bgpmonreal-time collection and distribution

of BGP updates

Dave Matthews, Yan Chen, Dan Massey

Department of Computer Science

Colorado State University

21 December 2006

Background

• Border Gateway Protocol (BGP) facilitates exchange of routing information on the Internet.

• Routers send peers BGP updates to the routes for destinations as they change.

• Analysis of BGP update and RIB information can help identify problems with the routing topology of the Internet.

• Routers maintain current state of routes to all internet addresses in a local table called the Routing Information Base (RIB)

Current Approach

• Collection and monitoring of BGP updates and RIB tables is file-based in MRT format.

• Tools collect information from variety of participating routers (RouteViews, RIPE).

• Applications obtain latest files and process them to recreate an initial state and update stream.

• Real-time monitoring is not possible with this approach.

PHASPrefix Hijack Alert System

• Prefix hijacks pose a serious threat to the Internet, preventing delivery of network traffic to the intended destination.

• PHAS is a web-based service that identifies possible prefix hijacks.

• Analyzes BGP updates and RIB tables available from RouteViews to alert prefix owners

• Currently incurs a 3 hour delay, a real-time feed of BGP updates and RIB tables is desired.

Goals

• Real-time feed of BGP updates and RIB tables• Scalable to monitor hundreds of BGP peers• Scalable to support many client applications• Improve robustness and recovery of BGP

peering sessions• Include information to identify missing BGP

updates• and more....

bgpmon

• Provides real-time feeds of BGP updates and RIB tables via aTCP connection.

• Captures both in files for later use and compatibility with existing solutions.

• Attempts to address scale, robustness, and other issues present in existing implementations.

• Support for PHAS today.• A first step in the creation of a new monitoring

infrastructure for BGP (NetViews).

Scalability

bgpmon

client

bgpmon

clientbgpmon

client

bgpmon

client

bgpmon

client

Concurrency (Now)

bgpmonserver

BGP peer monitor

rib updateupdate

log

rib table

table dump log

clientclientthread

updates

client application

Concurrency (Future)

bgpmonserver

rib updateupdate

log

rib table

table dump log

clientclientthread

updates

MRT peer monitor

BGP peer monitor

client application

Server

• Separate threads for major functions – Main program / TCP server – BGP peer monitor– RIB table maintenance– Update log– Table dump log– Clients

• Synchnronization on two shared resources– RIB table uses read/write locking– MRT queue uses mutex/condition locking

Client

• Sends a single request, receives a stream of MRTs containing desired information over a single TCP connection.– A continuous BGP update stream for all peers.– A continuous BGP update stream for a single peer.– A list of BGP peers.– A table dump for a single peer.

• Must process requests in real-time. Server may terminate clients that create a bottleneck.

Results

• Initial release delivered, deployment pending PHAS integration.

• Provides both real-time access and log files. • Sample client output can be capture to a file for

a remote logging capability. • Data from both verified with bgpdump.• Test configuration monitoring 7 routers with 20

clients monitoring updates uses neglible system resources.

Future Work - near term

• Integrate with PHAS, share with NetViews team.• Test with a wider variety of routers, routers with

larger tables, remote monitoring.• Test with large numbers of peer sessions, address

handling of slow client threads.• Characterize and tune configuration parameters

and hash function.• Convert log files to compressed format.• Address handling of RIB table contents when peer

session lost.

Future Work - long term

• Monitor MRT streams from bgpmon peers using client interface to support distribution of monitoring and scalability.

• XML client to simplify analysis in other languages and tools.

• Thread BGP peer monitor if necessary.• Suggest new MRT format for table dump to

reduce table dump size.

Where are we now?

• Release 1, 15 December 2006– BGP peer monitor, RIB maintenance, update log file,

rib log file, threaded MRT server

• Release 2, 21 December 2006– sample MRT client

• Release 3, ?– sample XML client, threaded MRT/XML server– threaded BGP peer monitor