Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Â
Using the RIPE Atlas API for measuring IPv6 Reachability
1. Using the RIPE Atlas
API for measuring
IPv6 Reachability
FOSDEM 2014
Vesna Manojlovic
Community Builder for Measurements Tools
BECHA@ripe.net / @Ms_Multicolor
1
2. Overview
â˘
Short intro to RIPE, RIPE NCC
â˘
Getting IPv6
â˘
What is RIPE Atlas
â˘
How to use measurements
â˘
IPv6-related RIPE Atlas use cases
â˘
How to take part in the RIPE Atlas community
â˘
Appendix 1: IPv6 documents
â˘
Appendix 2: RIPEstat
Vesna Manojlovic, FOSDEM 2014
2
2
3. RIPE and RIPE NCC
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
RĂŠseaux IP EuropĂŠens
Started in 1989
Not a legal entity
An open community
No official membership
Makes polices
Meets twice a year
Work is done in Working Groups on
mailing lists
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
â˘
Vesna Manojlovic, FOSDEM 2014
RIPE Network Coordination Centre
Started in 1992
Not-for-profit organisation
Located in Amsterdam
Has members called Local Internet
Registries (LIRs)
Implements policies
Facilitates two RIPE Meetings each year
Provides services to both members and
non-members
Governed by an Executive Board elected
by membership
Neutral, Impartial, Open, Transparent
3
3
8. IPv6 Address Space Distribution
IANA
/3
RIR
/12
/32
/60
LIR
/56
Allocation
Vesna Manojlovic, FOSDEM 2014
End User
/48
PA Assignment
PI Assignment
8
8
9. IPv4 and IPv6 Status in RIPE Database
IPv4
IPv6
ALLOCATED PA
ALLOCATED-BY-RIR
ASSIGNED PA
ASSIGNED
ASSIGNED PA
AGGREGATED-BY-LIR
SUB-ALLOCATED PA
ALLOCATED-BY-LIR
ASSIGNED PI
ASSIGNED PI
Vesna Manojlovic, FOSDEM 2014
9
9
10. Getting IPv6 from the RIPE NCC
â˘
To qualify for an allocation an organisation must:
â Be
an LIR
â Have
a plan for making assignments within two years
â Minimum
â˘
allocation size is /32
To qualify for a PI assignment an organisation must:
â Meet
the contractual requirements for PI resources
â
LIRs must demonstrate special routing requirements
â PI
space cannot be used for sub-assignments
â Minimum
assignment size is /48
Vesna Manojlovic, FOSDEM 2014
10
10
11. Getting IPv6 Otherwise
â˘
For local network, use âprivateâ IPv6 space
â
â
â˘
FC00::/8 and FD00::/8
http://tools.ietf.org/html/rfc4193, http://tools.ietf.org/html/rfc5375
For learning, use tunnel providers
â
â
â˘
SixXS: https://www.sixxs.net/
Hurricane Electric https://www.tunnelbroker.net/
For small SOHO, ask your upstream ISP
â
No, you are not the ďŹrst one to ask...
â
Ask for a sub-allocation if you are a business
â
Ask for /48 is you are a home user
Vesna Manojlovic, FOSDEM 2014
11
11
17. RIPE Atlas: January 2014
â˘
4,700+ active probes
2,050+ probes do IPv6
â˘
9,500+ registered users
â˘
Four types of customised measurements available
to probe hosts: ping, traceroute, DNS, SSL
â
And of course, ping6 and traceroute6 :-)
Vesna Manojlovic, FOSDEM 2014
17
17
18. RIPE Atlas Participation and Benefits
â˘
Anyone can become a RIPE Atlas probe host
â˘
Major personal and operational beneďŹt:
See your network from the outside!
â
â˘
Have at your ďŹngertips ~5,000 external vantage points
to do customised measurements towards the
destination of your choice
Data of built-in measurements available to everyone
_
Maps, data from public probes, API to download raw data
Vesna Manojlovic, FOSDEM 2014
18
18
19. Measurement Devices
â˘
v1 & v2: Lantronix XPort Pro
â˘
v3: TP-Link TL-MR3020 powered from USB port
â Does
not work as a wireless router!
â Same
â˘
functionality as the old probe!
RIPE Atlas anchor: Soekris net6501-70
Vesna Manojlovic, FOSDEM 2014
19
19
22. RIPE Atlas Features
â˘
Seismograph
â Multiple
â Stacked
â Based
â˘
ping measurements in one view
chart and interactive control panel
on RIPEstat widget framework
Zoomable ping graph
â Replacing
multiple RRDs graphs: zoom in/out in time,
in the same graph, without loss of detail
â Easier
visualisation of an eventâs details
â Selection
of RTT class (max, min, average)
Vesna Manojlovic, FOSDEM 2014
22
22
25. RIPE Atlas Success Stories
â˘
IXP: Measuring the effect of
installing L-root in Belgrade /
SOX
â˘
DNS: Looking for most popular
instances of .FR anycast
servers
â˘
Events: Measuring Internet
outage in Sudan
Vesna Manojlovic, FOSDEM 2014
25
25
26. Security Aspects
â˘
Probes have hardwired trust material
(registration server addresses / keys)
â˘
The probes donât have any open ports; they only initiate
connections - this works ďŹne with NATs, too
â˘
Measurements are scheduled by centralised âcommand
serversâ via reverse ssh tunnels
â˘
Probes donât listen to local trafďŹc; there are no passive
measurements running
â˘
Measurement source code published
â˘
Reported vulnerabilities: https://atlas.ripe.net/docs/security/
Vesna Manojlovic, FOSDEM 2014
26
26
28. RIPE Atlas Plans for the Future
â˘
Integrating DNSMON into RIPE Atlas and RIPEstat
â˘
Tagging probes and measurements as
âMy Favouritesâ for easy viewing
â˘
Improving traceroute visualisation: T-play
â˘
Increasing probe distribution via RIR cooperation
â˘
Tell us your feature requests:
â http://roadmap.ripe.net/ripe-atlas/
Vesna Manojlovic, FOSDEM 2014
28
28
30. User-Defined Measurements
â˘
Probe hosts and RIPE NCC members perform
customised measurements using the targets and
frequency of their choice
â˘
API available for creating measurements
â https://atlas.ripe.net/docs/measurement-creation-api/
â˘
REST APIs for analysing measurements, too
â https://labs.ripe.net/Members/wilhelm/ripe-atlas-code-
for-analysis-and-statistics-reporting
Vesna Manojlovic, FOSDEM 2014
30
30
31. Web UI: How to Schedule a Measurement
â˘
Log in to atlas.ripe.net
â˘
Go to âMy Atlasâ
â˘
Choose âNew Measurementâ or âOne-offâ
â Most
measurements are periodic & last a long time
â Choose
â You
âMy Measurementsâ
type, target, frequency, # of probes, region...
will spend credits (next slides)
â˘
To see results: âMy Measurementsâ
â˘
More details: https://atlas.ripe.net/doc/udm
Vesna Manojlovic, FOSDEM 2014
31
31
32. Credit System
â˘
By hosting a probe, you earn credits as a reward
for making your probe available to others
â Hosts
earn 21,600 credits per day, as long as the
probe is connected
â˘
To perform customised measurements, you
spend credits
â Use
them to perform measurements from your probe
towards any target
â Ping
costs 10 credits, traceroute costs 20, etc.
â Daily
limit applies
Vesna Manojlovic, FOSDEM 2014
32
32
33. ...continued
â˘
Credit system introduced to ensure fairness and
protect system from overload
â˘
To use the API, you need keys that identify users:
â https://atlas.ripe.net/atlas/keys
â˘
Extra credits can be earned by:
â Being
a RIPE NCC member
â Hosting
a RIPE Atlas anchor
â Sponsoring
â˘
multiple probes
More details: https://atlas.ripe.net/doc/credits
Vesna Manojlovic, FOSDEM 2014
33
33
34. Status Checks: Creating Alerts in âIcingaâ
â˘
Steps:
1. Create a RIPE Atlas ping measurement
-
You can use up to 1,024 probes
2. URL: https://atlas.ripe.net/api/v1/status-checks/MEAUSRMNT_ID/
3. Come back later to see whether anything has changed
4. DeďŹne your alerts accordingly
â˘
Icinga:
â Make
â˘
use of the built-in check_http plugin
Documentation and examples:
â https://atlas.ripe.net/docs/status-checks/
Vesna Manojlovic, FOSDEM 2014
34
34
35. Hands-on Tutorials by the Community
â˘
Nikolay Melnikov, Hands-on: RIPE Atlas, AIMS 2013
â http://cnds.eecs.jacobs-university.de/users/nmelnikov/
aims2013-ripe-atlas.html
â˘
StĂŠphane Bortzmeyer, Creating and Analysing RIPE Atlas
Measurements, RIPE67
â https://ripe67.ripe.net/presentations/153-ripe-atlas-
udm-api-1.pdf
Vesna Manojlovic, FOSDEM 2014
35
35
37. IPv6 & RIPE Atlas: Filtering
â˘
Is there BGP route ďŹltering based on preďŹx size in IPv6?
â We
saw roughly 1% out of ~500 RIPE Atlas probes that
can't reach a destination in an IPv6 /48 preďŹx (without a
covering shorter preďŹx) out of IPv6 PA space
â Likely
â
â˘
due to ďŹltering
https://labs.ripe.net/Members/emileaben/ripe-atlas-a-case-study-of-ipv6-48ďŹltering
Is the DNS ďŹltering of AAAA causing unexpected problems?
â
https://labs.ripe.net/Members/emileaben/ripe-atlas-case-study-of-aaaa-ďŹltering
Vesna Manojlovic, FOSDEM 2014
37
37
38. IPv6 & RIPE Atlas: Reachability Testing
â˘
Using RIPE Atlas to perform worldwide traces to measure
round-trip times and other route measurements
â
â
We also identiďŹed routes that can be optimised by changing the transit
provider for the same POP
â
â˘
We identiďŹed routes that can be optimised and sent to other POPs with
much better response times
https://labs.ripe.net/Members/becha/world-ipv6-launch-ripe-atlas-use-cases
The success rate with IPv6-only domain names is much
lower (~60%) than with "mixed" (both IPv4 and IPv6) domain
names (~96%)
â
https://labs.ripe.net/Members/stephane_bortzmeyer/how-many-ripe-atlas-probes-canresolve-ipv6-only-domain-names
Vesna Manojlovic, FOSDEM 2014
38
38
39. RIPE Atlas IPv6 traceroute Visualisation
â˘
Only for RIPE NCC members! (LIRs)
â˘
Via the LIR Portal
â˘
Using 1,000 RIPE Atlas probes
â˘
Visualising:
â Completed
paths
â Unsuccessful
â Clickable
paths
hops (ASNs)
â˘
https://labs.ripe.net/Members/becha/test-your-ipv6-reachability-using-ripe-atlas
â˘
https://labs.ripe.net/Members/emileaben/visualise-your-ipv6-connectivity-using-ripeatlas
Vesna Manojlovic, FOSDEM 2014
39
39
40. IPv6 & RIPE Atlas: Packet Size & PMTU
â˘
What happens when users try to send large packets over
the Internet? Above a certain size, these packets will
have to be fragmented, which might cause problems
â˘
9% of RIPE Atlas probes have problems with
fragmentation in IPv4, and 10% of probes have
fragmentation problems in IPv6
â˘
https://labs.ripe.net/Members/emileaben/ripe-atlaspacket-size-matters
â˘
http://www.nlnetlabs.nl/downloads/publications/pmtublack-holes-msc-thesis.pdf
Vesna Manojlovic, FOSDEM 2014
40
40
41. IPv6 & RIPE Atlas: Troubleshooting (1)
â˘
Performing traceroute6 to DNS name that does not
have IPv6 helped troubleshoot IPv6 at Vienna
University!
â
Most probes reported âname resolution failedâ
â
âOne probe, 13255 resolved wsww2.cc.univie.ac.at to
2001:6f8:114e:3::c099:aec4, which is interesting
because c099:aec4 is exactly equal to the IPv4 address
of wsww2.cc.univie.ac.at. So I suspect that this probe is
behind a resolver that does DNS64.â (allowing this userdeďŹned measurement was a RIPE Atlas bug ;-) )
Vesna Manojlovic, FOSDEM 2014
41
41
42. IPv6 & RIPE Atlas: Troubleshooting (2)
â˘
âIt is quite common in the IPv6 world to have devices
that believe they are connected to the IPv6 Internet
while they are notâ
â âWhen
you use RIPE Atlas to measure the
connectivity of an IPv6 device, 90% success is the
maximal reachability you'll get.â
â
https://labs.ripe.net/Members/stephane_bortzmeyer/howmany-atlas-probes-believe-they-have-ipv6-but-are-wrong
Vesna Manojlovic, FOSDEM 2014
42
42
43. Tips for Writing IPv6-capable Applications
â˘
Application Aspects of IPv6 Transition: http://tools.ietf.org/html/rfc4038
â˘
Porting applications to IPv6:
â
â
â˘
http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html Â
http://www.euchinagrid.org/IPv6/IPv6_presentation/
Introduction_to_IPv6_programming.pdf
Ecdysis: open-source implementation of a NAT64 gateway:
â
â˘
Information for application developers:
â
â˘
http://icons.apnic.net/display/IPv6/Information+for+Application+Developers Â
A Recommendation for IPv6 Address Text Representation:
â
â˘
http://ecdysis.viagenie.ca/ Â
http://tools.ietf.org/html/draft-ietf-6man-text-addr-representation-03
IETF WGs - Behave: Standardising NATs and protocol translators
â
https://www.ietf.org/dyn/wg/charter/behave-charter.htm
Vesna Manojlovic, FOSDEM 2014
43
43
44. How to Take Part
in the RIPE Atlas
Community
44
45. Contribute to the Community GitHub
Vesna Manojlovic, FOSDEM 2014
45
45
47. Become a RIPE Atlas Ambassador
â˘
If you want to...
â Help
â Give
â˘
distribute probes
workshops, tutorials, and promote RIPE Atlas
To become an ambassador:
â Get
â Join
in touch; weâll ship you some probes
the mailing list:
â https://www.ripe.net/mailman/listinfo/ripe-atlas-ambassadors
â˘
Or become a sponsor:
â
https://atlas.ripe.net/get-involved/community/#!tab-sponsors
Vesna Manojlovic, FOSDEM 2014
47
47
49. Questions to the Community
â˘
HTTP measurements: limitations and guidelines?
â˘
System Checks: what level of ease or
sophistication?
â˘
IPv6: Only for researchers? Operatorsâ needs?
â˘
Open publication of measurement data
â To
have private measurements or not?
â˘
Testing BCP38 compliance
â˘
Most interesting use cases?
â˘
More success stories? Share them!
Vesna Manojlovic, FOSDEM 2014
49
49
50. RIPE Atlas Contact
https://atlas.ripe.net
â˘
Get a probe: https://atlas.ripe.net/apply
â˘
Mailing list for active users: ripe-atlas@ripe.net
â˘
Articles & updates on RIPE Labs:
https://labs.ripe.net/atlas
â˘
Questions: atlas@ripe.net
â˘
Twitter: @RIPE_Atlas and #RIPEAtlas
Vesna Manojlovic, FOSDEM 2014
50
50
54. RIPE-554 Document
â˘
âRequirements for IPv6 in ICT Equipmentâ
â
http://www.ripe.net/ripe/docs/ripe-554.html
â˘
Best Current Practice describing what to ask for
when requesting IPv6 support
â˘
Useful for tenders and RFPs
â˘
Originated by the Slovenian government
â Adopted
by various others (Germany, Sweden)
Vesna Manojlovic, FOSDEM 2014
54
54
55. What to do with a /48?
â˘
Organisations have no idea how to handle
65,536 subnets!
â˘
Manual for preparing an IPv6 addressing plan
â https://www.ripe.net/lir-services/training/material/IPv6-
for-LIRs-Training-Course/IPv6_addr_plan4.pdf
Vesna Manojlovic, FOSDEM 2014
55
55
58. RIPEstat Introduction
â˘
RIPEstat is a âone-stop shopâ for information
about Internet number resources
â RIPE
NCC: registration data and RIPE Database, routing
(RIS), reverse DNS, RIPE Atlas measurements
â External
sources: IRR, RIRs, geolocation, blacklists, MLab network activity
Vesna Manojlovic, FOSDEM 2014
58
58
59. Web Interface: Query Results Page
Search box
Widgets
Widgets
grouped into
thematic tabs
Vesna Manojlovic, FOSDEM 2014
59
59
60. RIPEstat Data and Interfaces
â˘
Search by: IPv4, IPv6 address/preďŹx; AS Number;
hostname; country; keywords (new)
â˘
Web, widgets, data API, text service, mobile app
â˘
Other features:
â BGPlay2
â Abuse
Finder
â Customisable
âMy Viewsâ
â History
view for RIPE NCC members / LIRs
â Embed
widgets on your site
Vesna Manojlovic, FOSDEM 2014
60
60
61. â˘
The most famous incident: YouTube
hijacked by Pakistan Telecom
â˘
https://www.ripe.net/internetcoordination/news/industrydevelopments/youtube-hijacking-aripe-ncc-ris-case-study
â˘
Video:
http://www.youtube.com/watch?
v=IzLPKuAOe50
Vesna Manojlovic, FOSDEM 2014
61
61
63. New Features
â˘
Multiple widget and resource comparison
â˘
In-widget comparison and monitoring
â˘
Visualising bandwidth capacity and network
activity using M-Lab data
â˘
Old RIS interfaces integrated into RIPEstat
â˘
Tighter integration with RIPE Atlas
â Zoomable
ping graph, Seismograph
Vesna Manojlovic, FOSDEM 2014
63
63
64. Use Cases for Comparing Multiple Widgets
â˘
Making peering decisions
â˘
Country outage
https://labs.ripe.net/Members/suzanne_taylor_muzzin/ripestats-multiple-widget-and-resource-comparison
Vesna Manojlovic, FOSDEM 2014
64
64
67. RIPEstat Plans for the Future
â˘
Integrate DNSMON into RIPEstat and RIPE Atlas
Migrate RIS Dashboard features into RIPEstat
Add notable events to BGPlay2
Improve back-end stability to enable resilience
of current services and scale for future growth
Increase data quality and consistency
â˘
Tell us your feature requests:
â˘
â˘
â˘
â˘
â http://roadmap.ripe.net/ripe-stat/
Vesna Manojlovic, FOSDEM 2014
67
67