BGPStream: A Software Framework for Live and Historical BGP Data Analysis

Authors:
Chiara Orsini

CAIDA, UC San Diego, San Diego, CA, USA

CAIDA, UC San Diego, San Diego, CA, USA
View Profile

,
Alistair King

CAIDA, UC San Diego, San Diego, CA, USA

CAIDA, UC San Diego, San Diego, CA, USA
View Profile

,
Danilo Giordano

Politecnico di Torino, Torino, Italy

Politecnico di Torino, Torino, Italy
View Profile

,
Vasileios Giotsas

CAIDA, UC San Diego, San Diego, CA, USA

CAIDA, UC San Diego, San Diego, CA, USA
View Profile

,
Alberto Dainotti

CAIDA, UC San Diego, San Diego, CA, USA

CAIDA, UC San Diego, San Diego, CA, USA
View Profile

IMC '16: Proceedings of the 2016 Internet Measurement ConferenceNovember 2016Pages 429–444https://doi.org/10.1145/2987443.2987482

Published:14 November 2016Publication History

IMC '16: Proceedings of the 2016 Internet Measurement Conference

Pages 429–444

ABSTRACT

We present BGPStream, an open-source software framework for the analysis of both historical and real-time Border Gateway Protocol (BGP) measurement data. Although BGP is a crucial operational component of the Internet infrastructure, and is the subject of research in the areas of Internet performance, security, topology, protocols, economics, etc., there is no efficient way of processing large amounts of distributed and/or live BGP measurement data. BGPStream fills this gap, enabling efficient investigation of events, rapid prototyping, and building complex tools and large-scale monitoring applications (e.g., detection of connectivity disruptions or BGP hijacking attacks). We discuss the goals and architecture of BGPStream. We apply the components of the framework to different scenarios, and we describe the development and deployment of complex services for global Internet monitoring that we built on top of it.

References

Apache Kafka. http://kafka.apache.org/, 2015.Google Scholar
Apache Spark. http://spark.apache.org/, 2015.Google Scholar
Colorado State University. BGPmon. http://www.bgpmon.io/, 2015.Google Scholar
E. Aben. Has the Routability of Longer-than-/24 Prefixes Changed? https://labs.ripe.net/Members/emileaben/has-the-routability-of-longer-than-24-prefixes-changed, September 2015.Google Scholar
S. Anisseh. Internet Topology Characterizationon on AS Level. Master's thesis, KTH, School of Electrical Engineering, 10 2012.Google Scholar
ARBOR Networks. ATLAS Q2 2015 Global DDoS Attack Trends. https://resources.arbornetworks.com/h/i/110843942-atlas-q2-2015-global-ddos-attack-trends, 2014.Google Scholar
G. D. Battista, M. Rimondini, and G. Sadolfo. Monitoring the status of MPLS VPN and VPLS based on BGP signaling information. In Network Operations and Management Symposium (NOMS), 2012 IEEE, pages 237--244. IEEE, 2012.Google ScholarCross Ref
D. Bernard. Iraqi Internet Experiencing 'Strange' Outages. http://www.voanews.com/content/iraqi-internet-experiencing-strange-outages/2921135.html, 2015.Google Scholar
L. Blunk, M. Karir, and C. Labovitz. Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format. RFC 6396 (Proposed Standard), Oct. 2011.Google Scholar
R. Bush, O. Maennel, M. Roughan, and S. Uhlig. Internet optometry: assessing the broken glasses in internet reachability. In Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, pages 242--253. ACM, 2009. Google ScholarDigital Library
CAIDA. BGPStream. https://github.com/CAIDA/bgpstream, 2016.Google Scholar
CAIDA. BGPStream. https://bgpstream.caida.org/, 2016.Google Scholar
CAIDA. CAIDA BGP Hackathon 2016. https://www.caida.org/workshops/bgp-hackathon/1602/, 2016.Google Scholar
CAIDA. Supplemental data: BGPStream: a software framework for live and historical BGP data analysis. http://www.caida.org/publications/papers/2016/bgpstream/supplemental/, 2016.Google Scholar
R. Chandra, P. Traina, and T. Li. BGP Communities Attribute. RFC 1997 (Proposed Standard), Aug. 1996. Updated by RFC 7606. Google ScholarDigital Library
Cisco Systems. Remotely Triggered Black Holed Filtering. http://www.cisco.com/c/dam/enus/about/security/intelligence/blackhole.pdf, 2005.Google Scholar
kc claffy. The 8th Workshop on Active Internet Measurements (AIMS8) Report. ACM SIGCOMM Computer Communication Review (CCR), Jul 2016.Google Scholar
M. Cosovic, S. Obradovic, and L. Trajkovic. Performance evaluation of BGP anomaly classifiers. In Digital Information, Networking, and Wireless Communications (DINWC), 2015 Third International Conference on, pages 115--120. IEEE, 2015.Google Scholar
J. Cowie. The New Threat: Targeted Internet Traffic Misdirection. http://research.dyn.com/2013/11/mitm-internet-hijacking/, 2013.Google Scholar
A. Dainotti. HIJACKS: Detecting and Characterizing Internet Traffic Interception based on BGP Hijacki http://www.caida.org/funding/hijacks/, 2014. Funding source: NSF CNS-1423659.Google Scholar
A. Dainotti. North Korean Internet outages observed. http://blog.caida.org/best available data/2014/12/23/north-korean-internet-outages-observed/, 2014.Google Scholar
A. Dainotti and V. Asturiano. Under the Telescope: Time Warner Cable Internet Outage. http://blog.caida.org/best available data/2014/08/29/under-the-telescope-time-warner-cable-internet-outage/, 2014.Google Scholar
A. Dainotti and K. Claffy. Detection and analysis of large-scale Internet infrastructure outages (IODA). http://www.caida.org/funding/ioda/, 2012. Funding source: NSF CNS-1228994.Google Scholar
A. Dainotti, A. King, C. Orsini, and V. Asturiano. BGPStream: a framework for BGP data analysis. https://ripe70.ripe.net/presentations/55-bgpstream.pdf, 2015.Google Scholar
C. Dietzel, A. Feldmann, and T. King. Blackholing at ixps: On the effectiveness of ddos mitigation in the wild. In Passive and Active Network Measurement (PAM), pages 319--332. Springer, 2016.Google Scholar
B. Donnet and O. Bonaventure. On BGP communities. SIGCOMM Comput. Commun. Rev., 38(2):55--59, 2008. Google ScholarDigital Library
J. Durand, I. Pepelnjak, and G. Doering. BGP Operations and Security. RFC 7454 (Best Current Practice), Feb. 2015.Google Scholar
Dyn Research. Routing alarms. http://research.dyn.com/products/routing-alarms/.Google Scholar
Dyn Research. Iraq has had 12 govt-directed Internet blackouts since 27-Jun. https://twitter.com/DynResearch/status/629393185517666305, 2015.Google Scholar
T. Evens. OpenBMP. http://http://www.openbmp.org/, 2015.Google Scholar
Exa-Networks. ExaBGP. https://github.com/Exa-Networks/exabgp, 2015.Google Scholar
S. Gallagher. Iraqi government shut down Internet to prevent exam cheating? http://arstechnica.com/tech-policy/2015/06/iraqi-government-shut-down-internet-to-prevent-exam-cheating/,2015.Google Scholar
L. Gao and F. Wang. The extent of as path inflation by routing policies. In Global Telecommunications Conference, 2002. GLOBECOM'02. IEEE, volume 3, pages 2180--2184. IEEE, 2002.Google Scholar
V. Giotsas, M. Luckie, B. Huffaker, et al. Inferring complex as relationships. In Proceedings of the 2014 Conference on Internet Measurement Conference, pages 23--30. ACM, 2014. Google ScholarDigital Library
X. Hu and Z. M. Mao. Accurate real-time identification of ip prefix hijacking. In Security and Privacy, 2007. SP'07. IEEE Symposium on, pages 3--17. IEEE, 2007. Google ScholarDigital Library
Q. Jacquemart, G. Urvoy-Keller, and E. Biersack. A longitudinal study of bgp moas prefixes. In Traffic Monitoring and Analysis, pages 127--138. Springer, 2014.Google ScholarCross Ref
E. Karaarslan, A. G. Perez, and C. Siaterlis. Recreating a Large-Scale BGP Incident in a Realistic Environment. In Information Sciences and Systems 2013, pages 349--357. Springer, 2013.Google Scholar
D. E. Knuth. The Art of Computer Programming, Volume 3: (2Nd Ed.) Sorting and Searching. Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, USA, 1998. Google ScholarDigital Library
W. Kumari and D. McPherson. Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding (uRPF). RFC 5635 (Informational), Aug. 2009.Google Scholar
C. Labovitz, A. Ahuja, S. Venkatachary, and R. Wattenhofer. The Impact of Internet Policy and Topology on Delayed Routing Convergence. In 20th Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), April 2001.Google Scholar
M. Lad, D. Massey, D. Pei, Y. Wu, B. Zhang, and L. Zhang. Phas: A prefix hijack alert system. In Proceedings of the 15th Conference on USENIX Security Symposium, 2006. Google ScholarDigital Library
M. Luckie. Spurious routes in public bgp data. ACM SIGCOMM Computer Communication Review, 44(3):14--21, 2014. Google ScholarDigital Library
M. Luckie, B. Huffaker, A. Dhamdhere, V. Giotsas, and k claffy. AS relationships, customer cones, and validation. In IMC, Oct. 2013. Google ScholarDigital Library
A. Lutu, M. Bagnulo, J. Cid-Sueiro, and O. Maennel. Separating wheat from chaff: Winnowing unintended prefixes using machine learning. In INFOCOM, 2014 Proceedings IEEE, pages 943--951. IEEE, 2014.Google ScholarCross Ref
D. Madory. The Vast World of Fraudulent Routing. http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/, 2015.Google Scholar
R. Mazloum, M.-O. Buob, J. Auge, B. Baynat, D. Rossi, and T. Friedman. Violation of interdomain routing assumptions. In Passive and Active Measurement, pages 173--182. Springer, 2014. Google ScholarDigital Library
NetworkX Developers. NetworkX. https://networkx.github.io, 2015.Google Scholar
U. of Oregon. Route Views Project. http://www.routeviews.org/, 2015.Google Scholar
PCH. Packet Clearing House. http://www.pch.net/, 2015.Google Scholar
Quagga. Quagga Routing Software Suite. http://www.nongnu.org/quagga/, 2015.Google Scholar
B. Quoitin, C. Pelsser, L. Swinnen, O. Bonaventure, and S. Uhlig. Interdomain traffic engineering with bgp. Communications Magazine, IEEE, 41(5):122--128, 2003. Google ScholarDigital Library
Y. Rekhter, T. Li, and S. Hares. A Border Gateway Protocol 4 (BGP-4). RFC 4271 (Draft Standard), Jan. 2006. Updated by RFCs 6286, 6608, 6793, 7606, 7607.Google Scholar
P. Richter. Classification of origin AS behavior based on BGP update streams. Master's thesis, Technische Universitat Berlin, 2010. Bachelor Thesis.Google Scholar
RIPE NCC. libBGPdump. https://bitbucket.org/ripencc/bgpdump, 2015.Google Scholar
RIPE NCC. RIPE Atlas: A Global Internet Measurement Network. The Internet Protocol Journal, 18(3), September 2015.Google Scholar
RIPE NCC. Routing Information Service (RIS). https://www.ripe.net/analyse/internet-measurements/routing-information-service-ris, 2015.Google Scholar
D. Schatzmann, B. Plattner, and W. Mühlbauer. Identification of Connectivity Issues in Large Networks using Data Plane Information.Google Scholar
J. Scudder, R. Fernando, and S. Stuart. BGP Monitoring Protocol. Internet-Draft draft-ietf-grow-bmp-14.txt, IETF Secretariat, Aug. 2015.Google Scholar
R. Steenbergen and T. Scholl. BGP Communities: A Guide for Service Provider Networks . NANOG 40, Bellevue, Washington, June 2007.Google Scholar
C. Q. Sun and P. F. Ding. Optimization Techniques of Traceroute Measurement Based on BGP Routing Table. In Applied Mechanics and Materials, volume 303, pages 2062--2067. Trans Tech Publ, 2013.Google ScholarCross Ref
D. Turk. Configuring BGP to Block Denial-of-Service Attacks. RFC 3882 (Informational), Sept. 2004.Google Scholar
M. Wählisch, O. Maennel, and T. C. Schmidt. Towards detecting bgp route hijacking using the rpki. ACM SIGCOMM Computer Communication Review, 42(4):103--104, 2012. Google ScholarDigital Library
H. Yan, R. Oliveira, K. Burnett, D. Matthews, L. Zhang, and D. Massey. BGPmon: A real-time, scalable, extensible monitoring system. In CATCH'09. Cybersecurity Applications & Technology, pages 212--223. IEEE, 2009. Google ScholarDigital Library
X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang. An analysis of bgp multiple origin as (moas) conflicts. In Proceedings of the 1st ACM SIGCOMM Workshop on Internet Measurement, IMW '01, pages 31--35, New York, NY, USA, 2001. ACM. Google ScholarDigital Library

Index Terms

BGPStream: A Software Framework for Live and Historical BGP Data Analysis
1. Networks
  1. Network performance evaluation
    1. Network measurement
  2. Network services
    1. Network monitoring

Recommendations

Optimal Route Reflection Topology Design
LANC '18: Proceedings of the 10th Latin America Networking Conference

Autonomous Systems (ASes) exchange routing information about networks they can reach in the Internet, and the most widely extended way to connect them is by means of Border Gateway Protocol (BGP) sessions. ASes set up external BGP (eBGP) sessions ...
Read More
AMIR: Another Multipath Interdomain Routing
AINA '12: Proceedings of the 2012 IEEE 26th International Conference on Advanced Information Networking and Applications

Multipath routing is an important and promising technique to increase the Internet's reliability and to give users greater control over the service they receive. Currently the interdomain routing protocol limits each router to using a single route for a ...
Read More
An Approach to Discover the Stable Routes in BGP Confederations

This article describes how the current internet is a network of interconnected autonomous systems which is susceptible to route instability when transferring data. The BGP confederation is the essential intra-domain routing protocol that may cause ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IMC '16: Proceedings of the 2016 Internet Measurement Conference
November 2016
570 pages
ISBN:9781450345262
DOI:10.1145/2987443
General Chairs:
Phillipa Gill
University of Massachusetts--Amherst
,
John Heidemann
USC/ISI
,
Program Chairs:
John W. Byers
Boston University
,
Ramesh Govindan
USC
Copyright © 2016 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 14 November 2016
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
bgp measurement
bgp monitoring
internet measurement
internet routing
network measurement
network monitoring
real-time monitoring
Qualifiers
- research-article
Conference

Acceptance Rates
IMC '16 Paper Acceptance Rate48of184submissions,26%Overall Acceptance Rate277of1,083submissions,26%
More
Upcoming Conference
IMC '24

Sponsor:

sigcomm

sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 62
  Total Citations
  View Citations
- 5,538
  Total Downloads
- Downloads (Last 12 months)1,816
- Downloads (Last 6 weeks)423
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

BGPStream: A Software Framework for Live and Historical BGP Data Analysis

IMC '16: Proceedings of the 2016 Internet Measurement Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

Optimal Route Reflection Topology Design

AMIR: Another Multipath Interdomain Routing

An Approach to Discover the Stable Routes in BGP Confederations