150 likes | 396 Views
bgpmon real-time collection and distribution of BGP updates. Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University 21 December 2006. Background. Border Gateway Protocol (BGP) facilitates exchange of routing information on the Internet.
E N D
bgpmonreal-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University 21 December 2006
Background • Border Gateway Protocol (BGP) facilitates exchange of routing information on the Internet. • Routers send peers BGP updates to the routes for destinations as they change. • Analysis of BGP update and RIB information can help identify problems with the routing topology of the Internet. • Routers maintain current state of routes to all internet addresses in a local table called the Routing Information Base (RIB)
Current Approach • Collection and monitoring of BGP updates and RIB tables is file-based in MRT format. • Tools collect information from variety of participating routers (RouteViews, RIPE). • Applications obtain latest files and process them to recreate an initial state and update stream. • Real-time monitoring is not possible with this approach.
PHASPrefix Hijack Alert System • Prefix hijacks pose a serious threat to the Internet, preventing delivery of network traffic to the intended destination. • PHAS is a web-based service that identifies possible prefix hijacks. • Analyzes BGP updates and RIB tables available from RouteViews to alert prefix owners • Currently incurs a 3 hour delay, a real-time feed of BGP updates and RIB tables is desired.
Goals • Real-time feed of BGP updates and RIB tables • Scalable to monitor hundreds of BGP peers • Scalable to support many client applications • Improve robustness and recovery of BGP peering sessions • Include information to identify missing BGP updates • and more....
bgpmon • Provides real-time feeds of BGP updates and RIB tables via aTCP connection. • Captures both in files for later use and compatibility with existing solutions. • Attempts to address scale, robustness, and other issues present in existing implementations. • Support for PHAS today. • A first step in the creation of a new monitoring infrastructure for BGP (NetViews).
Server • Separate threads for major functions • Main program / TCP server • BGP peer monitor • RIB table maintenance • Update log • Table dump log • Clients • Synchnronization on two shared resources • RIB table uses read/write locking • MRT queue uses mutex/condition locking
Client • Sends a single request, receives a stream of MRTs containing desired information over a single TCP connection. • A continuous BGP update stream for all peers. • A continuous BGP update stream for a single peer. • A list of BGP peers. • A table dump for a single peer. • Must process requests in real-time. Server may terminate clients that create a bottleneck.
Results • Initial release delivered, deployment pending PHAS integration. • Provides both real-time access and log files. • Sample client output can be capture to a file for a remote logging capability. • Data from both verified with bgpdump. • Test configuration monitoring 7 routers with 20 clients monitoring updates uses neglible system resources.
Future Work - near term • Integrate with PHAS, share with NetViews team. • Test with a wider variety of routers, routers with larger tables, remote monitoring. • Test with large numbers of peer sessions, address handling of slow client threads. • Characterize and tune configuration parameters and hash function. • Convert log files to compressed format. • Address handling of RIB table contents when peer session lost.
Future Work - long term • Monitor MRT streams from bgpmon peers using client interface to support distribution of monitoring and scalability. • XML client to simplify analysis in other languages and tools. • Thread BGP peer monitor if necessary. • Suggest new MRT format for table dump to reduce table dump size.
Where are we now? • Release 1, 15 December 2006 • BGP peer monitor, RIB maintenance, update log file, rib log file, threaded MRT server • Release 2, 21 December 2006 • sample MRT client • Release 3, ? • sample XML client, threaded MRT/XML server • threaded BGP peer monitor