Welcome!

Welcome to the home page of Charles N Wyble. Charles is a 24 year old systems guy, hacker and entrepreneur currently living in El Monte CA, with his wife of 3 years.

He is currently employed as a system engineer for Ripple TV with responsibility for a nation wide advertising network.

In his spare time he serves as Chief Technology Officer for the SoCalWiFI.net project, runs a hacker space in the San Gabriel Valley and tries to save the local economy.


Wednesday, March 18, 2009

[Fwd: Re: Origin ASN seen vs Origin ASN in Whois Records Report?]

Cool stuff for us analyst junkies. :)

-------- Original Message --------
Subject: Re: Origin ASN seen vs Origin ASN in Whois Records Report?
Date: Wed, 18 Mar 2009 11:16:17 -0400
From: K. Sriram <ksriram@nist.gov>
To: heather.schiller@verizonbusiness.com
CC: nanog@nanog.org

Heather:

This prior question from you (November 2008) was recently brought to our
attention.
Sorry about this delayed response, but we thought it would still be
worthwhile to share
pointers to some work that we are doing at NIST which relates closely to
your question.

Earlier Bill Woodcock provided you with a link where the actual
discrepancies
are listed. Our work at NIST focuses on the statistics of such anomalies,
with the intention of: (A) generating score cards for accuracy/consistency
of various registries, and (B) to glean the "good" data from what is
available so that
BGP robustness algorithms that rely on the data can work more effectively.

We have done an analysis of registry information (RIRs, IRRs, RADB) and
compared
it with that from trace data (RIBs, update history) from RIPE-RIS and
routeviews.
We generate a variety of statistics on a per RIR basis (ARIN, RIPE,
etc.) regarding
whether announced {prefix, origin AS} pairs in updates correspond with
those in the registries.
We also report on whether the registered objects (NetHandle and AShandle
in SWIP format
and inetnum, aut-num, and route in RPSL format) appear self-consistent
or not.
We also looked at the NetHandles in ARIN that contain origin AS
information, and have
performed comparisons of those with what was historically seen in BGP
updates for
prefixes belonging to the ARIN region.
A variety of results and discussion related to all this are presented in
this set of slides:
http://www.antd.nist.gov/bgp_security/publications/ARIN_NetHandle_OriginAS_Analysis.pdf

You may also look into a presentation we made in January at NANOG-45.
There the focus was on BGP robustness algorithms that make combined use of
filtered "good" data from registries as well as long-term trace data.
http://www.nanog.org/meetings/nanog45/abstracts.php?pt=MTE5NSZuYW5vZzQ1&nm=nanog45

Here is a link for a detailed published paper related our NANOG-45
presentation:
http://www.antd.nist.gov/pubs/NIST_BGP_Robustness.pdf
(This paper was published in the Proceedings of DHS S&T CATCH 2009
conference.)

Please let me know if you have any specific questions concerning the above.
We are very interested in receiving feedback on how this work can be made
more useful from the perspective of what ISP needs are.

Sriram

K. Sriram
+1 301 975 3973
http://www.antd.nist.gov/~ksriram/
-----------------------------------------------------

>From nanog-bounces@nanog.org Wed Nov 19 19:14:58 2008
Date: Wed, 19 Nov 2008 19:16:43 -0500
From: Heather Schiller <heather.schiller@verizonbusiness.com>
Subject: Origin ASN seen vs Origin ASN in Whois Records Report?
To: gih@apnic.net, nanog <nanog@nanog.org>, info@BGPmon.net

I don't know if a report like this already exists, but I haven't been
able to find one. Can someone (CIDR Report? BGPMon? PCH?) offer a
report that shows the discrepencies in Origin ASN according to the whois
records, and routes in the [global/public] routing table? Publishing it
on some regular interval would be even better.

ARIN makes available a list of prefixes with OriginAS. I don't know if
other RIR's do.

ftp://ftp.arin.net/pub/originAS/

To be clear. I want a list of the prefixes where the actual origin ASN
seen does not match the one in the whois record. Inconsistent Origin is
fair game here. As a transit provider I'm interested in seeing what
prefixes I am transiting for my customers that have this discrepancy, so
something that shows the full path as part of the results would be most
helpful.

Thanks,
--Heather

No comments: