bgpmon real-time collection and distribution of BGP updates

About This Presentation

Title:

Description:

Number of Views:94

Avg rating:3.0/5.0

Slides: 16

Provided by: DaveM175

Category:

more less

Transcript and Presenter's Notes

Title: bgpmon real-time collection and distribution of BGP updates

1
bgpmonreal-time collection and distribution of
BGP updates

2
Background

Border Gateway Protocol (BGP) facilitates
exchange of routing information on the Internet.
Routers send peers BGP updates to the routes for
destinations as they change.
Analysis of BGP update and RIB information can
help identify problems with the routing topology
of the Internet.
Routers maintain current state of routes to all
internet addresses in a local table called the
Routing Information Base (RIB)

3
Current Approach

Collection and monitoring of BGP updates and RIB
tables is file-based in MRT format.
Tools collect information from variety of
participating routers (RouteViews, RIPE).
Applications obtain latest files and process them
to recreate an initial state and update stream.
Real-time monitoring is not possible with this
approach.

4
PHASPrefix Hijack Alert System

Prefix hijacks pose a serious threat to the
Internet, preventing delivery of network traffic
to the intended destination.
PHAS is a web-based service that identifies
possible prefix hijacks.
Analyzes BGP updates and RIB tables available
from RouteViews to alert prefix owners
Currently incurs a 3 hour delay, a real-time feed
of BGP updates and RIB tables is desired.

5
Goals

6
bgpmon

Provides real-time feeds of BGP updates and RIB
tables via aTCP connection.
Captures both in files for later use and
compatibility with existing solutions.
Attempts to address scale, robustness, and other
issues present in existing implementations.
Support for PHAS today.
A first step in the creation of a new monitoring
infrastructure for BGP (NetViews).

7
Scalability
8
Concurrency (Now)
9
Concurrency (Future)
10
Server

11
Client

Sends a single request, receives a stream of MRTs
containing desired information over a single TCP
connection.
A continuous BGP update stream for all peers.
A continuous BGP update stream for a single peer.
A list of BGP peers.
A table dump for a single peer.
Must process requests in real-time. Server may
terminate clients that create a bottleneck.

12
Results

Initial release delivered, deployment pending
PHAS integration.
Provides both real-time access and log files.
Sample client output can be capture to a file for
a remote logging capability.
Data from both verified with bgpdump.
Test configuration monitoring 7 routers with 20
clients monitoring updates uses neglible system
resources.

13
Future Work - near term

Integrate with PHAS, share with NetViews team.
Test with a wider variety of routers, routers
with larger tables, remote monitoring.
Test with large numbers of peer sessions, address
handling of slow client threads.
Characterize and tune configuration parameters
and hash function.
Convert log files to compressed format.
Address handling of RIB table contents when peer
session lost.

14
Future Work - long term

Monitor MRT streams from bgpmon peers using
client interface to support distribution of
monitoring and scalability.
XML client to simplify analysis in other
languages and tools.
Thread BGP peer monitor if necessary.
Suggest new MRT format for table dump to reduce
table dump size.

15
Where are we now?

Release 1, 15 December 2006
BGP peer monitor, RIB maintenance, update log
file, rib log file, threaded MRT server
Release 2, 21 December 2006
sample MRT client
Release 3, ?
sample XML client, threaded MRT/XML server
threaded BGP peer monitor

Write a Comment

User Comments (0)