Detecting Network Disruptions At Colocation Facilities

TL;DR

This paper presents a methodology for detecting network disruptions at colocation facilities using traceroute data, enabling timely identification of outages and anomalies affecting internet infrastructure.

Contribution

It introduces a novel approach to identify colocation facilities in traceroute data and monitor their network performance for anomaly detection.

Findings

Successfully detected real-world outages like IXPs, DDoS, and power failures.

Validated the method with eight months of traceroute data from RIPE Atlas.

Identified outages spanning multiple facilities at metropolitan levels.

Abstract

Colocation facilities and Internet eXchange Points (IXPs) provide neutral places for concurrent networks to daily exchange terabytes of data traffic. Although very reliable, these facilities are not immune to failure and may experience difficulties that can have significant impacts on exchanged traffic. In this paper we devise a methodology to identify collocation facilities in traceroute data and to monitor delay and routing patterns between facilities. We also present an anomaly detection technique to report abnormal traffic changes usually due to facilities outages. We evaluate this method with eight months of traceroute data from the RIPE Atlas measurement platform and manually inspect the most prominent events, that are: an IXP outage, a DDoS attack, and a power failure in a facility. These case studies validate the benefits of the proposed system to detect real world outages from traceroute data. We also investigate the impact of anomalies at the metropolitan-level and identify outages that span across up to eight facilities.