Software Engineering Institute

Route Views Project Page

Introduction

This repository contains Border Gateway Protocol (BGP) routing data from two large col-lection efforts: the University of Oregon Route Views project and the RIPE NCC's RIS project.

This site analyzes the data produced by both projects to produce a more detailed view into Internet routing. At this time, this site contains a complete mirror just of the Route Views data.

For more information about the BGP and Autonomous System Numbers (ASNs), refer to the following resources

Goal

The goal of this project is to provide the community with improved historical routing in-formation. The dictionaries of IP-to-ASN mapping produced by combining the two data sources have more detailed routing information than either data source used independent-ly. Initial evidence points to a roughly 30% improvement in specificity. The process for generating the combined mapping is described in our blog post (Analyzing Routing Tables).

Data Format

These IP-to-ASN mappings are stored as prefix maps (Pmaps), which are data formats that are part of the open source SiLK tool suite. They are optimized for storage and fast querying of data associated with IP addresses and network flow.

Documentation and source code for the SiLK tools is available from the NetSA tools website. Helpful SiLK tools include rwpmaplookup and rwpmapcat (Review the documentation for these pages: rwpmaplookup, rwpmapcat)

The Route Views data is stored in its native format. Documentation about this data format is available on the Route Views website.

Resources

    Route Views Mirror
      The Route Views mirror mirrors the University of Oregon Route Views Project, which provides access to its resources.
    Historical Pmaps
      The Pmaps link an IP netblock to the ASN that is the originator for that netblock on a specific date (as indicated by the filename). When more than one ASN legitimately advertises ownership of a netblock, all of them will be listed in the Pmap label in a semicolon-delimited list.

      There are six types of Pmaps. Three types are IPv4 and three types are IPv6, as indicated by file names matching "*.v6.*". For each type there are three lists: all routes, Route Views only, and ripe only.

      Sample Usage of Historical Pmaps*

      To label a list of IPs with their ASN on a certain date, modify the following sample SiLK *nix command:
        rwsetcat ipset.set | rwtuc --fields=1 | \
        rwcut --fields=1,src-as --delimited="," \
        --pmap-file=as:20131225.bgp.pmap

      Alternatively, use one of the following commands:
        rwpmaplookup --map-file=20131225.bgp.pmap ipList.txt
      --or--
        rwpmaplookup --ipset --map-file=20131225.bgp.pmap ipset.set

      To label a single IP address with its ASN on a certain date, modify the following sample SiLK *nix command:
        echo "128.2.0.0" | rwtuc --fields=1 | \
        rwcut --fields=1,src-as --delimited="," \
        --pmap-file=as:20140101.bgp.pmap

      Alternatively, use this command:
        rwpmaplookup --no-files --map-file=20131225.bgp.pmap 128.2.0.0

      By default, rwpmaplookup assumes its arguments are the names of files containing textual IP addresses. Specify the --no-files switch to have it treat the arguments as IP addresses. Specify the --ipset-files switch to have it treat the arguments as IPset files.
    Flapping Route Data
      A flapping route is defined as a route that is added and withdrawn quickly over a period of time. Routes in the routing data define a flapping route as one that has been withdrawn and re-added three or more times with no more than 15 seconds between each action.

      A flapping route can be caused by misconfiguration, a denial-of-service (DOS) attack, or other factors. The lists of flapping routes over each day as seen in the Route Views data can be used to find traces of these events.

      In the Flapping Routes results, the data is space delimited and contains the following information, in order:
      • the CIDR block that was flapping
      • the number of routers reporting the activity
      • the start time of the activity
      • the end time of the activity
      • the duration of the activity
      • the number of flaps reported during that time period

Some advice on installing SiLK on Ubuntu can be found here:
SiLK on a Box - Ubuntu 12.04 - Standalone Flow Collection & Analysis
and the official install guide is available on the NetSA tools website

* More information about SiLK tools can be found in the SiLK documentation.