Command-line routing stats with BGPKIT Monocle and Cloudflare Radar API

By on 6 May 2024

Category: Tech matters

Tags: , , ,

Blog home

BGPKIT monocle is a command-line utility program that helps users quickly pull Internet routing-related information from publicly available sources and is available on GitHub.

In BGPKIT monocle version V0.5, we added support for querying Cloudflare Radar‘s new BGP routing statistics and prefix-to-origin mapping APIs, the same APIs that power the Cloudflare Radar routing sectionmonocle users can now quickly glance at routing stats for any given Autonomous System Number (ASN), economy, or the whole Internet. Users can also quickly look up prefix origins and examine their RPKI validation status as well as prefix visibility on the global routing tables.

Using monocle radar

We added a new monocle radar command group in V0.5, which contains the following subcommands:

  • monocle radar stats [QUERY]: Get routing stats (like prefix count, RPKI invalid count) for a given economy or ASN.
  • monocle radar pfx2as [QUERY] [--rpki-status valid|invalid|unknown]: Get prefix to origin mapping for a given prefix or ASN.
mingwei@terrier ~ % monocle radar
Cloudflare Radar API lookup (set CF_API_TOKEN to enable)

Usage: monocle radar <COMMAND>

Commands:
  stats   get routing stats
  pfx2as  look up prefix to origin mapping on the most recent global routing table snapshot
  help    Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

Cloudflare API token needed

Since the monocle radar command relies on querying data using the Cloudflare Radar public API, we also need to specify a user API token as the environment variable CF_API_TOKEN. Obtaining an API token is free and only needs a Cloudflare account. Interested users can follow their official tutorial to obtain a token. The environment variable can be set in a .env file in the current directory, or set in ~/.bashrc or ~/.profile, and so on.

monocle radar stats

Users can query the routing statistics for a given economy or ASN. For example, monocle radar stats us returns the routing stats for the United States, while monocle radar stats 174 returns the stats for Cogent (AS174) (Figure 1).

The displayed table is further divided into three rows, one for overall counting, and one for IPv4 and IPv6-specific counting. For each row, we show the following fields:

  • origins: The number of origins ASes registered in the given economy.
  • prefixes: The number of prefixes originated by the given ASN or ASes registered in the given economy.
  • rpki_valid/invalid/unknown: The number of RPKI valid/invalid/unknown prefix routes (prefix-origin mapping) on the global routing table and their percentage of the overall routes.
Figure 1 — Routing stats from monocle radar.
Figure 1 — Routing stats from monocle radar.

monocle radar pfx2as

Users can query the prefix-to-origin API to get the mapping of origin ASes and their originated prefixes on the global routing table.

In Figure 2’s example, monocle radar pfx2as 174 --rpki-status invalid, we ask for all the prefixes originated by AS174 with the RPKI validation status to be invalid. This command returns the list of RPKI invalid prefixes originated by AS174 at the time of generating the dataset.

Figure 2 — Returning a list of RPKI invalid prefixes.
Figure 2 — Returning a list of RPKI invalid prefixes.

Questions it can answer now (more in the future)

Here is a selected list of questions the monocle radar command can answer you:

  • How many ASes are there on the Internet that announce at least one prefix? (81,770).
  • How many of these ASes announce only IPv6 prefixes? (6,853).
  • How many prefixes are there on the global routing table? (1,205,218).
  • How many prefixes do AS400644 announce? (1).
  • Which AS(es) originates 1.1.1.0/24? (AS13335).
  • How many prefixes originated by AS174 are NOT covered by some RPKI ROA? (a lot, 94%+).
  • How about the RPKI valid ratio for the Philippines? (77%, nice!).

Powered by Cloudflare Radar free API

Cloudflare Radar is a hub that showcases global Internet traffic, attack, and technology trends and insights.

About Cloudflare Radar

Where Cloudflare Radar shines is its data openness. Everything you see on the Cloudflare Radar website is powered by their free publicly available APIs. It’s a treasure trove, and all users need is a free API token to access everything.

Figure 3 — Cloudflare's free BGP APIs.
Figure 3 — Cloudflare’s free BGP APIs.

At BGPKIT, we think we can further improve the usability of the APIs by exposing them as a proper Rust SDK: radar-rs. This is our (unofficial) effort to bring Cloudflare Radar’s rich data to Rust developers. For example, monocle radar is powered by this SDK.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *

Top