Cristel Pelsser 0:00 That's why we don't measure redundancy as based on the path we observe, but more based on the AS links that arise when we have updates. And so what matters to us is to be able to capture the AS links that come and go in the Internet. So we want to cover the topology. And so this enables us to capture the topology, but we also want to be able to encompass, to be able to study when there are changes in, you know, link failures and new links appearing in the Internet, or hijacks happening. And so all this can be the main essence of this is the AS link, and that's why we focus on the AS links rather than the as bus, which are much more complex to compare. If you have different vantage point, George Michaelson 0:59 you're listening to ping, a podcast by APNIC, discussing all things related to measuring the Internet. I'm your host, George Michaelson, this time I'm talking to Professor Cristel Pelsser from UC Louvain in Belgium. Cristel is the chair in critical embedded systems, and she has over 20 years experience in networking, doing research in BGP in Europe, and before that, with IIJ research and NTT in Japan. A recent paper by Cristel and her team of co authors explores a novel way of looking at BGP. The BGP collection platform they've built is able to optimize data collection and remove redundancy in the BGP update stream. This optimizes their sampling locations and helps to select most valuable points, or MVPs. By using machine learning methods, they've been able to demonstrate that their technique can reconstruct the BGP states seen by other measurement systems. It can now help researchers identify key points in the network to take samples of global BGP state from for their particular context of need. This work won the 2024 SIGcom best paper award at the SIGcom 38 meeting held in Sydney last year. Cristal. Welcome to ping. Cristel Pelsser 2:18 Thank you, George for welcoming me here. George Michaelson 2:21 So you're currently a professor of computer science in UC Louvain, is that right? That's correct, yes. And you studied there as a student, and I think you spent quite a long time working in Japan as well, didn't you, Cristel Pelsser 2:34 yes? So I did my PhD here in UC Lovan, and then I moved to Japan to work for a service provider, where I did some research on routing mostly, yes, George Michaelson 2:45 and you were in IIJ research lab for a while as well. Cristel Pelsser 2:49 Yeah, that's correct. I spent there six and a half years in this George Michaelson 2:54 Oh, that is a great place. We've had some of them talk to us before, and they write on APNIC blog. That's a really interesting ideas factory. I think you've also worked at the University of Strasbourg as well. Cristel Pelsser 3:04 Yes, just before moving to UC Louvain, I was there for seven years, and I led some research on core network technologies. George Michaelson 3:12 You have been a researcher in networking, and in particular in BGP, for a very, very long time. You've been working in this space for over 20 years now, haven't you? Cristel Pelsser 3:23 Yes, that's correct. I always wanted to do other things, but then they are always interesting topics that drove me back to BGP. George Michaelson 3:31 Yep, networking. It's inescapable. Ping is a podcast about measurement, and I believe you are one of the principal authors on a paper which won an AC ACM prize? Is that correct in last year? Cristel Pelsser 3:46 Yes, we did win the best paper award at SIG com, 2024 last summer, George Michaelson 3:53 and it was also an ANRP award work. Or was that some other work you were doing? Cristel Pelsser 3:58 Oh, that was some earlier work. Yes, not for this one. George Michaelson 4:01 Tell us about the paper. What is the central topic here that you were exploring? Cristel Pelsser 4:06 So the idea is that we've been collecting BGP routes for many, many years, but we still have very few knowledge about what the Internet topology looks like. And we noticed that there are many events that happen on the Internet and that we don't capture with current data collection infrastructure. And so the idea was to improve this by first of all suggesting to collect data from many more places. But the current problem is that we have too much data already, and researchers, we polled researchers, and they showed us that they don't use the full data that there is available today. And so with that statement, we thought, okay, then we need also a technique to remove some redundant information that is in the BGP data. So the proposal is this combination of the two ideas, George Michaelson 4:48 the existing collections that are well known by people who listen to ping or who work in this space will be the ripe RIS project and routeviews, and you are working in a space where you have come up with some ideas that they are not just exactly the same. This is not a coincident collection, is it? You actually have a slightly different approach to how you peer with people and how you decide what data to keep. Could you talk a little about that, please? Cristel Pelsser 5:25 So yes, what we do is we do a peering session as usual. So we establish a BGP session with different network providers. George Michaelson 5:33 That's an semi automatic subscription with you, isn't it? It's not a heavy weight process. It's really quite easy to construct a peering? Cristel Pelsser 5:41 yeah, that's correct. You just mentioned your IP address and as number on our web page, and then we establish automatically the session with you. And then the idea behind it is that once we get the data, we don't store all of it, we have some intelligence that we've built that on past data has learned what is already known in the systems, and so based on this, we just remove the redundant information and we keep only the interesting pieces in the new peering sessions that come George Michaelson 6:16 The peering is a Non transit relationship. You're establishing a BGP relationship with an AS and you're acquiring knowledge of their roots, but you're then performing some kind of a filtering over a tree structure in order to detect which prefixes, which origins, which path you already have from other sources. Is that the basic model? Cristel Pelsser 6:39 yes, that's correct, and our aim is to be able to monitor changes in the Internet. So the way we build filters is especially to make sure that when there is a change in the Internet, we have a high likelihood to see it. So when an AS path changes, we have a high likelihood to see it in the data. George Michaelson 6:59 How many peerings? Have you established already in this framework? Cristel Pelsser 7:03 That's a good question. It's increasing every day, so I don't know. I didn't check this morning, but it's on the order of 30 at the moment. I believe George Michaelson 7:12 this is a really good basis for a new activity, but measured at scale against the peering relationships visible in routeviews. This is still very early days, isn't it, but I believe you've built this technology with a view to encompassing 1000s or 10s of 1000s of peerings. Cristel Pelsser 7:28 Yes. So we are now trying to scale the infrastructure, and we have a single PC that is able to handle all these connection that we have today and can scale up. So we made some intensive measurements to make sure that we can, with the current infrastructure, host a few hundreds of peers. So it's a project that is started and that we hope will run in the long term. And we welcome sessions from many people who want to join. George Michaelson 7:58 Are you presenting at IX points and capturing data the way RIS does with Fuse inside quite dense, connected regions. What kind of relationships are you currently capturing? Cristel Pelsser 8:11 So mostly at the moment, we have people from its volunteer so we didn't target a specific audience, and we have people from different service providers, mainly, and some research networks we don't yet have IXPs. Yes, that would be a great addition. George Michaelson 8:30 And what sort of coverage Do you have geographically? You have views inside the major continents, or do you have a European focus at the moment? Cristel Pelsser 8:39 So it's very interesting is just that at the moment, we're focusing on extending the infrastructure and on scaling it, and we did not yet look at the data we are capturing that much at the moment. George Michaelson 8:51 So you are still in the build phase, and a lot of the meta analytics of the qualitative nature of the distribution of your peerings into the surface of the default free zone. That's actually work yet to come. Cristel Pelsser 9:05 Yes, that's correct. George Michaelson 9:07 So you said that you have intelligence in this model. Is that the beginnings of saying that you're using machine learning techniques to apply to this or have you constructed your own Algorithms and Heuristics for performing this analytic function. Cristel Pelsser 9:24 We are basically using a Markov chain to do the inference. And so we basically observe routes, and the routes that happen in sequence to each other, and we build some inference about so we count probabilities of a route occurring after another route in a given feed. And so we model the sequence of updates like this. And so from an update, if we're able to predict the next ones, we assume they are redundant, and we only keep one of these chains from one of the peers George Michaelson 10:02 And are you performing some kind of external analysis against this model to prove correctness as time goes on? What police is the model? Cristel Pelsser 10:13 The validation we did is to try to reconstruct from what we gather, to try to reconstruct the original data George Michaelson 10:21 right back computing from your held state the inputs that were necessary to derive that state, and then comparing them to the updates that you actually collected at the edge. Cristel Pelsser 10:32 Yes. And so this way, if we are able to reconstruct a large part, then we assume our inference was correct and we gather the essence of the BGP data. George Michaelson 10:43 If we consider how redundancy in this situation could emerge, it's not as simple as you have a collector at some point and then you have another collector along a path to that point. It's not that you see exactly the same path as a component, because you have two points in the path you actually are observing in a in a mash, aren't you? So there must be a component here where you're seeing components of path that are the same, but then also components that are divergent because they come from the collector to you. Cristel Pelsser 11:15 Yes, that's correct. That's why we don't measure redundancy as based on the path we observe, but more based on the AS links that rise when we have updates. And so what matters to us is to be able to capture the AS links that come and go in the Internet. So we want to cover the topology. And so this enables us to capture the topology, but we also want to be able to encompass, to be able to study when there are changes in, you know, link failures and new links appearing in the Internet, or hijacks happening, and so all this can be the main essence of this is the AS link, and that's why we focus on the AS links, rather than the AS paths, which are much more complex to compare. If you have different vantages George Michaelson 12:05 if you're not primarily looking at the path component. Does that mean the technologies people like me might be familiar with, like MRT dump files aren't actually relevant? Do you have a different data model that you omit? Cristel Pelsser 12:18 Yes, now we are working on a different model. So we are storing the MRT data is also very verbose and very heavy to store, so we also working on a more compressed way to deal with the BGP data. George Michaelson 12:36 This is a very dynamic system. There has been a lot of conversation recently in operational mailing lists about a high degree of transition or temporary change being seen from specific ASs, have you noticed any of this in looking in BGP, or is that not something that you've been looking at lately? Cristel Pelsser 12:56 Not lately, but this is something I studied in the past where, yes, there are some AS that are very noisy, [George: chatty] and contribute a lot to the updates. And so that's also one of the points of this collection, is to try to reduce the noise in the data. George Michaelson 13:13 Your paper explored this new collection, GILL as a platform, but you also have been exploring some ideas a layer above this, you've mentioned two of them in the paper. This thing, MVP, valuable vantage points. Can you talk a little bit about that? Cristel Pelsser 13:30 this work was a bit before the full collection platform that we just talked about. And the idea there was that if we have many collection points today in RIPE RIS and route views, but when we need to study BGP data, we don't know where to look at. And so researchers and maybe operators were just picking the first one or the biggest one to assume they would see the largest part of the topology, more events. And so there, the idea was, okay, we don't know what to pick, and early comers in the area make mistakes when they pick these vantage points. So we wanted to have a guide to tell people this is where to look if you want to have a good view of the topology, but have limited capacity, processing capacity, and so we have this trade off. We select vantage points that give us a good view of the Internet topology and the changes, mostly the changes in the topology, while keeping it under a given amount of disk space. George Michaelson 14:33 Typically, if I were going to try and understand aspects of BGP in the system away from where I am locally, I would be going out and looking for a looking glass, and I don't have any strong sense of why I should pick a particular vantage point into the network to test visibility into the states I want to see. It really is a hard problem, so you're kind of building like a decision support tool here. This is kind of. Of operations research and linear optimization. You're making something available to help me decide where should I go and look to see the kinds of things I want to see. How do I present to this? How do I tell it the qualities I'm looking for? So the tool can help me decide where to go. Cristel Pelsser 15:17 You don't really tell the tool what you want, we try to build the tool such that it is useful for a wide variety of studies. And so we tested it also on a wide variety of different studies that people have done in the past. So it's aimed to see all the changes in the topology. So again, we focus on AS links appearing and disappearing, and we build metrics on the topology that aims to gather this information about the topology. And then we pick the vantage points that see the most changes, and we cluster the vantage points that see similar changes together such that we only pick one element of each one, and this way, we hope to have something that is very versatile for the research community or the operators, and we evaluated it on different path studies and showed that indeed we are able to with the same amount of data that they used in their studies to see more of the events they were trying to see in the data. George Michaelson 16:22 This isn't necessarily a tool that would help me in a crisis select a vantage point, but it's an observational tool that shows, when you look at other people's studies of BGP behavior, different vantage points see different aspects of the problem space. Cristel Pelsser 16:38 Yes, that's basically how it is designed. Yes, if you just want to see whether your prefix at one given point in time propagated properly, you can also use it, because if you pick the most important vantage points, you will see your prefix. But maybe, if you're in a crisis and you're in a hurry to get results, maybe you won't do this and you will just look at a few cherry picked vantage points. George Michaelson 17:06 Oh, when I'm in a crisis, I fling my hands up and anything that sticks I grab onto and see if it will help me. But having tools that help make better choices is always very interesting. You did build this into GILL. You say the work preceded GILL, but is it now integrated with GILL? Cristel Pelsser 17:23 Yes, indeed. So inside GILL, we have some vantage point where we collect all the information, and these are the MVPs. So the ones that we notice that they give us the best view of the topology. We keep them as full feeds. And then we complement this, George Michaelson 17:45 the compression of other people's data is functionally computed against these full set of MVPs. Cristel Pelsser 17:52 Exactly, yes, George Michaelson 17:54 But since it's algorithmic, if in future a new MVP emerged to you, it would become part of your core set, and that would then affect future selection of variants of views from other people. Cristel Pelsser 18:06 Yes, we studied on past data how often we would need to recompute MVPs to keep a good prediction of the MVPs and also on the partial feeds that we are keeping. And this is something we need to do about once every year. George Michaelson 18:25 Wow, I assumed it was much more frequent than that. Cristel Pelsser 18:28 No the topology, the Internet topology, changes, but the essence of it doesn't change that much. And so we believe we are able with picking the MVPs once a year, we can get a good inference. George Michaelson 18:40 Is this a heavy weight calculation? Do you have to run many simulations and many past data sets in order to recompute? Cristel Pelsser 18:48 Yes, it's quite heavy. So we have to build the Internet topology across time to monitor all the changes and compute some features, topological features for every instance in time, on a given time period to do our inference. So it takes a few days to do this inference. Yes, George Michaelson 19:07 right. I can see you wouldn't want to be doing this every day at midnight. [Cristel: Yes] So the other topic that you brought up in the paper is this thing that you called forged origin BGP hijacks. Now that's a very specific problem space. Can you talk a little bit about this? Cristel Pelsser 19:25 So a forged origin hijack is a BGP hijack, where the origin is the legitimate AS, but it's inserted in the AS path by an attacker. So the purpose of such an hijack is to bypass the current protections we have with RPKI large origin validation. Okay, so we assume the attacker keeps the origin valid, because people are now checking for the origin, but then they insert themselves in the AS path and they advertise the prefix of someone else while keeping the origin legitimate. George Michaelson 20:05 So the declaration of origin remains absolutely the same. Any validating BGP speaker would see a path emerge where the ROV for this origin is valid because they haven't changed the origin as and they haven't changed the prefix length. It still conforms to the bounds in the ROA. Is that it Cristel Pelsser 20:26 Yes, that's correct. And so the hijacker will appear in the AS path, but not in as the origin, but later in the AS path. And so how this appears in the data usually is that you have a new link appearing in the AS topology, because now often for the attack to propagate far, the attacker will insert itself close to the origin, and it won't put in the AS path a legitimate AS path along AS path, George Michaelson 20:59 it wants to be best path. So you were typically sort of modeling this in my head. I'm thinking, you have a path that's maybe six long, and the attacker wants to find a way to intrude close to the origin AS, but somehow elide out two of the ASs to become a shorter path. So for some number of people, it becomes best path Cristel Pelsser 21:21 Yes. And so by manipulating the AS links between ASs that did not appear in previous observation of the Internet topology now appear in the topology we see. George Michaelson 21:33 And links between ASs are the primary thing that GILL is capturing, distinct from the path updates and things that route views and RIS collect, this is your special field, isn't it? Cristel Pelsser 21:46 All the pieces fit together, and now, because these attacks appear as a link, we're able to see them in the data, and we build an inference model targeted and at detecting these new links and determining whether these new links are fake or legitimate. George Michaelson 22:07 So when you say an inference engine, this is another special word which hints at machine learning and AI context, you have to understand I am an AI skeptic. So it always interests me when people have successfully constructed models using machine intelligence, but this is what you have done. It's making an assessment based on a model of the validity of this new link. What kind of things makes you determine it's not a valid link. Cristel Pelsser 22:35 We have three different categories of properties that we look at, again, we look at the Internet topology and whether the new link drastically changes the properties of the topology, whether it changes the cluster properties of the topology, or the closeness relationship in the topology. So that's one. The other one is we look at peering data sets, so we look at peering DB data, and whether so their operators declare with whom they peer and where they peer. George Michaelson 23:11 So those declarative relationships. If you suddenly see a change in somebody who made a declaration of their peering boundary, and it's not reflected in peering dB. That's very suspicious. Cristel Pelsser 23:23 It's not necessarily that we look whether it's declared in peering dB, but what we look at is if I see something in the BGP data that is conflictual with the main logic in peering dB. So let me explain this a bit, if you have an AS and we look at the neighbors, and if you two ASs are connected, usually they are similar. So for example, two ASs in Belgium are likely to have similar peers. And so we look at the neighbors and whether they are similar, and if suddenly I see an AS link appearing, and I look at the neighbors, and they are very dissimilar in peering dB. Then I raise an alarm. This is worrisome. So we don't necessarily look at and compare what is declared in peering dB, but we look at statistics of how peering DB declaration look like. So an AS is usually connected to all European ISPs, and then another AS is connected to all Asian ISPs. The two ASs that now are connected, one is connected in Europe and one is connected in Asia, mostly. And this is not happening much in our data set. George Michaelson 24:43 This is also machine generated. This is not humans making inference decisions. You have constructed a model so you have parsed peering DB into a structural form that allows you to do this in the machine. Cristel Pelsser 24:57 Yes, yes. That's what we do. We we. We scrolled all the peering data to build a model of who is neighbor of whom based on the peering data George Michaelson 25:07 that would not update once a year. You must be making more frequent updates of that information structure Cristel Pelsser 25:14 at the moment we download that information, I think that frequently, but that's a good question. We need to check this, George Michaelson 25:21 but you've constructed a technique. And so the opportunity here would be to make a significant investment in time to collate information sources like this, and then have a continuing process, presumably from some level of ground truth, you can at least flag things as suspicious, and then out of band, validate if you see other senses that say, No, this is a legitimate peering, it does bring to mind an incident that happened a very long time ago where France Telecom made an investment in Asian routing, and they simultaneously deployed a huge international MPLS Network, and all of their peerings in PARIX suddenly appears in an exchange point in Asia. And because it was MPLS carriage, it was zero cost, which meant all these routes in Europe appeared in Asia, the other side of their MPLS cloud. They never meant to do this, and it was canceled very quickly. But there are times when people construct quite strange outcomes because of the nature of the underlying fabric of their network. It's a reminder that you have to be careful how you leak information you know, on one side of your cloud into another side. Cristel Pelsser 26:35 We don't focus specifically on leaks, but some of the leaks we will also be able to see with our technique. George Michaelson 26:42 Cristel you said that there are three parts to your inference, but we've only really touched on two of them. Cristel Pelsser 26:47 So the last one builds upon the fact that in the Internet, ASs have economical relationships, and so not all the connections between ASs are used to forward information, and so not all the connections are seen in BGP paths. So for example, you have customer provider relationships and peer peer relationships. And so the path that we see in Internet can only be customer provider, and then their provider, etc. George Michaelson 27:20 BGP is a subset of the actual relationships that exist between IP active people. It's the surface they want the world to see. But there can be private peerings or other relationships, Cristel Pelsser 27:31 Yes. And so the last inference we have is to make sure that we see these relations. And so if we have an AS path that violates these relations, it's also taken as input to generate our alerts. George Michaelson 27:49 Are you using data like the IIJ customer cone concept, similar models? Cristel Pelsser 27:55 we're looking at the number of customers that an AS has, and we assume that in an AS path, you can go from a lightly connected AS to a higher connected AS and then back down again. And so if the degree of the nodes you observe in theAS path is not what you expect, because it suddenly increases, George Michaelson 28:21 it's an anomaly. Is this possibly a more transitional component of BGP analytics? Because as techniques like ASPA come to the fore, there will be more cryptographically signed declarations of relationship between parties. There would be a bilateral pair of signings. So you would have a new information space to test anyone's projected path against. Do you not see that there's a possibility this one sort of ages out as ASPA becomes more common. Cristel Pelsser 28:53 If ASPA is widely deployed, there will be less need for default, of course, George Michaelson 28:59 good use of "IF" Cristel Pelsser 29:00 yes, at the moment, it's still in its infancy, so DFOH is still a place to play at the moment, but it's true that if ASPA becomes widely deployed, then there will be less a need for this, but I think there will still be a need to monitor the AS topology and links appearing in the topology, but for different purposes, then to detect failures, to analyze the robustness of the Internet globally. [George: Yeah], so there will be other uses. George Michaelson 29:32 Did you actually find some forged origin instances in this were you able to detect things that have perhaps flown under the radar? Cristel Pelsser 29:40 Yes, we did. So we presented DFOH at RIPE. I don't remember which meeting, but then after the meeting, some operators came to us and said, Oh, I checked and you saw this. That happened, and it really happened. So we caught a few and then we also caught the clay swap hijack. So yes, we did. George Michaelson 30:04 That's really nice work. Can you tell us a little bit about your collaborations in this paper? Because I think it's quite a nice group of people you were working with Cristel Pelsser 30:12 In this paper. We collaborated with Georgia Tech so Alberto Dinotti, because they have this infrastructure that also detects hijacks, and they had this inference for new links. And so what we did is we wanted to compare with their inference, and so we collaborated with them and used their data set to validate also our model George Michaelson 30:40 And you wrote the GILL paper with Kimberly claffey, Thomas Krenc, Thomas Holterbach and Thomas Alfroy. So is that a collaboration between Louvain and Strasbourg and CAIDA Cristel Pelsser 30:53 Yes, that's correct. Tom Alfroy spent a few months at CAIDA, and so while he was there, he continued working on the inference for the data collection platform, and so KC and Thomas Krenc gave useful feedback on the work and how it can be used. So it was very interesting collaboration. George Michaelson 31:19 What's next for BGP routes. Do you have a sense of what you want here? Are you looking for simply more peerings, or are there more products for want of a better word that might be emerging on this, Cristel Pelsser 31:30 We are looking for more peers. We are also integrating current data sets. So we are integrating route views and RIS data such that all the data is at one place, and people won't have to fetch data from different locations under different formats. So that's what we're working on. And we are trying to improve the way we can deliver the data to researchers and operators and people globally that want to use the data. So that's our current working items. George Michaelson 32:02 If people want to peer with you, it's an online web form, and we can post a link to the basic entry point. And if people want to fetch data from you, that also comes from BGProutes.io, that's the entry point to see the data. Cristel Pelsser 32:18 So at the moment, the data is only available on the web page, but we are working on the delivery aspect, so we are building an API to deliver the data to everyone that wants the data. But at the moment, we only have the interface the web page available George Michaelson 32:36 early days. There's always room for improvement in these things. And is there another place you would like us to talk about or reflect on? Is there somewhere else that people could be looking to see things interesting in this work, Cristel Pelsser 32:48 the DFOH inference tool is also a place that your listeners may want to look at, and it's accessible via BGProutes.io, or it's also available at defo.uclouvain.be and there we expose the links that we think are not legitimate across time. So it's a real time. It's like every 15 minutes, it's updated with new links we may have seen that we assume are not legitimate. So we flag all the links, and we tell whether they, for us, seem legitimate, or whether they seem not legitimate, and we say why. George Michaelson 33:29 That sounds very interesting. People who are listening to ping and reading APNIC blog will also be familiar with Massimo, Candela, BGP, alerta service, and I see many similarities in you providing a mechanistic way of saying, Hey, your prefix is looking strange, you should come and look at this. Cristel Pelsser 33:47 Yes, that's correct. The BGP alerter tool is something we we tried and we got some inspiration from, but the point of view is a bit different. BGP alerter is something you deploy in your own infrastructure, where we try to monitor the Internet scale, and we don't require the people who use our system to tell the different type of policies they have with their neighbors while in BGP alerter you have to do this to get a good alert system. George Michaelson 34:18 Well, there are many tools, and it's nice to have a diversity of approaches to these problems. I think constructing a new information model in BGP that reduces down some of the volume of the full dump in the MRT tables. I think that's a really interesting and useful contribution. I think there's going to be a lot of value of this going forward. Cristel Pelsser 34:38 Thank you. Yes, that's that's what you're trying to do, it's really reducing the amount of data make it understandable. And our objective, while I'm a teacher as well, my objective is also to for students to have a better entry point to all this data, such that they can better understand what the Internet is, and they can be more efficient when they start working in in service. Providers, George Michaelson 35:00 yeah, and this is a tool that students should be thinking about using if they're looking at publishing research in this space. This is a vehicle for them to pursue research, isn't it, Cristel Pelsser 35:10 we hope that it will be very useful for many researchers in the future that they will use our collection platform, they will use our detection tools and build upon this, we showed that by running past studies, we can get very good results, and so we hope people will use that in the future. George Michaelson 35:30 And does your school at UC Louvain have a PhD program that would be open for people internationally to think about working in? Cristel Pelsser 35:37 Yes, here we have four professors that do networking or systems, and we all have are very dynamic in getting projects. So we are welcoming new PhD students every year, George Michaelson 35:51 and fluency in French is not a mandatory requirement. Ce N'est pas necessaire do parler francais pour faire les etudes? Cristel Pelsser 35:59 In a PhD, it's not necessary. Also, our master courses here in Belgium are in English, so undergrads is in French, but master students is in English. George Michaelson 36:12 Well, Cristal. Thank you very much for coming on ping and talking about this tool. It's been really interesting. Thank you. Cristel Pelsser 36:18 Thank you for having me really thanks. George Michaelson 36:22 If you've got a story or research to share here on ping, why not get in contact by email to ping@apnic.net or via the APNIC social media channels. Also remember the measurement@apnic.net mailing list on orbit is there to discuss and share relative collaborative opportunities, grants and funding opportunities, jobs and graduate placings, or to seek feedback from the community on your own measurement projects, be sure to check out the APNIC website for All your resource and community needs until next time you