a framework for historical analysis and real 4me
play

a framework for historical analysis and real-4me monitoring of BGP - PowerPoint PPT Presentation

May 08, 2023 •282 likes •887 views

a framework for historical analysis and real-4me monitoring of BGP data Chiara Orsini, Alistair King, Danilo Giordano, Vasileios Giotsas, Alberto Dainotti alistair@caida.org CAIDA, UC San Diego BGPSTREAM BGP data analysis for the masses

  1. a framework for historical analysis and real-4me monitoring of BGP data Chiara Orsini, Alistair King, Danilo Giordano, Vasileios Giotsas, Alberto Dainotti alistair@caida.org CAIDA, UC San Diego

  2. BGPSTREAM BGP data analysis for the masses • Open source libraries, APIs and tools for live and historical BGP data analysis • Simple API • Versa?le • Facilitates reproducibility and repeatability • Real?me monitoring • Stable: h"ps:/ /bgpstream.caida.org 2

  3. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 3

  4. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 wget http://archive.org/xyz/abc/file.mrt 
 4

  5. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 wget http://archive.org/xyz/abc/file.mrt 
 bgpdump -m file.mrt | my_parser.py 5

  6. MOTIVATION Why BGPStream? • BGP research and monitoring is important • Lots of exis?ng BGP measurement data • Route Views and RIPE RIS have >15 years of data (16TB) • BUT , dis?nct lack of good tooling for processing/analyzing BGP data • State of the art? 
 wget http://archive.org/xyz/abc/file.mrt 
 bgpdump -m file.mrt | my_parser.py 6

  7. THE BGPSTREAM FRAMEWORK An overview 7

  8. THE BGPSTREAM FRAMEWORK An overview Metadata Broker 8

  9. THE BGPSTREAM FRAMEWORK An overview Metadata User Libraries Broker 9

  10. THE BGPSTREAM FRAMEWORK An overview Metadata User Libraries Broker metadata crawler Public HTTP … Data Archives 10

  11. THE BGPSTREAM FRAMEWORK An overview metadata query Metadata User Libraries Broker metadata crawler Public HTTP … Data Archives 11

  12. THE BGPSTREAM FRAMEWORK An overview metadata query Metadata User Libraries Broker MRT data (via HTTP) metadata crawler Public HTTP … Data Archives 12

  13. THE BGPSTREAM FRAMEWORK An overview metadata query User Code Python API Metadata User Libraries libBGPStream Broker MRT data (via HTTP) metadata crawler Public HTTP … Data Archives 13

  14. THE BGPSTREAM FRAMEWORK Stacked view 14

  15. THE BGPSTREAM FRAMEWORK Stacked view 1 15

  16. THE BGPSTREAM FRAMEWORK Stacked view 2 1 16

  17. THE BGPSTREAM FRAMEWORK Stacked view 3 2 1 17

  18. BGPSTREAM USER LIBRARY libBGPStream • Issues queries to metadata broker • Retrieves data directly from Data Providers • Currently supports MRT (RFC 6396) • De-mul?plexes data from many sources into a single stream • Provides ?me-ordered sor?ng 18

  19. RECORDS & ELEMS ExtracAng informaAon from MRT BGPStream Record Function Field Type • BGPStream Record : project name (e.g., Route Views) project string collector string collector name (e.g., rrc00) RIB or Updates type enum dump time long time the containing dump was begun • Encapsulates an MRT record first, middle, or last record of a dump position enum time long timestamp of the MRT record status enum record validity flag • Adds metadata (e.g. collector) de-serialized MRT record MRT record struct • MRT records (may) contain info for mul?ple BGPStream Elem Table 1: BGPStream elem fields. peers/prefixes Function Field Type route from a RIB dump, an- type enum nouncement, withdrawal, or state • E.g. routes to a single prefix from mulOple peers message time long timestamp of MRT record in a RIB dump IP address of the VP peer address struct AS number of the VP peer ASN long IP prefix prefix* struct • Records are decomposed into BGPStream Elems: IP address of the next hop next hop* struct AS path AS path* struct community attribute community* struct • E.g. prefix announcement from a single peer FSM state (before the change) old state* enum FSM state (after the change) new state* enum * denotes a field conditionally populated based on 19

  20. C API Specifying a stream 20

  21. C API Specifying a stream 21

  22. C API Specifying a stream 22

  23. C API Specifying a stream 23

  24. C API Consuming the stream 24

  25. C API Consuming the stream 25

  26. C API Consuming the stream 26

  27. PYTHON BINDINGS - CASE STUDY Studying AS path inflaAon using PyBGPStream How many AS paths are longer than the shortest path between two ASes? from _pybgpstream import BGPStream, BGPRecord, BGPElem 1 from collections import defaultdict 2 AS path length discrepancy PMF from itertools import groupby 3 import networkx as nx 4 0.8 5 0.7 stream = BGPStream() 6 as_graph = nx.Graph() 7 0.6 rec = BGPRecord() 8 bgp_lens = defaultdict(lambda: defaultdict(lambda: None)) 9 0.5 lin stream.add_filter(’record-type’,’ribs’) 10 0.4 stream.add_interval_filter(1438415400,1438416600) 11 stream.start() 12 30 LINES OF PYTHON CODE 0.3 13 while(stream.get_next_record(rec)): 14 0.2 elem = rec.get_next_elem() 15 0.1 0.1 while(elem): 16 monitor = str(elem.peer_asn) 17 10 -2 hops = [k for k, g in groupby(elem.fields[’as-path’].split(" "))] 18 10 -3 if len(hops) > 1 and hops[0] == monitor: 19 origin = hops[-1] 20 log 10 -4 for i in range(0,len(hops)-1): 21 as_graph.add_edge(hops[i],hops[i+1]) 22 10 -5 bgp_lens[monitor][origin] = \ 23 10 -6 min(filter(bool,[bgp_lens[monitor][origin],len(hops)])) 24 elem = rec.get_next_elem() 25 10 -7 for monitor in bgp_lens: 26 0 1 2 3 4 5 6 7 8 9 10 11 for origin in bgp_lens[monitor]: 27 AS path length difference[d] nxlen = len(nx.shortest_path(as_graph, monitor, origin)) 28 print monitor, origin, bgp_lens[monitor][origin], nxlen 29 27

  28. PY BGPSTREAM Python bindings • Single script includes data specifica?on and analysis logic: • Enhances reproducibility/repeatability • All of the power of the C API, available in Python 28

  29. PYTHON BINDINGS - CASE STUDY Timely reacAve measurements • We monitor c ommunity-based black-holing • Vic?m of DoS aWack announces prefix with special community aPribute to request neighbors drop traffic • We trigger traceroutes to characterize the black-holing event (using 50-100 probes per event) • probed 253 vic?ms (90-95% of black-holing events) while black-holing in effect • C ombined passive control-plane and ac2ve data-plane measurements to capture and inves2gate transient rou2ng policies 29

  30. BGP CORSARO ConAnuous realAme monitoring Hijacking of AS137 (GARR) - Jan 2015* • Plugin-based tool for processing live BGP data • Con?nuously extracts derived data from BGPStream in regular 2me bins • Incl. “prefix-monitor” sample plugin • Monitor your own address space • How many prefixes/origin ASes? *originally described by Dyn Research: http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/ 30

  31. BIG DATA BGP data analysis for the 1% • “Students can write scripts to analyze BGP data, but I need to do REAL analysis…” • We conducted a proof-of-concept study using PyBGPStream with Apache Spark: • Analyzed 15 years of data: • one RIB per month • all Route Views and RIPE RIS collectors • > 3000 RIBs, ~44 billion BGPStream Elems • See the paper for more details about lessons learned • PyBGPStream/Spark template script: hWps:/ /github.com/CAIDA/bgpstream 31

  32. BIG DATA - CASE STUDIES RouAng table size over Ame # IPv4 pre fj xes 500k 400k 300k 200k 100k 0 2002 2004 2006 2008 2010 2012 2014 2016 32

  33. BIG DATA - CASE STUDIES Transit ASes over Ame Transit ASNs % (IPv4) Transit ASNs % (IPv6) 60K 60 # ASNs (IPv4) # ASNs (IPv6) 50K 50 40K 40 Transit ASNs % # ASNs 30K 30 20K 20 10K 10 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 33 (c)

  34. BIG DATA - CASE STUDIES Transit ASes over Ame Transit ASNs % (IPv4) Transit ASNs % (IPv6) 60K 60 # ASNs (IPv4) # ASNs (IPv6) 50K 50 40K 40 Transit ASNs % # ASNs 30K 30 20K 20 10K 10 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 34 (c)

  35. BIG DATA - CASE STUDIES Transit ASes over Ame Transit ASNs % (IPv4) Transit ASNs % (IPv6) 60K 60 # ASNs (IPv4) # ASNs (IPv6) 50K 50 40K 40 Transit ASNs % # ASNs 30K 30 20K 20 10K 10 0 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 35 (c)

Recommend

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate

Real-time raise alerts Real-Time Real-time with historical Dashboard Correlate Engine + Fabric Offline Develop initial monitoring query Back-test Progressive Non-temporal analysis Interactive Query Authoring

383 views • 15 slides
Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of

Compositional Framework Bounded Delay Resource Model Schedulability Analysis Utilization Bounds Component Abstraction Conclusion Compositional Real-Time Scheduling Framework Insik Shin 1 , Insup Lee 1 1 University of Pennsylvania 15 November

362 views • 33 slides
Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V.

Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V.

Typhoon: An SDN Enhanced Real-Time Big Data Streaming Framework Junguk Cho, Hyunseok Chang, Sarit Mukherjee, T.V. Lakshman, and Jacobus Van der Merwe 1 Big Data Era Big data analysis is increasingly common Recommendation systems

860 views • 63 slides
A FRAMEWORK FOR CAPACITY ANALYSIS D E B B I E S H E E T Z P R I N C I P A L C O N S U L T A N

A FRAMEWORK FOR CAPACITY ANALYSIS D E B B I E S H E E T Z P R I N C I P A L C O N S U L T A N

A FRAMEWORK FOR CAPACITY ANALYSIS D E B B I E S H E E T Z P R I N C I P A L C O N S U L T A N T M B I S O L U T I O N S (c) MBI Solutions 2016 2 CAPACITY ANALYSIS FRAMEWORK What are the essential steps of a Capacity Study? 1. Obtain

656 views • 44 slides
RCB: A Simple and Practical Framework for Real-time Collaborative Browsing Chuan Yue, Zi Chu, and

RCB: A Simple and Practical Framework for Real-time Collaborative Browsing Chuan Yue, Zi Chu, and

RCB: A Simple and Practical Framework for Real-time Collaborative Browsing Chuan Yue, Zi Chu, and Haining Wang The College of William and Mary End-user Real-time Communication 2 Document Sharing and Collaboration Adobe Buzzword 3 Web

636 views • 28 slides
Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is

Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is

Real Analysis a short presentation on what and why I. Fourier Analysis Fourier analysis is about taking functions and realizing them or approximating them in terms of periodic (trig) functions. Many, many practical applications. Def: R = {

191 views • 17 slides
Real - Time Face Recognition on Jetson Tx2 using TensorRT Tamas Grobler 11 . 10 . 2017 GTC Table

Real - Time Face Recognition on Jetson Tx2 using TensorRT Tamas Grobler 11 . 10 . 2017 GTC Table

Real - Time Face Recognition on Jetson Tx2 using TensorRT Tamas Grobler 11 . 10 . 2017 GTC Table of Contents The The Problem Results Conclusion solution Real Time Video Recognition Testing Method Real Time Analysis Framework Recognition

263 views • 15 slides
Tax Expenditures: Concept expenditure analysis by TRD. and Framework for Analysis Goal: To

Tax Expenditures: Concept expenditure analysis by TRD. and Framework for Analysis Goal: To

This research is part of a multi-year, tax- Tax Expenditures: Concept expenditure analysis by TRD. and Framework for Analysis Goal: To provide in-depth analysis to the Legislature and the Executive. Thomas F. Pogue Part of TRD's

530 views • 17 slides
The Step2Smart Platform for Historical and Real -Time Transport Analytics and Traffic

The Step2Smart Platform for Historical and Real -Time Transport Analytics and Traffic

Nicosia, 28-29 Mar. 2019 The Step2Smart Platform for Historical and Real -Time Transport Analytics and Traffic Management Dr. S. E. Christodoulou & M. Tsaggaris University of Cyprus, Dept. of Civil and Environmental Engineering

111 views • 9 slides
Framework) Behrouz Saghafi N-mode Analysis (Tensor Framework) Drawback of 1-mode analysis (e.g.

Framework) Behrouz Saghafi N-mode Analysis (Tensor Framework) Drawback of 1-mode analysis (e.g.

N-mode Analysis (Tensor Framework) Behrouz Saghafi N-mode Analysis (Tensor Framework) Drawback of 1-mode analysis (e.g. PCA): Captures the variance among just a single factor Our training set contains changes in more than 1 factor:

409 views • 16 slides
Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time

CPSC-663: Real-Time Systems Linux, Preemption, and Real-Time Real-Time Performance of Linux Among others: A Measurement-Based Analysis of the Real-Time Performance of Linux (L. Abeni , A. Goel, C. Krasic, J. Snow, J. Walpole) [RTAS

472 views • 9 slides
Analysis Analysis of Analysis Analysis of of a Real Case Study : of a Real Case Study : a

Analysis Analysis of Analysis Analysis of of a Real Case Study : of a Real Case Study : a

Analysis Analysis of Analysis Analysis of of a Real Case Study : of a Real Case Study : a Real Case Study : a Real Case Study : the the WORKPAD Project WORKPAD Project j Introduction Introduction d Requirements Engineering

1.18k views • 89 slides
LUNA: Hard Real-Time, Multi-Threaded, CSP-Capable Execution Framework M. M. Bezemer R. J. W.

LUNA: Hard Real-Time, Multi-Threaded, CSP-Capable Execution Framework M. M. Bezemer R. J. W.

LUNA: Hard Real-Time, Multi-Threaded, CSP-Capable Execution Framework M. M. Bezemer R. J. W. Wilterdink J. F. Broenink Control Engineering, University of Twente, The Netherlands Outline Context and Introduction Framework architecture

489 views • 24 slides
Calgary Real Estate Forum 2008 Closing Remarks Historical Calgary Investment Sales Historical

Calgary Real Estate Forum 2008 Closing Remarks Historical Calgary Investment Sales Historical

Calgary Real Estate Forum 2008 Closing Remarks Historical Calgary Investment Sales Historical Calgary Investment Sales Volume Volume $7,000 $6,000 Sales Volume ($ Millions) $5,000 $4,000 $3,000 $2,000 $1,000 $0 1998 1999 2000 2001

347 views • 6 slides
Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical

Modeling and Verification OUTLINE of Real Time Systems A Brief Introduction Historical remarks, what are the problems to solve Untimed Systems Transition systems, and composition Basic model-checking algorithms: CTL and

309 views • 10 slides
Historical Document Analysis Marcus Liwicki University of Fribourg University of Kaiserslautern

Historical Document Analysis Marcus Liwicki University of Fribourg University of Kaiserslautern

Historical Document Analysis Marcus Liwicki University of Fribourg University of Kaiserslautern Insiders Technologies GmbH marcus.liwicki@unifr.ch Marcus Liwicki, Historical Document Analysis Typical Tasks of Scholars in the Humanities

761 views • 73 slides
An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking

An Open Botnet Analysis Framework for An Open Botnet Analysis Framework for Automatic Tracking and Activity Visualization Automatic Tracking and Activity Visualization marco riccardi Italian Chapter - The Honeynet Project marco cremonini

393 views • 36 slides
Communication Framework: How to get along with your stakeholders 1 Agenda Part I

Communication Framework: How to get along with your stakeholders 1 Agenda Part I

Communication Framework: How to get along with your stakeholders 1 Agenda Part I Communication Framework Learning Objectives 1. Communication Framework Introduction 2. A Real Business Story 3. Evening & Executive MBA (EEMBA)

237 views • 21 slides
III. 9. IS LM: the basic framework to understand macro policy continued Text, ch 11 2000 to

III. 9. IS LM: the basic framework to understand macro policy continued Text, ch 11 2000 to

III. 9. IS LM: the basic framework to understand macro policy continued Text, ch 11 Objectives: To apply IS-LM analysis to understand the causes of short-run fluctuations in real GDP and the short-run impact of monetary and fiscal

296 views • 16 slides
A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm

A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm

A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm Helmut Seidl + Mnster Mnchen PUMA Ringvorlesung, 2009 1 Outline: Background The framework for affine relations Grangers

1.53k views • 113 slides
Sensitivity Analysis in Real-Time Systems Enrico Bini Scuola Superiore Sant'Anna Why

Sensitivity Analysis in Real-Time Systems Enrico Bini Scuola Superiore Sant'Anna Why

ReTiS Lab Real Time Systems Laboratory Sensitivity Analysis in Real-Time Systems Enrico Bini Scuola Superiore Sant'Anna Why Sensitivity Analysis The scenario in Real-Time System design: stringent constraints from the hardware (energy

228 views • 6 slides
Sentiment Analysis for the Humanities: the Case of Historical Texts Alessandro Marchetti, Rachele

Sentiment Analysis for the Humanities: the Case of Historical Texts Alessandro Marchetti, Rachele

Sentiment Analysis for the Humanities: the Case of Historical Texts Alessandro Marchetti, Rachele Sprugnoli , Sara Tonelli Digital Humanities Joint Research Project http://dh.fbk.eu Fondazione Bruno Kessler, Trento Sentiment Analysis (SA)

521 views • 22 slides
A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b.

A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b.

A Recareering Framework @fuzzing_panda A Recareering Framework 1. Framework a. Recon b. Vulnerability Analysis c. Exploitation 2. Life Hack 3. A word to the wise history | grep -v infosec history | grep -v infosec How did I recareer into

697 views • 21 slides
PyFX A Framework for Real-Time Graphics Effects Lennart Ohlsson Lund University

PyFX A Framework for Real-Time Graphics Effects Lennart Ohlsson Lund University

PyFX A Framework for Real-Time Graphics Effects Lennart Ohlsson Lund University http://graphics.cs.lth.se/pyfx Outline Programmable GPUs Effect frameworks Real-time effects in Python Features and benefits General

281 views • 12 slides

More recommend