Internet Outage Detection and Analysis (IODA)

IODA: Internet Outage Detection and Analysis Public and private sector stakeholders around the world seek ways to ensure that the Internet provides the level of reliability and resilience we have long taken for granted from the telephony network. Unfortunately, in spite of the societal and economic impact of Internet connectivity disruptions, we lack near-realtime, scalable and validated methodologies and tools to identify and understand large-scale Internet outages.

Based on experimental work in which we combined measurements at the control plane, active probing and passive traffic analysis, CAIDA developed an operational prototype system that monitors the Internet, in near-realtime, with the goal of identifying macroscopic Internet outages affecting the edge of the network, i.e., significantly impacting an AS or a large fraction of a country.

In August 2021, the IODA service moved from ioda.caida.org to Georgia Tech with PI Alberto Dainotti.

Overview

The IODA system processes and analyzes measurements from:

Global Internet routing (BGP): we use data from ~500 monitors participating in the RouteViews and RIPE RIS projects to establish which network blocks are reachable based on the Internet control plane.
Internet Background Radiation: we process unsolicited traffic reaching the UCSD Network Telescope monitoring an unutilized /8 address block.
Active probing: we continuously probe a large fraction of the (routable) IPv4 address space from several CAIDA Ark nodes distributed worldwide and use a methodology developed by University of Southern California to infer when a /24 block is affected by a network outage.

Our outage inference system combines information from these three data sources, establishes the relevance of an event and generates alerts. The outage events and the corresponding signals obtained through automated analysis are displayed on dashboards and interactive graphs that allow the user to further inspect the data.

A high-level view of the architecture of IODA

Interactive Visual Interface

The IODA system is designed as "Software as a Service", being based on a complex distributed infrastructure and on large and diverse live data streams taken as input. The prototype system is running as an experimental service 24/7 and high-level interactive dashboards are accessible at:

ioda.inetintel.cc.gatech.edu.

Other examples of IODA visualizations are:

Live view of the reachability of BGP prefixes geolocated to North Korea (last 7 days), and linked view of December 2014 outages in North Korea.
Animation showing the evolution of the RouteViews and RIPE RIS BGP measurement infrastructure since 2001.
An experimental visualization of the impact of the Sandy hurricane (2012) using data from active measurements from Planet Lab nodes carried out by the University of Maryland.

"Transition to Practice" (TTP) - Transitioning research results to practice

Collaboration with Industry

	We are collaborating with Comcast researchers, who are using IODA to support their own research on Internet reliability and performance. In addition, Comcast, through their Innovation Fund provided a research grant for the development of visual interfaces to monitor and characterize Internet outages.
	We established a collaboration with researchers at Cisco Systems, who are using BGPStream and are collaborating in extending it to support internal and open source projects carried out by Cisco, such as the OpenBMP implementation of the BGP Monitoring Protocol.

Public Safety

The Public Safety and Homeland Security Bureau (PSHSB) of the Federal Communications Commission (FCC) has the responsibility for ensuring that communications networks are reliable, resilient and secure. To accomplish this task, the PSHSB developed a data-driven process centered on collecting information on and performing analyses of communication outages. CAIDA had several meetings with the FCC to discuss results of the IODA project, providing the FCC with additional insight into the complexity of Internet outage monitoring and to discuss technology transfer of some of these research results and infrastructure capabilities.

Open-source Software

We released the software components we developed in this project with an open source license. Several of the project's software components offer general applicablity to research and applicative fields of networking.

	BGPStream is an open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis. Although BGP is a crucial operational component of the Internet infrastructure, and is the subject of research in the areas of Internet performance, security, topology, protocols, economics, etc., there is no efficient way of processing large amounts of distributed and/or live BGP measurement data. BGPStream fills this gap, enabling efficient investigation of events, rapid prototyping, and building complex tools and large-scale monitoring applications (e.g., detection of connectivity disruptions or BGP hijacking attacks).
	DBATS is a high performance time series database engine optimized for inserting/updating values for many series simultaneously. DBATS can easily sustain write speeds of more than 1.6 million values per second, and CAIDA has used DBATS databases with more than 40 million distinct series.
libtimeseries	libtimeseries is a C library that provides a high-performance abstraction layer for efficiently writing to time series databases. It is optimized for writing values for many time series simultaneously.
Corsaro	Corsaro is a software suite for performing large-scale analysis of trace data. It was specifically designed to be used with passive traces captured by darknets, but the overall structure is generic enough to be used with any type of passive trace data. Corsaro enables IODA's processing of IBR captured at darknets to provide time series for outage detection and analysis.

Presentations

IODA-NP: Internet Outage Detection and Analysis, DHS S&T Cybersecurity and Innovation Showcase, Mar 2019
How to find correlated Internet failures, Passive and Active Measurement Conference (PAM), Mar 2019
Who shuts down the Internet and why?, Internet Measurement And Political Science Workshop (IMAPS), Sep 2018
IODA-NP: Multi-source Realtime Detection of Macroscopic Internet Connectivity Disruption, DHS S&T PARIDINE Kick-off Meeting, Aug 2018
Science of Internet Security: Technology and Experimental Research, Applied Network Measurement Science PI meeting, Apr 2018
Mapping our Way to a More Secure Internet, Internet Initiative Japan (IIJ), Nov 2017
Internet Outages: Detection & Analysis, Center for Network Systems (CNS) Research Review, Oct 2017
IODA - Internet Outages: Detection & Analysis, Workshop on Active Internet Measurements (AIMS), Mar 2017
IODA - Internet Outages: Detection & Analysis, San Diego Supercomputer Center, Feb 2017
BGPStream, ACM Internet Measurement Conference (IMC), Nov 2016
BGPStream 2016, Roma Tre University, Jun 2016
Leveraging Internet Background Radiation for Opportunistic Network Analysis, UC San Diego Thesis Defense, Jun 2016
BGPStream: a framework for historical analysis and real-time monitoring of BGP data, Workshop on Active Internet Measurements (AIMS) and the North American Network Operators' Group (NANOG), Feb 2016
BGPStream: a framework for historical analysis and real-time monitoring of BGP data, mPlane Workshop, Nov 2015
Measuring and Monitoring BGP, Internet Engineering Task Force (IETF), Nov 2015
Leveraging Internet Background Radiation for Opportunistic Network Analysis, Internet Measurement Conference (IMC), Oct 2015.
BGPStream , ACM Internet Measurement Conference (IMC), Oct 2015

Lost in Space: Improving Inference of IPv4 Address Space Utilization, IRTF Workshop on Research and Applications of Internet Measurements (RAIM), Oct 2015
BGPStream - An Open Source Framework for Live/Historical BGP Data Analysis, RIPE Meeting, May 2015
IODA - Internet Outages: Detection & Analysis, DHS National Cybersecurity and Communications Integration Center (NCICC), Apr 2015
BGPstream , Workshop on Active Internet Measurements (AIMS), Mar 2015

IODA - Internet Outages: Detection & Analysis, Federal Communications Commission (FCC), Mar 2015
Measuring and Characterizing IPv6 Router Availability, Passive and Active Measurement Conference (PAM), Mar 2015
Monitoring Large-scale Internet Outages, Federal Communications Commission (FCC), Jun 2013
CAIDA Research Overview, Network Mapping and Measurement Conference (NMMC), May 2013
CAIDA Research Overview, Cisco Nerd Lunch, Apr 2013
Gaining Insight into AS-level Outages through Analysis of Internet Background Radiation, Traffic Monitoring and Analysis Workshop (TMA), Apr 2013
Lessons Learned by "Measuring" the Internet During/After the Sandy Storm, FCC Workshop on Network Resiliency, Feb 2013
Toward Realtime Visualization of Garbage, ISMA Workshop on Active Internet Measurements (AIMS), Feb 2013
A Coordinated View of Large-Scale Internet Events, Workshop on Internet Visualization (WIV), Nov 2012
Analysis of Internet-wide Probing using Darknets, BADGERS, Oct 2012
Extracting Benefit from Harm: Using Malware Pollution to Analyze the Impact of Political and Geophysical Events on the Internet, ACM SIGCOMM, Aug 2012
Analysis of Country-wide Internet Outages Caused by Censorship, Internet Engineering Task Force (IETF), Jul 2012

Posters

Detection and analysis of large-scale Internet infrastructure outages (2017)

IPv4 Census 2013

Detection and analysis of large-scale Internet infrastructure outages (2012)

Gaining Insight into AS-level Outages through Analysis of Internet Background Radiation

Publications

Blink: Fast Connectivity Recovery Entirely in the Data Plane, USENIX Symposium on Networked Systems Design and Implementation (NSDI), Feb 2019
How to find correlated Internet failures, Passive and Active Measurement Conference (PAM), Mar 2019
SWIFT: Predictive Fast Reroute, ACM SIGCOMM, Aug 2017.
BGPStream: a software framework for live and historical BGP data analysis, Internet Measurement Conference (IMC), Nov 2016 Awarded the IRTF Applied Networking Research Prize 2017
Lost in Space: Improving Inference of IPv4 Address Space Utilization, IEEE Journal on Selected Areas in Communications (JSAC), Jun 2016
Leveraging Internet Background Radiation for Opportunistic Network Analysis, Internet Measurement Conference (IMC), Oct 2015
Measuring and Characterizing IPv6 Router Availability, Passive and Active Network Measurement Workshop (PAM), Mar 2015
Analysis of Country-wide Internet Outages Caused by Censorship, IEEE/ACM Transactions on Networking, Dec 2014
Uncovering Network Tarpits with Degreaser, Annual Computer Security Applications Conference (ACSAC), Dec 2014
A Coordinated View of the Temporal Evolution of Large-scale Internet Events, Computing, Jan 2014
Estimating Internet address space usage through passive measurements, ACM SIGCOMM Computer Communication Review (CCR), Jan 2014
Gaining Insight into AS-level Outages through Analysis of Internet Background Radiation, Traffic Monitoring and Analysis Workshop (TMA), Apr 2013
Extracting benefit from harm: using malware pollution to analyze the impact of political and geophysical events on the Internet, ACM SIGCOMM Computer Communication Review (CCR), Jan 2012 Awarded as one of top-three papers in ACM SIGCOMM Computer Communication Review in 2012 and presented at SIGCOMM 2012
Analysis of Country-wide Internet Outages Caused by Censorship, Internet Measurement Conference (IMC), Nov 2011 Awarded the IRTF Applied Networking Research Prize 2012

Blog Entries

IODA is now on Twitter
Aug. 6, 2018

North Korean Internet outages observed
Dec. 23, 2014

Under the Telescope: Time Warner Cable Internet Outage
Aug. 29, 2014

Syria disappears from the Internet
Dec. 5, 2012

Press coverage

"Garbage In, Info Out", Communications of the ACM Article
Nick Clayton, "Internet Background Radiation Reveals Disasters and Censorship", The Wall Street Journal TECH Blog
Douglas Perry, "Internet Junk Traffic Used to Uncover Censorship", Tom's Guide, March 11, 2012
Alberto Dainotti was awarded the Applied Networking Research Prize at IETF-84 for his research into Internet communication disruptions due to filtering.

Workshops

IMAPS 2018 - Internet Measurement And Political Science (IMAPS) Workshop
IMAPS 2017 - Internet Measurement And Political Science (IMAPS) Workshop: Conflict and Contention in the Digital Age
IMAPS 2016 - Internet Measurement And Political Science (IMAPS) Workshop: Conflict and Contention in the Digital Age
1st CAIDA BGP Hackathon 2016
IMAPS 2014 - Internet Measurement And Political Science (IMAPS) Workshop: Network Outages
DUST 2012 - 1st International Workshop on Darkspace and UnSolicited Traffic Analysis

Funding sources

Support for the Internet Outage Detection and Analysis project is provided by the Department of Homeland Security (DHS) contract 70RSAT18CB0000015 Multi-source Realtime Detection of Macroscopic Internet Connectivity Disruption, S&T contract HHSP 233201600012C Science of Internet Security: Technology Experimental Research, S&T contract NBCHC070133 Supporting Research Development of Security Technologies through Network Security Data Collection, and S&T cooperative agreement FA8750-12-2-0326 Supporting Research and Development of Security Technologies through Network and Security Data Collection and the National Science Foundation (NSF) grant CNS-1228994 Detection and analysis of large-scale Internet infrastructure outages. The U.S. Government is authorized to reproduce and distribute reprints for Governmental purposes notwithstanding any copyright notation thereon. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DHS, NSF, or the U.S. Government.

Additional funding to work on visualization interfaces was generously provided by a Comcast research grant.

This research uses resources of the National Energy Research Scientific Computing Center (NERSC), a DOE Office of Science User Facility supported by the DoE Office of Science under contract DE-AC02-05CH11231.

This work also makes use of the Extreme Science and Engineering Discovery Environment (XSEDE), which is supported by NSF grant ACI-1053575.

This platform is also supported by the Open Technology Fund under contract number 1002-2018-027.

Team

Alberto Dainotti, PI (CAIDA)
kc claffy, co-PI (CAIDA)
Victor Adeyokunnu (CAIDA)
Vasco Asturiano (formerly CAIDA)
Karyn Benson (formerly CAIDA)
Roderick Fanou (CAIDA)
Marina Fomenkov (CAIDA)
Bradley Huffaker (CAIDA)
Ken Keys (CAIDA)
Alistair King (CAIDA)
Ryan Koga (CAIDA)
Alex Ma (CAIDA)
Chiara Orsini (formerly CAIDA)
Ramakrishna Padmanabhan (CAIDA)
Joshua Polterock (CAIDA)
Philipp Winter (formerly CAIDA)
Mingwei Zhang (CAIDA)

Student Interns

Alessadandro Puccetti (University of Pisa)
Bernardo Duarte (Ithaca College)
Long Tran (UC San Diego)
Prakriti Gupta (UC San Diego)
Jonathan Yuan (UC San Diego)
Hanh On (UC San Diego)
Johanna Fleischman (UC San Diego)
Adam Velasco (UC San Diego)
Erik Muntean (UC San Diego)
Ryan Wagner (UC San Diego)
Simon Zhang (UC San Diego)

Acknowledgments

Special thanks to Emile Aben for his inspiration and feedback, and to Brian Kantor and Nevil Brownlee for their assistance in this project.

Additional Content

CAIDA Internet Outage Detection and Analysis (IODA) Probe Information

CAIDA developed an operational prototype system that monitors the Internet, in near-realtime, with the goal of identifying macroscopic Internet outages affecting the edge of the network. As part of this goal CAIDA runs a number of periodic and ongoing probes (described by this page).