RIPE Atlas

Good day to all! I want to devote my debut article on habr to a very interesting topic - the RIPE Atlas Internet quality control system. Part of my field of interest is the study of the Internet or cyberspace (the term is rapidly gaining popularity, especially in scientific circles). There are plenty of materials on RIPE Atlas on the Internet, including on habr, but they seemed to me not complete enough. For the most part, the article used information from the official site RIPE Atlas and your own thoughts.

Instead of the preface

The Regional Internet Registrar (RIR) with responsibility for Europe, Central Asia and the Middle East is RIPE NCC (Réseaux IP Européens Network Coordination Centre). RIPE NCC is a non-profit organization based in the Netherlands. Supports the Internet. Provides IP addresses and autonomous system numbers to local ISPs and large organizations.

One of RIPE NCC's flagship projects to investigate the state of the Internet is RIPE Atlas (launched in late 2010), which is an evolution of the Test Traffic Measurement Service, which was discontinued in 2014.

RIPE Atlas is a global network of sensors that actively measure the state of the Internet. There are currently thousands of sensors in the RIPE Atlas network and the number is constantly growing. RIPE NCC aggregates the data it collects and makes it shareware free of charge in a user-friendly way.

The development of the network takes place on the principle of voluntary installation of sensors by users in their infrastructure, for which “credits” are issued that can be spent on measurements of interest using other sensors.

As a rule, RIPE Atlas is used:

• to monitor the availability of your network from various points on the Internet;
• for network investigation and troubleshooting with fast and flexible connectivity testing;
• in the monitoring system of your own network;
• to monitor the availability of the DNS infrastructure;
• IPv6 connectivity checks.

RIPE Atlas

As already mentioned, RIPE Atlas is a system of sensors that are located on the Internet and are under a single administrative control. In addition to conventional sensors (Probes), there are more advanced ones - anchors (Anchors).

As of mid-2020, the RIPE Atlas system has more than 11 active sensors and more than 650 active anchors, which together make more than 25 measurements and receive more than 10 results per second.

The graphs below show the growth in the number of sensors and anchors.

And the following figures show a map of the World indicating the location of sensors and anchors, respectively.

Despite the regional status of the RIPE NCC, the RIPE Atlas network covers almost the entire world, while Russia is in the top 5 in terms of the number of installed sensors (568), along with Germany (1562), USA (1440), France (925) and the UK ( 610).

Management servers

When studying the operation of the sensor, it was found that it periodically (every 4 minutes) checks the connection with some objects on the network, which include root DNS servers and nodes with domain names like "ctr-sin02.atlas.ripe.net", I suppose , which are the management servers of the RIPE Atlas network.

I did not find information about control servers on the official website, but it can be assumed that their tasks include managing sensors, as well as aggregating and processing data. If my guess is correct, then there are at least 6 management servers, of which located in the USA - 2, the Netherlands - 2, Germany - 1, Singapore - 1. Port 443 is open on all servers.

If someone has more information about the control servers of the RIPE Atlas network, please clarify this issue.

Sensor

The RIPE Atlas sensor is a small device (TP-Link 3020) powered by USB and connected to the router's Ethernet port using a network cable. Depending on the model, the sensor may have an Atheros AR9331 chipset, 400 MHz, 4 MB flash and 32 MB RAM or a MediaNek MT7628NN chipset, 575 MHz, 8 MB flash and 64 MB RAM.

Anchor

The armature is an advanced sensor with much greater performance and measurement capability. It is a device in a standard 19-inch version on the APU2C2 or APU2E2 hardware platform with a 4 GHz quad-core processor, 1 GB of RAM, 2 Gigabit Ethernet ports and 3 GB of SSD storage. The cost of the anchor is about $400.

Installation and control of the sensor

As already mentioned, sensors are distributed free of charge in order to install them in their infrastructure. When requesting a sensor, specify the country, city, and autonomous system number where it will be located. In response to my request, the RIPE NCC sent this message.

Unfortunately, your application does not meet our criteria for a hardware sensor at this time. While our goal is to distribute the RIPE Atlas sensors as widely as possible, it appears that there are already enough devices connected either within the ASN you specified, in the network you applied for, or in the country in which you applied application.

No problem. In this case, you can install a software sensor, for example, on a virtual machine, home server or router - there are no restrictions on location and autonomous system. CentOS, Debian, Raspbian and Turris OS are supported. For deployment, you need to download and install the appropriate software, for example from repository on GitHub.

Installing the software sensor is quite simple. For example, to install on CentOS 8, you need to run the commands:

curl -O 'https://ftp.ripe.net/ripe/atlas/software-probe/centos8/noarch/ripe-atlas-repo-1-2.el8.noarch.rpm'

yum install ripe-atlas-repo-1-2.el8.noarch.rpm

and register the sensor, while providing the SSH key, which is located in /var/atlas-probe/etc/probe_key.pub, as well as the autonomous system number and your city. The letter reminded of the need to correctly indicate the location of the sensor.

Sensor management is limited by the ability to share the measurement resource with other users, set up notifications about downtime, as well as standard network settings (address, default gateway, etc.).

Measurement

Finally got to the measurements. Tasks for measurements are configured from the personal account. You can also see the results there.

Formation of a task for measurement consists of three steps: selection of the type of measurement, selection of the sensor, selection of the measurement period.

Measurements can be of the following types: ping, traceroute, DNS, SSL, HTTP, NTP. Detailed settings for a specific type of measurement, excluding specific ones due to a specific protocol or utility, include: target address, network layer protocol, number of packets in the measurement and time between measurements, packet size and time between packets, degree of random offset of the packet start time.

The choice of sensors is possible by their identifier or country of location, region, autonomous system, tag, etc.

The measurement period is set by the start and end times.

The measurement results are available on the website in your personal account, which can also be obtained in json format. In general, the results of measurements are quantitative indicators characterizing the availability of a certain node or service.

For the user, the measurement capabilities are presented by a wide, but very limited range. However, it is obvious that the capabilities of the system imply the generation of packets of almost any configuration, which opens up much wider opportunities for measuring the state of the Internet.

Below is an example of raw single measurement results with default settings. In measurements such as ping, traceroute, and SSL, the habr.com IP address was chosen as the target, DNS was the IP address of the Google DNS server, and NTP was the IP address of the NTP server ntp1.stratum2.ru. All measurements used one sensor located in Vladivostok.

Ping

[{"fw":4790,"lts":18,"dst_name":"178.248.237.68","af":4,"dst_addr":"178.248.237.68","src_addr":"192.168.0.10","proto":"ICMP","ttl":55,"size":48,"result":[{"rtt":122.062873},{"rtt":121.775641},{"rtt":121.807897}],"dup":0,"rcvd":3,"sent":3,"min":121.775641,"max":122.062873,"avg":121.882137,"msm_id":26273241,"prb_id":4428,"timestamp":1594622562,"msm_name":"Ping","from":"5.100.99.178","type":"ping","group_id":26273241,"step":null,"stored_timestamp":1594622562}]

traceroute

[{"fw":4790,"lts":19,"endtime":1594622643,"dst_name":"178.248.237.68","dst_addr":"178.248.237.68","src_addr":"192.168.0.10","proto":"ICMP","af":4,"size":48,"paris_id":1,"result":[{"hop":1,"result":[{"from":"192.168.0.1","ttl":64,"size":76,"rtt":7.49},{"from":"192.168.0.1","ttl":64,"size":76,"rtt":1.216},{"from":"192.168.0.1","ttl":64,"size":76,"rtt":1.169}]},{"hop":2,"result":[{"from":"5.100.98.1","ttl":254,"size":28,"rtt":1.719},{"from":"5.100.98.1","ttl":254,"size":28,"rtt":1.507},{"from":"5.100.98.1","ttl":254,"size":28,"rtt":1.48}]},---DATA OMITED---,{"hop":10,"result":[{"from":"178.248.237.68","ttl":55,"size":48,"rtt":121.891},{"from":"178.248.237.68","ttl":55,"size":48,"rtt":121.873},{"from":"178.248.237.68","ttl":55,"size":48,"rtt":121.923}]}],"msm_id":26273246,"prb_id":4428,"timestamp":1594622637,"msm_name":"Traceroute","from":"5.100.99.178","type":"traceroute","group_id":26273246,"stored_timestamp":1594622649}]

DNS

[{"fw":4790,"lts":146,"dst_addr":"8.8.8.8","af":4,"src_addr":"192.168.0.10","proto":"UDP","result":{"rt":174.552,"size":42,"abuf":"5BGAgAABAAEAAAAABGhhYnIDY29tAAABAAHADAABAAEAAAcmAASy+O1E","ID":58385,"ANCOUNT":1,"QDCOUNT":1,"NSCOUNT":0,"ARCOUNT":0},"msm_id":26289620,"prb_id":4428,"timestamp":1594747880,"msm_name":"Tdig","from":"5.100.99.178","type":"dns","group_id":26289620,"stored_timestamp":1594747883}]

SSL

[{"fw":4790,"lts":63,"dst_name":"178.248.237.68","dst_port":"443","method":"TLS","ver":"1.2","dst_addr":"178.248.237.68","af":4,"src_addr":"192.168.0.10","ttc":106.920213,"rt":219.948332,"cert":["-----BEGIN CERTIFICATE-----nMIIGJzCCBQ+gAwIBAg ---DATA OMITED--- yd/teRCBaho1+Vn-----END CERTIFICATE-----"],"msm_id":26289611,"prb_id":4428,"timestamp":1594747349,"msm_name":"SSLCert","from":"5.100.99.178","type":"sslcert","group_id":26289611,"stored_timestamp":1594747352}]

NTP

[{"fw":4790,"lts":72,"dst_name":"88.147.254.230","dst_addr":"88.147.254.230","src_addr":"192.168.0.10","proto":"UDP","af":4,"li":"no","version":4,"mode":"server","stratum":2,"poll":8,"precision":0.0000076294,"root-delay":0.000518799,"root-dispersion":0.0203094,"ref-id":"5893fee5","ref-ts":3803732581.5476198196,"result":[{"origin-ts":3803733082.3982748985,"receive-ts":3803733082.6698465347,"transmit-ts":3803733082.6698560715,"final-ts":3803733082.5099263191,"rtt":0.111643,"offset":-0.21575},{"origin-ts":3803733082.5133042336,"receive-ts":3803733082.7847337723,"transmit-ts":3803733082.7847442627,"final-ts":3803733082.6246700287,"rtt":0.111355,"offset":-0.215752},{"origin-ts":3803733082.6279149055,"receive-ts":3803733082.899283886,"transmit-ts":3803733082.8992962837,"final-ts":3803733082.7392635345,"rtt":0.111337,"offset":-0.2157}],"msm_id":26289266,"prb_id":4428,"timestamp":1594744282,"msm_name":"Ntp","from":"5.100.99.178","type":"ntp","group_id":26289266,"stored_timestamp":1594744289}]

Conclusion

The RIPE Atlas network is a convenient tool that allows you to monitor the availability of objects and services on the Internet in near real time.

The data generated by the RIPE Atlas network can be useful to carriers, researchers, the technical community, and anyone interested in the healthy functioning of the Internet and want to learn more about the underlying network structures and data flows that keep the Internet running on a global scale.

PS RIPE Atlas is not alone in its kind, there are analogues, for example this.

Source: habr.com