03/26/2009 draft-cheng-grow-bgp-xml-00.txt 1

An XML Format for BGP Data Collectiondraft-cheng-grow-bgp-xml-00.txt

Dan Massey

Kevin Burnett Payne ChengHe Yan Lixia ZhangColorado State University UCLA

03/26/2009 draft-cheng-grow-bgp-xml-00.txt 2

BGP Data Collection Overview

AS

AS

AS

AS

ASoreg

linxRouteViewswebsite

ISP BGPpeer router

UpdateRib+Update

http://www.routeviews.orgFormat for the Archived Data?

Format for the Real-Time DataStream?

03/26/2009 draft-cheng-grow-bgp-xml-00.txt 3

Binary or ASCII?• Binary and ASCII Both Require a Header

– Indicate what time message was received– Identify peering session data not carried in BGP message

• Bit for bit representation of what came over the wire– Capture data directly with no intervening steps to “help”– Can replay into simulations– Similar to what MRT provides now

• Or an ASCII representation of BGP fields– Easy to parse/script data– Human readable scan of data– Similar to what bgpdump gives after processing MRT binary data

03/26/2009 draft-cheng-grow-bgp-xml-00.txt 4

Easy to Extend and Annotate• Must Support Protocol Changes

– IPv4 and IPv6 addresses, multiple SAFIs– 4 byte ASNs– New Path Attributes

• Annotate Data To Identify Important Attributes– Mark updates as duplicate messages, AS path changes,

possible prefix hijacks, match ROAs, and so on– No universal agreement on “useful” annotations

• Don’t Want a New Type For Each Change– Scripts shouldn’t break as new attributes or annotations added– Read the types you understand– Easily skip the types you don’t

03/26/2009 draft-cheng-grow-bgp-xml-00.txt 5

How To Achieve ThisXML

• Easy to expand and annotate• Wide range of processors• Easy to ignore attributes

telnet bgpdata.netsec.colostate.edu 50001Trying 129.82.138.6...Connected to 129.82.138.6.Escape character is '^]'.<xml><BGP_MESSAGE length="002680" version="0.1” snip >

<TIME>…snip…</TIME>

<PEERING>… snip…</PEERING>

<ASCII_MSG>…snip…</ASCII_MSG>

<OCTET_MSG>…snip…</OCTET_MSG>

</BGP_MESSAGE>

Basic XML Structure

03/26/2009 6draft-cheng-grow-bgp-xml-00.txt

<BGP_MESSAGE length="002680" version="0.1” snip ><TIME>

<TIMESTAMP>1237917439</TIMESTAMP> <DATETIME>2009-03-24T17:57:19Z</DATETIME> <PRECISION_TIME>391</PRECISION_TIME>

</TIME><PEERING>

<SRC_ADDR afi="1" interface_index="0">129.82.138.6</SRC_ADDR> <SRC_PORT>4321</SRC_PORT> <SRC_AS>6447</SRC_AS> <DST_ADDR afi="1" interface_index="0">89.149.178.10</DST_ADDR> <DST_PORT>179</DST_PORT> <DST_AS>3257</DST_AS> <BGPID>0.0.0.0</BGPID>

</PEERING><ASCII_MSG>…snip…</ASCII_MSG><OCTET_MSG>…snip…</OCTET_MSG>

</BGP_MESSAGE>

XML Message Header

03/26/2009 7draft-cheng-grow-bgp-xml-00.txt

<BGP_MESSAGE length="002680" version="0.1” snip >

<TIME>…snip…</TIME><PEERING>… snip…</PEERING><ASCII_MSG>…snip…</ASCII_MSG>

<OCTET_MSG><LENGTH>99</LENGTH><TYPE value="2">UPDATE</TYPE><OCTETS length="99">

FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF006302000000444001010040020C02050CB90D1C12755EE15EE14003045995B20A8004040000000A400600C007065EE1CB51703CC008140CB91F9F0CB9755A0CB9C3520CB9C8640CB9C86516CB517816CB5170

</OCTETS></OCTET_MSG>

</BGP_MESSAGE>

XML BGP Wire Data

03/26/2009 8draft-cheng-grow-bgp-xml-00.txt

<BGP_MESSAGE length="002680" version="0.1” snip ><TIME>…snip…</TIME><PEERING>… snip…</PEERING><ASCII_MSG>

<MARKER length="16">FFFF…..FFFFFFFFFFFFFFF</MARKER> <LENGTH>99</LENGTH> <TYPE value="2">UPDATE</TYPE> <UPDATE> <WITHDRAWN_LEN>0</WITHDRAWN_LEN>

<WITHDRAWN count="0"/><PATH_ATTRIBUTES_LEN>68</PATH_ATTRIBUTES_LEN><PATH_ATTRIBUTES count="7”> …snip… </PATH_ATTRIBUTES><NLRI count="2">

<PREFIX snip > 203.81.120/22 </PREFIX><PREFIX snip > 203.81.112/22 </PREFIX>

</NLRI></UPDATE>

</ASCII_MSG><OCTET_MSG>…snip…</OCTET_MSG>

</BGP_MESSAGE>

XML ASCII Format

03/26/2009 9draft-cheng-grow-bgp-xml-00.txt

<PATH_ATTRIBUTES count="7">

<ATTRIBUTE><FLAGS><TRANSITIVE/></FLAGS><LENGTH>1</LENGTH><TYPE value="1">ORIGIN</TYPE><ORIGIN value="0">IGP</ORIGIN>

</ATTRIBUTE>

<ATTRIBUTE><FLAGS><TRANSITIVE/></FLAGS><LENGTH>20</LENGTH><TYPE value=“307">Unknown</TYPE><Data> Attribute Data Bytes </Data>

</ATTRIBUTE>

<ATTRIBUTE>…..

</PATH_ATTRIBUTES>

Example Path Attributes

03/26/2009 10draft-cheng-grow-bgp-xml-00.txt

<PREFIX label="NANN" afi="IPV4" afi_value="1" safi="UNICAST" safi_value="1">203.81.120/22

</PREFIX>

<PREFIX label=”DPATH" afi="IPV4" afi_value="1" safi="UNICAST" safi_value="1">203.81.112/22

</PREFIX>

Currently label updates as:NANN: New Announcement, NLRI not in RIB when update receivedWITH: Withdraw, NLRI in RIB and removed when update receivedDANN: Duplicate Announcement, update matches current RIB entryDUPW: Duplicate Withdraw, NLRI not in RIB and withdraw receivedDPATH: Update changes existing RIB entry to a Different AS pathSPATH: Update uses Same AS Path, but changes some other attribute

Annotations and Labels

03/26/2009 11draft-cheng-grow-bgp-xml-00.txt

Archived Data Storage Size

FormatUncompressed

(Bytes)/MRT size Compressed /MRT size

MRT 26711666 1.00 5614650 1.00

Bgpdump 74551628 2.79 5645044 1.01

XML 264824363 9.91 13445451 2.39

XML- 218065044 8.16 6289003 1.12

03/26/2009 12draft-cheng-grow-bgp-xml-00.txt

XML data requires more space to store, But compresses to nearly match binary format

Conclusions

• XML Format Provides Lots Of Flexibility– Can include ASCII, Binary, or both– Easy to add new attributes and handle unknowns– Wide variety of parsers available

• Standard Format Greatly Improves Interop– First claim XML format needed– If yes, draft attempts to agree on schema

03/26/2009 13draft-cheng-grow-bgp-xml-00.txt

Questions

03/26/2009 14draft-cheng-grow-bgp-xml-00.txt