[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Deciding where to put new Tor relays

> Do you know how APNIC/RIPE produces the âhigh-quality BGP-peering graphs for the entire Internetâ? I know that RIPE has been building a pretty large Internet measurement platform called Atlas [3]. I wonder if they are using some of that data.

In short, I don't know this 100%. However, this data is routinely used by network engineers around the world to diagnose routing and other problems. I make the presumption that if the data was wildly inaccurate, the collective funding of RIPE/ARIN/APNIC/etc would necessitate the creation of a better data-stream.

I then make the second leap that, "If it's good enough to be useful Âto the network engineers, it's good enough for Tor incentivization."


I asked the author of vizAS, Byron Ellacott <bje@xxxxxxxxx>, about the details of the data. Here's what he said:
====================================================
The connections in vizAS are the BGP neighbour relationships which are visible in the PATH attribute at the Route Views BGP collector in Oregon. This means that (a) it's not a complete set of peering relationships, as BGP hides information as routes are propagated, and (b) it's only as good as the behaviour of all the routers involved, that is, if a router chooses to lie about its PATH, vizAS will just accept that as truth. As far as I know, most routers don't lie about their PATH, but BGP still only reveals the best paths (for each router's own definition of 'best' to that point) from each ASN, not all of them.

The source data is available from Route Views here: http://archive.routeviews.org/bgpdata/ in MRT format. I use the APNIC fork of a Java MRT parsing library to go from MRT dump to text paths (https://github.com/APNIC-net/java-mrt) and then a simple perl script to convert from that format to a JSON adjacency graph.
====================================================

Right now, it's unclear to me exactly which attacks we wish to mitigate, and someone would concretely articulate which attacks we wish high diversity to harden the Tor network against, that would be immensely helpful in deciding which data to we should leverage. But without knowing what precisely we wish to defend against, I present the vizAS data merely as something I found that, at least on the surface, seems like a reasonable fit for quantifying generic network diversity.

That's what I got.
-V

On Tue, Sep 22, 2015 at 4:29 AM A. Johnson <aaron.m.johnson@xxxxxxxxxxxx> wrote:
Hi Virgil,

It appears that vizAS detects connections between ASes when they are observed as adjacent on paths reported by Route Views [0]. When I construct AS-level routing maps (e.g. as in [1]), I combine Route Views data with the AS-level topology produced by CAIDA [2]. The CAIDA topology is created from links observed in the traceroutes continually performed by their three (I think) teams of ~12 probers each.

Do you know how APNIC/RIPE produces the âhigh-quality BGP-peering graphs for the entire Internetâ? I know that RIPE has been building a pretty large Internet measurement platform called Atlas [3]. I wonder if they are using some of that data.

Cheers,
Aaron

[0] "University of Oregon RouteÂViews Projectâ, <http://www.routeviews.org/>
[1] "Users Get Routed: Traffic Correlation on Tor by Realistic Adversariesâ, <http://ohmygodel.com/publications/usersrouted-ccs13.pdf>
[3] "Welcome to RIPE Atlas!â, <https://atlas.ripe.net/>

On Sep 21, 2015, at 8:28 AM, Virgil Griffith <i@xxxxxxxxx> wrote:

After talking with APNIC/RIPE, it looks like that if we ask nicely we can get high-quality BGP-peering graphs for the entire Internet (not 100% complete, but it's the same data they use internally).

Spend some time thinking about exactly what kinds of attacks we wish to harden against. Once we understand the attacks, I'll figure out the appropriate graph-theory for hardening against it.

-V

On Mon, Sep 21, 2015 at 6:48 PM Moritz Bartl <moritz@xxxxxxxxxxxxxx> wrote:
Interesting, thanks for the update. Maybe we can find some time at the
dev meeting to chat. :)

Moritz

On 09/10/2015 07:12 AM, Virgil Griffith wrote:
> I'm at an APNIC conference in Jakarta, and they demoed a new tool which
> shows the interconnections (peering + transits) between AS numbers
> within a given country (will eventually work for regions).
>
> URL: http://labs.apnic.net/vizas/
> Left-panel is IPv4 and right-panel is IPv6.
>
> Here is the fellow who built it:
> https://www.linkedin.com/pub/geoff-huston/42/828/891
>
>
> For Tor, this tool helps us prioritize the ASs for new relays. To
> maximize censorship resistance, we would want relays on AS numbers in
> the middle (lots of interconnections) that do not currently have Tor relays.
>
> We can imagine giving out Roster bonus points depending on the
> AS-number. The points would go something like:
>
> AS_i_bonus_points = ASweight(i) / #_Tor_relays_on_AS
>
> ASweight(i) = k * \sum_{j=1}^n num_ips_routed_by_edge_i_j
> where k is an arbitrary constant (k=1 is reasonable).
>
> This could be very useful for deciding where to put new relays. I'll
> see if I can access to the raw data that generates these graphs so we
> have more than just pretty pictures.
>
> Much love,
> -V

--
Moritz Bartl
https://www.torservers.net/
_______________________________________________
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays