MRT Analysis

Ze includes ze-analyze, a standalone tool for analysing real-world BGP data from public route collectors (RIPE RIS, RouteViews). It processes MRT dump files to extract statistics that inform ze's internal buffer sizing, caching strategies, and congestion handling.

Building

make analyze

This produces bin/ze-analyze.

Quick Start

Download BGP data from public collectors and run an analysis:

bin/ze-analyze analyze download                                    # fetch latest data
bin/ze-analyze analyze density test/internet/ripe-updates.*.gz     # UPDATE density + burst patterns
bin/ze-analyze analyze attributes test/internet/latest-bview.gz    # attribute repetition analysis

Data Sources

ze-analyze analyze download fetches MRT files from two public BGP collectors:

Source Type Interval Size
RIPE RIS rrc00 (Amsterdam) BGP4MP updates 5 min ~5 MB per file
RIPE RIS rrc00 TABLE_DUMP_V2 RIB Latest ~400 MB
RouteViews route-views2 BGP4MP updates 15 min ~2 MB per file
RouteViews route-views2 TABLE_DUMP_V2 RIB 2-hour intervals ~100 MB

Files are saved to test/internet/ (gitignored). RouteViews bz2 files are converted to gzip on download for Go stdlib compatibility.

bin/ze-analyze analyze download                     # today's data at 00:00 UTC
bin/ze-analyze analyze download 20260324            # specific date
bin/ze-analyze analyze download 20260324 1200       # specific date and time
bin/ze-analyze analyze download -o /tmp/mrt         # custom output directory

Commands

density

Measures how many NLRIs each UPDATE carries and how many UPDATEs arrive per second. Separates traffic into setup (table dumps, convergence) and maintenance (steady-state churn) using per-source-peer burst detection.

bin/ze-analyze analyze density test/internet/ripe-updates.*.gz

Output sections: - NLRIs per UPDATE distribution (announced, withdrawn, total) - UPDATEs per active second distribution - Setup vs maintenance classification per source peer - Per-peer maintenance rate distribution - Channel sizing recommendation with empirical P50/P95/P99

Used for: per-peer forward pool channel sizing. Results documented in Update Density Analysis.

attributes

Analyses attribute repetition across routes to guide caching decisions. Measures per-attribute cache hit rates, bundle deduplication effectiveness, and temporal locality (consecutive identical bundles).

bin/ze-analyze analyze attributes test/internet/latest-bview.gz 2>/dev/null | jq .   # JSON
bin/ze-analyze analyze attributes test/internet/latest-bview.gz >/dev/null           # summary

Output: JSON to stdout, human summary to stderr.

Used for: attribute pool sizing, cache strategy decisions. Results documented in mrt-attribute-caching.md.

communities

Identifies per-ASN community defaults: communities that appear in nearly every route from a given ASN. These defaults can be assumed present in a cache, encoding only exceptions (absent defaults) to save wire bytes.

bin/ze-analyze analyze communities test/internet/latest-bview.gz
bin/ze-analyze analyze communities --threshold 0.90 --format json test/internet/latest-bview.gz
bin/ze-analyze analyze communities --post-policy test/internet/latest-bview.gz

Options: - --threshold (default 0.95): minimum frequency to be considered a default - --min-routes (default 1000): minimum routes from an ASN to generate defaults - --format (yaml or json) - --post-policy: strip action communities (simulates route server post-policy view)

count-attrs

Counts how many path attributes each route carries. Produces a distribution table showing the typical attribute set size.

bin/ze-analyze analyze count-attrs test/internet/latest-bview.gz

mrt-dump

Dumps MRT records as BGP UPDATE hex, one per line. Useful for piping into ze bgp decode or other tools.

bin/ze-analyze analyze mrt-dump test/internet/ripe-updates.*.gz | head -5
bin/ze-analyze analyze mrt-dump test/internet/latest-bview.gz | bin/ze bgp decode -

show

Human-readable MRT dump (like bgpdump). Displays record headers, peer info, and decoded BGP message contents including attributes, AS paths, and prefixes.

bin/ze-analyze analyze show test/internet/ripe-updates.*.gz | head -50
bin/ze-analyze analyze show test/internet/latest-bview.gz

routes

Extracts a prefix table from TABLE_DUMP_V2 files as JSON. Each entry includes prefix, next-hop, AS path, origin, local-pref, MED, and communities.

bin/ze-analyze analyze routes test/internet/latest-bview.gz | jq '.[] | select(.prefix == "1.0.0.0/24")'

inject

Opens a BGP session to a remote peer and sends routes from an MRT file. Supports both TABLE_DUMP_V2 (RIB entries) and BGP4MP (UPDATE messages).

bin/ze-analyze analyze inject --local-as 65000 test/internet/latest-bview.gz 10.0.0.1:179

replay

Replays BGP4MP messages over a BGP session preserving original inter-message timing. Configurable speed multiplier.

bin/ze-analyze analyze replay --local-as 65000 --speed 10 test/internet/ripe-updates.*.gz 10.0.0.1:179

convert

Converts MRT records to other formats.

bin/ze-analyze analyze convert pcap test/internet/ripe-updates.*.gz output.pcap      # BGP4MP to pcap (IPv4 only)
bin/ze-analyze analyze convert json test/internet/ripe-updates.*.gz | jq .           # record headers as JSON

export

Send MRT data to network targets.

bin/ze-analyze analyze export bmp --target 10.0.0.1:4321 test/internet/ripe-updates.*.gz
bin/ze-analyze analyze export bmp --target collector:4321 --peer-ip 10.0.0.1 test/internet/ripe-updates.*.gz

Connects to a BMP collector and sends each BGP4MP message as a BMP Route Monitoring message. Optional --peer-ip filters to a single peer.

record

Record incoming protocol streams to MRT files.

bin/ze-analyze analyze record bmp --listen :4321 output.mrt

Listens for incoming BMP (RFC 7854) connections. Received Route Monitoring messages are written as BGP4MP_MESSAGE_AS4 MRT records. Peer Up/Down notifications are written as BGP4MP_STATE_CHANGE_AS4. Multiple concurrent BMP connections are supported (writes are serialized).

serve

Passive BGP server that sends MRT file contents to any peer that connects. Useful for IXP traffic replay testing: blast an entire routing table at a router and observe its behavior.

bin/ze-analyze analyze serve --local-as 65000 --listen :1179 test/internet/latest-bview.gz
bin/ze-analyze analyze serve --local-as 65000 --per-peer test/internet/ripe-updates.*.gz

With --per-peer, only records matching the connecting peer's ASN are sent. Multiple MRT files can be specified; all are sent sequentially.

statistics

Per-type/subtype counts, AFI breakdown, peer summary, timestamp range, and BGP message type distribution.

bin/ze-analyze analyze statistics test/internet/ripe-updates.*.gz

filter

Select records by peer IP, peer ASN, prefix, AS-path regex, community regex, MRT type, or timestamp range. Writes matching records verbatim (no re-encoding) to a new MRT file. Multiple filters are AND-composed.

bin/ze-analyze analyze filter --peer-asn 13335 test/internet/latest-bview.gz cloudflare.mrt
bin/ze-analyze analyze filter --prefix 1.0.0.0/24 --after 1780272000 test/internet/ripe-updates.*.gz filtered.mrt
bin/ze-analyze analyze filter --as-path "174 .* 13335" test/internet/latest-bview.gz transit.mrt
bin/ze-analyze analyze filter --community "13335:" test/internet/latest-bview.gz tagged.mrt

AS-path regex matches against space-separated ASNs (e.g. "174 1916 52888"). AS_SET segments are rendered as {asn,asn}. Community regex matches per-community strings: standard high:low, large global:local1:local2, extended high:low.

MRT File Formats

The tool handles two MRT record types (RFC 6396):

Type Records Used By
TABLE_DUMP_V2 RIB snapshots (one entry per route per peer) attributes, communities, count-attrs, mrt-dump, show, routes, inject, filter
BGP4MP Live UPDATE messages with timestamps density, attributes, communities, mrt-dump, show, inject, replay, convert, filter

Both .gz and .bz2 compressed files are supported. HTTP and HTTPS URLs are accepted anywhere a file path is expected; compression is auto-detected from the URL suffix.

bin/ze-analyze analyze statistics https://data.ris.ripe.net/rrc00/2026.06/updates.20260607.0000.gz

Daemon MRT Recording

Ze produces MRT dumps from live BGP sessions via the mrt component. Configure under mrt {} in the YANG config:

Three independent streams (following FRR's model): 1. Updates -- BGP4MP records for UPDATE messages only 2. All -- BGP4MP records for all BGP messages + state changes 3. Routes -- periodic TABLE_DUMP_V2 RIB snapshots

Features: per-peer filtering, direction filtering (received/sent), extended timestamps (BGP4MP_ET), add-path aware, on-demand CLI dump via request mrt dump-rib, strftime filename rotation, async non-blocking writes.

Related