As part of a broader organisational restructure, data networking research at Swinburne University of Technology has moved from the Centre for Advanced Internet Architecture (CAIA) to the Internet For Things (I4T) Research Lab.

Although CAIA no longer exists, this website reflects CAIA's activities and outputs between March 2002 and February 2017, and is being maintained as a service to the broader data networking research community.

Rapid detection of BGP anomalies

Why BGP testbed is important?

  1. Lack of ground truth timestamps for available BGP anomalies events.
  2. Enable examination of different types of BGP anomalies to help in their identification.
  3. On available BGP testbeds such as the PEER project, no hijacking or misconfiguration is allowed.

Our BGP testbed

Our controlled testbed is based on using the Virtual Internet Routing Lab (VIRL) and BGP Replay Tool (BRT). We also used Quagga to collect BGP traffic at multiple Remote Route Collectors (RRCs).

VIRL is a network emulation system which uses Linux KVM hypervisor, OpenStack, and a set of virtual machines running real Cisco network operating systems. VIRL offers various features such as automated configuration creation, high accurate network simulations, and rapid setup and tear-down. BRT is a Perl script that allows to setup a BGP adjacency with BGP peer. BRT enables users to send out BGP updates from a predefined BGP update file. BGP session and message handling are done by Net::BGP v0.16, a Perl module that implements BGP-4 inter-domain routing protocol. This tool helps researchers and operators to understand BGP behaviour with different circumstances. The input of the BRT tool is a human readable BGP updates with Unix time stamps, bgpdump with [-m] can be used for this purpose. Before running the BRT tool to replay BGP updates into controlled testbed, we need to check that none of the AS numbers in the implemented topology are existing in AS-PATH of announced routes for the injected file. This is important to ensure that all injected BGP updates are forwarded between ASes as BGP guarantees of avoiding routing loops through preventing routes that contain its local AS number in the AS-PATH. The script named, available in package, is a bash script checks all ASes numbers in the implemented topology and notifies users if they need to change a specific AS number.

Figure 1 shows an example for a controlled BGP testbed to detect BGP anomalies. In this example, we inject BGP updates downloaded from RouteViews project and RIPE into the topology shown in Figure 1 using BRT, introduce a controlled anomaly such as link or node failure, then collect BGP traffic at RRC. In this example, RRC is connected with multiple BGP speakers such as as20r1, as30r1, and as1r1. RRC also runs our Real-time BGP Anomaly Detection Tool (RBADT) to detect BGP anomalies.

Figure 1  An example of BGP testbed topology


We are grateful to the VIRL team at Cisco for providing free license and support. We also thank Simon Forsayeth from ITS/Swinburne University for setting up the physical rack of hosts on which we run VIRL.

Last Updated: Monday 10-Oct-2016 10:07:51 AEDT | Maintained by: Bahaa Al-Musawi ( | Authorised by: Grenville Armitage (