a framework for historical analysis and real 4me
play

a framework for historical analysis and real-4me monitoring of BGP - PowerPoint PPT Presentation

May 08, 2023 •282 likes •887 views

a framework for historical analysis and real-4me monitoring of BGP data Chiara Orsini, Alistair King, Danilo Giordano, Vasileios Giotsas, Alberto Dainotti alistair@caida.org CAIDA, UC San Diego BGPSTREAM BGP data analysis for the masses

  1. a framework for historical analysis and real-4me monitoring of BGP data Chiara Orsini, Alistair King, Danilo Giordano, Vasileios Giotsas, Alberto Dainotti alistair@caida.org CAIDA, UC San Diego

  2. BGPSTREAM BGP data analysis for the masses • Open source libraries, APIs and tools for live and historical BGP data analysis • Simple API • Versa?le • Facilitates reproducibility and repeatability • Real?me monitoring • Stable: h"ps:/ /bgpstream.caida.org 2

  3. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 3

  4. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 wget http://archive.org/xyz/abc/file.mrt 
 4

  5. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 wget http://archive.org/xyz/abc/file.mrt 
 bgpdump -m file.mrt | my_parser.py 5

  6. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 wget http://archive.org/xyz/abc/file.mrt 
 bgpdump -m file.mrt | my_parser.py 6

  7. THE BGPSTREAM FRAMEWORK An overview 7

  8. THE BGPSTREAM FRAMEWORK An overview Metadata Broker 8

  9. THE BGPSTREAM FRAMEWORK An overview Metadata User Libraries Broker 9

  10. THE BGPSTREAM FRAMEWORK An overview Metadata User Libraries Broker metadata crawler Public HTTP … Data Archives 10

  11. THE BGPSTREAM FRAMEWORK An overview metadata query Metadata User Libraries Broker metadata crawler Public HTTP … Data Archives 11

  12. THE BGPSTREAM FRAMEWORK An overview metadata query Metadata User Libraries Broker MRT data (via HTTP) metadata crawler Public HTTP … Data Archives 12

  13. THE BGPSTREAM FRAMEWORK An overview metadata query User Code Python API Metadata User Libraries libBGPStream Broker MRT data (via HTTP) metadata crawler Public HTTP … Data Archives 13

  14. THE BGPSTREAM FRAMEWORK Stacked view 14

  15. THE BGPSTREAM FRAMEWORK Stacked view 1 15

  16. THE BGPSTREAM FRAMEWORK Stacked view 2 1 16

  17. THE BGPSTREAM FRAMEWORK Stacked view 3 2 1 17

  18. BGPSTREAM USER LIBRARY libBGPStream • Issues queries to metadata broker • Retrieves data directly from Data Providers • Currently supports MRT (RFC 6396) • De-mul?plexes data from many sources into a single stream • Provides ?me-ordered sor?ng 18

  19. RECORDS & ELEMS ExtracAng informaAon from MRT BGPStream Record Function Field Type • BGPStream Record : project name (e.g., Route Views) project string collector string collector name (e.g., rrc00) RIB or Updates type enum dump time long time the containing dump was begun • Encapsulates an MRT record first, middle, or last record of a dump position enum time long timestamp of the MRT record status enum record validity flag • Adds metadata (e.g. collector) de-serialized MRT record MRT record struct • MRT records (may) contain info for mul?ple BGPStream Elem Table 1: BGPStream elem fields. peers/prefixes Function Field Type route from a RIB dump, an- type enum nouncement, withdrawal, or state • E.g. routes to a single prefix from mulOple peers message time long timestamp of MRT record in a RIB dump IP address of the VP peer address struct AS number of the VP peer ASN long IP prefix prefix* struct • Records are decomposed into BGPStream Elems: IP address of the next hop next hop* struct AS path AS path* struct community attribute community* struct • E.g. prefix announcement from a single peer FSM state (before the change) old state* enum FSM state (after the change) new state* enum * denotes a field conditionally populated based on 19

  20. C API Specifying a stream 20

  21. C API Specifying a stream 21

  22. C API Specifying a stream 22

  23. C API Specifying a stream 23

  24. C API Consuming the stream 24

  25. C API Consuming the stream 25

  26. C API Consuming the stream 26

  27. PYTHON BINDINGS - CASE STUDY Studying AS path inflaAon using PyBGPStream How many AS paths are longer than the shortest path between two ASes? from _pybgpstream import BGPStream, BGPRecord, BGPElem 1 from collections import defaultdict 2 AS path length discrepancy PMF from itertools import groupby 3 import networkx as nx 4 0.8 5 0.7 stream = BGPStream() 6 as_graph = nx.Graph() 7 0.6 rec = BGPRecord() 8 bgp_lens = defaultdict(lambda: defaultdict(lambda: None)) 9 0.5 lin stream.add_filter(’record-type’,’ribs’) 10 0.4 stream.add_interval_filter(1438415400,1438416600) 11 stream.start() 12 30 LINES OF PYTHON CODE 0.3 13 while(stream.get_next_record(rec)): 14 0.2 elem = rec.get_next_elem() 15 0.1 0.1 while(elem): 16 monitor = str(elem.peer_asn) 17 10 -2 hops = [k for k, g in groupby(elem.fields[’as-path’].split(" "))] 18 10 -3 if len(hops) > 1 and hops[0] == monitor: 19 origin = hops[-1] 20 log 10 -4 for i in range(0,len(hops)-1): 21 as_graph.add_edge(hops[i],hops[i+1]) 22 10 -5 bgp_lens[monitor][origin] = \ 23 10 -6 min(filter(bool,[bgp_lens[monitor][origin],len(hops)])) 24 elem = rec.get_next_elem() 25 10 -7 for monitor in bgp_lens: 26 0 1 2 3 4 5 6 7 8 9 10 11 for origin in bgp_lens[monitor]: 27 AS path length difference[d] nxlen = len(nx.shortest_path(as_graph, monitor, origin)) 28 print monitor, origin, bgp_lens[monitor][origin], nxlen 29 27

  28. PY BGPSTREAM Python bindings • Single script includes data specifica?on and analysis logic: • Enhances reproducibility/repeatability • All of the power of the C API, available in Python 28

  29. PYTHON BINDINGS - CASE STUDY Timely reacAve measurements • We monitor c ommunity-based black-holing • Vic?m of DoS aWack announces prefix with special community aPribute to request neighbors drop traffic • We trigger traceroutes to characterize the black-holing event (using 50-100 probes per event) • probed 253 vic?ms (90-95% of black-holing events) while black-holing in effect • C ombined passive control-plane and ac2ve data-plane measurements to capture and inves2gate transient rou2ng policies 29

  30. BGP CORSARO ConAnuous realAme monitoring Hijacking of AS137 (GARR) - Jan 2015* • Plugin-based tool for processing live BGP data • Con?nuously extracts derived data from BGPStream in regular 2me bins • Incl. “prefix-monitor” sample plugin • Monitor your own address space • How many prefixes/origin ASes? *originally described by Dyn Research: http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/ 30

  31. BIG DATA BGP data analysis for the 1% • “Students can write scripts to analyze BGP data, but I need to do REAL analysis…” • We conducted a proof-of-concept study using PyBGPStream with Apache Spark: • Analyzed 15 years of data: • one RIB per month • all Route Views and RIPE RIS collectors • > 3000 RIBs, ~44 billion BGPStream Elems • See the paper for more details about lessons learned • PyBGPStream/Spark template script: hWps:/ /github.com/CAIDA/bgpstream 31

  32. BIG DATA - CASE STUDIES RouAng table size over Ame # IPv4 pre fj xes 500k 400k 300k 200k 100k 0 2002 2004 2006 2008 2010 2012 2014 2016 32

  33. BIG DATA - CASE STUDIES Transit ASes over Ame Transit ASNs % (IPv4) Transit ASNs % (IPv6) 60K 60 # ASNs (IPv4) # ASNs (IPv6) 50K 50 40K 40 Transit ASNs % # ASNs 30K 30 20K 20 10K 10 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 33 (c)

  34. BIG DATA - CASE STUDIES Transit ASes over Ame Transit ASNs % (IPv4) Transit ASNs % (IPv6) 60K 60 # ASNs (IPv4) # ASNs (IPv6) 50K 50 40K 40 Transit ASNs % # ASNs 30K 30 20K 20 10K 10 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 34 (c)

  35. BIG DATA - CASE STUDIES Transit ASes over Ame Transit ASNs % (IPv4) Transit ASNs % (IPv6) 60K 60 # ASNs (IPv4) # ASNs (IPv6) 50K 50 40K 40 Transit ASNs % # ASNs 30K 30 20K 20 10K 10 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 35 (c)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate Engine + Fabric Offline Develop initial monitoring query Back-test Progressive Non-temporal analysis Interactive Query Authoring

383 views • 15 slides
Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Framework Bounded Delay Resource Model Schedulability Analysis Utilization Bounds Component Abstraction Conclusion Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of Pennsylvania 15 November

362 views • 33 slides
Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V.

Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V.

Typhoon: An SDN Enhanced Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V. Lakshman, and Jacobus Van der Merwe 1 Big Data Era Big data analysis is increasingly common Recommendation systems

860 views • 63 slides
A FRAMEWORK FOR CAPACITY ANALYSIS D E B B I E S H E E T Z P R I N C I P A L C O N S U L T A N

A FRAMEWORK FOR CAPACITY ANALYSIS D E B B I E S H E E T Z P R I N C I P A L C O N S U L T A N

A FRAMEWORK FOR CAPACITY ANALYSIS D E B B I E S H E E T Z P R I N C I P A L C O N S U L T A N T M B I S O L U T I O N S (c) MBI Solutions 2016 2 CAPACITY ANALYSIS FRAMEWORK What are the essential steps of a Capacity Study? 1. Obtain

656 views • 44 slides
RCB: A Simple and Practical Framework for Real-time Collaborative Browsing Chuan Yue, Zi Chu, and

RCB: A Simple and Practical Framework for Real-time Collaborative Browsing Chuan Yue, Zi Chu, and

RCB: A Simple and Practical Framework for Real-time Collaborative Browsing Chuan Yue, Zi Chu, and Haining Wang The College of William and Mary End-user Real-time Communication 2 Document Sharing and Collaboration Adobe Buzzword 3 Web

636 views • 28 slides
Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is

Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is

Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is about taking functions and realizing them or approximating them in terms of periodic (trig) functions. Many, many practical applications. Def: R = {

191 views • 17 slides
Real - Time Face Recognition on Jetson Tx2 using TensorRT Tamas Grobler 11 . 10 . 2017 GTC Table

Real - Time Face Recognition on Jetson Tx2 using TensorRT Tamas Grobler 11 . 10 . 2017 GTC Table

Real - Time Face Recognition on Jetson Tx2 using TensorRT Tamas Grobler 11 . 10 . 2017 GTC Table of Contents The The Problem Results Conclusion solution Real Time Video Recognition Testing Method Real Time Analysis Framework Recognition

263 views • 15 slides
Tax Expenditures: Concept expenditure analysis by TRD. and Framework for Analysis Goal: To

Tax Expenditures: Concept expenditure analysis by TRD. and Framework for Analysis Goal: To

This research is part of a multi-year, tax- Tax Expenditures: Concept expenditure analysis by TRD. and Framework for Analysis Goal: To provide in-depth analysis to the Legislature and the Executive. Thomas F. Pogue Part of TRD's

530 views • 17 slides
The Step2Smart Platform for Historical and Real -Time Transport Analytics and Traffic

The Step2Smart Platform for Historical and Real -Time Transport Analytics and Traffic

Nicosia, 28-29 Mar. 2019 The Step2Smart Platform for Historical and Real -Time Transport Analytics and Traffic Management Dr. S. E. Christodoulou & M. Tsaggaris University of Cyprus, Dept. of Civil and Environmental Engineering

111 views • 9 slides
Framework) Behrouz Saghafi N-mode Analysis (Tensor Framework) Drawback of 1-mode analysis (e.g.

Framework) Behrouz Saghafi N-mode Analysis (Tensor Framework) Drawback of 1-mode analysis (e.g.

N-mode Analysis (Tensor Framework) Behrouz Saghafi N-mode Analysis (Tensor Framework) Drawback of 1-mode analysis (e.g. PCA): Captures the variance among just a single factor Our training set contains changes in more than 1 factor:

409 views • 16 slides
Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

CPSC-663: Real-Time Systems Linux, Preemption, and Real-Time Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time Performance of Linux (L. Abeni , A. Goel, C. Krasic, J. Snow, J. Walpole) [RTAS

472 views • 9 slides
Analysis Analysis of Analysis Analysis of of a Real Case Study : of a Real Case Study : a

Analysis Analysis of Analysis Analysis of of a Real Case Study : of a Real Case Study : a

Analysis Analysis of Analysis Analysis of of a Real Case Study : of a Real Case Study : a Real Case Study : a Real Case Study : the the WORKPAD Project WORKPAD Project j Introduction Introduction d Requirements Engineering

1.18k views • 89 slides
LUNA: Hard Real-Time, Multi-Threaded, CSP-Capable Execution Framework M. M. Bezemer R. J. W.

LUNA: Hard Real-Time, Multi-Threaded, CSP-Capable Execution Framework M. M. Bezemer R. J. W.

LUNA: Hard Real-Time, Multi-Threaded, CSP-Capable Execution Framework M. M. Bezemer R. J. W. Wilterdink J. F. Broenink Control Engineering, University of Twente, The Netherlands Outline Context and Introduction Framework architecture

489 views • 24 slides
Calgary Real Estate Forum 2008 Closing Remarks Historical Calgary Investment Sales Historical

Calgary Real Estate Forum 2008 Closing Remarks Historical Calgary Investment Sales Historical

Calgary Real Estate Forum 2008 Closing Remarks Historical Calgary Investment Sales Historical Calgary Investment Sales Volume Volume $7,000 $6,000 Sales Volume ($ Millions) $5,000 $4,000 $3,000 $2,000 $1,000 $0 1998 1999 2000 2001

347 views • 6 slides
Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical remarks, what are the problems to solve Untimed Systems Transition systems, and composition Basic model-checking algorithms: CTL and

309 views • 10 slides
Historical Document Analysis Marcus Liwicki University of Fribourg University of Kaiserslautern

Historical Document Analysis Marcus Liwicki University of Fribourg University of Kaiserslautern

Historical Document Analysis Marcus Liwicki University of Fribourg University of Kaiserslautern Insiders Technologies GmbH marcus.liwicki@unifr.ch Marcus Liwicki, Historical Document Analysis Typical Tasks of Scholars in the Humanities

761 views • 73 slides
Web Dynamics Part 3 Searching the Dynamic Web 3.1 Crawling and recrawling policies 3.2

Web Dynamics Part 3 Searching the Dynamic Web 3.1 Crawling and recrawling policies 3.2

Web Dynamics Part 3 Searching the Dynamic Web 3.1 Crawling and recrawling policies 3.2 Accessing the Hidden Web Summer Term 2010 Web Dynamics 3-1 Why crawling is difficult Huge size of the Web (billions of pages) High dynamics

937 views • 52 slides
Ontology-based approach for unsupervised and adaptive focused crawling Thomas HASSAN, Christophe

Ontology-based approach for unsupervised and adaptive focused crawling Thomas HASSAN, Christophe

Ontology-based approach for unsupervised and adaptive focused crawling Thomas HASSAN, Christophe CRUZ, Aurlie Bertaux thomas.hassan@u-bourgogne.fr Le2i FRE2005, CNRS, Arts et Mtiers, Univ. Bourgogne Franche-Comt Dijon, France Outline

465 views • 24 slides
Web Crawling with Apache Nutch Sebastian Nagel ApacheCon EU 2014 2014-11-18 snagel@apache.org

Web Crawling with Apache Nutch Sebastian Nagel ApacheCon EU 2014 2014-11-18 snagel@apache.org

Web Crawling with Apache Nutch Sebastian Nagel ApacheCon EU 2014 2014-11-18 snagel@apache.org About Me computational linguist software developer at Exorbyte (Konstanz, Germany) search and data matching prepare data for indexing, cleansing

293 views • 27 slides
Crawling the Web for Sebastian Nagel Apache Big Data Europe 2016 snagel@apache.org

Crawling the Web for Sebastian Nagel Apache Big Data Europe 2016 snagel@apache.org

Crawling the Web for Sebastian Nagel Apache Big Data Europe 2016 snagel@apache.org sebastian@commoncrawl.org About Me computational linguist software developer, search and data matching since 2016 crawl engineer at Common Crawl Apache Nutch

626 views • 36 slides
WEBCOP: LOCATING NEIGHBORHOODS OF MALWARE ON THE WEB Reid Andersen Jay Stokes

WEBCOP: LOCATING NEIGHBORHOODS OF MALWARE ON THE WEB Reid Andersen Jay Stokes

WEBCOP: LOCATING NEIGHBORHOODS OF MALWARE ON THE WEB Reid Andersen Jay Stokes Christian Seifert Microsoft Research Kumar Chellapilla Microsoft Search Detecting Malicious Web Pages Detecting Malicious Web Pages Production

427 views • 23 slides
Web Crawling and Web Dynamics Knut Magne Risvik and Rolf Michelsen, Search engines and Web

Web Crawling and Web Dynamics Knut Magne Risvik and Rolf Michelsen, Search engines and Web

Web Crawling and Web Dynamics Knut Magne Risvik and Rolf Michelsen, Search engines and Web dynamics . Computer Networks, Volume 39, Issue 3, 21 June 2002, Pages 289-302. Junghoo Cho and Hector Garcia-Molina, The Evolution of the Web and

422 views • 9 slides
Set11 Search Engines & SEO Outline How do search engines work? Basic operation

Set11 Search Engines & SEO Outline How do search engines work? Basic operation

IT452 Advanced Web and Internet Set11 Search Engines & SEO Outline How do search engines work? Basic operation What makes a good one? What makes it difficult? Web Design with search engines in mind 1 Search Engines

205 views • 6 slides
Frontera: Large-Scale Open Source Web Crawling Framework Alexander Sibiryakov, 20 July 2015

Frontera: Large-Scale Open Source Web Crawling Framework Alexander Sibiryakov, 20 July 2015

Frontera: Large-Scale Open Source Web Crawling Framework Alexander Sibiryakov, 20 July 2015 sibiryakov@scrapinghub.com Hola los participantes! Born in Yekaterinburg, RU 5 years at Yandex, search quality department: social and QA

445 views • 21 slides

More recommend