|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Researchers Chart Internet's 'Black Holes'
Jeroen Massar wrote: Hank Nussbacher wrote:... I couldn't make it up from the slides or the terse text, but I am wondering how much information you can really deduce from BGP, yes it says "they don't have that prefix", but for the rest, even if an ISP has a prefix it doesn't mean that any packet can flow from A to B. Doing traceroutes from a remote site doesn't help as that is just C to A or B. Better "Internet Hubble Telescopes" are therefor: RIPE TTM: http://www.ripe.net/test-traffic/ RIPE RIS: http://www.ripe.net/ris/ Hi Jeroen, Sorry for the delayed response. They had mistakenly posted draft slides months old. If you check again, you can see the slides I actually presented, the link was recently updated: http://www.nanog.org/mtg-0706/Presentations/EthanKatzBassett-RealTimeBlackholeAnalysis.pdf The slides are pretty terse-- the work is in its infancy, it was only a 10 minute talk, and the Wired article wasn't intended for a network operator-level audience. So, anyone should feel free to write me with questions/ comments. We're hoping to build a system that will be useful to the community, so feedback is useful (and why I presented at NANOG). We're not looking for "dark address space," where some locations have a prefix and others don't, which I think is what you were referring to using RIPE RIS for. Rather, we use BGP info (currently from RouteViews, though we've used RIPE) to identify prefixes with route changes that might be experiencing reachability problems, and we trigger traceroutes to these prefixes. RIPE TTM is similar for sure, but there are some substantial differences (from my understanding of TTM). We want to monitor reachability on an Internet-scale, and TTM does not currently provide this. TTM requires dedicated boxes to be installed in the prefixes of interest (both source and dest), and their documentation says that the architecture doesn't scale past 200 nodes. The current TTM deployment seems to be ~150 boxes, with 4 in North America and 1 in Asia. Because of the limited size of the deployment, TTM does not have to deal with intelligent probe selection-- every node can probe every other node "all the time." In experiments we ran in January, we used ~hundreds of vantage points and monitored 110,000 prefixes, covering over 90% of the edge ASes. The plan for this summer is to ramp the system up to that level of coverage with the type of real-time classification I spoke about at NANOG. After that, we have plans to ramp up the number of vantages by orders of magnitude. Further, while TTM has the data to do it, the project does not seem to currently track reachability information, our primary concern. There are other similar projects out there too, for instance: http://www.nanog.org/mtg-0706/bush.html It seems to me that all these complement, rather than supplant, each other. Ethan
|