Command-line routing stats with BGPKIT Monocle and Cloudflare Radar API
30/05/2024
By Mingwei Zhang, senior systems engineer at Cloudflare
This was originally published on the BGPKIT blog.
Mingwei Zhang, Ph.-D is a senior systems engineer at Cloudflare, building complex high-throughput data pipelines and conducting data analysis on significant Internet routing events. He is the founder of open source BGP data analysis toolkit BGPKIT.
BGPKIT monocle is a command-line utility program that helps users quickly pull Internet routing-related information from publicly available sources and is available on GitHub.
In BGPKIT monocle version V0.5, we added support for querying Cloudflare Radar‘s new BGP routing statistics and prefix-to-origin mapping APIs, the same APIs that power the Cloudflare Radar routing section. monocle users can now quickly glance at routing stats for any given Autonomous System Number (ASN), economy, or the whole Internet. Users can also quickly look up prefix origins and examine their RPKI validation status as well as prefix visibility on the global routing tables.
Using monocle radar
We added a new monocle radar command group in V0.5, which contains the following subcommands:
- monocle radar stats [QUERY]: Get routing stats (like prefix count, RPKI invalid count) for a given economy or ASN.
- monocle radar pfx2as [QUERY] [–rpki-status valid|invalid|unknown]: Get prefix to origin mapping for a given prefix or ASN.
mingwei@terrier ~ % monocle radar
Cloudflare Radar API lookup (set CF_API_TOKEN to enable)
Usage: monocle radar <COMMAND>
Commands:
stats get routing stats
pfx2as look up prefix to origin mapping on the most recent global routing table snapshot
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
-V, --version Print version
Cloudflare API token needed
Since the monocle radar command relies on querying data using the Cloudflare Radar public API, we also need to specify a user API token as the environment variable CF_API_TOKEN. Obtaining an API token is free and only needs a Cloudflare account. Interested users can follow their official tutorial to obtain a token. The environment variable can be set in a .env file in the current directory, or set in ~/.bashrc or ~/.profile, and so on.
monocle radar stats
Users can query the routing statistics for a given economy or ASN. For example, monocle radar stats us returns the routing stats for the United States, while monocle radar stats 174 returns the stats for Cogent (AS174) (Figure 1).
The displayed table is further divided into three rows, one for overall counting, and one for IPv4 and IPv6-specific counting. For each row, we show the following fields:
- origins: The number of origins ASes registered in the given economy.
- prefixes: The number of prefixes originated by the given ASN or ASes registered in the given economy.
- rpki_valid/invalid/unknown: The number of RPKI valid/invalid/unknown prefix routes (prefix-origin mapping) on the global routing table and their percentage of the overall routes.
monocle radar pfx2as
Users can query the prefix-to-origin API to get the mapping of origin ASes and their originated prefixes on the global routing table.
In Figure 2’s example, monocle radar pfx2as 174 –rpki-status invalid, we ask for all the prefixes originated by AS174 with the RPKI validation status to be invalid. This command returns the list of RPKI invalid prefixes originated by AS174 at the time of generating the dataset.
Questions it can answer now (more in the future)
Here is a selected list of questions the monocle radar command can answer you:
- How many ASes are there on the Internet that announce at least one prefix? (81,770).
- How many of these ASes announce only IPv6 prefixes? (6,853).
- How many prefixes are there on the global routing table? (1,205,218).
- How many prefixes do AS400644 announce? (1).
- Which AS(es) originates 1.1.1.0/24? (AS13335).
- How many prefixes originated by AS174 are NOT covered by some RPKI ROA? (a lot, 94%+).
- How about the RPKI valid ratio for the Philippines? (77%, nice!).
Powered by Cloudflare Radar free API
Cloudflare Radar is a hub that showcases global Internet traffic, attack, and technology trends and insights.
Where Cloudflare Radar shines is its data openness. Everything you see on the Cloudflare Radar website is powered by their free publicly available APIs. It’s a treasure trove, and all users need is a free API token to access everything.
At BGPKIT, we think we can further improve the usability of the APIs by exposing them as a proper Rust SDK: radar-rs. This is our (unofficial) effort to bring Cloudflare Radar’s rich data to Rust developers. For example, monocle radar is powered by this SDK.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.