1 / 14

Internet Routing Anomaly Monitoring System

Internet Routing Anomaly Monitoring System. Dongkee LEE. Overview. Current Status 2003-1 Dump analysis. Future works. Current Status. Tutorials on BGP analysis are provided. Inferring AS relationships in the internet. Understanding BGP Misconfigurations. MOAS Conflicts.

gus
Download Presentation

Internet Routing Anomaly Monitoring System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet Routing Anomaly Monitoring System Dongkee LEE ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  2. Overview. • Current Status • 2003-1 Dump analysis. • Future works ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  3. Current Status. • Tutorials on BGP analysis are provided. • Inferring AS relationships in the internet. • Understanding BGP Misconfigurations. • MOAS Conflicts. • Detecting Cold Potatoes. • Visit IRAM project web page. • http://an.kaist.ac.kr/~dklee/research/iram ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  4. Current Status. • Some useful scripts are provided. • MRT-2.0.2 • http://www.mrtd.net/ • route-btoa • bgptools. • http://nms.lcs.mit.edu/software/bgp/bgptools/ • Houda Khammari’s scripts. • Scripts for counting updates/withdrawals, • detecting routing loops. ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  5. Current Status. • BGP peering with kaist-border router is completed. • Survey on BGP anomalies is now under way. ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  6. Dump analysis – (1) • Dump overview. • ftp://archive.routeviews.org/bgpdata/2003.01/RIBS • 2003, 1, 23 – 26 ~ 9.4GB. • Route_btoa machine output ~ 4.9GB per day. • ftp://archive.routeviews.org/bgpdata/2003.01/UPDATES • before : after = 1.00 : 0.0886 • After uncompression ~ Total 4GB. • route_btoa machine output ~ 14GB. Feb 1 2003 updates.20030131.2338.bz2 75498 Feb 1 2003 updates.20030131.2338 852016 ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  7. Dump analysis – (2) • count_daily_updates.pl foreach (@files) { open BGP_DATA_FILE, $_ or die "cannot open $_ : $!" ; while(<BGP_DATA_FILE>) { my @args = split(/\|/,$_); my $Type = @args[2]; # Update Type if ($Type =~ 'A'){ $a++; } else { #( $Type =~ 'W'){ $w++; } } } ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  8. Dump analysis – (3) • count_daily_updates.pl, results ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  9. Dump analysis – (3) • What was going on 20030102 ? During 15 minutes, 5586650 announcements 2342 withdrawals For the same prefix 24 different announcements From different peer AS. ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  10. Dump analysis – (4) • detect_loops.pl my @ases = split(/\s+/,$ASPath); my $i = 0; my $j = 0; for($i = 0; $i < @ases ; $i++){ my $x = @ases[$i]; for($j = 0; $j < @ases ; $j++){ if ((@ases[$j] == $x ) && ($i != $j) && (@ases[$j] != @ases[$i+1]) && (@ases[$j] != @ases[$i-1])){ print TMP "@ases[$j] \n"; } } } ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  11. Dump analysis – (5) • detect_loops.pl, results • 1, 23 10204 16287 3249 6770 8634 • 1, 24 ’’ ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  12. Future works – (1) • Web view is required. (~ 11/5) Providing Dump accesses RIBS/ UPDATES with Daily statistics including #Updates/Withdrawals. #Routing loops. ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  13. Future works – (2) • Negotiate with other-net admins for EBGP peering. It’s not a technical problem but a political problem! ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

  14. The END ETRI meeting (Oct 26, 2004) -- Dongkee LEE (dklee@an.kaist.ac.kr)

More Related