aa

• secure peering.• RIB table dump by attributes in order to save space.

ReferencesReferences1. RouteViews, http://www.routeviews.org/2. RIPE, http://www.ripe.net/ris3. M. Welsh, D. Culler, and E. Brewer. SEDA: An Architecture for Well- Conditioned, Scalable

Internet Services. In the Proceedings of the 18th Symposium on Operation Systems Principles, October 2001.

BGP Data CollectionBGP Data Collection

BGP Monitoring System (BGPMon)BGP Monitoring System (BGPMon)

Our SolutionOur Solution

BGPMon ArchitectureBGPMon Architecture Data in XMLData in XML

Ongoing and future workOngoing and future work

• BGPMon functionalities: 1) collects ALL information receive from BGP routers by peering with them, 2) labels BGP updates, 3) provides customizable BGP data to end users or other BGPMons in XML format, and 4) periodically logs the data.

• The system adopts a modular event-driven design; the data is shared among modules in a producer and consumer way.

• Record data in a both human and machine readable format by increasing affordable storage space

• XML is a common interface to other applications. Various existing tools can be used to process data.

• Easy to add new feature by simply insert a new tag.

Rib UpdaterBGP Peer Monitor

Updates in BMF (No Label )

R ib Tables in BMF

BMF (BGPMon Format )

XML

Updates in BMF (With Label )

Updates Convertor( BMF to

XML )

Update Logger

Updates in XML

Update Logs in

XML

BGP

Rib Logs in

XML

Rib Convertor (BMF to XMl ) and Logger

Client

Client

Rib Convertor (BMF to XMl)

Updates Convertor(XML to BMF )

Client

BGPMonBGPMon

BGPMonBGPMon

BGPMon CompositionBGPMon Composition

BGPMon

BGPMon BGPMon

Logs Logs

Client

ClientClient

XML

BGP

• The BGPMon is chainable: Each BGPMon can provide or send data to other BGPMons.

• The root BGPMon is able to monitor large number of BGP routers through consolidating feeds from regions

• Address handling of RIB table contents when peer session lost.

• Integrate with PHAS, share with NetViews team

Format Raw (Bytes) /MRT size Compressed /MRT size

XML 15,606,616 7.7 243,405 1.46

bgpdump 5,742,039 2.8 243,107 1.46

MRT 2,024,614 1.0 167,050 1.00

updates

BGP Peer Session

Collectors

Central ServerBGP data

ISPBGP Routers

ASAS

ASAS

ASAS

ASAS

ASAS

ASAS

ribs

• Hundreds of peers• Millions of updates per day per peer• More than 200,000 entries in each peer’s rib

• Hundreds of peers• Millions of updates per day per peer• More than 200,000 entries in each peer’s rib

<?xml version="1.0"?><bgp><message> <time>2007-03-22T19:00:07Z</time> <source_as>65001</source_as> <source_ip>129.82.138.4</source_ip> <destination_as>65009</destination_as> <destination_ip>129.82.47.109</destination_ip> <address_family>1</address_family> <interface_index>0</interface_index> <update> <path_attributes> <origin> <transitive/> <igp value='0'/> </origin> <as_path> <transitive/> <as_sequence>65001 14041 3356 22351

</as_sequence> </as_path> <next_hop> <transitive/> <value>129.82.138.4</value> </next_hop> </path_attributes> <nlri> <prefix label=“NANN”>82.206.163/24</prefix> </nlri> </update></message>

Main ChallengesMain Challenges

• BGP data is an essential resource for researchers and operators in Internet routing.

• BGP data collection systems passively collect BGP data from Internet BGP routers.

• BGP data collection system samples: RouteViews and RIPE.

• 40 publications cite RouteViews [CiteSeer].

• 615 documents list RouteViews as references [Google Scholar].

• BGP data is an essential resource for researchers and operators in Internet routing.

• BGP data collection systems passively collect BGP data from Internet BGP routers.

• BGP data collection system samples: RouteViews and RIPE.

• 40 publications cite RouteViews [CiteSeer].

• 615 documents list RouteViews as references [Google Scholar]. Users

Collection system: RouteViews/RIPE

BGP data is large!BGP data is large!• Improve the current infrastructureImprove the current infrastructure -- introduce fewer measurement artifacts (lack of reset messages, inability to clearly identify table transfers, peering session failures etc)

• Scale the monitoring systemScale the monitoring system -- be able to peer with more routers

• Add real-time access to data Add real-time access to data over current delay of hours

• Support for protocol changes and Support for protocol changes and featuresfeatures -- secure peering, new BGP attributes, etc.

• Better organize the resulting dataBetter organize the resulting data for long term storage and ease of use by researchers

• Improve the current infrastructureImprove the current infrastructure -- introduce fewer measurement artifacts (lack of reset messages, inability to clearly identify table transfers, peering session failures etc)

• Scale the monitoring systemScale the monitoring system -- be able to peer with more routers

• Add real-time access to data Add real-time access to data over current delay of hours

• Support for protocol changes and Support for protocol changes and featuresfeatures -- secure peering, new BGP attributes, etc.

• Better organize the resulting dataBetter organize the resulting data for long term storage and ease of use by researchers

• Design a lightweight software Design a lightweight software focus on accurately and reliably collecting and storing BGP data ( no forwarding tables, route announcements etc)

• Provide chainable feature Provide chainable feature to support regional deployment and scalability

• Allow users directly connect to Allow users directly connect to systemsystem to get real-time data for specific peers and/or prefixes

• Log data in an extendable and Log data in an extendable and human-readable XML formathuman-readable XML format to easily support new BGP attributes.

• Label BGP data and organize it into a Label BGP data and organize it into a single file for each peer’s daily data single file for each peer’s daily data to facilitate researcher..

• Design a lightweight software Design a lightweight software focus on accurately and reliably collecting and storing BGP data ( no forwarding tables, route announcements etc)

• Provide chainable feature Provide chainable feature to support regional deployment and scalability

• Allow users directly connect to Allow users directly connect to systemsystem to get real-time data for specific peers and/or prefixes

• Log data in an extendable and Log data in an extendable and human-readable XML formathuman-readable XML format to easily support new BGP attributes.

• Label BGP data and organize it into a Label BGP data and organize it into a single file for each peer’s daily data single file for each peer’s daily data to facilitate researcher..

Yan Chen, He Yan, Dave Matthews, Dan Massey (Colorado State University)Lan Wang (University of Memphis)Lixia Zhang (UCLA)http://netsec.colostate.edu/bgpmonitor

Comparing the sizes of 15 minutes’ BGP updates in various formats