BGP Microscope Tool Suite
To monitor BGP operation,
ISPs or BGP data collection projects (RouteViews and RIPE RIS)
operate a number of collectors that establish BGP peering sessions with routers
in operational networks.
The collector could be a PC-based Quagga router or a vendor router.
A Quagga collector records the received
BGP updates in the Multi-threaded Routing Toolkit (MRT) format,
which has been widely used in studying BGP behavior.
Generally a vendor collector works as a looking glass and mainly allows
operators to login and lookup the current routing state.
A major issue of the current practice is that,
with the limited view of application level BGP messages,
one could not clearly differentiate the BGP application and TCP transporort level dynamics.
The BGP message delay caused by TCP retransmissions (ex: during network
congestions) would be potentially attributed to BGP protocol convergence.
In this project, we deploy a TCP packet sniffer (tcpdump) in front of the
collector, and records the pass-through traffic in both directions. The whole
packet, including the headers and data, is captured.
Note that the collectors shall not announce routing information; thus, only the
packets from the operational routers to the collectors carry actual BGP
We seek to analyze the TCP packet traces, with the goal to reveal distinct
transport protocol issues of BGP sessions.
IRL BGP Microscope provides a collection of tools for inspecting BGP over TCP data traces, including:
Patched from the original tcptrace.
Modify the I/O processing to handle huge data volume
Identify BGP table transfers from BGP feeds.
Please refer to BGP Reset.
Reconstruct TCP stream from tcpdump packet trace.
Extrace BGP messages from the data stream and store in the
TCP delay analyer.
Output delay factors and series data.
Extended from SCNMPlot
Visualize the TCP sequence and the POI series.
Explaining BGP Slow Table Transfers: Implementing a TCP Delay Analyzer, Pei-chun Cheng, Jong Han Park, Keyur Patel, Shane Amante, Lixia Zhang. May 2011. (tech-report) (under-submission)
This project is a joint work of
UCLA, Cisco, Level3, and RouteViews
Please report bugs/comments/suggestions to Pei-chun Cheng.