hijack attempts: BGP UPDATEs hijacking a feeder subnet
Prefix reachability: (un)reachability of prefixes of interest
27/40
Daily report
Summary about the feederinter-domain routing status as
perceived by the Isolario system
For example...
Routing statistics
#Announce, #Withdrawn
Most (un)stable prefixes
Reachability statistics
Inbound reachability
BGP attributes statistics
AS path anomalies
28/40
Daily report: Summary of statistics
29/40
Historic services
Historic services exploit every BGP data available(Route Views, RIPE NCC RIS, Isolario)to show how routes evolved in the past
30/40
Historic services
Applications
Routing table viewer: Allows to analyse portion(s) of the routingtable that each feeder announced to Isolario
Subnet reachability: Allows to analyse the reachability of the IPspace portions from every feeder available in the past
31/40
Summary: how to use Isolario?
Real-time services
Something is happeningHow is my RIB(s) evolving?
How is my reachability affected?
Historic services
Something happenedHow was my RIB(s) evolving?
How was my reachability affected?
Alerting System
Something is happening NOW!Check real-time services!
Do something! (if needed)
Daily report
Did something happen yesterday?Check historic services!
Do something! (if needed)
32/40
Summary: how to use Isolario?
Real-time services
Something is happeningHow is my RIB(s) evolving?
How is my reachability affected?
Historic services
Something happenedHow was my RIB(s) evolving?
How was my reachability affected?
Alerting System
Something is happening NOW!Check real-time services!
Do something! (if needed)
Daily report
Did something happen yesterday?Check historic services!
Do something! (if needed)
Please, try Isolario real-time services!
https://www.isolario.it
Username: guestPassword: guest
33/40
Current status
Feeders
38 ASes
1 AE, 1 BR, 1 CH, 4 DE, 1 EE, 24 IT, 1 MX, 1 NL, 2 UK, 3 US
50 IPv4 sessions
36 IPv6 sessions
Hardware (everything located in Pisa, IT)
6 route collectors (Dell PowerEdge R420/R430)
1 real-time core (Dell PowerEdge R620)
1 non real-time core (Dell PowerEdge R810)
4 storages (Dell PowerEdge R420/R430)
1 webserver (Dell PowerEdge R420)
34/40
Open-source software (C++)
ICE - Interactive Collecting Engine
Interactive BGP route collecting software
Establishes and maintains BGP sessions, dumps MRT files
Multithread and – thus – very responsive to human/automaticqueries!
Possibility to activate LZW-like compression to reduce memoryconsumption
MDR - MRT Data Reader
Tool to parse MRT files (RIB snapshots and updates)
Easy to integrate in custom software
35/40
Open-source software (C++)
AD - AS Detailer
Tool to map AS numbers to AS names
Takes as input a mapping list between ASes and their name (e.g.potaroo.net list [1])
e.g. 3356 → LEVEL3 - Level 3 Communications, Inc.
SG - Subnet Geolocator
Tool to map subnets and/or ASes to continents/countries
Takes as input a mapping list e.g. the GeoLite City DB provided byMaxMind [2]
e.g. 223.64.0.0/11 → CN|HK
e.g. 37514 → KE
[1] http://bgp.potaroo.net/cidr/autnums.html[2] http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity-latest.zip (v4)
http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.csv.gz (v6)
36/40
Future directions
37/40
IXPs services
We started a discussion with IXP people about possible services that couldbe useful for IXP participants
Real-time looking glass
An enhanced version of the classic looking-glass software
Real-time visualization of routing events
A BGP session is established between the router and ICE
Queries are handled by ICE and not by the router
e.g. Real-time monitoring of route-server BGP tables
(Almost) Zero-configuration alerting service
Notify IXP participants whenever a routing event (i.e. a BGP UPDATE)involving his/her networks is received by Isolario route collectors
38/40
Global deployment of route collectors
39/40
Global deployment of route collectors
Distribute route collectors at several locations around the world
Route collector anycast
Multiple web servers?
Collaborations
Packet Clearing House (PCH)
UniLaSalle (Brazil)
We are open to any kind of collaboration
Main objective
To improve the knowledge of Internet structures ofdeveloping/third-world countries
To improve the effectiveness of monitoring services
40/40
Thank you for your attention
Join us and help us to unveil the Internet AS-level structure!
To participate, contact us at:[email protected]