In today's internet, BGP is extremely chatty --- the most minor connectivity change produces hundreds of updates and a significant peering loss can generate millions. While gigahertz processors and terabyte disks have made it possible to capture and record BGP events via passive peering, making sense of the deluge of data remains difficult.

We have developed statistical algorithms to extract the large-scale structure of BGP event streams and visualization techniques to display that structure in operationally meaningful ways, i.e., to quickly answer questions like "what happened?", "where did it happen?" and "how does it affect me?." These tools can also be used to provide real-time views of an ISP's interdomain topology that help rapidly diagnose problems like misconfigured community tags, policy filters with unintended consequences, unexpected or unwanted backup paths, peering traffic imbalance, etc.

The analysis is fast enough to run in real time on a modern processor even when dealing with, for example, the entire backbone mesh of a typical tier-1 ISP. We will describe the algorithms and show case studies from variety of data taken on both large ISP backbones and large institutional networks.

The animations from Tina Wong's "Making Sense of BGP" talk at NANOG-30
this morning are available at:

  http://www.packetdesign.com/technology/presentations/nanog-30/index.htm

The animations are in SVG (a W3C graphics standard) and should be
viewable in any web browser but you'll probably have to download an SVG
plugin first (there's a link to Adobe's free plugin at the top of the
web page).

If you play with the stuff, we'd welcome coments and suggestions.