Contributing to RIPE Atlas: Operators, Researchers, Coders

Contributing to RIPE Atlas: Operators, Researchers, Coders

Vesna Manojlovic RIPE NCC !APRICOT 2015 March 2015

Vesna Manojlovic - APRICOT 2015 - March 2015, Japan

RIPE Atlashttps://atlas.ripe.net 2


RIPE AtlasFebruary 2015

• 7,800+ probes connected• 2,000+ active users this month !

• 1,000+ built-in measurements daily• 5,000+ user-defined measurements daily

- Five types of user-defined measurements available to probe hosts and RIPE NCC members: ping, traceroute, DNS, SSL, NTP

3


RIPE Atlas 4


RIPE AtlasRIPE Atlas anchors• Well-known targets and powerful probes

- Regional baseline and “future history”

!

• Anchoring measurements - Measurements between anchors - 200 probes targeting each anchor with measurements- Each probe measures 4-5 anchors-Vantage points for DNSMON service

!

• 109+ RIPE Atlas anchors- three sponsored by APNIC

5


RIPE AtlasLocations of anchors 6

!

!

!

!

!

!

!

!

!

• https://atlas.ripe.net/results/maps/network-coverage/#anchors

RIPE Atlas Use Cases: Operators


RIPE AtlasMeasurements of root name servers

• Which instance is queried - Per country- Per ASN

!

• What’s the fastest response!

• TCP/UDP performance

8


RIPE AtlasMonitoring K-root performance

!

• https://labs.ripe.net/Members/suzanne_taylor_muzzin/data-streaming-in-ripe-atlas

9


RIPE AtlasMonitoring DNS: dnsmon.ripe.net

• Currently monitoring small selection of TLD zones- Root name servers and 30 ccTLDs and few gTLDs- New zones to be added later this year

• On the roadmap: “domain checks” • https://atlas.ripe.net/dnsmon

10

https://labs.ripe.net/Members/fatemah_mafi/an-updated-dns-monitoring-service


RIPE AtlasNetwork monitoring using Icinga

• Generating alerts via “Status Checks” - Based on ping measurements - User defines the alert parameters- https://atlas.ripe.net/docs/status-checks/

!

• GitHub repo examples, contributed by operators- http://bit.ly/1BSi1Fu

!

• Post on Icinga blog

11


RIPE AtlasIPv6 reachability visualisation

• Only for RIPE NCC members! (LIRs)• Via the LIR Portal• Using 1,000 RIPE Atlas probes• Visualising:

- Completed paths- Unsuccessful paths- Clickable hops (ASNs)

• https://labs.ripe.net/Members/becha/test-your-ipv6-reachability-using-ripe-atlas

• https://labs.ripe.net/Members/emileaben/visualise-your-ipv6-connectivity-using-ripe-atlas

12


RIPE AtlasVisualising network outages

!• https://labs.ripe.net/Members/emileaben/visualising-network-outages-with-ripe-atlas

• https://labs.ripe.net/Members/emileaben/facebookdown-and-what-internet-data

• https://labs.ripe.net/Members/emileaben/time-warner-cable-outage

13


RIPE AtlasMeasuring latency to multiple locations

• Together with Wikimedia we identified ways to decrease latency and improve performance

- https://labs.ripe.net/Members/emileaben/how-ripe-atlas-helped-wikipedia-users

14

RIPE Atlas Use Cases: Researchers


RIPE AtlasNew measurement type: NTP

• Researchers:- impact of asymmetric routes - impact of network congestion!

!

• Operators: choosing “best” NTP server!

• https://labs.ripe.net/Members/philip_homburg/ntp-measurements-with-ripe-atlas

16


RIPE AtlasOpen IP Map

• Geolocating Internet infrastructure by crowdsourcing: https://marmot.ripe.net/openipmap/!

17


RIPE Atlas

http://cartography.io/foci2014.pdf

18


RIPE AtlasMeasuring DNSSEC validation deployment

• Measuring DNSSEC Validation Deployment - Nicolas Canceill, NLnet Labs

• Using RIPE Atlas measurement network- To quantify the amount/percentage of resolvers that do

DNSSEC validation

• Particular cases have been found- The existence of insecure fallbacks in case of missing

signatures - A troublesome issue with secure wildcard records

• https://ripe68.ripe.net/presentations/232-slides.pdf

19


RIPE AtlasMore research topics

• How Asymmetric is the Internet? A Study to Reinforce the use of Traceroute

- Wouter de Vries and José Jair Santanna, University Twente

• IPv6 Extension Headers- Jen Linkova, Google

• Is De-Peering the Right Choice? - Roberto di Lallo, Roma Tre University

• Reachability of IPv6 Limited Visibility Prefixes- Andra Lutu, IMDEA Networks Institute

20

RIPE Atlas: Show me the code


RIPE AtlasThe RIPE Atlas Community GitHub

• Programmers contributed analysis code- https://github.com/RIPE-Atlas-Community/

• Code written by RIPE NCC:- https://github.com/RIPE-Atlas-Community/RIPE-Atlas-

data-analysis

• Parsing Library, Sagan:- https://github.com/RIPE-NCC/ripe.atlas.sagan

• Measurements source code available - https://labs.ripe.net/Members/philip_homburg/ripe-atlas-

measurements-source-code

22


RIPE AtlasWikimedia example

• Color-coded latency to multiple locations

• Map code is available - please contribute to improve it! - https://github.com/RIPE-Atlas-Community/datacentre-latency-map

23

RIPE Atlas Community


RIPE AtlasAmbassadors

• If you want to... - Help distribute probes outside RIPE NCC service region- Give workshops, tutorials and promote RIPE Atlas

• To become an ambassador:- https://atlas.ripe.net/get-involved/become-a-ripe-atlas-ambassador/

- Email [email protected] and we’ll ship you some probes

• Change in distribution model: - https://labs.ripe.net/Members/fatemah_mafi/changes-to-

the-distribution-model-for-ripe-atlas-probes- From March 2015: 1 probe per person

25


RIPE AtlasWhere to place the probes 26


RIPE AtlasSponsors

• Sponsor benefits:- Promotion on RIPE Atlas website- Community recognition- Double credits for every probe

distributed- https://atlas.ripe.net/get-involved/

become-a-sponsor/

27


RIPE AtlasRoadmap for the future 28

http://roadmap.ripe.net/ripe-atlas/


RIPE AtlasContacting RIPE Atlas

• https://atlas.ripe.net!

• Apply for an anchor: https://atlas.ripe.net/anchors/apply/ !

• Mailing list for active users: [email protected] • Articles and updates: https://labs.ripe.net/atlas!

• Questions: [email protected]• Twitter: @RIPE_Atlas and #RIPEAtlas

29

Additional Slides


RIPE AtlasMore community success stories

• Selective blackholing- http://bit.ly/1Gt0hzz

• Anycast analysis: - http://bit.ly/1dJs9Eo

• How fast the RIPE Atlas anchor has paid off- http://bit.ly/1ny716J

• Basic evaluation of new IXP peering partners- http://bit.ly/1gv1Iog

31


RIPE Atlas

!

!

!

!

!

!

!

!

!

!

http://t.co/9IX7Jvk5nI

32


RIPE Atlas

!

!

!

!

!

!

!

!

!

!

• Investigating problems of slow servers- http://engineering.freeagent.com/2014/01/24/atlas-probes/

33


RIPE Atlas

• IXP: Measuring the effect of installing L-root in Belgrade / SOX!

34


RIPE AtlasMapping an anchor

• Exploring the potential of RIPE Atlas for mapping the packet layer topology!

• Using the example of RIPE Atlas anchor at VIX (Vienna)!

• Pretty graphs (using R), useful information

35

https://labs.ripe.net/Members/dfk/map-a-ripe-atlas-anchor

More RIPE Atlas Features


RIPE AtlasLatest results API

• https://atlas.ripe.net/docs/measurement-latest-api/ - Creating a widget for a website that monitors a specific

result in near real time, such as ping results from 100 probes around the world toward your own website

- Monitoring your network by setting up an alert based on the average measurement result from the past hour

- Staying aware of a major network event, such as an Internet outage in a certain region

- DNS monitoring of your own domain, with configurable measurements using 10 RIPE Atlas anchors

• https://labs.ripe.net/Members/suzanne_taylor_muzzin/ripe-atlas-latest-results-api-and-parsing-library

37


RIPE AtlasSeismograph: powerful visualisation

• Seismograph: https://labs.ripe.net/Members/massimo_candela/seismograph-user-guide - Multiple ping measurements in one view- Stacked chart and interactive control panel

38


RIPE AtlasVisualisation: zoomable ping graph

• Zoomable ping graph- Replacing multiple RRDs graphs: zoom in/out in time,

in the same graph- Easier visualisation of an event’s details- Selection of RTT class (max, min, average)

39


RIPE AtlasSecurity aspects

• Probes have hardwired trust material(registration server addresses / keys)

• The probes don’t have any open ports; they only initiate connections - this works fine with NATs, too

• Measurements are scheduled by centralised “command servers” via reverse ssh tunnels

• Probes don’t listen to local traffic; there are no passive measurements running

• Measurement source code published • Reported vulnerabilities: https://atlas.ripe.net/docs/

security/

40


RIPE AtlasRIPEstat: RIPE Atlas activity 41

How to do Network Monitoring with RIPE Atlas


RIPE AtlasNetwork monitoring

• Network operators use tools for monitoring health of networks

- Such as Nagios and Icinga

• Tools can receive input from RIPE Atlas, via API • Benefits:

- Doing pings from 500 out of 6,000+ probes around the world - Looking at your network from the outside - Plug into your existing practices

43


RIPE AtlasIntegration with monitoring systems

• Three easy steps:!

1. Create a RIPE Atlas ping measurement !

3. Go to “status checks” URL

!

3. Add your alerts in Icinga or Nagios

44


RIPE Atlas1. How to schedule a measurement

• General case - applicable for ping too! • Log in to atlas.ripe.net• Go to “My Atlas” and “My Measurements”• Choose “New Measurement” or “One-off”

- Most measurements are periodic and last a long time- Choose type, target, frequency, # of probes, region...- You will spend credits (next slides)

• More details: https://atlas.ripe.net/doc/udm• Or use API:

- https://atlas.ripe.net/docs/measurement-creation-api/

45


RIPE Atlas1.5 Credit System

• To perform measurements, you spend credits - Ping costs 10 credits, traceroute costs 20, etc.

• Credit system introduced to ensure fairness and protect system from overload

• By hosting a probe, you earn credits • Extra credits can be earned by:

- Being a RIPE NCC member- Hosting a RIPE Atlas anchor - Or sponsoring multiple probes

• More details: https://atlas.ripe.net/doc/credits

46


RIPE Atlas2. Creating status checks

• Status checks work via RIPE Atlas' RESTful API- https://atlas.ripe.net/api/v1/status-checks/

MEASUREMENT_ID/

• You define the alert parameters, for example: - Threshold for the % of probes that successfully received a

reply- How many most recent measurements to base the status

on - What is the maximum packet loss acceptable

• Documentation - https://atlas.ripe.net/docs/status-checks/

47


RIPE Atlas3. Icinga examples

• Community of operators contributed configuration code!- Making use of the built-in “check_http” plugin

• GitHub repo examples- https://github.com/RIPE-Atlas-Community/ripe-atlas-community-

contrib/blob/master/scripts_for_nagios_icinga_alerts

• Post on Icinga blog- https://www.icinga.org/2014/03/05/monitoring-ripe-atlas-status-

with-icinga-2/

48