ABSTRACT
We present BGPStream, an open-source software framework for the analysis of both historical and real-time Border Gateway Protocol (BGP) measurement data. Although BGP is a crucial operational component of the Internet infrastructure, and is the subject of research in the areas of Internet performance, security, topology, protocols, economics, etc., there is no efficient way of processing large amounts of distributed and/or live BGP measurement data. BGPStream fills this gap, enabling efficient investigation of events, rapid prototyping, and building complex tools and large-scale monitoring applications (e.g., detection of connectivity disruptions or BGP hijacking attacks). We discuss the goals and architecture of BGPStream. We apply the components of the framework to different scenarios, and we describe the development and deployment of complex services for global Internet monitoring that we built on top of it.
- Apache Kafka. http://kafka.apache.org/, 2015.Google Scholar
- Apache Spark. http://spark.apache.org/, 2015.Google Scholar
- Colorado State University. BGPmon. http://www.bgpmon.io/, 2015.Google Scholar
- E. Aben. Has the Routability of Longer-than-/24 Prefixes Changed? https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed, September 2015.Google Scholar
- S. Anisseh. Internet Topology Characterizationon on AS Level. Master's thesis, KTH, School of Electrical Engineering, 10 2012.Google Scholar
- ARBOR Networks. ATLAS Q2 2015 Global DDoS Attack Trends. https://resources.arbornetworks.com/h/i/110843942-atlas-q2-2015-global-ddos-attack-trends, 2014.Google Scholar
- G. D. Battista, M. Rimondini, and G. Sadolfo. Monitoring the status of MPLS VPN and VPLS based on BGP signaling information. In Network Operations and Management Symposium (NOMS), 2012 IEEE, pages 237--244. IEEE, 2012.Google ScholarCross Ref
- D. Bernard. Iraqi Internet Experiencing 'Strange' Outages. http://www.voanews.com/content/iraqi-internet-experiencing-strange-outages/2921135.html, 2015.Google Scholar
- L. Blunk, M. Karir, and C. Labovitz. Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format. RFC 6396 (Proposed Standard), Oct. 2011.Google Scholar
- R. Bush, O. Maennel, M. Roughan, and S. Uhlig. Internet optometry: assessing the broken glasses in internet reachability. In Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, pages 242--253. ACM, 2009. Google ScholarDigital Library
- CAIDA. BGPStream. https://github.com/CAIDA/bgpstream, 2016.Google Scholar
- CAIDA. BGPStream. https://bgpstream.caida.org/, 2016.Google Scholar
- CAIDA. CAIDA BGP Hackathon 2016. https://www.caida.org/workshops/bgp-hackathon/1602/, 2016.Google Scholar
- CAIDA. Supplemental data: BGPStream: a software framework for live and historical BGP data analysis. http://www.caida.org/publications/papers/2016/bgpstream/supplemental/, 2016.Google Scholar
- R. Chandra, P. Traina, and T. Li. BGP Communities Attribute. RFC 1997 (Proposed Standard), Aug. 1996. Updated by RFC 7606. Google ScholarDigital Library
- Cisco Systems. Remotely Triggered Black Holed Filtering. http://www.cisco.com/c/dam/enus/about/security/intelligence/blackhole.pdf, 2005.Google Scholar
- kc claffy. The 8th Workshop on Active Internet Measurements (AIMS8) Report. ACM SIGCOMM Computer Communication Review (CCR), Jul 2016.Google Scholar
- M. Cosovic, S. Obradovic, and L. Trajkovic. Performance evaluation of BGP anomaly classifiers. In Digital Information, Networking, and Wireless Communications (DINWC), 2015 Third International Conference on, pages 115--120. IEEE, 2015.Google Scholar
- J. Cowie. The New Threat: Targeted Internet Traffic Misdirection. http://research.dyn.com/2013/11/mitm-internet-hijacking/, 2013.Google Scholar
- A. Dainotti. HIJACKS: Detecting and Characterizing Internet Traffic Interception based on BGP Hijacki http://www.caida.org/funding/hijacks/, 2014. Funding source: NSF CNS-1423659.Google Scholar
- A. Dainotti. North Korean Internet outages observed. http://blog.caida.org/best available data/2014/12/23/north-korean-internet-outages-observed/, 2014.Google Scholar
- A. Dainotti and V. Asturiano. Under the Telescope: Time Warner Cable Internet Outage. http://blog.caida.org/best available data/2014/08/29/under-the-telescope-time-warner-cable-internet-outage/, 2014.Google Scholar
- A. Dainotti and K. Claffy. Detection and analysis of large-scale Internet infrastructure outages (IODA). http://www.caida.org/funding/ioda/, 2012. Funding source: NSF CNS-1228994.Google Scholar
- A. Dainotti, A. King, C. Orsini, and V. Asturiano. BGPStream: a framework for BGP data analysis. https://ripe70.ripe.net/presentations/55-bgpstream.pdf, 2015.Google Scholar
- C. Dietzel, A. Feldmann, and T. King. Blackholing at ixps: On the effectiveness of ddos mitigation in the wild. In Passive and Active Network Measurement (PAM), pages 319--332. Springer, 2016.Google Scholar
- B. Donnet and O. Bonaventure. On BGP communities. SIGCOMM Comput. Commun. Rev., 38(2):55--59, 2008. Google ScholarDigital Library
- J. Durand, I. Pepelnjak, and G. Doering. BGP Operations and Security. RFC 7454 (Best Current Practice), Feb. 2015.Google Scholar
- Dyn Research. Routing alarms. http://research.dyn.com/products/routing-alarms/.Google Scholar
- Dyn Research. Iraq has had 12 govt-directed Internet blackouts since 27-Jun. https://twitter.com/DynResearch/status/629393185517666305, 2015.Google Scholar
- T. Evens. OpenBMP. http://http://www.openbmp.org/, 2015.Google Scholar
- Exa-Networks. ExaBGP. https://github.com/Exa-Networks/exabgp, 2015.Google Scholar
- S. Gallagher. Iraqi government shut down Internet to prevent exam cheating? http://arstechnica.com/tech-policy/2015/06/iraqi-government-shut-down-internet-to-prevent-exam-cheating/,2015.Google Scholar
- L. Gao and F. Wang. The extent of as path inflation by routing policies. In Global Telecommunications Conference, 2002. GLOBECOM'02. IEEE, volume 3, pages 2180--2184. IEEE, 2002.Google Scholar
- V. Giotsas, M. Luckie, B. Huffaker, et al. Inferring complex as relationships. In Proceedings of the 2014 Conference on Internet Measurement Conference, pages 23--30. ACM, 2014. Google ScholarDigital Library
- X. Hu and Z. M. Mao. Accurate real-time identification of ip prefix hijacking. In Security and Privacy, 2007. SP'07. IEEE Symposium on, pages 3--17. IEEE, 2007. Google ScholarDigital Library
- Q. Jacquemart, G. Urvoy-Keller, and E. Biersack. A longitudinal study of bgp moas prefixes. In Traffic Monitoring and Analysis, pages 127--138. Springer, 2014.Google ScholarCross Ref
- E. Karaarslan, A. G. Perez, and C. Siaterlis. Recreating a Large-Scale BGP Incident in a Realistic Environment. In Information Sciences and Systems 2013, pages 349--357. Springer, 2013.Google Scholar
- D. E. Knuth. The Art of Computer Programming, Volume 3: (2Nd Ed.) Sorting and Searching. Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, USA, 1998. Google ScholarDigital Library
- W. Kumari and D. McPherson. Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF). RFC 5635 (Informational), Aug. 2009.Google Scholar
- C. Labovitz, A. Ahuja, S. Venkatachary, and R. Wattenhofer. The Impact of Internet Policy and Topology on Delayed Routing Convergence. In 20th Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), April 2001.Google Scholar
- M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang. Phas: A prefix hijack alert system. In Proceedings of the 15th Conference on USENIX Security Symposium, 2006. Google ScholarDigital Library
- M. Luckie. Spurious routes in public bgp data. ACM SIGCOMM Computer Communication Review, 44(3):14--21, 2014. Google ScholarDigital Library
- M. Luckie, B. Huffaker, A. Dhamdhere, V. Giotsas, and k claffy. AS relationships, customer cones, and validation. In IMC, Oct. 2013. Google ScholarDigital Library
- A. Lutu, M. Bagnulo, J. Cid-Sueiro, and O. Maennel. Separating wheat from chaff: Winnowing unintended prefixes using machine learning. In INFOCOM, 2014 Proceedings IEEE, pages 943--951. IEEE, 2014.Google ScholarCross Ref
- D. Madory. The Vast World of Fraudulent Routing. http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/, 2015.Google Scholar
- R. Mazloum, M.-O. Buob, J. Auge, B. Baynat, D. Rossi, and T. Friedman. Violation of interdomain routing assumptions. In Passive and Active Measurement, pages 173--182. Springer, 2014. Google ScholarDigital Library
- NetworkX Developers. NetworkX. https://networkx.github.io, 2015.Google Scholar
- U. of Oregon. Route Views Project. http://www.routeviews.org/, 2015.Google Scholar
- PCH. Packet Clearing House. http://www.pch.net/, 2015.Google Scholar
- Quagga. Quagga Routing Software Suite. http://www.nongnu.org/quagga/, 2015.Google Scholar
- B. Quoitin, C. Pelsser, L. Swinnen, O. Bonaventure, and S. Uhlig. Interdomain traffic engineering with bgp. Communications Magazine, IEEE, 41(5):122--128, 2003. Google ScholarDigital Library
- Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard), Jan. 2006. Updated by RFCs 6286, 6608, 6793, 7606, 7607.Google Scholar
- P. Richter. Classification of origin AS behavior based on BGP update streams. Master's thesis, Technische Universitat Berlin, 2010. Bachelor Thesis.Google Scholar
- RIPE NCC. libBGPdump. https://bitbucket.org/ripencc/bgpdump, 2015.Google Scholar
- RIPE NCC. RIPE Atlas: A Global Internet Measurement Network. The Internet Protocol Journal, 18(3), September 2015.Google Scholar
- RIPE NCC. Routing Information Service (RIS). https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris, 2015.Google Scholar
- D. Schatzmann, B. Plattner, and W. Mühlbauer. Identification of Connectivity Issues in Large Networks using Data Plane Information.Google Scholar
- J. Scudder, R. Fernando, and S. Stuart. BGP Monitoring Protocol. Internet-Draft draft-ietf-grow-bmp-14.txt, IETF Secretariat, Aug. 2015.Google Scholar
- R. Steenbergen and T. Scholl. BGP Communities: A Guide for Service Provider Networks . NANOG 40, Bellevue, Washington, June 2007.Google Scholar
- C. Q. Sun and P. F. Ding. Optimization Techniques of Traceroute Measurement Based on BGP Routing Table. In Applied Mechanics and Materials, volume 303, pages 2062--2067. Trans Tech Publ, 2013.Google ScholarCross Ref
- D. Turk. Configuring BGP to Block Denial-of-Service Attacks. RFC 3882 (Informational), Sept. 2004.Google Scholar
- M. Wählisch, O. Maennel, and T. C. Schmidt. Towards detecting bgp route hijacking using the rpki. ACM SIGCOMM Computer Communication Review, 42(4):103--104, 2012. Google ScholarDigital Library
- H. Yan, R. Oliveira, K. Burnett, D. Matthews, L. Zhang, and D. Massey. BGPmon: A real-time, scalable, extensible monitoring system. In CATCH'09. Cybersecurity Applications & Technology, pages 212--223. IEEE, 2009. Google ScholarDigital Library
- X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang. An analysis of bgp multiple origin as (moas) conflicts. In Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, IMW '01, pages 31--35, New York, NY, USA, 2001. ACM. Google ScholarDigital Library
Index Terms
- BGPStream: A Software Framework for Live and Historical BGP Data Analysis
Recommendations
Optimal Route Reflection Topology Design
LANC '18: Proceedings of the 10th Latin America Networking ConferenceAutonomous Systems (ASes) exchange routing information about networks they can reach in the Internet, and the most widely extended way to connect them is by means of Border Gateway Protocol (BGP) sessions. ASes set up external BGP (eBGP) sessions ...
AMIR: Another Multipath Interdomain Routing
AINA '12: Proceedings of the 2012 IEEE 26th International Conference on Advanced Information Networking and ApplicationsMultipath routing is an important and promising technique to increase the Internet's reliability and to give users greater control over the service they receive. Currently the interdomain routing protocol limits each router to using a single route for a ...
An Approach to Discover the Stable Routes in BGP Confederations
This article describes how the current internet is a network of interconnected autonomous systems which is susceptible to route instability when transferring data. The BGP confederation is the essential intra-domain routing protocol that may cause ...
Comments