Every year, there are multiple reports of internet routing outages or attacks that significantly disrupt internet traffic. Typically, these incidents are measured by the number of IP address prefixes impacted. Last year, for instance, when a Verizon error triggered widespread internet outages, one estimate said that 20,000 IP addresses were affected.
However, this single data point doesn’t give the most accurate picture of a routing outage’s impact, according to Oracle’s Internet Intelligence group. It doesn’t account for the percentage of networks that have accepted the misrouted traffic (the propagation of the leak), and it doesn’t account for the duration of the leak.
To address this problem, the Internet Intelligence group is launching a new, free 3D visualization tool that assesses routing leaks using all three variables — IP address prefixes, as well as propagation and duration. Ultimately, the aim is to give engineers and researchers a tool to more accurately assess these incidents and better understand how to stop them.
The visualization tool “enables operators and engineers to understand what just took place” after a routage leak, Doug Madory, director of internet analysis for Oracle Internet Intelligence, told ZDNet. “And researchers in the future can have a better understanding of the impacts of these incidents. In a couple hours of the incident occurring, we’ll have a new decomposition of the incident, and people can look for themselves at what entities were affected and to what extent.
“This is an effort to add some nuance to our discussion,” he added.
In a blog post, Madory points to last year’s Verizon-related outage to illustrate how a multi-variable visualization may have you rethink an outage’s impact. According to Oracle’s observations, more than 29,000 unique prefixes were involved. However, as the visualization above shows, the vast majority of those prefixes didn’t propagate to many autonomous systems (networks). In fact, less than 500 prefixes were widely circulated.
The visualization tool is interactive, allowing the user to set filters based on the Border Gateway Protocol (BGP) origins or the geolocation of the leaked routes. This allows a user to compare the propagation of affected routes between different origins or countries.
This kind of tool should be valuable to telecoms handling internet traffic, as well as content providers and other major businesses that would want to know the extent of the impact of a routing leak.
Additionally, the tool could help provide the insights necessary to build out mitigating techniques and technologies, such as RPKI and Peer-lock.
“There’s a lot of discussion among engineering communities in the industry of how to try to prevent some of these things,” Madory said. “We’re not going to be able to measure the efficacy [of mitigation techniques] if we don’t really understand what’s happening. If we’re just talking about these incidents in one-dimensional terms…. we’re not going to do the best job we can do to field mechanisms to prevent this.”
The 3D visualization tool is part of Oracle’s Safer Internet Initiative, which aims to increase the public’s understanding of internet routing events. As part of the initiative, Oracl has also released its Internet Intelligence Map and IXP Filter Check.