Researchers Chart Internet's 'Black Holes'

Ethan Katz-Bassett ethan at cs.washington.edu
Fri Jun 15 05:43:58 UTC 2007


Jeroen Massar wrote:

> Hank Nussbacher wrote:
>>
>> http://www.wired.com/science/discoveries/news/2007/06/hubble
>>
...
> I couldn't make it up from the slides or the terse text, but I am
> wondering how much information you can really deduce from BGP, yes it
> says "they don't have that prefix", but for the rest, even if an ISP has
> a  prefix it doesn't mean that any packet can flow from A to B. Doing
> traceroutes from a remote site doesn't help as that is just C to A or B.
> Better "Internet Hubble Telescopes" are therefor:
> RIPE TTM: http://www.ripe.net/test-traffic/
> RIPE RIS: http://www.ripe.net/ris/

Hi Jeroen,

Sorry for the delayed response.  They had mistakenly posted draft slides 
months old.  If you check again, you can see the slides I actually 
presented, the link was recently updated:
http://www.nanog.org/mtg-0706/Presentations/EthanKatzBassett-RealTimeBlackholeAnalysis.pdf

The slides are pretty terse-- the work is in its infancy, it was only a 10 
minute talk, and the Wired article wasn't intended for a network 
operator-level audience.  So, anyone should feel free to write me with 
questions/ comments.  We're hoping to build a system that will be useful 
to the community, so feedback is useful (and why I presented at NANOG).

We're not looking for "dark address space," where some locations have a 
prefix and others don't, which I think is what you were referring to using 
RIPE RIS for.  Rather, we use BGP info (currently from RouteViews, though 
we've used RIPE) to identify prefixes with route changes that 
might be experiencing reachability problems, and we trigger 
traceroutes to these prefixes.

RIPE TTM is similar for sure, but there are some substantial differences 
(from my understanding of TTM).  We want to monitor reachability on an 
Internet-scale, and TTM does not currently provide this.  TTM requires 
dedicated boxes to be installed in the prefixes of interest (both source 
and dest), and their documentation says that the architecture doesn't 
scale past 200 nodes.  The current TTM deployment seems to be ~150 boxes, 
with 4 in North America and 1 in Asia.  Because of the limited size of the 
deployment, TTM does not have to deal with intelligent probe selection-- 
every node can probe every other node "all the time." In experiments we 
ran in January, we used ~hundreds of vantage points and monitored 110,000 
prefixes, covering over 90% of the edge ASes.  The plan for this summer is 
to ramp the system up to that level of coverage with the type of real-time 
classification I spoke about at NANOG.  After that, we have plans to ramp 
up the number of vantages by orders of magnitude.  Further, while TTM has 
the data to do it, the project does not seem to currently track 
reachability information, our primary concern.

There are other similar projects out there too, for instance:
http://www.nanog.org/mtg-0706/bush.html

It seems to me that all these complement, rather than supplant, each 
other.

Ethan



More information about the NANOG mailing list