Jeroen Massar wrote:
Hank Nussbacher wrote:
http://www.wired.com/science/discoveries/news/2007/06/hubble
...
I couldn't make it up from the slides or the terse text, but I am
wondering how much information you can really deduce from BGP, yes it
says "they don't have that prefix", but for the rest, even if an ISP has
a prefix it doesn't mean that any packet can flow from A to B. Doing
traceroutes from a remote site doesn't help as that is just C to A or B.
Better "Internet Hubble Telescopes" are therefor:
RIPE TTM: http://www.ripe.net/test-traffic/
RIPE RIS: http://www.ripe.net/ris/
Hi Jeroen,
Sorry for the delayed response. They had mistakenly posted draft slides
months old. If you check again, you can see the slides I actually
presented, the link was recently updated:
http://www.nanog.org/mtg-0706/Presentations/EthanKatzBassett-RealTimeBlackholeAnalysis.pdf
The slides are pretty terse-- the work is in its infancy, it was only a 10
minute talk, and the Wired article wasn't intended for a network
operator-level audience. So, anyone should feel free to write me with
questions/ comments. We're hoping to build a system that will be useful
to the community, so feedback is useful (and why I presented at NANOG).
We're not looking for "dark address space," where some locations have a
prefix and others don't, which I think is what you were referring to using
RIPE RIS for. Rather, we use BGP info (currently from RouteViews, though
we've used RIPE) to identify prefixes with route changes that
might be experiencing reachability problems, and we trigger
traceroutes to these prefixes.
RIPE TTM is similar for sure, but there are some substantial differences
(from my understanding of TTM). We want to monitor reachability on an
Internet-scale, and TTM does not currently provide this. TTM requires
dedicated boxes to be installed in the prefixes of interest (both source
and dest), and their documentation says that the architecture doesn't
scale past 200 nodes. The current TTM deployment seems to be ~150 boxes,
with 4 in North America and 1 in Asia. Because of the limited size of the
deployment, TTM does not have to deal with intelligent probe selection--
every node can probe every other node "all the time." In experiments we
ran in January, we used ~hundreds of vantage points and monitored 110,000
prefixes, covering over 90% of the edge ASes. The plan for this summer is
to ramp the system up to that level of coverage with the type of real-time
classification I spoke about at NANOG. After that, we have plans to ramp
up the number of vantages by orders of magnitude. Further, while TTM has
the data to do it, the project does not seem to currently track
reachability information, our primary concern.
There are other similar projects out there too, for instance:
http://www.nanog.org/mtg-0706/bush.html
It seems to me that all these complement, rather than supplant, each
other.
Ethan
