Abstract:

BGP Tools BoF

Daniel Massey, Colorado State University; Dave Matthews, Colorado State University, Lihua Yuan, UC Davis, Chen-Nee Chuah, UC Davis, Mohit Lad, UCLA, Lixia Zhang, UCLA, Nick Feamster, Georgia Tech

In recent years various non-commercial tools have been developed to collected and analyze BGP data. When combined with BGP data collected by individual ISPs as well as by public archives such as RouteViews and RIPE RIS, these tools can potentially provide invaluable insight into the operations of inter-domain routing. The fifth BGP Analysis Tools BOF builds on the potential of these tools by fostering a closer interaction between non-commercial tool developers and the potential users represented by NANOG attendees.

The BoF is organized as a series of short presentations and is followed by hands-on demonstrations. This BoF features the FIREMAN, LinkRank, Datapository, and BGPMonitor. Following the presentations, the tool developers will be available for tool demonstrations and discussions.

Featured Tools:

FIREMAN (FIREwall Modeling and ANalysis): Firewalls have become indispensable security defense mechanisms for business and enterprise networks. Just as router mis-configurations can lead to unpredictable routing problems, misconfigured firewalls may fail to enforce the intended security policies or present a performance bottleneck. Unfortunately, firewall configuration for a large, complex enterprise network is a demanding and error-prone task, even for experienced administrators. Previous studies show that misconfigurations, e.g. policy violations, inconsistencies, and inefficiencies are common cases.

We have developed a scalable static analysis toolkit for FIREwall Modeling and ANalysis called FIREMAN. FIREMAN takes a set of firewall configurations as specialized programs and applies static analysis techniques to check all types of misconfigurations, in individual firewalls as well as among distributed firewalls. The symbolic model checking performed by FIREMAN covers all possible IP packets and along all possible data paths and therefore is both sound and complete. We have used FIREMAN to uncover several real misconfigurations in enterprise/ISP networks

Link-Rank:

A new version of Link-Rank was recently released with a new set of features and functions on top of the previous release 2 years ago. Link-Rank is an open source java based visualization toolset for monitoring and diagnosing large-scale BGP routing changes. By weighing AS-AS links using number of BGP routes carried, and tracking the changes in these weights, Link-Rank produces easy-to-understand visual representations of aggregate route changes along different AS paths.

Link-Rank graphs are easy to navigate and built-in data filters can be tailor graphs to different granularity level and target prefix sets. One of the important new features is semi-realtime display of the routing changes as soon as BGP data from Oregon RouteViews collector becomes available. Link-Rank code package also enables individual operators to use the code on BGP data from individual ISPs, providing continuous monitoring of BGP routing dynamics in near real time. The new release also added the function of saving graph snapshots with a note, and load them in again at a later time for further analysis.

Datapository:

Internet measurement data provides the foundation for the operation and planning of the networks that comprise the Internet, and is a necessary component in research for analysis, simulation, and emulation. Despite its critical role, however, the management of this data from collection and transmission to storage and its use within applications remains primarily ad hoc, using techniques created and re-created by each corporation or researcher that uses the data. We examine several of the challenges faced when attempting to collect and archive large volumes of network measurement data. We present an architecture for an Internet data repository the "datapository" designed to create a framework for collaboratively addressing these challenges.

BGPMonitor:

BGPMonitor combines a light weight BGP listener with a new XML log format and offers several advantages over using existing BGP monitoring packages. First, as a light weight system designed to simply maintain a peering session and log all received updates, the code is small and fast (as compared to a full BGP implementation). Second, the system is designed to scale by allowing multiple BGPMonitors to chain together. This allows monitoring tools to interact with a single BGP monitor. Third, the log formats include both the existing MRT format and new XML log format. The XML format makes the data easy to view without requiring a translation step (such as bgpdump), allows one to easily annotate the data such as adding a label to distinguish between duplicate updates and AS path changes, and can be fed directly into a growing set of XML aware tools and packages. One concern is the XML format may take substantially more space than the more compact binary representation, but perhaps surprisingly, the compressed XML format actually requires less storage space the compressed MRT logs making long term storage of BGP logs more efficient.

Bio:

Dr. Dan Massey is an assistant professor at Colorado State University. Dr. Massey's research investigates large-scale infrastructure problems including BGP routing as well as other infrastructure such as DNS and future network designs. He is currently PI on several projects funded by the National Science Foundation and some of this work has been presented at previous NANOG meetings. Dr. Massey’s contact information is dvmtthws@cs.colostate.edu.

Dave Matthews is a PhD student at Colorado State University. He contributed to the design and implementation of BGPMonitor. Dave is employed by Hewlett-Packard in the Office of Strategy & Technology. At HP he led early development efforts in HP's OpenView program, including Network Node Manager.

Lihua Yuan is currently a PhD Candidate in the Department of Electrical and Computer Engineering at the University of California, Davis. He received his Bachelor's degree in electrical and Electronics Engineering from Nanyang Technological University (Singapore) and Master's degree in Electrical and Computer Engineering from National University of Singapore (Singapore). His research interests are in systems that assist network measurement and management.

Dr. Chen-Nee Chuah is currently an Associate Professor in the Electrical and Computer Engineering Department at the University of California, Davis (UCD). Her research interests are in the area of computer networking and distributed systems, Internet measurements, overlay/peer-to-peer systems, network security, and wireless/mobile networking. Chuah has served as PI/Co-PI on several NSF funded projects, including an NSF CAREER Award in 2003. The FIREMAN tool is developed with funding from NSF NeTS project (2005-08).

Path Splicing with Network Splicing - Real Video Real Video Presentation



Back to NANOG40 agenda topics