SlideShare una empresa de Scribd logo

RIPE Atlas - A Real Big Measurement Network

RIPE NCC
RIPE NCC

presentation given by Róbert Kisteleki at UKNOF 18 on

Tecnología
1 de 46
Descargar para leer sin conexión
RIPE Atlas! A “Real Big” Measurement Network Robert Kisteleki Science Group Manager, RIPE NCC robert@ripe.net
RIPE TTM 2
Light Map 3
Intuition: 1000 Probes 4
Intuition: 5000 Probes 5
Intuition: 10k Probes 6
Intuition: 20k Probes 7
Intuition: 50k Probes 8
Intuition: 10k Probes & 1 AS 9
Ambitious Community Effort Instead of building small, separate, individual & private infrastructures, build a huge common infrastructure that serves both the private goals and the community goals. 10
Ambitious Community Effort •  Individual Benefits -  Lessexpensive than rolling your own -  More vantage points available -  More data available •  Community Benefits -  Unprecedented situational awareness -  Wealth of data, … 11
Intuition -> Plan •  For accurate maps we need more probes •  Deploying very many TTM boxes too expensive •  Smaller probes •  Easily deployable •  USB powered •  24 x 365 capable 12
Probe Deployments 13
Probe Capabilities •  Version 0 -  Ping to fixed targets (IPv4 & IPv6) ✔ -  Traceroute to 1st two upstream hops ✔ •  Version 1 -  Ping& Traceroute to variable targets -  DNS queries to variable targets •  Version 2 -  Your ideas ? •  Upgrades are automatic 14
Hosting = Credits = Measurements 15
Hosting = Credits = Measurements 16
Hosting = Credits = Measurements 17
Hosting = Credits = Measurements 18
Hosting = Credits = Measurements 19
Hosting = Credits = Measurements updated hourly on 20
Hosting = Credits = Measurements •  More probes expected in Q1 2011 •  Apply for one on atlas.ripe.net 21
Hosting = Credits = Measurements 22
Hosting = Credits = Measurements 23
Sponsorship = Credits = Measurements 24
Sponsorship = Credits = Measurements 25
Technicalities 26
RIPE Atlas - Overall Architecture 27
RIPE Atlas - Overall Architecture •  All components in the hierarchy maintain their connections using secure channels with mutual authentication. •  Theoretically, any component can be scaled up independently from the others •  Hierarchy allows for data aggregation •  In order to be scalable, data flow is based on “need to know” 28
RIPE Atlas - Overall Architecture •  Registration Server: -  The (only) trusted entry point for Probes -  Welcomes all Probes and directs! them to a suitable Controller: -  Asclose as possible to the! Probe -  Not too busy -  It has a high level overview on the current state of the system 29
RIPE Atlas - Overall Architecture •  Central database: -  Administrativestore -  Measurement store (active store) -  Data store -  Credit store 30
RIPE Atlas - Overall Architecture •  User Interface -  Allows the users to actually use the service and look at: -  Probe statuses -  Measurement results -  Community aspects 31
RIPE Atlas - Overall Architecture •  Brain: -  Responsible for higher order functions: -  Coordinate measurements -  Process ultimate results -  Draw conclusions, maybe even act on them -  Incorporateother sources of information, like BGP 32
RIPE Atlas - Overall Architecture •  Controller: -  Responsible to talk to Probes -  Assigns Probes to requested measurements based on: -  Available Probe capacity -  Probe locations -  Collects intermediate results and aggregates if needed -  Regularly reports to Brain 33
RIPE Atlas - Overall Architecture •  Probe: -  Listens to measurement commands from Controllers -  Executes built-in and dynamic measurements -  Reports results to Controller -  Other: -  Self-upgrades if needed -  Maintains state as much as possible 34
RIPE Atlas - Overall Architecture Operated by RIPE NCC Likely operated by RIPE NCC Not operated by RIPE NCC 35
RIPE Atlas - Probes •  Probe (v1 / generation 1): -  Lantronix XPortPro -  Very low power usage -  8MB RAM, 16MB flash -  Runs uClinux -  No FPU, no MMU -  A reboot costs <15 seconds -  An SSH connection costs ~30 seconds -  We can remotely update the firmware 36
RIPE Atlas - Security aspects •  All components in the hierarchy maintain their connections using secure channels with mutual authentication. •  All information exchanges happen via channels inside a single (secure) connection. 37
RIPE Atlas - Security aspects •  Probes have hardwired trust material! (registration server addresses / keys) -  Upon registration, the registration server informs the probe about its future controller, and vice versa •  The probes don’t have any open ports -  They only initiate connections -  This works fine with NATs too 38
RIPE Atlas - Security aspects •  Probes don’t listen to local traffic, there are no passive measurements running -  There’s no snooping around •  We suspect we’ll lose some probes because of “deep interest in how they really work”. That is: -  Some will be disassembled -  Some will be hacked locally, modified and used for something else -  But there is no shared key material on the Probes… 39
RIPE Atlas - Other Bits and Pieces •  IPv6 support: -  The system in general supports IPv6 -  We already do IPv6 measurements -  However, only RA is supported, so no DNS in v6 only mode yet :-( 40
RIPE Atlas - Other Bits and Pieces •  The Probe has no direct user interface to configure anything on it -  So DHCP is a must for IPv4, RA is needed for IPv6 -  Deployment in places without DHCP is not yet supported -  But we do have ideas on how to solve this 41
Questions?
Spare Slides / Anticipated Questions Spare Slides 43
Why Hardware and not Software Probe ? •  Comparable and Reliable Measurements -  Known and uniform environment -  Tamper resistant •  24 x 365 -  Install and Forget -  Not dependent on host system, needs little power •  Security -  Not attractive nor easy target for botnet herders -  Not introducing potential weakness in host systems 44
Is this the RIPE Botnet ? •  No •  Architecture is security conscious -> MAT WG •  Probes do not offer services, no open ports •  Probes are not interesting targets -  Very special environment -  Not really powerful either •  Infrastructure is designed with security in mind •  Measurements will be rate limited …. 45
Private Measurements ? •  We are not offering this as a service for private and confidential measurements •  All results should benefit the community, also those of individually configured measurements -  Modalitiesto be discussed -> MAT WG -  Embargo periods -  Aggregation -  Anonymisation •  If you want to keep it very secret, run your own. 46

Recomendados

Dealing with an Upside Down Internet With High Performance Time Series Database
Dealing with an Upside Down Internet With High Performance Time Series DatabaseDealing with an Upside Down Internet With High Performance Time Series Database
Dealing with an Upside Down Internet With High Performance Time Series Database
DataWorks Summit
 
Row #9: An architecture overview of APNIC's RDAP deployment to the cloud
Row #9: An architecture overview of APNIC's RDAP deployment to the cloudRow #9: An architecture overview of APNIC's RDAP deployment to the cloud
Row #9: An architecture overview of APNIC's RDAP deployment to the cloud
APNIC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
Tools for Measurements and Analysis
Tools for Measurements and AnalysisTools for Measurements and Analysis
Tools for Measurements and Analysis
RIPE NCC
 
Zero to ten million daily users in four weeks: sustainable speed is king
Zero to ten million daily users in four weeks: sustainable speed is kingZero to ten million daily users in four weeks: sustainable speed is king
Zero to ten million daily users in four weeks: sustainable speed is king
plumbee
 

Recomendados

Dealing with an Upside Down Internet With High Performance Time Series Database
Dealing with an Upside Down Internet With High Performance Time Series DatabaseDealing with an Upside Down Internet With High Performance Time Series Database
Dealing with an Upside Down Internet With High Performance Time Series Database
DataWorks Summit
 
Row #9: An architecture overview of APNIC's RDAP deployment to the cloud
Row #9: An architecture overview of APNIC's RDAP deployment to the cloudRow #9: An architecture overview of APNIC's RDAP deployment to the cloud
Row #9: An architecture overview of APNIC's RDAP deployment to the cloud
APNIC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
RIPE Atlas
RIPE AtlasRIPE Atlas
RIPE Atlas
RIPE NCC
 
Tools for Measurements and Analysis
Tools for Measurements and AnalysisTools for Measurements and Analysis
Tools for Measurements and Analysis
RIPE NCC
 
Zero to ten million daily users in four weeks: sustainable speed is king
Zero to ten million daily users in four weeks: sustainable speed is kingZero to ten million daily users in four weeks: sustainable speed is king
Zero to ten million daily users in four weeks: sustainable speed is king
plumbee
 
Routing Security
Routing SecurityRouting Security
Routing Security
RIPE NCC
 
Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016
Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016
Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016
Zabbix
 
Routing Security
Routing SecurityRouting Security
Routing Security
RIPE NCC
 
Secure Routing
Secure RoutingSecure Routing
Secure Routing
RIPE NCC
 
(ATS4-PLAT06) Considerations for sizing and deployment
(ATS4-PLAT06) Considerations for sizing and deployment(ATS4-PLAT06) Considerations for sizing and deployment
(ATS4-PLAT06) Considerations for sizing and deployment
BIOVIA
 
RIPE NCC Measurements Tools
RIPE NCC Measurements ToolsRIPE NCC Measurements Tools
RIPE NCC Measurements Tools
RIPE NCC
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
Lahav Savir
 
Routing Security
Routing SecurityRouting Security
Routing Security
RIPE NCC
 
Peering Day 2013
Peering Day 2013Peering Day 2013
Peering Day 2013
RIPE NCC
 
RIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, AnalysisRIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, Analysis
RIPE NCC
 
RIPEstat, RIPE Atlas and the new DNSMON
RIPEstat, RIPE Atlas and the new DNSMONRIPEstat, RIPE Atlas and the new DNSMON
RIPEstat, RIPE Atlas and the new DNSMON
RIPE NCC
 
Xldb2011 wed 1415_andrew_lamb-buildingblocks
Xldb2011 wed 1415_andrew_lamb-buildingblocksXldb2011 wed 1415_andrew_lamb-buildingblocks
Xldb2011 wed 1415_andrew_lamb-buildingblocks
liqiang xu
 
Quick-and-Easy Deployment of a Ceph Storage Cluster
Quick-and-Easy Deployment of a Ceph Storage ClusterQuick-and-Easy Deployment of a Ceph Storage Cluster
Quick-and-Easy Deployment of a Ceph Storage Cluster
Patrick Quairoli
 
PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?
PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?
PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?
PROIDEA
 
RIPE NCC Operations and Analysis Tools
RIPE NCC Operations and Analysis ToolsRIPE NCC Operations and Analysis Tools
RIPE NCC Operations and Analysis Tools
RIPE NCC
 
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Belmiro Moreira
 
JavaFX 101
JavaFX 101JavaFX 101
JavaFX 101
Richard Bair
 
Routing Security Roadmap
Routing Security RoadmapRouting Security Roadmap
Routing Security Roadmap
APNIC
 
RIPE Atlas Update
RIPE Atlas UpdateRIPE Atlas Update
RIPE Atlas Update
RIPE NCC
 
Tiger oracle
Tiger oracleTiger oracle
Tiger oracle
d0nn9n
 
Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
RIPE NCC
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
RIPE NCC
 

Más contenido relacionado

Similar a RIPE Atlas - A Real Big Measurement Network

(ATS4-PLAT06) Considerations for sizing and deployment
(ATS4-PLAT06) Considerations for sizing and deployment(ATS4-PLAT06) Considerations for sizing and deployment
(ATS4-PLAT06) Considerations for sizing and deployment
BIOVIA
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
Lahav Savir
 
Routing Security
Routing SecurityRouting Security
Routing Security
RIPE NCC
 
Xldb2011 wed 1415_andrew_lamb-buildingblocks
Xldb2011 wed 1415_andrew_lamb-buildingblocksXldb2011 wed 1415_andrew_lamb-buildingblocks
Xldb2011 wed 1415_andrew_lamb-buildingblocks
liqiang xu
 
Tiger oracle
Tiger oracleTiger oracle
Tiger oracle
d0nn9n
 

Similar a RIPE Atlas - A Real Big Measurement Network (20)

Routing Security
Routing SecurityRouting Security
Routing Security
 
Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016
Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016
Mikhail Serkov - Zabbix for HPC Cluster Support | ZabConf2016
 
Routing Security
Routing SecurityRouting Security
Routing Security
 
Secure Routing
Secure RoutingSecure Routing
Secure Routing
 
(ATS4-PLAT06) Considerations for sizing and deployment
(ATS4-PLAT06) Considerations for sizing and deployment(ATS4-PLAT06) Considerations for sizing and deployment
(ATS4-PLAT06) Considerations for sizing and deployment
 
RIPE NCC Measurements Tools
RIPE NCC Measurements ToolsRIPE NCC Measurements Tools
RIPE NCC Measurements Tools
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
 
Routing Security
Routing SecurityRouting Security
Routing Security
 
Peering Day 2013
Peering Day 2013Peering Day 2013
Peering Day 2013
 
RIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, AnalysisRIPE Labs Operator Tools, Ideas, Analysis
RIPE Labs Operator Tools, Ideas, Analysis
 
RIPEstat, RIPE Atlas and the new DNSMON
RIPEstat, RIPE Atlas and the new DNSMONRIPEstat, RIPE Atlas and the new DNSMON
RIPEstat, RIPE Atlas and the new DNSMON
 
Xldb2011 wed 1415_andrew_lamb-buildingblocks
Xldb2011 wed 1415_andrew_lamb-buildingblocksXldb2011 wed 1415_andrew_lamb-buildingblocks
Xldb2011 wed 1415_andrew_lamb-buildingblocks
 
Quick-and-Easy Deployment of a Ceph Storage Cluster
Quick-and-Easy Deployment of a Ceph Storage ClusterQuick-and-Easy Deployment of a Ceph Storage Cluster
Quick-and-Easy Deployment of a Ceph Storage Cluster
 
PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?
PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?
PLNOG 7: Ferenc Csorba - What’s new at the RIPE NCC?
 
RIPE NCC Operations and Analysis Tools
RIPE NCC Operations and Analysis ToolsRIPE NCC Operations and Analysis Tools
RIPE NCC Operations and Analysis Tools
 
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013Deep Dive Into the CERN Cloud Infrastructure - November, 2013
Deep Dive Into the CERN Cloud Infrastructure - November, 2013
 
JavaFX 101
JavaFX 101JavaFX 101
JavaFX 101
 
Routing Security Roadmap
Routing Security RoadmapRouting Security Roadmap
Routing Security Roadmap
 
RIPE Atlas Update
RIPE Atlas UpdateRIPE Atlas Update
RIPE Atlas Update
 
Tiger oracle
Tiger oracleTiger oracle
Tiger oracle
 

Más de RIPE NCC

Más de RIPE NCC (20)

Navigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet RegistryNavigating IP Addresses: Insights from your Regional Internet Registry
Navigating IP Addresses: Insights from your Regional Internet Registry
 
Traces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate ActionTraces of Power: Internet Governance and Climate Action
Traces of Power: Internet Governance and Climate Action
 
Governing Environmental Sustainability in Tech
Governing Environmental Sustainability in TechGoverning Environmental Sustainability in Tech
Governing Environmental Sustainability in Tech
 
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdfGerardo-Viviers-RPKI-presentation-DKNOG14.pdf
Gerardo-Viviers-RPKI-presentation-DKNOG14.pdf
 
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RISLIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
LIA HESTINA - Minimising impact before incidents occur with RIPE Atlas and RIS
 
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshopIntro to RIPE and RIPE NCC: RIPE Atlas workshop
Intro to RIPE and RIPE NCC: RIPE Atlas workshop
 
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdfIGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
IGF UA - Dialog with I_ organisations - Alena Muavska RIPE NCC.pdf
 
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdfOpportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
Opportunities for Youth in IG - Alena Muravska RIPE NCC.pdf
 
RIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement ToolsRIPE NCC Internet Measurement Tools
RIPE NCC Internet Measurement Tools
 
IPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the BalticsIPv6 in Central Europe and the Baltics
IPv6 in Central Europe and the Baltics
 
RPKI For Routing Security
RPKI For Routing SecurityRPKI For Routing Security
RPKI For Routing Security
 
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdfSEEDIG 8 - Alena Muravska RIPE NCC.pdf
SEEDIG 8 - Alena Muravska RIPE NCC.pdf
 
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE AtlasKnow Your Network: Why Every Network Operator Should Host RIPE Atlas
Know Your Network: Why Every Network Operator Should Host RIPE Atlas
 
Minimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE AtlasMinimising Impact When Incidents Occur With RIPE Atlas
Minimising Impact When Incidents Occur With RIPE Atlas
 
RIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement ServicesRIPE NCC Internet Measurement Services
RIPE NCC Internet Measurement Services
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
Spotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE AtlasSpotting Latency Issues with RIPE Atlas
Spotting Latency Issues with RIPE Atlas
 
111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure111 views of Swiss Internet Infrastructure
111 views of Swiss Internet Infrastructure
 
The RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in SwedenThe RIPE NCC’s View of IPv6 in Sweden
The RIPE NCC’s View of IPv6 in Sweden
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

RIPE Atlas - A Real Big Measurement Network

  • 1. RIPE Atlas! A “Real Big” Measurement Network Robert Kisteleki Science Group Manager, RIPE NCC robert@ripe.net
  • 10. Ambitious Community Effort Instead of building small, separate, individual & private infrastructures, build a huge common infrastructure that serves both the private goals and the community goals. 10
  • 11. Ambitious Community Effort •  Individual Benefits -  Lessexpensive than rolling your own -  More vantage points available -  More data available •  Community Benefits -  Unprecedented situational awareness -  Wealth of data, … 11
  • 12. Intuition -> Plan •  For accurate maps we need more probes •  Deploying very many TTM boxes too expensive •  Smaller probes •  Easily deployable •  USB powered •  24 x 365 capable 12
  • 14. Probe Capabilities •  Version 0 -  Ping to fixed targets (IPv4 & IPv6) ✔ -  Traceroute to 1st two upstream hops ✔ •  Version 1 -  Ping& Traceroute to variable targets -  DNS queries to variable targets •  Version 2 -  Your ideas ? •  Upgrades are automatic 14
  • 15. Hosting = Credits = Measurements 15
  • 16. Hosting = Credits = Measurements 16
  • 17. Hosting = Credits = Measurements 17
  • 18. Hosting = Credits = Measurements 18
  • 19. Hosting = Credits = Measurements 19
  • 20. Hosting = Credits = Measurements updated hourly on 20
  • 21. Hosting = Credits = Measurements •  More probes expected in Q1 2011 •  Apply for one on atlas.ripe.net 21
  • 22. Hosting = Credits = Measurements 22
  • 23. Hosting = Credits = Measurements 23
  • 24. Sponsorship = Credits = Measurements 24
  • 25. Sponsorship = Credits = Measurements 25
  • 27. RIPE Atlas - Overall Architecture 27
  • 28. RIPE Atlas - Overall Architecture •  All components in the hierarchy maintain their connections using secure channels with mutual authentication. •  Theoretically, any component can be scaled up independently from the others •  Hierarchy allows for data aggregation •  In order to be scalable, data flow is based on “need to know” 28
  • 29. RIPE Atlas - Overall Architecture •  Registration Server: -  The (only) trusted entry point for Probes -  Welcomes all Probes and directs! them to a suitable Controller: -  Asclose as possible to the! Probe -  Not too busy -  It has a high level overview on the current state of the system 29
  • 30. RIPE Atlas - Overall Architecture •  Central database: -  Administrativestore -  Measurement store (active store) -  Data store -  Credit store 30
  • 31. RIPE Atlas - Overall Architecture •  User Interface -  Allows the users to actually use the service and look at: -  Probe statuses -  Measurement results -  Community aspects 31
  • 32. RIPE Atlas - Overall Architecture •  Brain: -  Responsible for higher order functions: -  Coordinate measurements -  Process ultimate results -  Draw conclusions, maybe even act on them -  Incorporateother sources of information, like BGP 32
  • 33. RIPE Atlas - Overall Architecture •  Controller: -  Responsible to talk to Probes -  Assigns Probes to requested measurements based on: -  Available Probe capacity -  Probe locations -  Collects intermediate results and aggregates if needed -  Regularly reports to Brain 33
  • 34. RIPE Atlas - Overall Architecture •  Probe: -  Listens to measurement commands from Controllers -  Executes built-in and dynamic measurements -  Reports results to Controller -  Other: -  Self-upgrades if needed -  Maintains state as much as possible 34
  • 35. RIPE Atlas - Overall Architecture Operated by RIPE NCC Likely operated by RIPE NCC Not operated by RIPE NCC 35
  • 36. RIPE Atlas - Probes •  Probe (v1 / generation 1): -  Lantronix XPortPro -  Very low power usage -  8MB RAM, 16MB flash -  Runs uClinux -  No FPU, no MMU -  A reboot costs <15 seconds -  An SSH connection costs ~30 seconds -  We can remotely update the firmware 36
  • 37. RIPE Atlas - Security aspects •  All components in the hierarchy maintain their connections using secure channels with mutual authentication. •  All information exchanges happen via channels inside a single (secure) connection. 37
  • 38. RIPE Atlas - Security aspects •  Probes have hardwired trust material! (registration server addresses / keys) -  Upon registration, the registration server informs the probe about its future controller, and vice versa •  The probes don’t have any open ports -  They only initiate connections -  This works fine with NATs too 38
  • 39. RIPE Atlas - Security aspects •  Probes don’t listen to local traffic, there are no passive measurements running -  There’s no snooping around •  We suspect we’ll lose some probes because of “deep interest in how they really work”. That is: -  Some will be disassembled -  Some will be hacked locally, modified and used for something else -  But there is no shared key material on the Probes… 39
  • 40. RIPE Atlas - Other Bits and Pieces •  IPv6 support: -  The system in general supports IPv6 -  We already do IPv6 measurements -  However, only RA is supported, so no DNS in v6 only mode yet :-( 40
  • 41. RIPE Atlas - Other Bits and Pieces •  The Probe has no direct user interface to configure anything on it -  So DHCP is a must for IPv4, RA is needed for IPv6 -  Deployment in places without DHCP is not yet supported -  But we do have ideas on how to solve this 41
  • 43. Spare Slides / Anticipated Questions Spare Slides 43
  • 44. Why Hardware and not Software Probe ? •  Comparable and Reliable Measurements -  Known and uniform environment -  Tamper resistant •  24 x 365 -  Install and Forget -  Not dependent on host system, needs little power •  Security -  Not attractive nor easy target for botnet herders -  Not introducing potential weakness in host systems 44
  • 45. Is this the RIPE Botnet ? •  No •  Architecture is security conscious -> MAT WG •  Probes do not offer services, no open ports •  Probes are not interesting targets -  Very special environment -  Not really powerful either •  Infrastructure is designed with security in mind •  Measurements will be rate limited …. 45
  • 46. Private Measurements ? •  We are not offering this as a service for private and confidential measurements •  All results should benefit the community, also those of individually configured measurements -  Modalitiesto be discussed -> MAT WG -  Embargo periods -  Aggregation -  Anonymisation •  If you want to keep it very secret, run your own. 46