Home page logo
/

nanog logo nanog mailing list archives

SUMMARY: BGP Analytics
From: Timothy Brown <tim () tux org>
Date: Tue, 3 Jun 2003 22:09:13 -0400


I want to thank everyone for the volume of responses I received on this 
topic.

I was already aware of the work the Akamai and Sockeye keiretsus were 
doing with BGP analysis, but thanks for the pointers.  I was also familiar 
with CAIDA's efforts.

Nick Feamster and Dave Andersen (lcs.mit.edu) had input on a system they 
are involved with at http://bgp.lcs.mit.edu/.  Zebra is used, with dumps 
of BGP data in MRTd format.  This data is collected and stuffed into a 
database, which can be plotted or viewed as appropriate.  This was, by 
far, the most common solution presented (with only minor variations).  
There appear to be several already prebuilt tools designed for dealing 
with data in MRTd format, both by lcs as well as other groups.

Tim Rand (ohsu.edu) suggested Juniper's source- and 
destination-class-utilization features as effective methods for traffic 
coming from specific autonomous system paths.  Our network isn't 
Juniper-based, but this is good information.

Andre Gironda (eBay) suggested a dump of the BGP update messages using a 
tool like tcpdump, then replaying them to zebra, presumably to avoid zebra 
interaction directly with the core network.

Several papers were suggested indirectly or directly discussing BGP 
analysis:

        http://citeseer.nj.nec.com/andersen02topology.html
        http://citeseer.nj.nec.com/wang02observation.html
        http://citeseer.nj.nec.com/pei02improving.html
        http://citeseer.nj.nec.com/463603.html

For those with questions about what I sought to do, I was looking to
perform some arbitrary plots of regular expressions over time; show me
paths that look like ^AS(x)_AS(y)$ [that are defined as best path] as
opposed to ^AS(y)$ [that are not defined as best path] and graph the
acceptance of those paths based on other factors (local preference, etc).  
For instance, if I was choosing transit via AS(x) for destination AS(y),
even though I was directly connected to AS(y), i'd want to know for how
many paths I was doing that for.  In an ideal world, this data would be
available via SNMP (for easy integration with existing toolsets).  There
are, of course, a ton of other analyses people want to do with BGP (some
of which are even getting done).

I've decided to build my own toolset for these purposes, building on the 
work of the concepts presented above.  If you are an interested developer 
or would like to contribute some time to developing such an open-source 
toolset, please contact me off-list.

Thanks again for all the input.

Best regards,
Tim


  By Date           By Thread  

Current thread:
  • SUMMARY: BGP Analytics Timothy Brown (Jun 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault