1/40

Isolario: the real-time Internet routingobservatory

Alessandro Improta Luca Sanialessandro.improta@iit.cnr.it luca.sani@iit.cnr.it

2/40

What we aim to do

Research field

Internet inter-domain measurementand analysis

Why?

- 1969 - ARPANET

- 1985 - NSFNET

- 1995 - Commercial Internet

Since then, its real structure became hidden, as well as its potentialstructural weaknesses

3/40

Why is it important to reveal the Internet structure?

To understand how packets are routed in the InternetIdentify routes involving non-national ISPsIdentify the importance of each AS in the ecosystemUnderstand the effects of catastrophic events (or malicious attacks)

To create economy-based models of the global Internet growthStudy the effectiveness of p2p connectionsBuild more realistic topology generators to simulate the Internet

To properly select peers and diversify upstream providers basedon their connectivity

Increase network robustnessSelect data centers for server replicas...

4/40

Why is it important to reveal the Internet structure?

... plan an optimal inter-domain network configuration to maintain anacceptable level of service in case of malicious or unintentional faults

5/40

The AS-level abstraction

Example of ASes

AS 137 GARR

AS 2598 Isolario

AS 15169 Google

AS 16667 MGM Resorts Intl

AS 21115 Nestle Italia

AS 38474 AU Government(Antarctic Division)

Interconnected ASes

Why the AS-level?

The AS-level Internet ecosystem is a gold mine of problems whosesolutions can provide a deep understanding of critical issues (e.g.,resilience, behavior under real-world threats, future evolution) [1]

[1] M. Roughan et al., 10 Lessons from 10 Years of Measuring and Modeling the Internet’s Autonomous Systems, JSAC 2012

6/40

Classic BGP route collector concept

A Route Collector (RC) is adevice which collects BGP

routing data fromco-operating ASes

RCs only collect routing information and not user traffic

7/40

BGP route collector projects

University of Oregon Route Views ProjectRoute Views was originally conceived as a tool for Internet operators to obtain real-timeinformation about the global routing system from the perspectives of several differentbackbones and locations around the Internet. It collects BGP packets since 1997, in MRTformat since 1997http://www.routeviews.org

RIPE NCC Routing Information Service (RIS)The RIPE NCC collects and stores Internet routing data from several locations around theglobe, using RIS. It collects BGP packets in MRT format since 1999https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris

Packet Clearing House (PCH)PCH is the international organization responsible for providing operational support andsecurity to critical Internet infrastructure, including Internet exchange points and the coreof the domain name system. It operates route collectors at more than 100 IXPs aroundthe world and its data is made available in MRT format since 2011https://www.pch.net/resources/Raw Routing Data

8/40

BGP Route Collector Status (Oct 2016)

TotalN. of RC 19 17 123 159

N. of v4 feeders 281 358 1887 2526N. of v6 feeders 197 228 1148 1573

9/40

Feeder Contribution (v4)

0

0.2

0.4

0.6

0.8

1

100 101 102 103 104 105 106 107 108 109 1010

P(X

>x)

x = Number of IP addresses

RouteViewsRIS

PCH

Only 343 IPv4 feeders announce to the RCs their full routing table

10/40

Feeder Contribution (v6)

0

0.2

0.4

0.6

0.8

1

100 105 1010 1015 1020 1025 1030 1035

P(X

>x)

x = Number of IP addresses

RouteViewsRIS

PCH

Only 267 IPv6 feeders announce to the RCs their full routing table

11/40

Full feeder geographical distribution

Data collected represent mostly the Internet as viewedfrom Europe and North America than the real Internet

12/40

Feeder characterization

About 80% of full feeders have a degree higher than 100

13/40

Conclusions on data analysis

Conclusions

Several p2p-connectivity is hidden from RC sight

Several Internet regions are basically uncovered

The typical profile of an ideal feeder is a multi-homed stub AS

Questions

Why there is a scarcity of participation to classical route collectorprojects?

How to attract new participants?

Is it just a case poor “marketing”?

14/40

Isolario project

Objective: push more ASes to join

The more the ASes, the more the completeness of public BGP data

Isolario - The Book of Islands

”where we discuss about all islands of theworld, with their ancient and modern names,

histories, tales and way of living...”

Benedetto Bordone(Italian cartographer)

Approach: Do-ut-des

Participants open a BGP session with Isolario providing the BGP fullrouting table and its evolution over time

In change, Isolario offers real-time and historic analysis applicationsbased on the aggregation of every routing information collected

15/40

Data we plan to provide to research community

MRT data (same format as RIPE RIS, Route Views, · · · )1 RIB feeder snapshots every 2 hours

2 UPDATE collections every 5 minutes

https://isolario.it/Isolario_MRT_data/

Periodic analyses (daily, weekly, monthly, · · · )1 AS-level Topologies (Global and Geographic)

2 AS characteristics

3 Feeder contribution

4 Total coverage of RCs

16/40

Enhanced BGP Route Collector

Incoming flows are duplicated as soon as they arrive and feed both theInteractive Collecting Engine (ICE) and service modules

As usual, RCs only collect routing information and not user traffic

17/40

Isolario system overview

Incoming BGP flows are used as real-time streamsfor services dedicated to participants

Results are provided to users via WebSockets

18/40

Isolario free services for feeders

Every feeder has free access to a set of services tailored to monitor andanalyse BGP data coming into Isolario system

Real-time services

BGP flow viewer

Routing table viewer

Website reachability

Subnet reachability

Historic services

Routing table viewer

Subnet reachability

Diagnostic services

Alerting system

Daily report

19/40

Real-time services

Real-time services allow to monitor BGPdata flowing into Isolario system

20/40

Routing table viewer

Allows to analyse in real-time the routes that a feeder is currentlyannouncing to Isolario to reach a portion of the IP space

21/40

BGP flow view

Allows to monitor the flow of BGP UPDATE packets arriving to Isolario

Reports in real-time flapping events occuring on any subnetadvertised into the flow

22/40

Subnet reachability

Allows to analyse in real-time the routes that every Isolario feederis announcing to Isolario to reach a portion of the IP space

The more the feeders, the more SR is useful!

23/40

Isolario real-time visualisation with BGPlay

BGPlay is an open-source tool for the visualisation of BGP routing

Thanks to the close collaboration with Massimo Candela (RIPE NCC)we integrated in Isolario the BGPlay real-time version(http://bgplay.massimocandela.com)

BGPlay is currentlyintegrated in SR

24/40

BGPlay real-time

http://bgplay.massimocandela.com

25/40

Diagnostic services

Diagnostic services exploit incoming BGP flows and/or historicdata to report anomalies of the inter-domain routing status

26/40

Alerting system

Alerting system

BGP attributes: BGP UPDATEs matching attributes of interest

Flap events: a prefix UPDATE rate is larger than a threshold

Hijack attempts: BGP UPDATEs hijacking a feeder subnet

Prefix reachability: (un)reachability of prefixes of interest

27/40

Daily report

Summary about the feederinter-domain routing status as

perceived by the Isolario system

For example...

Routing statistics

#Announce, #Withdrawn

Most (un)stable prefixes

Reachability statistics

Inbound reachability

BGP attributes statistics

AS path anomalies

28/40

Daily report: Summary of statistics

29/40

Historic services

Historic services exploit every BGP data available(Route Views, RIPE NCC RIS, Isolario)to show how routes evolved in the past

30/40

Historic services

Applications

Routing table viewer: Allows to analyse portion(s) of the routingtable that each feeder announced to Isolario

Subnet reachability: Allows to analyse the reachability of the IPspace portions from every feeder available in the past

31/40

Summary: how to use Isolario?

Real-time services

Something is happeningHow is my RIB(s) evolving?

How is my reachability affected?

Historic services

Something happenedHow was my RIB(s) evolving?

How was my reachability affected?

Alerting System

Something is happening NOW!Check real-time services!

Do something! (if needed)

Daily report

Did something happen yesterday?Check historic services!

Do something! (if needed)

32/40

Summary: how to use Isolario?

Real-time services

Something is happeningHow is my RIB(s) evolving?

How is my reachability affected?

Historic services

Something happenedHow was my RIB(s) evolving?

How was my reachability affected?

Alerting System

Something is happening NOW!Check real-time services!

Do something! (if needed)

Daily report

Did something happen yesterday?Check historic services!

Do something! (if needed)

Please, try Isolario real-time services!

https://www.isolario.it

Username: guestPassword: guest

33/40

Current status

Feeders

38 ASes

1 AE, 1 BR, 1 CH, 4 DE, 1 EE, 24 IT, 1 MX, 1 NL, 2 UK, 3 US

50 IPv4 sessions

36 IPv6 sessions

Hardware (everything located in Pisa, IT)

6 route collectors (Dell PowerEdge R420/R430)

1 real-time core (Dell PowerEdge R620)

1 non real-time core (Dell PowerEdge R810)

4 storages (Dell PowerEdge R420/R430)

1 webserver (Dell PowerEdge R420)

34/40

Open-source software (C++)

ICE - Interactive Collecting Engine

Interactive BGP route collecting software

Establishes and maintains BGP sessions, dumps MRT files

Multithread and – thus – very responsive to human/automaticqueries!

Possibility to activate LZW-like compression to reduce memoryconsumption

MDR - MRT Data Reader

Tool to parse MRT files (RIB snapshots and updates)

Easy to integrate in custom software

35/40

Open-source software (C++)

AD - AS Detailer

Tool to map AS numbers to AS names

Takes as input a mapping list between ASes and their name (e.g.potaroo.net list [1])

e.g. 3356 → LEVEL3 - Level 3 Communications, Inc.

SG - Subnet Geolocator

Tool to map subnets and/or ASes to continents/countries

Takes as input a mapping list e.g. the GeoLite City DB provided byMaxMind [2]

e.g. 223.64.0.0/11 → CN|HK

e.g. 37514 → KE

[1] http://bgp.potaroo.net/cidr/autnums.html[2] http://geolite.maxmind.com/download/geoip/database/GeoLiteCity_CSV/GeoLiteCity-latest.zip (v4)

http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.csv.gz (v6)

36/40

Future directions

37/40

IXPs services

We started a discussion with IXP people about possible services that couldbe useful for IXP participants

Real-time looking glass

An enhanced version of the classic looking-glass software

Real-time visualization of routing events

A BGP session is established between the router and ICE

Queries are handled by ICE and not by the router

e.g. Real-time monitoring of route-server BGP tables

(Almost) Zero-configuration alerting service

Notify IXP participants whenever a routing event (i.e. a BGP UPDATE)involving his/her networks is received by Isolario route collectors

38/40

Global deployment of route collectors

39/40

Global deployment of route collectors

Distribute route collectors at several locations around the world

Route collector anycast

Multiple web servers?

Collaborations

Packet Clearing House (PCH)

UniLaSalle (Brazil)

We are open to any kind of collaboration

Main objective

To improve the knowledge of Internet structures ofdeveloping/third-world countries

To improve the effectiveness of monitoring services

40/40

Thank you for your attention

Join us and help us to unveil the Internet AS-level structure!

To participate, contact us at:info@isolario.it