320 likes | 456 Views
Analysis and Study on BGP Routing Information and Flow Data. Yoshiaki HARADA Graduate School of Information Science and Electrical Engineering (ISEE) Kyushu University. Takashi CHIYONOBU Department of Electrical Engineering and Computer Science (EECS) Kyushu University. Koji OKAMURA
E N D
Analysis and Study onBGP Routing Information and Flow Data Yoshiaki HARADA Graduate School of Information Science and Electrical Engineering (ISEE) Kyushu University Takashi CHIYONOBU Department of Electrical Engineering and Computer Science (EECS) Kyushu University Koji OKAMURA Computing and Communications Center Kyushu University
Contents • Background • ASand Internet routing • Purpose • Analysis method • Method of collecting Flow Data and BGP table • Method of analyzing Flow Data • Relationship of Flow Data and AS path length • Ditribution of Destination ASes • Result • Relationship of Flow Data and AS path length • Distribution of Destination ASes • Conclusion
AARNET (AU) Abilene (US) AU CSTnet (CN) HARNET (HK) TEIN2 TW CH HK CERNET (CN) ASnet (TW) ID 2 PH Commercial KR SINET (JP) SingAREN (SG) MY VN KOREN(KR) APAN-JP SG JP JGN2 ThaiSARN (TH) Kyushu-u QGPOP as2523 TH ASIA-BB Commercial
AARNET (AU) AU Abilene (US) TW CH CERNET (CH) ASnet (TW) KR SingAREN (SG) SINET (JP) JP KOREN(KR) SG JGN2 APAN-JP ThaiSARN (TH) Kyushu-u QGPOP as2523 TH Oct. 2005
AARNET (AU) AU Abilene (US) TW CH HARNET (HK) CERNET (CH) ASnet (TW) HK KR SingAREN (SG) SINET (JP) KOREN(KR) JP SG JGN2 APAN-JP ThaiSARN (TH) Kyushu-u QGPOP as2523 TH ASIA-BB Nov. 2005
AARNET (AU) AU Abilene (US) TW CH HARNET (HK) CERNET (CH) ASnet (TW) PH HK TEIN2 ID KR SingAREN (SG) SINET (JP) MY KOREN(KR) JP SG JGN2 APAN-JP ThaiSARN (TH) Kyushu-u QGPOP as2523 TH ASIA-BB Jan. 2006
Background – Autonomous system • AS(Autonomous system) • Collection of IP networks and routers under the control of one entity (or sometimes more) that presents a common routing policy to the Internet. • An Internet Service Provider (ISP) • A very large organization • AS numbers are currently 16-bit integers, which allow for a maximum of 65536 assignments. • AS2508 : Kyushu University • AS17522 : NTT West
Background – Routing Protocol • Routing • Routing is the technique by which data finds its way from one host computer to another. • Routing Protocol in Internet • IGP(Interior Gateway Protocol) • IGP is a protocol for exchanging routing information between gateways (hosts with routers) within an autonomous network (RIP,OSPF) • EGP(Exterior Gateway Protocol) • EGP is a protocol for exchanging routing information between ASes (BGP,EGP). • EGP use AS path length (the number of AS a route has traversed) as a guide of selecting route.
Background – AS path length and internet routing Communication between AS2508 and AS4766 (AS path length 5) IIJ AS2497 QGPOP AS2523 ATT-internet4 AS7018 New connection New AS New AS AS???? Kyushu Univ. AS2508 Korean telecom AS4766 This route is shorter than existing route BGP select the shotest route (AS path length 4) BGP select the shorter route (AS path length 3) This route is shorter than existing route communication connection AS
Background – Relationship of Flow Data and AS path length • In Internet, route is changing by appearance of new ASes and new connecion between existing ASes • Those analyzing result between the Flow Data and the change of AS path should be useful for constructing future Internet • We analyzed the colleration between AS path length and Flow data in Internet
Japanese Universities Background – Distribution of communication target • We believe that the correlation of communication target is biased Asian research network KOREN AS9270 QGPOP AS2523 small traffic SINET AS2907 many traffic Tokyo Univeresity AS2501 Kyushu University AS 2508 Kyoto University AS2504 commercial ISPs etc.
Background – Distribution of Destination ASes • A certain organization is not all of ASes existing in internet • For example: Kyushu University is frequently communicate with Kyoto Univerisity • We assume that the correlation of communication target is biased. We analyze distribution of destination ASes from Flow Data in Internet
Analysis method – BGP table and Flow Data • We use the collecting Flow Data exported from QGPOP and Kyushu University, and use the BGP table exported from QGPOP • Flow Data • Sampling rate is 1 / 10 • QGPOP: every 4 weeks (2004/10/13~2006/01/04) • Kyushu University : every weeks (2004/10/13~2006/01/) Kyushu University Flow Data and BGP table Universities and research institutes Univerisies SINET Research institutes KOREN QGPOP Information communication network dedicated to academic research IIJ Korea Advanced Research Network Internet Initiative Japan
sorce IP address destination IP address destination IP address destination (source) ASnumber Analysis method – Detail of BGP table and Flow Data Flow Data We calculate AS path and destination AS from Flow Data and BGP table BGP table AS path
Result – Relationship of AS path length and flow data average AS path length of flows Average AS path length of packets had decreased through a year average AS path length of packets
Result – Relationship of AS path length and flow data 80% of packets flows less than AS path length 5 Distribution of packets and AS path length
Consideration – Relationship of Flow Data and AS path length • There are many communication which have short AS path length • Average AS path length had increasing through a year • Flow Data include illigal access, and this analysis is adversely affected • We analyzed only the traffic data of HTTP in Flow Data to cut out mal-accesses caused by such as virus • Port number 80 (Web access)
Result – Time change of average AS path length in port 80 traffic average AS path length of flows Average AS path length of flows had decreased through a year average AS path length of packets
Result – Distribution of packets and AS path length in port 80 traffic
Consideration – Analysis of port80 traffic • Relationship of AS path length and Flow Data • A pair of ASes which have short AS path length communicate frequently • Average AS path length are increasing in all flows • Relationship of Flow Data In port 80 traffic • Average AS-path length that was calculated from length per one flow had been decreased • The number of flows that have shorted AS-path length was increased • AS-path length between ASes that communicates frequently had shortened
Result – Detail of ASes • We analyze the detail of ASes to find the reasons of decreasing average AS path length • We find two decreasing reasons of AS path length • Two Microsoft’s AS is united • Frequenty communicating AS’s path was shortened • The number of communication between Ases which have short AS path had increased • Between AS18088(QIC)and AS2508(Kyushu Univ.) etc. • AS path length 3 is shorter than average AS path in all flows.
Result – Time change of the number of communication target ASes around 9,000 ASes The number of ASes existing in Internet is about 20,000 Kyushu University communicated with about a half of ASes in Intenret ?
Result – Distribution of percentage of packets 2005/8/31Kyoto University 100 ASes (0.5% of ASes existing in Internet) accounts for around 70% of traffic 2004/10/20SINET
Consideration – Distribution of destination ASes • Time change of communication target • We analyzed Flow data from 2004/10 to 2006/01 • Kyushu University communicate up to 9000 ASes. • Bias of communication • A small propotion of ASes account for almost of traffic It is not expected that a half of ASes existing in Internet communicated with Kyushu Univerisity We analyze the Flow Data in port 80 traffic to cut off illegal accesses
Result – Time change of the number of target ASes in port 80 Kyushu University communicated between around 2000 and 2500 ASes 2000 ASes are around 10% of ASes existing in Internet Communication target is biased
Result – Distribution of percentage of packets in port 80 80 ASes (0.4% of ASes existing in Internet) accounts for 80% of traffic 2005/8/31Kyoto University 20 ASes (0.1% of ASes existing in Internet) accounts for 50 % of traffic
Consideration – Distribution of Destination in port 80 • Time change of communication target in port 80 • We analyzed Flow data from 2004/10 to 2006/01 • Kyushu University communicated from 2200 to 2400 ASes. • Bias of communication • A small propotion of ASes account for almost of traffic as in the analysis of all flows • 20 (0.1%) ASes accounts for 50 % of traffic • 80 (0.4%) ASes accounts for 80% of traffic
Result – Time change of communication targaet and traffic • We analyze Flow Data by comparing between 2005/11/09 with 2004/11/10 A half of communicating ASes are changed for a year, but there are few change in traffic The numer of ASes 2005/11/09 : 2286 1365 1232 921 2004/11/10 : 2256 The percentage of packets 2004 : 95% 2005 : 91% ASes existing through a year account for almost traffic
Result– Detail of communicating ASes • ASes which have a lot of traffic through a year • Japanese major ISPs , for example AS23816(Yahoo! Japan) and AS4713(OCN), are high on the list on traffic, and communication bias is not change • Kyoto Univerisity’s traffic had increasing • ASes which have communication on only 2004/11 • ASes are integreted into other AS, for example AS7072 (Microsoft) and • ASes which have communication on only 2005/11 • AS 5572 (BOTIC AS) and AS 30968 (Info Box),which are Russian AS , and have a lot of traffic in 2005/11
Conclusion • Relationship of Flow data and AS path length • Average AS path length had been increased during one year • Average AS-path length that was calculated from length per one flow for HTTP had been decreased • The number of flows that have shorted AS-path length was increased • AS-path length between ASes that communicates frequently had shortened • Distribution of destination ASes • Kyushu university had been communicated with half of ASes that exist on the Internet in one year • 80% of flows belong to only 0.7% of AS in the whole Internet • In port 80 traffic, Kyushu University were communicating with from 2200 to 2500 ASes • 50% of packets is transmitted by the 20 ASes that are most frequently communicating with Kyushu University
Conclusion – Future work • We could find the relationship of AS path length and flows, but could not find the relationship of AS path length and packets in port 80 traffic • We should decrease the time of data collecting to find the relationship of AS path length and packets • If we organize the communication target in country and region, we will be able to find new correlation