Ripe Anchor Alerts

Monitoring of neighboring networks for RIPE Atlas Anchor hosts.

Project Context_

Monitor Neighboring Networks

May 2022_ https://github.com/Wolframfriele/ripe-alerts

RIPE NCC is an organization that is responsible for the registration of IP ranges. Next to the core task they work on projects to improve internet infrastructure. One of these projects is RIPE Atlas, a platform aimed at measuring the internet. This platform uses probes (small sensors, for example raspberry pi in someone's home) and anchors (larger sensors, like a server at key network location) to execute these measurements. The question we got from RIPE NCC was: How can we provide more value to anchor hosts? The anchors are sponsored by companies with their own autonomous system number (an identifier on the internet). After a bit of research into this question we decided we wanted to build a monitoring tool for neighboring networks of anchor hosts that uses the RIPE Atlas anchoring measurements. The tool will be released as a fully open source product.

In Depth_

Responsibilities

For this project I started with an extensive survey with anchor hosts, then analyze the results to better understand what value proposition they wanted. The next step was gathering domain knowledge about how the internet functions. We used this knowledge to develop anomaly detection methods that could be used to find alert-worthy moments. Next to my data oriented tasks I also took up some of the front end development work, since our team did not have a dedicated front end developer. The second semester I took up the role of product owner, focusing more on what we need to develop.

Architecture

Some monitoring tools already existed, but they were complicated to set up. The two focus points for this project were no complicated setup and no need to tweak thresholds. The architecture that we came up with consists of two main parts: The anomaly detection and feedback engine. The anomaly detection follows a plugin structure, which allows users to develop better detection methods based on their domain knowledge (we have learned quite a bit, but are not network engineers with a couple of years of experience!). The feedback engine uses feedback (thumbs up and down) from users on anomalies to predict if future anomalies should be alerts or not.