IRL BGP Microscope
Home    |   tcptrace'    |   pcap2bgp    |   T-DAT    |   BGPlot

BGP Microscope Tool Suite

To monitor BGP operation, ISPs or BGP data collection projects (RouteViews and RIPE RIS) operate a number of collectors that establish BGP peering sessions with routers in operational networks. The collector could be a PC-based Quagga router or a vendor router. A Quagga collector records the received BGP updates in the Multi-threaded Routing Toolkit (MRT) format, which has been widely used in studying BGP behavior. Generally a vendor collector works as a looking glass and mainly allows operators to login and lookup the current routing state.


A major issue of the current practice is that, with the limited view of application level BGP messages, one could not clearly differentiate the BGP application and TCP transporort level dynamics. The BGP message delay caused by TCP retransmissions (ex: during network congestions) would be potentially attributed to BGP protocol convergence.

In this project, we deploy a TCP packet sniffer (tcpdump) in front of the collector, and records the pass-through traffic in both directions. The whole packet, including the headers and data, is captured. Note that the collectors shall not announce routing information; thus, only the packets from the operational routers to the collectors carry actual BGP updates. We seek to analyze the TCP packet traces, with the goal to reveal distinct transport protocol issues of BGP sessions.


IRL BGP Microscope provides a collection of tools for inspecting BGP over TCP data traces, including:
  • tcptrace'
    Patched from the original tcptrace. Modify the I/O processing to handle huge data volume

  • mct
    Identify BGP table transfers from BGP feeds. Please refer to BGP Reset.

  • pcap2bgp
    Reconstruct TCP stream from tcpdump packet trace. Extrace BGP messages from the data stream and store in the MRT format.

  • T-DAT
    TCP delay analyer. Output delay factors and series data.

  • BGPlot
    Extended from SCNMPlot Visualize the TCP sequence and the POI series.

Publications
  • Explaining BGP Slow Table Transfers: Implementing a TCP Delay Analyzer, Pei-chun Cheng, Jong Han Park, Keyur Patel, Shane Amante, Lixia Zhang. May 2011. (tech-report) (under-submission)

People

 This project is a joint work of UCLA, Cisco, Level3, and RouteViews

Contact

 Please report bugs/comments/suggestions to Pei-chun Cheng.