Thomas Holterbach 0:00 So with the looking glass you will find on our website, you can really have the data from all the vantage points, you know. So that's one of the feature, I think, pretty useful for operators. And besides that, what we also want to have with these dashboards, with the looking glass, but also with the other dashboards, is, you know, this capability of users to filters the data and to understand our inference that we're making. So, for instance, in another dashboard that we have, we are running, you know, this also famous AS relationship inference algorithm. You know, this is an algorithm that takes BGP data and infers for a given AS, what is the providers? Who are the customers, who are the peers? And this is very useful for operators. You can also find this kind of dashboards online. And the problem with this kind of algorithm is that they are probabilistic, so sometimes mistakes can happen, right? And because we don't have the ground truth with BGP, and what we are trying to do with these dashboards is really to do the bridge between users and the data. So when we do an inference, we also explain how we did it, which data we use to make this inference, so people, they can really see the AS path, for instance, that we use from the data so that we make those inferences. George Michaelson 1:18 You're listening to ping, a podcast by APNIC discussing all things related to measuring the Internet. I'm your host. George Michaelson, this time on ping, I have two guests from the University of Strasbourg, Thomas Alfroy and Thomas Holterbach. The two Thomases are both working on an activity we've discussed before on ping called BGProutes.io last time we were talking to Professor Christel Pelsser from the University of Louvain in Belgium, that ping episode focused on two activities called GILL and DFOH, about machine learning models and the tools to help guide selection of BGP measurement points. This time, I spoke with Thomas and Thomas at apricot held in Jakarta, where they gave an overview of their platform to the routing community. They have made significant changes to their data management model using BMP as a data collection method. BGProutes.io, is gaining a massive advantage from using BMP to collect many BGP views at a single peering. This means they don't have to do as many EBGP multi hop sessions to each individual BGP speaker at an IX for example. They've also been working on an improved data model and tooling to help show recent transactions in BGP globally, and can offer services for people to see their own BGP announcements or any other ones that they're interested in as an API based subscription service. This time on ping. I'm with two guests from the University of Strasbourg, Thomas Alfroy and Thomas Holterbach. The two Thomases are here at apricot talking about something we've discussed before on ping, BGProutes.io, last time we were talking with Professor Cristel Pellser from UC Louvain in Belgium, and that episode was really at a much earlier stage in the life of this project, looking at ways of using machine learning models to help find a point of view in BGP, and also some work on identifying forged origin attacks. But this time, the two Thomases, I'm probably going to call them TA and th, they're giving an overview of their platform to the routing community here at apricot, and also they're looking at some of the advantages of a different view of BGP called BMP. This work was actually partly supported by APNIC foundation. Thomas Holterbach is no stranger to the Asia Pacific Internet research community. He's done an internship at IIJ, and Thomas Alfroy presented at the SIG com meeting in Sydney, and the paper that he presented there actually won the Sigcomm Award Best Paper of the year. Thomas, Thomas, welcome to ping. TA. Could you tell people a little bit about yourself? Thomas Alfroy 4:16 So hello everyone. I'm Thomas at the University of Strasbourg, working mainly on BGP data, BGP data collection, BGP data analysis. And I was a PhD student also at the University of Strasbourg, under the supervision of Professor crystal and Dr Thomas George Michaelson 4:35 and TH. Thomas Holterbach 4:37 So hello everyone. Yeah, I am a postdoc at the University of Strasbourg as well. I did my studies, my bachelor and master at the University of Strasbourg. Then I moved to ITHI Zurich when I did my PhD there, working on BGP convergence. And then I went back to the University of Strasbourg for the post doc. And during the PhD, as you were saying, in fact, I was at IIJ for some time. An internship I was as well at CAIDA, a little bit. So, yeah, I work with different organizations. Always about BGP. George Michaelson 5:06 So BGP data collection, we have two well known existing systems. We have routeviews from the University of Oregon, and we have ripe RIS, which is doing a long term collection. You guys are a little different. When I spoke with Cristel, it was still quite a small activity. It was perhaps 20 points of visibility into the system. But things have really come along quite a long way in the year since then. TA, could you tell us a little bit about that? Thomas Alfroy 5:34 So yes, we have a lot of news since the last podcast. We have a lot of new tools, dashboards, but mostly we significantly increase the number of BGP sessions that we have and the point of view from which we are collecting the BGP data. And it's mainly because of one feature we implemented, which is BMP. So BMP stands for the BGP Monitoring Protocol, and it's used to not only monitor the BGP data that is on one BGP session, but all the BGP data collected from all the BGP session of the router running the BMP. So here, for the sake of clarity, we'll use the term vantage points for one router that is exporting BGP data. So here, because of the nature of BMP one BMP session can bring us multiple vantage points, and this is how we achieve this, let's say, significant increase in the number of vantage points, because now we have more than 300 vantage points, in the .. George Michaelson 6:35 300 !! Thomas Alfroy 6:36 300 from which we are collecting the data In BGP routes. George Michaelson 6:40 That's a really significant growth compared to the earlier state. And this is sort of the multiplying effect of using a protocol like BMP. Thomas Alfroy 6:48 Exactly. That's the reason why, because actually we have something like 15 BMP sessions with actual operational routers, which bring us almost 300 actual BGP vantage points, which means that, on average, there are pretty much 20 BGP vantage points for each BMP session that we have. And we also have one BMP session that exporting from which we can derive, sorry, more than 100 BGP vantage points, which is quite huge, actually. George Michaelson 7:18 So TH, the classic problem that a researcher faces looking at BGP data is this disparate sources, you're kind of acting in a way like a concentration and amalgamation of your own data and also other people's data. Is that correct? Thomas Holterbach 7:35 Yes, that's correct. So you know when, when I was doing my PhD, I wanted to use as much data as possible, because more data you use, more events you will see, and better will be your analysis. The problem, though, is that processing all this data, it's not so simple, right? We need the right tools to process all this data. And now that we're collecting even more data with more data with BMP, it's becoming harder and harder to process all this data. So on one side, what we're trying to do with BGProutes.io is to take as much data as possible, so we have BMP, but we're also taking all the data from RIS and Routeviews through their live stream system, so we get the data in real time, and we put everything into a database. And aside from that, we also design tools such as an API that user they can use to access all these data effectively. George Michaelson 8:26 So there's this cultural split between all data analysis, reduction, collation and sampling methods. You seem to be heading more into the all data space. Is that correct? Thomas Holterbach 8:39 So in fact, we realized that a lot of people were actually sampling the data because they had no other options. In the past, if you wanted to do an analysis, and you don't want to spend an entire week analyzing the data, you had to sample the data, but if you do this, you might lose some accuracy, because you will maybe miss some events and these kind of things. I'm saying this because it's exactly what happened during my PhD. I had to sample the data even though I had quite some powerful servers available. So yes, we really want users not to have this problem anymore. George Michaelson 9:11 And where routeviews and RIS have made a commitment to be long term archive state, you're perhaps looking a little more at having some sense of continuity in a window, but you're not looking at a long term archive role, Thomas Holterbach 9:25 in fact. So when we build and operate platforms such as BGProutes.io or ripe RIS or routeviews, typically there are two objectives, one which is, we want to achieve high coverage, and the other one, which is, we want to keep the data as much as possible. The problem is that these two objectives, they are sort of conflicting. On one side, you want to have more data. On the other side, if you want to store all this data, it's going to be more and more expensive. So this is a trade off. And what happens now with RIS and routeviews is that they really put high priority into keeping the data. Are forever because, in fact, it's super useful for researchers. George Michaelson 10:04 Long term archive depth means that you can do some amazing analytics then and now. But it's kind of like your model is complementary to that, isn't it? Thomas Holterbach 10:13 Exactly. So we want to focus more on having as much data as possible now in real time, and also for short term historical analysis. And in fact, perhaps if eventually we just have too much data, and we don't have the resources to store this data, then we might just discard it. George Michaelson 10:30 So TA, did you find off the shelf systems for this? Or were you doing your own coding development? Thomas Alfroy 10:36 No, we are doing our own coding stuff. As Thomas said, we are implementing a sliding window from which we are keeping all the data and then so for now, this sliding window is three months. And so if a data is older than three months, we just discard it. George Michaelson 10:53 And the BMP implementation, you wrote your own BMP engine from the specs Thomas Alfroy 10:59 Exactly, so we really build our BGP slash BMP collector, so it's built in C and we really started from scratch, from zero, and step by step, we now have something that is very operational. But why we did this instead of using some already existing collector, like exaBGP, or, more recently, Rotunda from the NLnet labs, is that the software routers existing, like FR routing, for instance, they implement a lot of different features that we do not really care about because we are only focused on data collection. We do not want to do some filtering, some forwarding. George Michaelson 11:37 You don't have to implement the decision logic that's going to ultimately affect packet forwarding in the world you make EBGP multi hop associations with people? Thomas Alfroy 11:47 yes, so we support EBGP, but also iBGP, because iBGP also export the data that is received through EBGP. So that's also something that can be interesting. And obviously EBGP multi hop is also supported and BMP, but for BMP, we do not need to support any multi hop thing because it's just a simple TCP session through the collecting station. George Michaelson 12:11 So there are adjunct functions in BGP that are becoming much more important. We've only recently entered a world where people are starting to write the ASPA object in RPKI that signing over adjacency between customer and provider. Are you able to explore that space at all? TH Thomas Holterbach 12:32 Yeah, that's a good question, because it's something we have been working on during the past weeks. So we actually realized that RPKI route origin, validation, ASPA, those are new extensions to BGP that operators they really like. And ROV, for instance, is now rather quite deployed. And ASPA, it's still quite new, but it's being more and more deployed. We have some George Michaelson 12:56 So there's this golden moment when you have a tool and a new technology emerges, you have kind of come at exactly the right point, haven't you? Because this is virtually zero. This is the zero state for this technology. There is a small count. You're going to see the trajectory of uptake of this technology. Thomas Holterbach 13:14 Well, we hope so. That's the goal. So what we did here with BGProutes.io is that every route that we collect, we run the RPKI ROV so we check for the route region validation, and we also do the ASPA verification, and then we tag each route that we receive with the output of the verification. So then analysis, like what we're describing before, you know, like, if you want to study the percentage of routes that are RPKI valid or ASPA valid, then it's becoming quite simple. Now if you use our API for instead, versus if you have to process a multi files and then do some sort of verification manually, this is much more Thomas Alfroy 13:55 And also something that is interesting in this case is that we are tagging the routes when we receive them, because, for instance, if you want to do the same with RIS route use, you have to process a multi file that are maybe, that have been made maybe few weeks ago, but you are tagging them with the current finding George Michaelson 14:17 this state that was valid at the time is significantly harder. Whereas, if you have built a validator and have RPKI RTR or some other data structure live when you perform the tagging, it's the tagging of the moment for the BGP event of the moment. Thomas Alfroy 14:33 Exactly. And this is why we are running our own instance of routinator to have the latest state of the RPKI, the ROAs and the ASPA. George Michaelson 14:44 So if I said that there is active measurement and passive measurement, to some extent, you are more in the passive space. You are a collector. But have you seen any of the active experiments, like the BGP beaconing events that are taking place? Have you seen any visibility of this in your collection? Thomas Holterbach 15:02 Definitely see them. So we don't peer with, for instance, the ripe network, which I think is doing some of these beaconing but we are connecting through BMP to some network that are connected to ripe. So with these BMP session, we are able to see these sort of beaconing announcement. So typically, if one want to measure this, yes, you can use, for instance, our data and do some analysis. Thomas Alfroy 15:28 Yes, and with our API, it's actually really easy to get only these beaconing announces. So this is one of the the advantages of this API, instead of using raw MRT files, because raw MRT file, it's excellent for historical analysis. But if you want, for instance, just to focus on this beacon announced, you have to download the entire set of BGP updates through the MRT and then just filter on the client side. George Michaelson 15:57 So does the API offer something similar to publish, subscribe. Can I pre register interest in a filter and then you supply data that matches that criteria over a session? Thomas Alfroy 16:09 Exactly. So for instance, the only match that we can perform is exact or sub prefix matching. So for instance, we have a live stream service, and you can register through our website interface the prefixes you want to get live, and then you connect through a web socket and you get all the BGP updates related to the prefixes you asked for. George Michaelson 16:34 Is there some hysteresis built into this? What is the gap between an event in global BGP and visibility through your service the lag in this system? Thomas Holterbach 16:45 So we have two different sort of APIs. We have the real time API, so it's like ripe RIS, you know, they have their real time service through web sockets. We are doing basically something similar. And we have also another API where basically user, they can query the data that we store in the database, and this is where user can get, also historical data up to three months, say, because eventually we have to discard it. So depending on whether you want the data in real time, or if you just want, like, some historical data, you need to use one API or the other. George Michaelson 17:14 You're supporting both. Thomas Holterbach 17:15 Yes, we provide both. George Michaelson 17:17 If someone listening is interested in peering with you. There's a registration service you're offering. There's a pathway in Thomas Holterbach 17:25 Yes. So, you know, one of the challenge that we have now is really to convince network operators to connect with us and contribute data. I've been, you know, traveling a little bit to many conferences, and when I go to one conference, I am happy if we just get one more BMP session. We are happy with it George Michaelson 17:42 Well, with the multiplier effect, BMP Association brings you so many more other related points of view. Thomas Holterbach 17:49 Yes, but what I mean is that it's it's very challenging for a data collection platform to get more peers, and so that's why we also try to simplify as much as possible this process. So if you're a network operator and you're interested, you can just go on our website, BGProutes.io, you can authenticate using your peeringDB account so we know what is your ASN and then you just have to fill up a very simple form. It takes two minutes. You configure BGP on your router, and you are connected to us, and you will start sharing your data with the community. And you can also monitor your session through our dashboards, because we have a few dashboards, you know, and you can really see your session, see the data that it generates. George Michaelson 18:28 So it has that quality, that it can be like a liveness check for people, an outside Association, check on state. Because I think we all have that experience, that we think we know what we're exposing to the world. But since we're inside the room looking at it, our view necessarily, is colored by what we think, whereas you are outside the room seeing what we really say. So that kind of someone else's view of what I do that's really useful. Thomas Holterbach 18:54 It's useful, and we found out that it motivates your protocols to connect. You know, having these dashboards, it makes the thing feel like it's it's reality. It's being there. It's not like something research that you know. You don't really where, know where this project is going on. It's something that is here. There are dashboards, something that is going, hopefully to stay in the long term. So yes, it's worth coming and peering with us. George Michaelson 19:16 People are used to the idea they go and fetch an entire MRT. They do local processing to see things, or they might be using internal monitoring systems. How would I see the kind of data that you're producing? What is the engagement here? TH? Thomas Holterbach 19:30 Yeah, so that's another good question. So you know, when I go to conferences, what I do realize is that it's good to have the API, but most of the operators, they don't really want to spend time coding things by themselves. What they would like is like dashboards are simple to use and with accurate data. So this is why we also spend a lot of time recently designing such kind of dashboards. So if you go on our website, we have a few dashboards, and for instance, we have a looking glass. So if you. Are a bit in the BGP community. I'm sure you know what is looking glass, because it's one of the most common tool that operators they use very often. So basically, it shows from all the vantage points the routes toward one particular prefix. George Michaelson 20:13 But typically with a looking glass, you're having to find a looking glass that is a particular vantage point and it might have a slightly different interface and a different mechanism. Presumably, your framework is a single entry point that can leverage any of your vantage points to function like a looking glass at that vantage point. Thomas Holterbach 20:32 Yes. So with the looking glass you will find on your website, you can really have the data from all the vantage points, you know. So that's one of the feature, I think, pretty useful for operators. And besides that, what we also want to have with these dashboards, with the looking glass, but also with the other dashboards, is, you know, this capability of users to filters the data and to understand our inference that we're making. So for instance, in another dashboard that we have, we are running, you know, this also famous AS relationship inference algorithm. You know, this is an algorithm that takes BGP data and infers for a given AS, what is the providers? Who are the customers, who are the peers, and this is very useful for operators. You can also find this kind of dashboards online. And the problem with this kind of algorithm is that they are probabilistic, so sometimes mistakes can happen, right? And because we don't have the ground truth with BGP, and what we are trying to do with these dashboards is really to do the breach between users and the data. So when we do an inference, we also explain how we did it, which data we use to make this inference, so people, they can really see the AS path, for instance, that we use from the data, so that we make those inferences. George Michaelson 21:41 So this is similar, perhaps, to the idea of customer cone and AS hegemony. This is in a related space. Thomas Holterbach 21:49 Oh yes, definitely. It's just that when you run, for instance, an algorithm like this, and you see the outputs, you don't really know if it's true if it's incorrect. George Michaelson 21:56 So maybe your distinction is that you're exposing the reasoning steps that lead you to the determination of the relationship here, Thomas Holterbach 22:03 that's exactly what we're trying to do is, you know, from all these data that we collect, we want people to try to understand what is inside this data, you know, and this now we try to do it through these dashboards. So if you go to our Looking Glass, for instance, we have a lot of filters. So you can filter using AS path regular expression, community regular expression. You can go back in the past, so you can query RIB entries at any point in time, any point in time, at the second level granularity, and you will get the answer pretty quickly for all the vantage point from RIS, Routeviews, PCH, CGTF and BGProutes.io. George Michaelson 22:35 Oh, you have quite a lot of associations into other BGP collections. So TA, are you using just like a classic Postgres SQL schema, or have you written a particular data model that is your database here? Thomas Alfroy 22:49 So we are relying on postgreSQL but the scheme is a bit optimized to enable really fast queries from the users, because, as Thomas said, our Looking Glass provides the entry of a given prefix, but from all the vantage points. So we want this to be as fast as possible. And now, with the current scheme, it takes, like approximately five seconds to get the state of a given prefix for all our vantage points. So it's quite fast. And we also had to adapt the scheme to be able to go in the past. Like Thomas said, you can any date in the past in our looking glass, and this will give you the answer at the second level granularity. George Michaelson 23:31 So what is in the immediate future? Do you have current development plans that you're thinking about? Thomas Holterbach 23:37 We have, we have a lot of things in mind. We have too many things in mind, and don't have time, actually, but George Michaelson 23:42 a common problem, Thomas Holterbach 23:43 yes, yes, yes. Well, you know, before we talked about RPKI plus and ASPA, and so our plans, for instance, is now to include these into our dashboards. So for instance, the looking glass. We want that when people use the looking glass, they see for each entry, if it's RPKI valid, if it's ASPA valid, these kind of things. We also plan maybe to have more dashboards, maybe about detecting interesting events, such as routing hijacks, BGP hijacks. You know, you mentioned before, earlier that in the previous podcast with Cristel, you know, you talked about detecting forgery and hijacks. And now that we have this platform, we have the data, maybe we could integrate this tool into BGP, ris.io, so this is ideas we have in mind. It's just that we are basically two of us only working on implementing things. So it takes some time. But yeah, there are definitely a lot of ideas we also, you know, try to understand how maybe we can use thoughts like AI into this, because now that we have this data pipeline that well, hopefully allows us to process the data effectively. Maybe we can connect some of these tools, you know, to this data. So we are really thinking about all of this. This is also some research work. So we are still doing some research, but now we are mostly focusing on implementing things and doing also some research. So George Michaelson 24:59 So this was. An activity that, in the past, has been funded in part by APNIC foundation, but it's a continuing research activity at the University of Strasbourg. You're interested in funding sources and a continuance, you're looking at Thomas Holterbach 25:12 that, of course. So for now, APNIC foundation is, indeed, is partially funding the project at least in 2025 we also have OVH cloud and another sponsor. They basically provide some servers that you can use, because, you know, running all this infrastructure requires some servers, so that is also a cost for us, but we are definitely looking for more funding so it can be donation through the foundation of University of Strasbourg, in which case we can continue developing this project as a research project. If there is a case we don't find such funding, perhaps some of the services, maybe we will turn them commercial. We need to think about that. It's still unclear. But whatever happens, what will not change is our data showing policy. So the data that we collect is always going to be publicly available whatever happens. George Michaelson 26:03 Thomas, Thomas, I think this is an absolutely amazing activity. I think it's lovely to see another kind of look at BGP data, and this idea of collecting and collating those other sources along with your own. I think that's a really valuable addition into the BGP research community. Thank you for coming on ping. Thomas Holterbach 26:23 Well, thank you for the invitation. Thomas Alfroy 26:25 Thanks for the invitation. Was really nice to be in this podcast. George Michaelson 26:29 If you've got a story or research to share here on ping, why not get in contact by email to ping@apnic.net or via the APNIC social media channels. Also remember the measurement@apnic.net mailing list on orbit is there to discuss and share relevant collaborative opportunities, grants and funding opportunities, jobs and graduate placings, or to seek feedback from the community on your own measurement projects. Be sure to check out the APNIC website for all your resource and community needs until next time.