Delay and Forwarding Anomalies

What is Delay and Forwarding Anomalies?

Using traceroute data collected with the RIPE Atlas measurement platform, we detect delay changes and significant routing changes. The techniques we used are detailed in the following research paper: R. Fontugne, E. Aben, C. Pelsser, R. Bush, Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements. ACM IMC 2017, London, UK.

What the graphs mean?

Let's look at two examples. First, AS7922 Comcast on November 2017:

The top plot represents the overall delay changes we observe for AS7922. This value is normally close to 0, but features higher values when we observe significant delay changes for IP addresses in that AS. In this example we see that AS7922 features increased delays daily. You can click on the graphs to obtain the list of IP addresses that are detected by our system and the end-to-end delays for traceroute monitoring reported IP addresses.

For forwarding anomalies let's look at another example, AS174 Cogent on November 2017:

The bottom plot represents the forwarding anomalies observed for AS174. Intuitively, this graph represents the presence and absence of IP addresses for AS174 in the monitored traceroutes. If the number of observed IP addresses for AS174 is constant then the forwarding anomaly level is close to 0. If we observe more IP addresses than usual then the forwarding anomaly level takes higher positive values. On the other hand if we observe less IP addresses than usual, the forwarding anomaly level takes lower negative values. In this example, IP addresses from AS174 are appearing more than usual due to an internal routing anomaly. You can click on the graphs to obtain the list of reported IP addresses and a visualization of corresponding traceroutes.

Known issues

Traceroute limitations. Our analysis of delay and forwarding anomalies relies solely on traceroute results. That implies a few limitations, for example, unexpected results for MPLS tunnels that do not implement RFC4950.