Code BGP’s inauguration post
This is our inauguration article in the Code BGP blog! It explains the reasons we created Code BGP, our personal journeys that brought us here, what we plan to do with Code BGP, why we believe we bring value to the network operations landscape, what we aim to provide to our customers and the community at large, and what is our vision for the future. It's a 5 minute read.
Who are we?
The founders of Code BGP are Xenofontas Dimitropoulos (“Fontas”), Vasileios Kotronis, and Lefteris Manassakis. They all come primarily from many years of research in the area of Internet routing and measurements. Fontas, while working in the Center for Applied Internet Data Analysis (CAIDA) and conducting his PhD in parallel in Georgia Tech, developed the approach, algorithms, and software for ranking Autonomous Systems (ASes) based on their customer cone and the first generation of inference algorithms for AS relationships. These activities led to the CAIDA AS Rank service and the CAIDA AS Relationships Dataset, which are today the de facto sources for this type of information. Since then he has a long track record of applied research. Vasileios, among his various activities in applied research and network engineering, such as the use of Software Defined Networking principles in inter-domain routing, is the lead developer and maintainer of the ARTEMIS open source tool for real-time BGP prefix hijacking detection and mitigation. Lefteris has both experience in working as a network engineer for many years and in conducting applied research in this area. The research of the founders has been published in the world’s leading conferences and journals, such as ACM SIGCOMM, ACM Internet Measurement Conference, IEEE/ACM Transactions on Networking, Science Magazine, and IEEE INFOCOM.
Where do we come from? Why do we exist?
We always enjoyed performing applied research for network operations and in particular related to Internet routing, which is a complicated and interesting domain. We also liked building tools and making them available as open source software for the community. However, coming from a research environment, there was a gap between building such useful tools for the community and providing the software continuity and support that is necessary for a production environment.
Moreover, we always liked what we did and believed in it. We also believed in the talent of the local pool of people from the Foundation for Research and Technology - Hellas (FORTH), which has been the incubator of most of our past research activities. With respect to our personal aspirations, the career paths of the three founders synchronized in a cross-road, where we wanted to make a change and learn from new endeavors. At the same time, the open source tool ARTEMIS, that we had developed initially as a research project, acquired users and several large corporations approached us for services and continued support. This was the extra kick we wanted to decide to engage in Code BGP. The hallmark in our pre-incorporation journey was securing a seed investment of €1.2Μ, by the first VC we had serious discussions with.
DevOps meets BGP
Our core expertise is around BGP; the inter-domain routing protocol of the Internet, which is also known as the “glue” that holds the Internet together. BGP is one of the hardest protocols to master and operate. It has been a subject of extensive research literature and despite this its operations have not changed significantly since its beginning. It requires deep expertise in this area to build innovative solutions, which are pioneering research-wise and can be put into practice immediately in today's networks. This is where our approach resides.
Furthermore, we have expertise in building systems, writing scalable software, designing solid foundations, and making them operationally secure. As network operation centers become modernized and adopt new approaches based on Cloud, DevOps, NetOps, network automation, and other new technologies, modernizing BGP operations is a major challenge to tackle. Putting our specialized expertise and inter-disciplinary experience on routing and software programming into the service of network operation teams, creates significant value which we can provide at scale to our customers.
BGP resource tracking and automation
Network operators manage many different assigned IP address prefixes and AS numbers. In addition, they need to keep track of established peerings with neighboring ASes and policies, which are applied per-direction (inbound/outbound), per-neighbor and per-prefix in many cases. Today, all this information is managed on an ad hoc basis, is used to configure and operate networks, and needs to be monitored and verified for many reasons, namely to avoid misconfigurations, security incidents, anomalies, and make sure the correct network policies are enforced. Monitoring announced IP address prefixes and AS numbers, established peerings, and BGP policies of an organization is essential to operate networks effectively. However, presently organizations either do not track how their network resources are visible from different vantage points in the global Internet or rely on custom scripts and simple open source tools. Although recent tools, like ARTEMIS, are great examples of monitoring along the outlined directions, present and future networks require a much greater level of visibility and automation. Automation is essential in the context of network resource tracking to verify how networks operate in practice, detect security incidents, and more generally to close the loop between control and monitoring.
What do we do?
Modern networks need rich APIs for consuming real-time network resource data into various applications. This is exactly the focus of Code BGP. Code BGP provides a cloud-based platform that automatically creates and maintains an inventory of the announced IP address prefixes, AS numbers, peerings, and outbound policies of an organization via configured sources, like BGP feeds. Then, it exposes this inventory in real-time through an open data-driven API. We call this platform the Code BGP Platform. On top of that, Code BGP provides services that consume the real-time inventory data and address specific monitoring problems, namely the Security and the Verification services. Due to its open nature, our platform can be integrated into third-party tools and custom processes that exist already in Network Operation Centers (NOCs) via flexible APIs. The Security service provides real-time BGP hijacking and route leak detection based on the principles of the state-of-the-art ARTEMIS approach. The Verification service provides real-time monitoring of what an organization announces to the Internet so it ensures the enforced network policies are compliant with the organization's intentions.
How does it work?
The goals of the Code BGP Platform are real-time monitoring, extensibility through modern data-driven APIs, security and isolation on the cloud, scalability, and rich user experience. The key features of the platform are: i) BGP or BMP listeners for real-time monitoring, accompanied by optional integrations with RIPE RIS, RouteViews, and RPKI ii) a data-driven GraphQL API for data access and control, iii) isolated platform cloud instances for each organization, iv) scalability to real-time monitoring of millions of resources, v) a modern reactive dashboard. Other future services will include SoT autodiscovery and maintenance and integrations with third-party tools and databases, like IRR sources, PeeringDB, etc.
The Code BGP Security and Verification services
A major challenge network operators face is defending against BGP hijacks and route leaks. Although RPKI adoption is increasing, RPKI alone cannot protect against this problem. BGP security is a big challenge that requires a combined approach, which employs both proactive and reactive defense measures. The Security service acts complementarily to RPKI, by detecting BGP hijacks and route leaks accurately and in real-time. It descents from the ARTEMIS approach, which was initiated as a research effort that was published in the ACM/IEEE Transactions on Networking and resulted in an open source tool that is used by several ISPs. The Security service relies on the local database of BGP peerings and policies of a network to accurately detect multiple types of hijacks. It can also automatically take mitigation measures, namely BGP prefix deaggregation, when this is possible, to neutralize detected hijacks within just a few seconds.
Finally, the Verification service provides a real-time view of what a network announces to the Internet, uses information about local policies to detect violations, and can assist network operators to promptly validate configuration changes. The Security and Verification services run on top of the Code BGP Platform and are the first two such services in our roadmap. They both rely on the open APIs underneath for data automation.
An API-first approach
In Code BGP we take an API-first approach. This means that our focus in the design and development of our software is extensibility and interoperability through modern APIs, like the data-driven approach of GraphQL. Furthermore, we design our APIs for scalability, security, and usability. Presently, network operation teams use several different legacy, custom, open source, or cloud-based tools to manage their networks. Code BGP does not aim to introduce an (N+1)th tool in the arsenal of network operators, but to seamlessly integrate with existing processes and workflows, when possible. Most of the magic in Code BGP products is in the background, in clever inference algorithms, detection approaches, and highly scalable software to deal with the scale of today's Internet. Besides NetOps teams that can integrate our APIs to their custom processes, many network operators today wish, either as a backup or as a primary mode of operation, to interact with our software through the UI. In Code BGP we also embrace user experience and the design of modern user interfaces. Although our foundation is solid engineering, our goal is to make our products also look good and be enjoyable to use.
The founders of Code BGP are among the creators of the ARTEMIS open source software for real-time BGP prefix hijacking detection and mitigation. ARTEMIS is an on-premise solution that runs locally and enables operators to protect their network against BGP prefix hijacking with high detection accuracy based on state-of-the-art research published in the ACM/IEEE Transactions on Networking journal. Code BGP is presently the maintainer of ARTEMIS and actively supports its community in slack. Code BGP does not provide business around ARTEMIS; its effort is purely a community contribution for the common good. Code BGP business focuses on the Code BGP Platform which is an entirely different approach and software stack to deal with an expanded set of problems. We aim to keep contributing and maintaining open source software in the future too as part of our company culture.
Our team has conducted applied research in the area of Internet measurements and routing for many years. Code BGP plans to maintain and develop close ties with research institutes and to participate in cutting-edge research relevant to our core business in the future. We seek to leverage research results to improve our own and the community’s expertise in the areas of our focus and to improve the products we provide for our customers.
What is our vision?
Our vision is to embrace the complexity of BGP operations and to apply modern DevOps practices to deal with it. We aim to make BGP fun to work with and easy to use, therefore simplifying operations, reducing costs for managing networks and minimizing service disruptions. We focus on producing secure, reliable, trustworthy and performant systems for these purposes.
Where do we go from here?
We are currently designing and developing the first generation of our SaaS offering, focusing on Automation and Visibility. Besides the three co-founders serving as Code BGP’s officers, we are building a team that will help us propel the resiliency and performance of our platform. Ioannis Sermetziadis, our first colleague, is a senior engineer that will work on building a highly scalable microservices backend. Several more team members will join in the following months. The journey has just begun; we are looking for new talent to work with us and build great things! For more information on available openings, please check our Careers page.
Thanks for reading! We are going to have more to share soon - till then you can stay in the loop by subscribing to our newsletter or following our company channel on Twitter or Linkedin. We will have more exciting news and product releases to share soon! If you have any questions, please write to us at info[at]codebgp[dot]com. We would love to hear from you!