You are here: Home > Publications > RIPE Labs
register

RIPE Labs

Large-scale PCAP Data Analysis Using Apache Hadoop
Large-scale PCAP Data Analysis Using Apache Hadoop
Wolfgang Nagele — 12 Oct 2011

The RIPE NCC operates various data intensive services. As part of our DNS operations we have been operating K-root since 1997. A key to the stable operation of this service is a solid understanding of the traffic it responds to and how it evolves over time. With the success and growth of the Internet, traffic to the DNS root servers has increased and K-root produces terabytes of raw packet capture (PCAP) files every month. We were looking for a scalable and fast approach to analyse this data. In this article I will explain how we use Apache Hadoop and why we open-sourced our PCAP implementation for it.

F-root IPv6 Route Leak - the DNSMON View
F-root IPv6 Route Leak - the DNSMON View
Emile Aben — 03 Oct 2011

This weekend the NANOG mailing list was abuzz about an F-root IPv6 route leak, that resulted in the F-root DNS server instance located in Bejing, China, being queried from outside of China. This normally doesn't happen, as this instance is advertised with the BGP attribute NO_EXPORT, which means it should not be visible outside of immediate neighbor Autonomous Systems (ASes). We looked at the DNSMON data about this event, and found that 5 out of 29 IPv6-enabled DNSMON monitors saw the Bejing F-root instance. We also found there was an earlier leak on 29-30 September.

441...450 of 667