Abstract
BGP updates are triggered by a variety of events such as link failures, resets, routers crashing, configuration changes, and so on. Making sense of these updates and identifying the underlying events is key to debugging and troubleshooting BGP routing problems. In this paper, as a first step toward the much harder problem of root cause analysis of BGP updates, we discuss if, and how, updates triggered by distinct underlying events can be separated. Specifically, we explore using PCA (Principal Components Analysis), a well known statistical multi-variate technique, to achieve this goal.We propose a method based on PCA to obtain a set of clusters from a BGP update stream; each of these is a set of entities (either prefixes or ASes) which are affected by the same underlying event. Then we demonstrate our approach using BGP data obtained by simulations and show that the method is quite effective. In addition, we perform a high level analysis of BGP data containing well known, large scale events.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
