Abstract
BGP updates are triggered by a variety of events such as link failures, resets, routers crashing, configuration changes, and so on. Making sense of these updates and identifying the underlying events is key to debugging and troubleshooting BGP routing problems. In this paper, as a first step toward the much harder problem of root cause analysis of BGP updates, we discuss if, and how, updates triggered by distinct underlying events can be separated. Specifically, we explore using PCA (Principal Components Analysis), a well known statistical multi-variate technique, to achieve this goal.We propose a method based on PCA to obtain a set of clusters from a BGP update stream; each of these is a set of entities (either prefixes or ASes) which are affected by the same underlying event. Then we demonstrate our approach using BGP data obtained by simulations and show that the method is quite effective. In addition, we perform a high level analysis of BGP data containing well known, large scale events.
Original language | English (US) |
---|---|
Title of host publication | Proceedings of ACM SIGCOMM 2005 Workshop on Mining Network Data, MineNet 2005 |
Pages | 207-212 |
Number of pages | 6 |
DOIs | |
State | Published - Dec 1 2005 |
Event | ACM SIGCOMM 2005 1st Workshop on Mining Network Data, MineNet 2005 - Philadelphia, PA, United States Duration: Aug 26 2005 → Aug 26 2005 |
Other
Other | ACM SIGCOMM 2005 1st Workshop on Mining Network Data, MineNet 2005 |
---|---|
Country/Territory | United States |
City | Philadelphia, PA |
Period | 8/26/05 → 8/26/05 |
Keywords
- BGP
- root cause analysis
- routing