RIPE NCC Measurements and Tools

RIPE NCC Measurements and Tools
RIPE NCC
Measurements and Tools
Training Course
Training Services | RIPE NCC | April 2017
Schedule
09:00 - 09:30
Coffee, Tea
11:00 - 11:15
Break
13:00 - 14:00
15:30 - 15:45
Lunch
Break
17:30
End
2
Introduction
• Name
• Number on the list
• Experience
•
RIPE Database
•
RIPEstat
•
RIPE Atlas
• Goals
3
RIPEstat
Overview 1 - RIPEstat
• Introduction to RIPE and the RIPE NCC
• Introduction to RIPEstat
• More about widgets
• Exercise A: Querying for a Resource
• Visualising BGP Routing Information
• Exercise B : BGPlay
• Reporting Abuse
4
RIPE Atlas
Overview 2 - RIPE Atlas
• Introduction to RIPE Atlas
• Using RIPE Atlas as a Visitor
• Looking up Public Probes
• Finding Results of Public Measurements
• Creating a Measurement
• Demo and Exercise C
• Network Monitoring
• Exercise D: Using Streaming API
• Command-line Interface Toolset
• Exercise E: Using RIPE Atlas CLI
• Use Cases
• More RIPE Atlas Features
• Take Part in the Atlas Community
5
Course Goals
• RIPEstat Goals:
- Use RIPEstat to debug your own networks.
- Find out additional information about other networks
• RIPE Atlas Goals:
- Learn how to use RIPE Atlas for network monitoring and
troubleshooting
- Learn how to create specific taylor-made measurements
that suit your exact needs using API calls or the command
line interface
- Opportunity for hands on practice
6
Introduction to the RIPE NCC
Section 1
RIPE NCC - Who are we?
• Located in Amsterdam
• Not-for-profit
organisation
• One of the five
Regional
Internet Registries
(RIRs)
• 15,000+ members
(LIRs)
8
Our service region
9
What do we do?
• Distribute IPv4, IPv6, ASNs
• Training courses
• RIPE Database
• Support RIPE community
• RIPE Atlas, RIPEStat, Resource Certification
10
RIPE (Reséaux IP Européens)
• Started in 1989
• Discussion forum open to all parties
• Not a legal entity, no formal membership
• Develops policies
• Work done in Working Groups
• Activities on a voluntary basis
• Decisions by consensus
11
Introduction to RIPEstat
Section 2
What is RIPEstat?
One interface for Internet data and statistics
“One-stop shop”
13
What data? What sources?
• RIPE Database
• Other RIR data
• BGP routing data (RIS)
• Active measurements (RIPE Atlas, DNSMON)
• Geolocation (third party)
• Blacklist data (third party)
• More…
14
Landing page
RIPEstat shows
your own IP/ASN
15
Query Types
• IPv6 address/prefix
• IPv4 address/prefix
• ASN
• Hostname
• Country code
16
Results page
Widgets
More tabs
with results
17
Why use RIPEstat?
• For your own network:
- Is someone else announcing my prefix?
- How visible is my new IPv6 network?
- Is my BGP routing consistent with the Routing Registry?
- Are my DNS and reverse DNS consistent?
- Location of my customers’ prefixes
- Was my prefix visible yesterday in Tokyo?
18
Why use RIPEstat?
• For viewing other networks:
- How many IPv6 prefixes are announced in my country?
- IPv6 in my country compared to neighbours
- Who has more peers, AS1 or AS2?
- How does the upstream outage look?
- Is the prefix/ASN that I want already announced?
- Which ASN announces an IP?
- Where can I report abuse from an IP?
19
RIPEstat Interfaces
• Web interface
https://stat.ripe.net
• RIPEstat widget API
• RIPEstat data API
20
More About Widgets
Section 3
Get the data behind the widget!
22
Shareable results URL
time zoom
•
Immutable shareable URL for each result!
•
URL includes:
•
widget + queried resource
-
for some widgets: settings, zoom, time period
23
Where’s the data from?
24
Freshness and timescale of the data
• Timestamp and time period
• Different widgets = different update frequency
• Adjustable usually
-
Limits: different maximum granularities
25
Embed the widget!
26
Embedding widgets on your site
• ISP embedded
widgets on its page
Prefix Count
widget
AS Path Length
widget
27
Widgets List
https://stat.ripe.net/widget/list
28
Querying for a
Resource
Exercise A
Tasks
• What network announces 140.78.50.90?
• Is 193.3.4.2 routed?
• In which country is 91.229.42.0/23 used?
• What is its corresponding inetnum object?
• What widget provides real-time routing status?
• By what percent did the number of prefixes announced within
Greece increase over the last two years?
• How would you share interesting network events with a
colleague?
30
Visualising BGP
Routing Information
Section 3
Querying
• IP or ASN queried?
-
You get different widgets!
• ASN often visualised based on the prefixes it
announces
32
RIS - Routing Information Service
• RIPE NCC collecting
BGP information
since 1999
-
Raw data: ris.ripe.net
• 22 route collectors
600+ peers
• RIPEstat visualises
RIS data
33
At-a-glance view: Prefix queried
Announced?
By which AS?
Registered in
the RIPE
Database?
Announced?
By which AS?
What % visible?
Since when?
34
At-a-glance view: ASN queried
Announced?
The rest is the same
as for a prefix
35
BGPlay
• See how your network is routed
-
Announcements
-
Withdrawals
-
Path changes
• Shows routing history
-
Animated graphic
-
Highly interactive
https://stat.ripe.net/widget/bgplay
36
BGPlay
click play
Control panel:
• Covered time period
• RRC selection
BGP event, ASN
or ASN path details
Interactive animated
graph
Control timeline
Detailed timeline
with events
click play
click play movie
37
BGPlay
Examples:
(2013/8/28-30)
•
Prefix with announcements &
withdrawals:
84.205.64.0/24
•
Check IPv6 connectivity:
2001:67c:2e8::/48
Multi-homed prefix:
199.7.80.0/24
BGP hijacking
2008-02-28: 208.65.153.0/24 Youtube traffic by Pakistan Telecom
AS17557
Blackholing:
193.33.96.64
•
•
•
38
Prefixes visible for this ASN
IPv4 vs IPv6?
Sort by prefix
or
Search “.” vs “::”
Time period
shown in widget
Default:
last two weeks
39
Announced Prefixes: useful for ASN
40
History of Prefixes Announced by ASN
subdivide prefixes
according to first hop
after queried ASN
Time scale
selection
41
BGPlay
Exercise B
Tasks
• Find the up-stream provider for AS1205
• Is 69.36.157.0/24 originated by only one or
more ASNs?
• Check the IPv6 connectivity of your own
network
43
Reporting Abuse
Section 4
What to do if your network is attacked?
• Spam or unauthorised access?
-
Find IP in message headers or logs
• Want to contact their admin?
-
Find the correct email for reporting abuse
• RIPE Database
-
Contact details for every ASN and IP address
-
In Europe, Middle East, Central Asia
45
Reporting Abuse
• Take action with the Abuse Contact Finder
https://stat.ripe.net/abuse
In -depth
information about
abuse
Enter IP address
46
Reporting Abuse
Email contact to report
abuse
47
Reporting Abuse
Details about the resource and abuse contact:
48
Questions
RIPE Atlas
RIPE Atlas
Overview 2 - RIPE Atlas
• Introduction to RIPE Atlas
• Using RIPE Atlas as a Visitor
• Looking up Public Probes
• Finding Results of Public Measurements
• Creating a Measurement
• Demo and Exercise C
• Network Monitoring
• Exercise D: Using Streaming API
• Command-line Interface Toolset
• Exercise E: Using RIPE Atlas CLI
• Use Cases
• More RIPE Atlas Features
• Take Part in the Atlas Community
51
RIPE Atlas Global Coverage
52
Introduction to RIPE Atlas
Section 5
Goals
• Learn how to use RIPE Atlas for network
monitoring and troubleshooting
• Learn how to create specific tailor-made
measurements that suit your exact needs,
using API calls or the command line interface
• Opportunity for hands-on practice
• Get answers to your questions
54
Prerequisites
• We assume you have already used RIPE Atlas
• Do you have a RIPE NCC Access account?
• If not - quickly create one: access.ripe.net
• Do you have credits to spend?
• You get a voucher from us
55
An Introduction
• RIPE Atlas is a global active measurements
platform
• Goal: view Internet reachability
• Probes hosted by volunteers
• Data publicly available
atlas.ripe.net
56
RIPE Atlas measurements
• Built-in global measurements towards root
nameservers
- Visualised as Internet traffic maps
• Built-in regional measurements towards
“anchors”
• Users can run customised measurements
- ping, traceroute, DNS, SSL/TLS, NTP and HTTP
57
Probes and Anchors
• 9,000+ probes connected (231 RIPE Atlas
Anchors)
• 4,100+ results collected per second
• 12,200+ measurements currently running
58
RIPE Atlas Overview (1)
RIPE Atlas
Anchor
Probes
Web Interface
Control
User
API
Anchor
Data Repository
Probes
CLI
59
RIPE Atlas Overview (2)
RIPE Atlas Controllers
Web Interface
Probes
User
Probes
User Server
60
RIPE Atlas Global Coverage
61
Most Popular Features
• Six types of measurements: ping, traceroute,
DNS, SSL/TLS, NTP and HTTP (to anchors)
• APIs and CLI tools to start measurements and get results
• Streaming data for real-time results
• New: “Time Travel”, LatencyMON,
DomainMON
• Status checks (Icinga & Nagios)
62
Using
RIPE Atlas As a Visitor
Section 6
Internet Traffic Maps
64
Where is B-root?
65
Probes per ASN (in RIPEstat)
66
Where we want to place probes
67
Looking Up Public Probes
Section 7
Searching for probes
Filter based on
ASN, country,
location...
69
Probe page
70
Zoomable Ping Graph
• Replace multiple RRD graphs: zoom in/out in time,
in the same graph
• Easier visualisation of an event’s details
• Selection of RTT class (max, min, average)
71
Finding Results of
Public Measurements
Section 7
Looking up Measurements Results
• https://atlas.ripe.net/measurements/
73
Available visualisations: ping
• List of probes:
sortable by RTT
• Map: colour-coded
by RTT
• LatencyMON:
compare multiple
latency trends
74
Available visualisations: traceroute
•
List of probes, colour-coded number of hops
• Traceroute paths map, geolocation using OpenIPMap:
github.com/RIPE-Atlas-Community/openipmap
75
Available visualisations: DNS
• Map, colour-coded response time or diversity
• List of probes, sortable by response time
76
Downloading Measurements Results
• Click on msm, then
“Download”
• Or URL
• Or API
• Results in JSON
• Libraries for parsing
on GitHub
77
Search for Measurements by Target in RIPEstat
Go to “RIPEstat >
“RIPE Atlas Activity”
78
Finding one specific measurement
• If you know the measurement ID:
- https://atlas.ripe.net/measurements/ID
- https://atlas.ripe.net/measurements/2340408/
79
Use Existing Measurements
• Many measurements already running!
• Search for existing public measurements
first…
• Only then schedule your own measurement
80
Creating a Measurement
Section 8
Benefits of your own measurements
• Customer problem: cannot reach your server
- Schedule measurements (pings or traceroutes) from up to
1,000 RIPE Atlas probes worldwide to check where the
problem is
• Measuring packet loss on suspected “bad” link
• Testing anycast deployment
82
Prerequisites
• RIPE NCC Access account ?
- If not, create one: ripe.net/register
• Do you have credits to spend?
- Redeem voucher
• Redeem LIR credits monthly
83
Logging In
• Log in to atlas.ripe.net
- Use your RIPE NCC Access account
- Same account for LIR Portal, RIPE Atlas, RIPEstat,
RIPE Labs...
- Create an account if you don’t already have one
84
Credits system
• Measurements cost credits
- ping = 10 credits, traceroute = 20, etc.
• Why? Fairness and to avoid overload
• Spending limit and max number of
measurements
85
How can you earn credits?
• Hosting a RIPE Atlas probe
• Being a RIPE NCC member
• Hosting an anchor
• Sponsoring probes
86
Credits overview
My Atlas > Credits
Give credits
to someone
87
Scheduling a measurement
• Log in to atlas.ripe.net
• Four methods:
1.Quick and easy
2. Advanced GUI usage
3. API (curl and JSON code)
4. CLI
88
1. Quick and easy
11
2
3
89
2. Use GUI to schedule a measurement
• Mostly used for a periodic, long-term
measurement
- Or “One-off”
• Choose type, target, frequency, start/end time,
# of probes, region…
• Each measurement will have unique ID
• “API Compatible Specification” is generated
too
90
2. Advanced GUI
1A
B
C
D
E
F
G
91
3: Use API to schedule a measurement
• Using command-line and scripting:
Application Programming Interface (API)
- https://atlas.ripe.net/docs/api/v2/manual/measurements/
types/
- https://atlas.ripe.net/keys/
• You will need API keys
- To create measurements without logging in
- To securely share your measurement data
92
3. API Compatible
93
[cont…] 3. API Compatible
94
Create API Key
• Go to MyAtlas
• Click on “Create an API Key”
• Choose type: “create a new user-defined
measurement”
• “Object” is not applicable (N/A) for this type
• Give it a label
DEMO
Create a Measurement (GUI)
Explore advanced parameters
Create a Measurement
Exercise C
Exercise
• Create a ping measurement:
- Involving ten probes
- To a target of your choice
- Source is your country
- Duration of two days
98
Tasks
• 1. Warm-up: Create a measurement using the
GUI
• 2. Create API Key
• 3. Schedule a measurement using the API
99
Task 1: Use web interface
• Useful hint: once you generate a
measurement, copy “API Compatible
Specification” to text file
• Take note of the measurement ID!
100
Task 2: Create API key
1.Click on “Create an API Key”
2. Permission: “schedule a new measurement”
3.“Target” is not applicable (N/A) for this type
101
[cont…] Task 2: Create API key
1.Give it a label
2. Give it a duration of validity (leave empty for
defaults)
3. “Key” value to be passed on to the API call
(next step)
102
Task 3: Use API
• Schedule a measurement using API
- Use the “key” you just generated
- Hint: copy and past API call syntax from the measurement
generated by the GUI
• Example:
curl -H "Content-Type: application/json" -H "Accept: application/json" -X
POST -d '{ "definitions": [ { "target": "ping.xs4all.nl", "description":
"My First API Measurement", "type": "ping", "af": 4 } ], "probes":
[ { "requested": 10, "type": "country", "value": "RS" } ] }' https://
atlas.ripe.net/api/v1/measurement/?key=YOUR_API_KEY
103
Copy
104
105
Network Monitoring
Section 9
Network Monitoring
• Integrate “status checks” with existing
monitoring tools (Icinga, Nagios)
• Using real-time data streaming
- Server monitoring
- Detecting and visualising outages
107
Steps for integration
1. Create a RIPE Atlas ping measurement
2. Go to “status checks” URL (RESTful API call)
• https://atlas.ripe.net/api/v2/measurements/2340408/
status-check?max_packet_loss=20
3. Documentation:
• https://atlas.ripe.net/docs/api/v2/manual/measurements/
status-checks.html
4. Add your alerts in Nagios or Icinga
108
RIPE Atlas streaming
• Allows users to receive the measurement
results as soon as they are sent by the probes
in real time
- Publish/subscribe through web sockets
• There are three types of data:
- Measurement results
- Probe connection status events
- Measurements metadata
109
RIPE Atlas streaming
• Visualising network outages
- http://sg-pub.ripe.net/demo-area/atlas-stream/conn/
• Real-time server and performance monitoring
• Filtering and reusing measurement results
• Documentation:
- https://atlas.ripe.net/docs/result-streaming/
110
Using streaming API
Exercise D
Preparation for the exercise
• Preconfigure web browser
• In Safari
- Preferences > Advanced>Show Develop menu
• Chrome or Firefox needs no reconfiguration
112
EX1: Monitoring server reachability
• Scenario: customers complain it takes a long
time to reach your server
• Action: ping your server from 50 probes
- Choose acceptable latency threshold
- Notice and react when you start receiving samples
• Task: Use the ping measurement ID 1791207
- Choose which threshold (e.g. greater than 30ms)
- Impose threshold on “min” (the minimum result of the three
ping attempts)
113
Steps
1. http://atlas.ripe.net/webinar/streaming01.html
2. Open the development console
3. Wait for results to arrive
4. Save the HTML file locally and edit the code
114
Page Source
115
Streaming results before editing
116
From the doc
117
EX2: Monitoring server reachability
• Same situation as in the exercise before, but
you didn’t schedule a measurement in
advance
- You don’t have a measurement ID
• You want to get all the measurements
reaching 216.58.212.227
• Now restrict the results to just include ping
measurements
118
Command-line Interface
(CLI) Toolset
Section 10
RIPE Atlas CLI
• Familiar output (ping, dig, traceroute)
• Linux/OSX
- http://ripe-atlas-tools.readthedocs.org/en/latest/
installation.html#requirements-and-installation
• Windows [experimental]
- https://github.com/chrisamin/ripe-atlas-tools-win32
120
RIPE Atlas CLI
• Open source
- RIPE NCC led community contribution
• Documentation
- https://ripe-atlas-tools.readthedocs.org/
• Source:
- https://github.com/RIPE-NCC/ripe-atlas-tools/
121
Install RIPE Atlas tools
• OSX:
- sudo easy_install pip
- sudo pip install ripe-atlas-tools
• Linux:
- Available from many package repositories
- …or same as in OSX
122
Configure RIPE Atlas CLI
• Reuse the API key of the first exercise
- Or create a new one at https://atlas.ripe.net/keys/
• Configure your CLI
- ripe-atlas configure --set authorisation.create=MY_API_KEY
123
Fetch an existing measurement
• Fetch the ping measurement 2340408
- ripe-atlas report 2340408
124
Search probes
• Search all probes in AS 3333
- ripe-atlas probe-search --asn 3333
• Show specific fields
- ripe-atlas probe-search --asn 3333 --field asn_v6 --field
country --field description --field status
• Search for probes in and around Paris
- ripe-atlas probe-search --location "Paris, France" --radius
15
125
Create a measurement
• Create a ping measurement to wikipedia.org
- One-off, default parameters
- ripe-atlas measure ping --target wikipedia.org
126
Other examples of ping
• Geo-specific from 20 probes from Canada:
- ripe-atlas measure ping --target example.com --probes 20
--from-country ca
• 20 Canadian probes that definitely support
IPv6:
- ripe-atlas measure ping --target example.com --probes 20
--from-country ca --include-tag system-ipv6-works
•
Create a recurring measurement:
-
ripe-atlas measure ping --target example.com --interval
3600
127
Using RIPE Atlas CLI
Exercise E
Preparation for the exercise
• UNIX/LINUX/OSX:
• Terminal:
- sudo easy_install pip
- sudo pip install ripe-atlas-tools
- choose “Install” in pop-up
- ripe-atlas configure --set authorisation.create=MY_API_KEY
129
Search probes
• Use the traceroute command to test the
reachability of wikipedia.org on TCP port 443
from 20 probes in France
130
Use Cases
Section 11
Use cases (1)
132
RIPE Atlas IXP Country Jedi (1)
• Do paths between ASes stay in country?
• Any difference between IPv4 and IPv6?
• How many paths go via local IXP?
• Could adding peers improve reachability?
• Experimental tool
- Feature requests welcome!
- Depends on probe distribution in country
133
RIPE Atlas IXP Country Jedi (2)
• Methodology
- Trace route mesh between RIPE Atlas probes
- Identifying ASNs in country using RIPEstat
- Identifying IXP and IXP LANs in PeeringDB
134
Use Cases (2)
• DDoS Attack on Dyn DNS Servers (Oct. 2016)
- 10s millions devices - Mirai botnet
- Legitimate requests
135
Use Cases (3)
• Monitor Game Service Connectivity (Sept. 2016)
• Requirements:
- Check General Reachability, Latency, Historical data
- Supported by an active and helpful community
- Integrate with their existing logging system
• Track down an outage in one upstream
• Became sponsors
136
Use Cases (4)
• Amsterdam Power Outage (March 2015)
• When and were the outage was happening
137
More RIPE Atlas Features
Section 12
Secure Measurement creation and sharing
• Use API keys to:
-
Create measurements without logging in
-
Securely share your measurement data with others
• To create, manage and delete API keys:
-
https://atlas.ripe.net/keys/
-
https://atlas.ripe.net/docs/keys2/
• Examples:
-
https://atlas.ripe.net/docs/rest/
139
Security Aspects
• Probes:
-
Hardware trust material (regular server address, keys)
-
No open ports; initiate connection; NAT is okay
-
Don’t listen to local traffic
-
No passive measurements
• Measurements triggered by “command servers”
-
Inverse ssh tunnels
• Source code published
140
Additional Membership Benefits
• RIPE Atlas:
- Guaranteed to host a probe
- Do NOT have to host probe to perform customised
measurements
- 1,000,000 extra credits monthly via LIR Portal
- “Quick Look” measurements via LIR Portal
- IPv6 reachability testing (free)
- Share probe management with LIR colleagues
• RIPEstat:
- Historical view of RIPE Database objects
141
Take Part in the
RIPE Atlas Community
Section 13
RIPE Atlas community (part 1)
• Volunteers host probes in homes or offices
• Organisations host RIPE Atlas anchors
• Sponsor organisations give financial support
or host multiple probes in their own networks
143
RIPE Atlas community (part 2)
• Ambassadors help distribute probes at
conferences, give presentations, etc.
• Developers contribute free and open software
• Network operators create measurements to
monitor and troubleshoot
• Researchers and students write papers
144
Hosting a probe
• Create a RIPE NCC Access account
• Go to https://atlas.ripe.net/apply
• You will receive a probe by post
• Register your probe
• Plug in your probe
• If you receive a probe from an ambassador
(trainer, sponsor, someone at a conference),
just register it and plug it in!
145
Contact us
• https://atlas.ripe.net
• http://roadmap.ripe.net/ripe-atlas/
• Users’ mailing list: ripe-atlas@ripe.net
• Articles and updates: https://labs.ripe.net/atlas
• Questions and bugs: atlas@ripe.net
• Twitter: @RIPE_Atlas and #RIPEAtlas
146
Questions
Graduate to the next level!
http://academy.ripe.net
148
@TrainingRIPENCC
149
Feedback!
https://www.ripe.net/training/mat/survey
150
The End!
Y Diwedd
Kрай
Fí
Соңы
Ende
Konec
Beigas
Lõpp
Fine
‫הסוף‬
Einde
Liðugt
Finvezh
Ënn
Kraj
Kiнець
Fund
Vége
Son
Endir
Sfârşit
Конeц
Finis
Канeц
An Críoch
Fin
Slut
Pabaiga
Fim
Amaia
Loppu
Kpaj
Tmiem
Τέλος
Slutt
Koniec
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising