LLMpediaThe first transparent, open encyclopedia generated by LLMs

RIPE RIS

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: BGP Hop 4
Expansion Funnel Raw 80 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted80
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
RIPE RIS
NameRIPE RIS
AbbreviationRIS
Formation1999
TypeNetwork measurement project
HeadquartersAmsterdam
Region servedEurope, global
Parent organizationRIPE NCC

RIPE RIS

RIPE RIS is a large-scale Internet routing observatory operated by the RIPE Network Coordination Centre. It provides long-term Border Gateway Protocol (BGP) collection, route-monitoring, and ancillary telemetry from a distributed set of collectors and peers to support research, operations, and policy analysis. The system underpins studies of BGP instability, prefix hijacking, route leaks, and interdomain routing dynamics used by network operators, researchers, and regulators.

Overview

The project maintains a geographically dispersed array of route collectors that establish BGP sessions with participating Autonomous Systems such as Akamai Technologies, Google, Amazon (company), Facebook, Cloudflare, AT&T, Deutsche Telekom, and NTT Communications. Data products include MRT-format BGP dumps, streaming RIS Live feeds, and historical archives that are widely cited by institutions like University of California, Los Angeles, Massachusetts Institute of Technology, University of Oxford, Technical University of Munich, and University of Amsterdam. The observatory interoperates with parallel initiatives such as RouteViews, BGPStream, CAIDA, MANRS, and IETF working groups.

History and Development

RIS was established by the RIPE NCC in the late 1990s to address the growing need for systematic interdomain routing visibility during the expansion of commercial Internet infrastructure and the emergence of large content networks including Yahoo!, Microsoft, and AOL. Early milestones include deployment of the initial collectors, adoption of the MRT dump format formalized by the IETF BGP Monitoring Protocol work, and collaboration with research projects at CERN and RIPE Meeting participants. Over successive RIPE meetings and collaborations with organizations like NORDUnet, SURFnet, TIX, and LINX, the platform evolved from periodic dumps to near-real-time streaming and enriched metadata ingestion. RIS has been referenced in studies following major events such as the 2008 YouTube Pakistan blackout, the 2008 undersea cable disruptions, and high-profile routing incidents involving Verizon, Cogent Communications, and national outages.

Infrastructure and Data Collection

The physical and logical infrastructure comprises collector nodes co-located in data centers operated by partners including AMS-IX, DE-CIX, LINX, Equinix, Interxion, and regional Internet exchanges in Frankfurt am Main, Amsterdam, London, Paris, and Stockholm. Each collector runs BGP-speaking software that peers with route servers and speaker sessions from Autonomous Systems such as BT Group, Orange S.A., Telia Company, and research networks like GÉANT. Collected data types include BGP UPDATE, BGP TABLE DUMP, and RIB snapshots encoded in MRT and stored in time-series archives used by analysts at Oxford Internet Institute and Max Planck Institute for Informatics. The system integrates ancillary inputs like traceroute-derived topology from projects conducted by CAIDA and routing registries such as RIPE Database, ARIN, APNIC, and LACNIC for validation and enrichment.

Data Access and Services

RIS provides public access to archived and live streams via APIs and download endpoints consumed by toolchains from Cisco Systems, Juniper Networks, Arista Networks, Hewlett Packard Enterprise, and open-source projects such as BGPStream, scapy, and pybgpstream. Researchers at Stanford University, Princeton University, and ETH Zurich use RIS feeds for reproducible experiments, while operational teams at Telefonica and regional registries use alerts for anomaly detection. Services include RIS Live for near-real-time monitoring, historical MRT archives for longitudinal analysis, and aggregated routing statistics dashboards used in academic publications and operator reports presented at RIPE Meeting and IETF. Access policies balance open science with coordination for sensitive incident response involving law enforcement agencies like Europol and national CERTs including CERT-EU and US-CERT.

Use Cases and Impact

RIS data underpins detection of prefix hijacks, route leaks, and BGP anomalies exploited during incidents involving companies such as Indosat Ooredoo and Level 3 Communications. Academic studies leveraging RIS have informed policymaking at bodies like the European Commission and standards produced by IETF working groups addressing BGP security, alongside operational improvements advocated by MANRS and network operator communities at NOG events. Longitudinal datasets support research published in venues including SIGCOMM, USENIX, IMC, IEEE/ACM Transactions on Networking, and reports by CAIDA and the Internet Society. RIS has also aided attribution and forensic reconstruction of events tied to cyber incidents involving nation-state activity analyzed by institutions such as RAND Corporation and Chatham House.

Governance and Funding

Governance rests with the RIPE NCC, overseen by its executive board and informed by stakeholders from member organizations including regional Internet registries like ARIN and APNIC, Internet exchange operators, academic partners, and commercial contributors such as Cloudflare and Akamai Technologies. Funding derives from RIPE NCC membership fees, project grants from entities like the European Union research programs and collaborative contributions from partner exchanges and research institutions including NORDUnet, SURF, and DFN. Operational coordination occurs through community fora such as RIPE Meetings, technical working groups, and collaborative incident response with national CERTs and intergovernmental organizations.

Category:Internet measurement