Opened 8 months ago

Last modified 8 months ago

#27155 new enhancement

Include BGP prefix information in details documents

Reported by: nusenu Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Onionoo Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: #26585 Points:
Reviewer: Sponsor:

Description

Use case:

  • find relays in the same prefix (for example if a specific prefix has been hijacked)
  • group relays by prefix
  • is a requirement fore routing security related metrics (ROA, prefix length)

The RIPEstat API can be used as a source and you can cache it if previous lookups were within the same /24 (IPv4) or /48 (IPv6) since that is the longest prefix length
https://stat.ripe.net/docs/data_api#NetworkInfo
example:
https://stat.ripe.net/data/network-info/data.json?resource=140.78.90.50

related: #26585

Child Tickets

Change History (6)

comment:1 Changed 8 months ago by irl

I think it is important here to consider what it is will be done with the information. If all you wanted was a list of prefixes that the relay has addresses in then this could be a single bgp_prefix field as an IPv4 address is easily distinguished from an IPv6 address.

Prefix, AS and country code information is tied to individual addresses though, not IP version. One address is used as the primary address while others are secondary, so one AS may see all the traffic and the others none.

Not all the fields we add need to be simple strings or arrays of strings. We can add more complex structures is it would be useful for end-users.

We could have something like:

"or_addresses": {"1.1.1.1": {"primary": "true", "as": "1000"}, "2.2.2.2": {"as: "2000"}}

Each address may also have different OR ports or dir ports (not sure if dir-spec supports this though).

comment:2 in reply to:  1 Changed 8 months ago by teor

Replying to irl:

...
Each address may also have different OR ports or dir ports (not sure if dir-spec supports this though).

Descriptors can contain one or more "or-address" lines with IPv4 or IPv6 addresses. But current Tor versions only use the first IPv6 address:
https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n747

There is no support for more than one DirPort.

comment:3 Changed 8 months ago by nusenu

It is not important to me if you use multiple fields or a single field as an array as long as it is clear what is what.

(The example above shows as numbers but this ticket is about prefixes)

btw: did a short lookup if onionoo knows about any relay having more than one IPv4 or_address: didn't find any

Last edited 8 months ago by nusenu (previous) (diff)

comment:4 in reply to:  3 Changed 8 months ago by irl

Parent ID: #26585
Summary: add ipv4_bgp_prefix ipv6_bgp_prefix fieldsInclude BGP prefix information in details documents

Replying to nusenu:

It is not important to me if you use multiple fields or a single field as an array as long as it is clear what is what.

Ok. Updated the ticket summary to reflect this.

(The example above shows as numbers but this ticket is about prefixes)

This was just less typing.

comment:5 Changed 8 months ago by nusenu

My underlying primary use-case (BGP RPKI ROA) for this data just made it a bit more complicated.
I'll try to explain.

The prefix returned should not simply be whatever
https://stat.ripe.net/docs/data_api#NetworkInfo
returns but should be the first prefix that has an RPKI 'Valid' or 'NotFound' state.
If there is no such prefix, the field should be empty/not provided.

Two examples to make it clearer:
https://bgp.he.net/net/81.7.16.0/24
returned prefix: 81.7.0.0/18 (because 81.7.16.0/24 has an RPKI 'Invalid' state)

https://bgp.he.net/net/69.28.82.0/23
returned prefix: none (because the only available prefix has an RPKI 'Invalid' state)

comment:6 Changed 8 months ago by nusenu

related: #27235

Note: See TracTickets for help on using tickets.