TF-CSIRT 42 | Heraklion - Greece | 30 May 2014
Tutorial Using RIPEstat
Christian TeuschelMirjam Kuumlhne Research amp Development
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatWhat is RIPEstat
bull Information system for Internet number resourcesbull Data
- Routing data
bull Collected by RIS httprisripenet
bull Registration data (whois)- RIPE Database amp other RIR databases
bull MaxMindrsquos geolocation data
bull Blacklist data
bull And many more httpsstatripenetdata-sources
2
Christian Teuschel - RIPE68 - 12 May 2014
Using RIPEstatIntroduction to RIPEstat
bull RIPEstat Web
bull RIPEstat Widget API
bull RIPEstat Data API RIPEstat Text APIbull httpsstatripenetdatarouting-statusdatajson
resource=hellip
3
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web
bull Finding information on RIPEstat
4
Search input
Recent new features
Links to most used features
RIPEstat related articles on RIPE Labs
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web Interface
bull Information structure on RIPEstat
5
bull FAQ bull Data Sources bull Widget List bull Top Queries bull Feedback
bull Interfaces amp APIs bull Demos bull Roadmap bull Changelog
bull Notable Network Events bull Compare Results bull Looking For Abuse Information bull Global Internet Statistics
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Example Enter ldquoAS333rdquo in the search box
6
Search box
Your ASN amp network prefix
Sample resources
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatWhat is RIPEstat
bull Information system for Internet number resourcesbull Data
- Routing data
bull Collected by RIS httprisripenet
bull Registration data (whois)- RIPE Database amp other RIR databases
bull MaxMindrsquos geolocation data
bull Blacklist data
bull And many more httpsstatripenetdata-sources
2
Christian Teuschel - RIPE68 - 12 May 2014
Using RIPEstatIntroduction to RIPEstat
bull RIPEstat Web
bull RIPEstat Widget API
bull RIPEstat Data API RIPEstat Text APIbull httpsstatripenetdatarouting-statusdatajson
resource=hellip
3
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web
bull Finding information on RIPEstat
4
Search input
Recent new features
Links to most used features
RIPEstat related articles on RIPE Labs
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web Interface
bull Information structure on RIPEstat
5
bull FAQ bull Data Sources bull Widget List bull Top Queries bull Feedback
bull Interfaces amp APIs bull Demos bull Roadmap bull Changelog
bull Notable Network Events bull Compare Results bull Looking For Abuse Information bull Global Internet Statistics
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Example Enter ldquoAS333rdquo in the search box
6
Search box
Your ASN amp network prefix
Sample resources
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
Christian Teuschel - RIPE68 - 12 May 2014
Using RIPEstatIntroduction to RIPEstat
bull RIPEstat Web
bull RIPEstat Widget API
bull RIPEstat Data API RIPEstat Text APIbull httpsstatripenetdatarouting-statusdatajson
resource=hellip
3
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web
bull Finding information on RIPEstat
4
Search input
Recent new features
Links to most used features
RIPEstat related articles on RIPE Labs
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web Interface
bull Information structure on RIPEstat
5
bull FAQ bull Data Sources bull Widget List bull Top Queries bull Feedback
bull Interfaces amp APIs bull Demos bull Roadmap bull Changelog
bull Notable Network Events bull Compare Results bull Looking For Abuse Information bull Global Internet Statistics
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Example Enter ldquoAS333rdquo in the search box
6
Search box
Your ASN amp network prefix
Sample resources
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web
bull Finding information on RIPEstat
4
Search input
Recent new features
Links to most used features
RIPEstat related articles on RIPE Labs
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web Interface
bull Information structure on RIPEstat
5
bull FAQ bull Data Sources bull Widget List bull Top Queries bull Feedback
bull Interfaces amp APIs bull Demos bull Roadmap bull Changelog
bull Notable Network Events bull Compare Results bull Looking For Abuse Information bull Global Internet Statistics
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Example Enter ldquoAS333rdquo in the search box
6
Search box
Your ASN amp network prefix
Sample resources
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatRIPEstat Web Interface
bull Information structure on RIPEstat
5
bull FAQ bull Data Sources bull Widget List bull Top Queries bull Feedback
bull Interfaces amp APIs bull Demos bull Roadmap bull Changelog
bull Notable Network Events bull Compare Results bull Looking For Abuse Information bull Global Internet Statistics
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Example Enter ldquoAS333rdquo in the search box
6
Search box
Your ASN amp network prefix
Sample resources
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Example Enter ldquoAS333rdquo in the search box
6
Search box
Your ASN amp network prefix
Sample resources
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Result page
7
Search box
Widgets grouped into thematic tabs
Widgets display different types of information
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat1Querying for a Resource (Web)
bull Tasksbull What network announces 140785090
bull Is 193342 routed
bull In which country is 9122942023 used
bull What is its corresponding INETNUM object
bull What widget provides real-time routing status
bull By what percent did the number of prefixes announced within Greece increased over the last two years
bull How would you share interesting network events with a colleague
8
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstatCreate SSO Account
bull Tasksbull Go to ldquohttpsstatripenetrdquo and click on ldquoLoginrdquo
bull ldquohellipclick here to create onerdquo
9
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Create custom viewsbull Click the ldquoMyViewrdquo button
bull Drag and drop a widget onto the ldquoMyViewrdquo button
10
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews 11
MyViews are only visible to you An option to share your views will be available soon
Newly created MyView
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Customise MyViews
12
bull Rename bull Re-order bull Control visibility bull Remove
Re-order widgets as you like
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat2MyViews
bull Tasksbull Create a RIPE Access account (if you donrsquot already have
one)
bull Create a MyView for a prefix containing the following widgets
bull Routing Status
bull Looking Glass
bull Routing History
bull Create another MyView with a least two widgets and give it a meaningful name
13
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgets
14
Go to ldquoUse Casesrdquo gt ldquoCompare Resultsrdquo
Select a widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull Compare results in different widgetsbull Select the ldquoPrefix Size Distributionrdquo widget
bull Enter ldquoAS1205rdquo
15
Enter a resource
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Compare Resources (Web)
bull In-widget comparisonbull Country Routing Statistics
16
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat3Comparing Resources
bull Tasksbull Compare the number of announced prefixes for two
networks over the past two years using the widget comparison page
bull How does the Internet in Greece compare to the UK Use in-widget comparison
17
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Take action in an abuse case with the Abuse Contact Finder
18
Go to ldquoUse Casesrdquo gt ldquoLooking For Abuse Informationrdquo
In-depth information about abuse
Enter the IP address
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 19
Rating of the contact
Email contact to report abuse to
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse 20
Details about the resource and abuse contact
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat4Handling Abuse
bull Tasksbull What is the abuse contact for 19302022 or the hotel
network
bull Check an IP address from your home network
bull Discussion
bull What can you do in these casesbull No abuse contact found
bull No response on an abuse report
21
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Use BGPlay to see how your network is routedbull BGPlay is a tool that show routing history in an animated
and highly-interactive manner
bull Go to httpsstatripenetwidgetbgplay
22
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 23
BGP event ASN or ASN path details
Control panel - Covered time period - RRC selection
Interactive graph visualisation
Selection timeline
Control timeline
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay 24
Examples
- Prefix with announcements amp withdrawals 8420564024 - Check IPv6 connectivity 200167c2e848 - Multi-homed prefix 199780024 - BGP-Hijacking 2008-02-28 20865153024 Youtube traffic by Pakistan Telecom AS17557 - Blackholing 193339664
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat5Letrsquos BGPlay
bull Taskbull Find the up-stream provider for AS1205
bull Is AS3333 multi-homed
bull Check the IPv6 connectivity of your own network
25
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site 26
This ISP embedded widgets on its page
Prefix Count widget
AS Path Length widget
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat6Embedding Widgets On Your Site
bull Taskbull Create a simple dashboard page to monitor your network
bull Create a simple HTML pagebull Download the sample page
httpsstatripenetwidgetsdemowidget_homehtml
bull Embed three widgets of your choice
bull Make the widget smaller and remove the RIPEstat logo
27
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Using raw data outputbull What is the concept
bull The RIPEstat Data API provides the lowest level of access to data This data can be fed into custom appellations or just used for scripting
bull RIPEstat widget API documentationhttpsstatripenetdocsdata_api
28
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat7RIPEstat Data API
bull Tasksbull Use your browser to retrieve all announced prefixes for
AS6412
bull Resources registered within a countryhttpsstatripenetdatacountry-resource-listdatajsonresource=X
bull A simple check on your resource if it is seen on the Internet
bull Create a simple script using resource-overview or routing-statushttpsstatripenetwidgetsdemoscript_mehtml
29
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat8RIPE Atlas
bull Create a user-defined measurementbull httpsatlasripenet
30
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check
bull Create a Nagios check using the RIPEstat Data APIbull Nagios is a monitoring tool that supports the development
of custom checks (like other monitoring tools)
bull Result codes for a check show the state
31
State Result Code
Ok 0
Warning 1
Error 2
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
C TeuschelM Kuumlhne - TF-CSIRT 42 - 30 May 2014
Using RIPEstat9Create a Nagios Check 32
if argstransit transit = argstransitsplit()origin = argsoriginsplit()nagios_status = 0origin_errors = 0transit_errors = 0nagios_message = url = httpssdatalooking-glassdatajsonresource=s (argsstatserver urllib2quote(argsprefix ))lookingglass_raw = urllib2urlopen(url)lookingglass_json = jsonload(lookingglass_raw)if lookingglass_json[data_call_status] = supported print WARN s is under maintance (argsstatserver) sysexit(1)for rrc in lookingglass_json[data][rrcs] for peer in lookingglass_json[data][rrcs][rrc][entries] aspath = peer[as_path]split() details = peer[details][0]split() peer_addr = details[0] nexthop = details[2] router_id = details[3] if len(aspath) gt argsminpath if aspath[-1] not in origin origin_errors += 1 nagios_message = nagios_message + ( Origin missmatch s (s) s (rrc peer_addr aspath[-1])) if argstransit if aspath[-2] not in transit transit_errors += 1 nagios_message = nagios_message + ( Transit missmatch s (s) s (rrc peer_addr aspath[-2]))if origin_errors == 0 and transit_errors == 0 nagios_message = OK s Origin is s (argsprefix argsorigin) if argstransit nagios_message = s and all transits match s (nagios_message argstransit) elif origin_errors gt= argscrit or transit_errors gt= argscrit nagios_status = 2 nagios_message = ERROR + nagios_messageelif origin_errors gt= argswarn or transit_errors gt= argswarn nagios_status = 1 nagios_message = WARN + nagios_message
Example of a Python based check
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33
Questions Using RIPEstat
Christian Teuschel - RIPE68 - 12 May 2014
33