MAT Working Group Minutes - RIPE 85

Thursday, 27 October 09:00 - 10:30 (UTC+2)
Chairs: Massimo CandelaNina BargisenStephen Strowes
Scribe: Guy Meyer
Status: Draft

1. Welcome

 The presentation is available at:

Massimo opened the meeting and noted that the session would start with a subtrack on vantage point selection. Following this, the session would continue with presentations about tools and Internet data analysis.

2. MVP: Measuring Internet Routing from the Most Valuable Points

 View the presentation at:

Thomas Holterbach presented on the exponential increase in the amount of both BGP routing data and the information attained by route collectors. As a result, the positioning of route collectors as vantage points was said to be critically important. He said the goal was to reduce redundancy so that less data was processed but maintaining high visibility, outlined as “Volume vs. Utility”. Thomas introduced the Most Valuable Points (MVP) analysis, a machine learning-based approach, which uses 20 topological features (K-means), evaluated on three metrics; number of discovered AS links, percentage of detected hijacks/new AS links, and percentage of detected transient paths. Using this technique, vantage points can be selected with confidence.  

3. Metis: Better Atlas Vantage Point Selection for Everyone 

View the presentation at:

Malte Tashiro presented on a tool that provides an alternative to the vantage point selection now available in RIPE Atlas. In its current state, the RIPE Atlas probe selection algorithm includes a bias towards Europe and the US. 150 countries have less than 1% of the probes, whilst Germany includes nearly 3%. Their approach to correct this includes a reduction to one probe per AS, filtering on similarity metrics, and other distance metrics such as RTT. The goal being the elimination of bias and improvement in the methodologies currently available to construct a probe set. 

4. ShakeAlert: Detecting Waves in the Internet Control Plane

View the presentation at: 

Marcel Flores presented on the idea that there are a lot of routers in large networks which in turn means a lot of router failures. Using RIS live to analyse the health of Edgecast’s CDN, Marcel and his team can investigate outages via BGP update messages. The technological core is founded on a density-based detection algorithm, which is based on the histogram of BGP update messages over time. If the volume is an outlier in the time window that is used as a reference, this is called a shake. By using CDN metadata, they try to understand what sites are affected. Therefore, ‘ShakeAlert’ provides an independent view from active monitoring and heartbeat systems, both allowing visibility into any arbitrary network.

5. Kathará: A Lightweight and Scalable Network Emulation System

View the presentation at:

Mariano Scazzariello presented on Kathara which is a container-based network emulation system to run in virtual environments. By using a simple configuration language to describe a network scenario, operators and researchers can describe network scenarios in both topology and configuration. Kathara can deploy more than 1,000 devices on a single laptop and much more on Kubernetes. With the use of a demo, Mariano showcased the effectiveness in analysing security scenarios.

6. Impact of the First Months of War on Routing and Latency in Ukraine

View the presentation at:

An informative talk from Valerio Luconi on quantifying the effects of the war in Ukraine on the performance of Ukrainian Internet. Using 800Gb of data from RIPEstat, RIS and RIPE Atlas, Valerio was able to uncover unique behaviour in BGP announcements, prefix splitting, BGP hijacking and latency with strong correlation to the start of the war. Suspect BGP hijacking sees spikes during the start of the war, and the number of links between Russian and Ukraine have been almost entirely dropped. He ended his talk noting that the infrastructure has been shown to be resilient with 83% of Ukrainian Atlas probes remaining online and active.

7. 240/4 As Seen by RIPE Atlas

View the presentation at:

 Qasim Lone spoke on the use of block 240/4. He noted that the original Class E (block 240/4) was reserved for the future that never came and that recently, there had been two IETF drafts attempting to modify the policy to use the space but they had been rejected. Qasim referenced his findings on HackerNews which concluded that these reserved spaces are being used by major cloud providers (namely Amazon and Verizon Business). He spoke on why these network providers are using 240/4 address space internally and why there is still a market for IPv4.

8. Closing Remarks

Massimo closed the session.