After talking with APNIC/RIPE, it looks like that if we ask nicely we can get high-quality BGP-peering graphs for the entire Internet (not 100% complete, but it's the same data they use internally).
Spend some time thinking about exactly what kinds of attacks we wish to harden against. Once we understand the attacks, I'll figure out the appropriate graph-theory for hardening against it.
-V
On Mon, Sep 21, 2015 at 6:48 PM Moritz Bartl moritz@torservers.net wrote:
Interesting, thanks for the update. Maybe we can find some time at the dev meeting to chat. :)
Moritz
On 09/10/2015 07:12 AM, Virgil Griffith wrote:
I'm at an APNIC conference in Jakarta, and they demoed a new tool which shows the interconnections (peering + transits) between AS numbers within a given country (will eventually work for regions).
URL: http://labs.apnic.net/vizas/ Left-panel is IPv4 and right-panel is IPv6.
Here is the fellow who built it: https://www.linkedin.com/pub/geoff-huston/42/828/891
For Tor, this tool helps us prioritize the ASs for new relays. To maximize censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor
relays.
We can imagine giving out Roster bonus points depending on the AS-number. The points would go something like:
AS_i_bonus_points = ASweight(i) / #_Tor_relays_on_AS
ASweight(i) = k * \sum_{j=1}^n num_ips_routed_by_edge_i_j where k is an arbitrary constant (k=1 is reasonable).
This could be very useful for deciding where to put new relays. I'll see if I can access to the raw data that generates these graphs so we have more than just pretty pictures.
Much love, -V
-- Moritz Bartl https://www.torservers.net/
Hi Virgil,
It appears that vizAS detects connections between ASes when they are observed as adjacent on paths reported by Route Views [0]. When I construct AS-level routing maps (e.g. as in [1]), I combine Route Views data with the AS-level topology produced by CAIDA [2]. The CAIDA topology is created from links observed in the traceroutes continually performed by their three (I think) teams of ~12 probers each.
Do you know how APNIC/RIPE produces the “high-quality BGP-peering graphs for the entire Internet”? I know that RIPE has been building a pretty large Internet measurement platform called Atlas [3]. I wonder if they are using some of that data.
Cheers, Aaron
[0] "University of Oregon Route Views Project”, <http://www.routeviews.org/ http://www.routeviews.org/> [1] "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries”, <http://ohmygodel.com/publications/usersrouted-ccs13.pdf http://ohmygodel.com/publications/usersrouted-ccs13.pdf> [2] "IPv4 Routed /24 AS Links Dataset”, <http://www.caida.org/data/active/ipv4_routed_topology_aslinks_dataset.xml http://www.caida.org/data/active/ipv4_routed_topology_aslinks_dataset.xml> [3] "Welcome to RIPE Atlas!”, <https://atlas.ripe.net/ https://atlas.ripe.net/>
On Sep 21, 2015, at 8:28 AM, Virgil Griffith i@virgil.gr wrote:
After talking with APNIC/RIPE, it looks like that if we ask nicely we can get high-quality BGP-peering graphs for the entire Internet (not 100% complete, but it's the same data they use internally).
Spend some time thinking about exactly what kinds of attacks we wish to harden against. Once we understand the attacks, I'll figure out the appropriate graph-theory for hardening against it.
-V
On Mon, Sep 21, 2015 at 6:48 PM Moritz Bartl <moritz@torservers.net mailto:moritz@torservers.net> wrote: Interesting, thanks for the update. Maybe we can find some time at the dev meeting to chat. :)
Moritz
On 09/10/2015 07:12 AM, Virgil Griffith wrote:
I'm at an APNIC conference in Jakarta, and they demoed a new tool which shows the interconnections (peering + transits) between AS numbers within a given country (will eventually work for regions).
URL: http://labs.apnic.net/vizas/ http://labs.apnic.net/vizas/ Left-panel is IPv4 and right-panel is IPv6.
Here is the fellow who built it: https://www.linkedin.com/pub/geoff-huston/42/828/891 https://www.linkedin.com/pub/geoff-huston/42/828/891
For Tor, this tool helps us prioritize the ASs for new relays. To maximize censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor relays.
We can imagine giving out Roster bonus points depending on the AS-number. The points would go something like:
AS_i_bonus_points = ASweight(i) / #_Tor_relays_on_AS
ASweight(i) = k * \sum_{j=1}^n num_ips_routed_by_edge_i_j where k is an arbitrary constant (k=1 is reasonable).
This could be very useful for deciding where to put new relays. I'll see if I can access to the raw data that generates these graphs so we have more than just pretty pictures.
Much love, -V
-- Moritz Bartl https://www.torservers.net/ https://www.torservers.net/ _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Do you know how APNIC/RIPE produces the “high-quality BGP-peering graphs
for the entire Internet”? I know that RIPE has been building a pretty large Internet measurement platform called Atlas [3]. I wonder if they are using some of that data.
In short, I don't know this 100%. However, this data is routinely used by network engineers around the world to diagnose routing and other problems. I make the presumption that if the data was wildly inaccurate, the collective funding of RIPE/ARIN/APNIC/etc would necessitate the creation of a better data-stream.
I then make the second leap that, "If it's good enough to be useful to the network engineers, it's good enough for Tor incentivization."
I asked the author of vizAS, Byron Ellacott bje@apnic.net, about the details of the data. Here's what he said: ==================================================== The connections in vizAS are the BGP neighbour relationships which are visible in the PATH attribute at the Route Views BGP collector in Oregon. This means that (a) it's not a complete set of peering relationships, as BGP hides information as routes are propagated, and (b) it's only as good as the behaviour of all the routers involved, that is, if a router chooses to lie about its PATH, vizAS will just accept that as truth. As far as I know, most routers don't lie about their PATH, but BGP still only reveals the best paths (for each router's own definition of 'best' to that point) from each ASN, not all of them.
The source data is available from Route Views here: http://archive.routeviews.org/bgpdata/ in MRT format. I use the APNIC fork of a Java MRT parsing library to go from MRT dump to text paths ( https://github.com/APNIC-net/java-mrt) and then a simple perl script to convert from that format to a JSON adjacency graph. ====================================================
Right now, it's unclear to me exactly which attacks we wish to mitigate, and someone would concretely articulate which attacks we wish high diversity to harden the Tor network against, that would be immensely helpful in deciding which data to we should leverage. But without knowing what precisely we wish to defend against, I present the vizAS data merely as something I found that, at least on the surface, seems like a reasonable fit for quantifying generic network diversity.
That's what I got. -V
On Tue, Sep 22, 2015 at 4:29 AM A. Johnson aaron.m.johnson@nrl.navy.mil wrote:
Hi Virgil,
It appears that vizAS detects connections between ASes when they are observed as adjacent on paths reported by Route Views [0]. When I construct AS-level routing maps (e.g. as in [1]), I combine Route Views data with the AS-level topology produced by CAIDA [2]. The CAIDA topology is created from links observed in the traceroutes continually performed by their three (I think) teams of ~12 probers each.
Do you know how APNIC/RIPE produces the “high-quality BGP-peering graphs for the entire Internet”? I know that RIPE has been building a pretty large Internet measurement platform called Atlas [3]. I wonder if they are using some of that data.
Cheers, Aaron
[0] "University of Oregon Route Views Project”, < http://www.routeviews.org/%3E [1] "Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries”, http://ohmygodel.com/publications/usersrouted-ccs13.pdf [2] "IPv4 Routed /24 AS Links Dataset”, < http://www.caida.org/data/active/ipv4_routed_topology_aslinks_dataset.xml%3E [3] "Welcome to RIPE Atlas!”, https://atlas.ripe.net/
On Sep 21, 2015, at 8:28 AM, Virgil Griffith i@virgil.gr wrote:
After talking with APNIC/RIPE, it looks like that if we ask nicely we can get high-quality BGP-peering graphs for the entire Internet (not 100% complete, but it's the same data they use internally).
Spend some time thinking about exactly what kinds of attacks we wish to harden against. Once we understand the attacks, I'll figure out the appropriate graph-theory for hardening against it.
-V
On Mon, Sep 21, 2015 at 6:48 PM Moritz Bartl moritz@torservers.net wrote:
Interesting, thanks for the update. Maybe we can find some time at the dev meeting to chat. :)
Moritz
On 09/10/2015 07:12 AM, Virgil Griffith wrote:
I'm at an APNIC conference in Jakarta, and they demoed a new tool which shows the interconnections (peering + transits) between AS numbers within a given country (will eventually work for regions).
URL: http://labs.apnic.net/vizas/ Left-panel is IPv4 and right-panel is IPv6.
Here is the fellow who built it: https://www.linkedin.com/pub/geoff-huston/42/828/891
For Tor, this tool helps us prioritize the ASs for new relays. To maximize censorship resistance, we would want relays on AS numbers in the middle (lots of interconnections) that do not currently have Tor
relays.
We can imagine giving out Roster bonus points depending on the AS-number. The points would go something like:
AS_i_bonus_points = ASweight(i) / #_Tor_relays_on_AS
ASweight(i) = k * \sum_{j=1}^n num_ips_routed_by_edge_i_j where k is an arbitrary constant (k=1 is reasonable).
This could be very useful for deciding where to put new relays. I'll see if I can access to the raw data that generates these graphs so we have more than just pretty pictures.
Much love, -V
-- Moritz Bartl https://www.torservers.net/
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org