David G. Andersen,
To appear in the 2nd Internet Measurement Workshop, November 2002.
This paper describes a method of inferring logical relationships between network prefixes within an Autonomous System (AS) using only passive monitoring of BGP messages. By clustering these prefixes based upon similarities between their update times, we create a hierarchy linking the prefixes within the larger AS. We can frequently identify groups of prefixes routed to the same ISP Point of Presence (PoP), despite the lack of identifying information in the BGP messages. Similarly, we observe disparate prefixes under common organizational control, or with long shared network paths. In addition to discovering interesting network characteristics, our passive method facilitates topology discovery by potentially reducing the number of active probes required in traditional traceroute-based Internet mapping mechanisms.
[PostScript (440KB)] [Gzipped PostScript (130KB)] [PDF (160KB) (math mode fonts do not display perfectly in PDF, the postscript looks better)]