Presentation is loading. Please wait.

Presentation is loading. Please wait.

PCAP BGP Parser RIPE 73, Madrid Christoph Dietzel, Tobias Hannaske

Published byHeather Holland Modified over 6 years ago

Similar presentations

Presentation on theme: "PCAP BGP Parser RIPE 73, Madrid Christoph Dietzel, Tobias Hannaske"— Presentation transcript:

1 PCAP BGP Parser RIPE 73, Madrid Christoph Dietzel, Tobias Hannaske
Research and Development, DE-CIX

2 IXPs’ Route Servers They exist (yees!)
Process a significant numbers of data Process very significant kinds of data aka. information

3 Route Server as BGP Speaker at IXPs
Customer debugging assistance Historic analysis (new routes, new peaks) Incidents (route hijacks, route leaks)

4 BIRD’s Information Export Limitations
Limited long term export of BGP information No continuous export of MRT for BIRD No simple filtering before MRT exports No insights into incoming BGP advertisements

5 Solution? - tcpdump & tshark!(?)
Complex / cumbersome Output hard to process in automated fashion Not build for BGP

6 PCAP BGP Parser

7 PCAP BGP Parser Python 2.7 and 3.x
Open Source (github.com/de-cix/pbgp-parser) License Apache 2.0 Übersichtsbild toolchain

8 Features - Input Reads PCAP files (not PCAPng yet - would be easy to implement) BGP parser can read from stdin (PCAP format) Live reading from network interface is prepared but not fully implemented Extending is possible, as long as it relies on raw packet data

9 Features - Filtering IP/MAC/port src/dst other filters
Filtering before and after parsing IP/MAC/port src/dst other filters

10 Features – Filtering Filter field Values; Description Message type
OPEN, UPDATE, NOTIFICATION, ROUTE-REFRESH, KEEPALIVE NLRI Prefix, e.g., /24 Withdrawn route Next hop IP, e.g., ASN in AS path ASN, e.g., 6339 Last ASN in AS path ASN of the neighbor AS Community ASN Source IP Destination IP Neighbor routers IP Source MAC Destination MAC

11 Features - Filtering Filtering to display specific BGP messages – only messages that apply are displayed Combine any filters as desired Different values for same filter are chained with a logical OR Different filters are chained with a logical AND NLRI must contain either /8 OR /32 AND next hop must be

12 Features - Output Human readable JSON
Basic information about BGP msgs Easy to read Includes all important fields such as NEXT_HOP, AS_PATH, NLRI and/or WITHDRAWALS, etc. JSON All BGP msgs + meta information (capture specific data such as timestamp, source/dest ip/mac/port) RFC 7159 (see Python internal json-package) One JSON string per line Line based User can specify fields to be displayed Not all fields supported, yet Available fields for line based output are: NLRI, AS_PATH, NEXT_HOP, Communities, Source/Destination IP, Timestamp, Message Types

13 Evaluation Correctness
Compared results of PBGP and tshark E.g., no. of packets after filtering, timestamps DE-CIX RS dump of several hours Correct, but we keep looking

14 Evaluation Performance

15 Conclusion / Contribution
Open source PCAP BGP Parser Apache 2.0 license Wide range of flexible input/output parameters Strong filtering capabilities Nice to integrate in shell/bash/python toolchain Fast enough perform “live” parsing for RS dump from large IXP

16 Even more questions and remarks? Talk to us!
Christoph Dietzel, Tobias Hannaske Research and Development, DE-CIX

Download ppt "PCAP BGP Parser RIPE 73, Madrid Christoph Dietzel, Tobias Hannaske"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
Entire Routes Reflecting capability draft-zhang-idr-bgp-entire-routes-reflect-00.txt Zhang Renhai :

Entire Routes Reflecting capability draft-zhang-idr-bgp-entire-routes-reflect-00.txt Zhang Renhai :
BGP.

BGP.
Part IV: BGP Routing Instability. March 8, 20042 BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)

Border Gateway Protocol Autonomous Systems and Interdomain Routing (Exterior Gateway Protocol EGP)
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Module Summary BGP has reliable transport provided by TCP, a rich set of metrics called BGP.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Emulatore di Protocolli di Routing per reti Ad-hoc Alessandra Giovanardi DI – Università di Ferrara Pattern Project Area 3: Problematiche di instradamento.

Emulatore di Protocolli di Routing per reti Ad-hoc Alessandra Giovanardi DI – Università di Ferrara Pattern Project Area 3: Problematiche di instradamento.
1 Towards Secure Interdomain Routing For Dr. Aggarwal 60-592 Win 2004.

1 Towards Secure Interdomain Routing For Dr. Aggarwal Win 2004.
CS 672 1 Summer 2003 Lecture 3. CS 672 2 Summer 2003 What is a BGP Path Attribute? BGP uses a set of parameters known as path attributes to characterize.

CS Summer 2003 Lecture 3. CS Summer 2003 What is a BGP Path Attribute? BGP uses a set of parameters known as path attributes to characterize.
Analysis of BGP Routing Tables

Analysis of BGP Routing Tables
Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.

Bgpmon real-time collection and distribution of BGP updates Dave Matthews, Yan Chen, Dan Massey Department of Computer Science Colorado State University.
More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.

More on BGP Check out the links on politics: ICANN and net neutrality To read for next time Path selection big example Scaling of BGP.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
Guide to TCP/IP Fourth Edition

Guide to TCP/IP Fourth Edition

Similar presentations

Ads by Google