|Root Cause Analysis
Root Cause Analysis
Identify causes and locations of interdomain network
Despite the large amount of efforts, finding the causes of specific interdomain routing changes is extremely challenging.
On one hand, nowadays both researchers and network administrators can benefit from large BGP datasets, provided by
several BGP collectors spread worldwide. On the other hand, existing approaches exploiting such data, strive to identify all
network events, disregarding specific changes.
We tackle the root cause analysis problem from a new perspective.
We assume the point of view of an ISP that experienced a change affecting (some of) its prefixes, and would like to pinpoint its
Our contributions include the following results:
- We showed that BGP updates have a flow-based behavior, where the term "flow" used with its graph-theoretic meaning.
The collectors of updates are sources of flow and the ASes originating prefixes are sinks.
Exploiting this property, we propose a flow-based model of BGP updates.
- We defined a methodology for analyzing a given BGP route change c in order to, at least partially, identify and locate the event that triggered c.
The cornerstones of the methodology are:
- A Data Quality Analysis for discarding unreliable data.
- A Macro-events detection analysis, aimed at identifying events which affect either the physical or the logical network topology (e.g. an interdomain link fault/restoration, a BGP router fault/restoration, or a BGP session shutdown/setup).
- A Fine-Grained Analysis that analyzes flow changes in a relevant part of the network, in order to detect events that in general do not impact all the prefixes passing through an interdomain link, but only a subset of them (e.g., BGP policy changes).
- We developed an on-line service that offers many tools to support the methodology. More information about the service is available here.