Alert API

IODA's Alert API allows users to query for outage alerts generated by IODA. An outage alert signifies the beginning or end of a potential outage event.

Outage alerts are generated by IODA using three data sources—Internet Background Radiation (IBR), BGP, and active probing. For more information about the detection methodology see the Help page. Alerts are generated by IODA when there is a significant drop (or subsequent increase) in the timeseries of an IODA data source for a group of addresses (such as addresses belonging to the same geographic region or Autonomous System). IODA's help page contains more details on how IODA generates alerts for each of its data sources.

IODA’s Alert API has been designed to allow users to query for subsets of outage alerts that users are interested in. Instead of retrieving all outage alerts that IODA has ever generated, users will typically be interested in specific subsets of alerts. For instance, users may seek only the alerts that affect a specific country or Autonomous System, or alerts that were generated during specific periods. In fact, we highly recommend that users use the available filter parameters to limit the number of results that are returned by the API.

We describe different ways to retrieve various subset(s) of outage alerts using the IODA Alert API below, but for a detailed technical description of the API endpoints, parameters and responses please refer to the auto-generated Swagger (OpenAPI) Documentation.

Finding Alerts By Time

The Alert API allows a user to specify the time range in which they are interested, using the from and until parameters. The response will include alerts that were generated during the user-specified time range. The from and until parameters should both be provided in Unix Epoch seconds.

For example, the following GET request will return all alerts generated by IODA between 10:00:00 to 11:00:00 on Jan 10, 2019:

GET https://ioda.caida.org/ioda/data/alerts?from=1547114400&until=1547118000&annotateMeta=true&human=true 
{
    "type": "watchtower.alerts",
    "error": null,
    "queryParameters": {
        ...
    },
    "data": {
        "alerts": [
            {
                ...
                "name": "BGP \/24s (min 50% ff-peer-ASNs)",
                "time": 1547117700,
                "level": "warning",
		...
                "condition": "\u003C historical * 0.99",
                "value": 38,
                "historyValue": 40,
                "metaType": "asn",
                "metaCode": "23657",
                "meta": {
                    "name": "AS23657 (Blue Sky Communications)",
                    "attrs": {
                        "fqid": "asn.23657",
                        "org": "Blue Sky Communications",
                        "ip_count": "9728",
                        "name": "BLUESKY-AS-AP"
                    }
                }
            },
		...

        ]
    }
}

Finding Alerts By Geographic Region or ASN

Users can specify the geographic region or Autonomous System they seek using the meta parameter and the API will return the relevant subset of alerts. Each alert generated by IODA includes a meta field that indicates the group of addresses that the alert affects: the group may be addresses geolocating to a country, addresses geolocating to a region within a country, or addresses belonging to a specific Autonomous System. Users who would like to see only alerts affecting Autonomous Systems can set meta=asn and the API will return all such alerts. Further, setting meta=country/<country-code>, meta=region/<region-code>, meta=asn/<Autonomous-System-Number> allows users to view only the subset of alerts affecting the user-specified group of addresses.

Geographic Region (Country)

The API supports two levels of granularity for geographic regions: country and administrative regions within countries (like states in the U.S. or provinces in Canada).

To request alerts for all (any) countries, the meta parameter should be set to country (i.e., meta=country).

To request alerts for a specific country, the meta parameter should be set to country/<2-letter-ISO-country-code>. For example, meta=country/US.

For example, the following GET request will return alerts generated in the U.S. between 10:00:00 to 11:00:00 on Jan 10, 2019:

GET https://ioda.caida.org/ioda/data/alerts?from=1547114400&until=1547118000&annotateMeta=true&human=true&meta=country/US
{
    "type": "watchtower.alerts",
    "error": null,
    "queryParameters": {
        ...
    },
    "data": {
        "alerts": [
            {
                ...
                "name": "BGP \/24s (min 50% ff-peer-ASNs)",
                "time": 1547116200,
                "level": "warning",
		...
                "condition": "\u003C historical * 0.99",
                "value": 3893137,
                "historyValue": 3951735.5,
                "metaType": "country",
                "metaCode": "US",
                "meta": {
                    "name": "United States",
                    "attrs": {
                        "fqid": "geo.netacuity.NA.US"
                    }
                }
            }
        ]
    }
}

To request alerts for specific geographic regions, users need to know the identifier for the region that IODA uses internally. We plan to expose the ability to query for specific regions in a future version.

Autonomous System (AS)

The API allows users to specify which Autonomous Systems they seek, also using the meta parameter.

Similarly to country, alerts for all (any) ASNs can be retrieved by setting the meta parameter to asn (meta=asn).

To request alerts for a specific Autonomous System, the meta parameter should be set to asn/<Autonomous-System-Number>. For example, meta=asn/3307.

For example, the following GET request will return alerts generated in AS 3307 between 10:00:00 to 11:00:00 on Jan 10, 2019::

GET https://ioda.caida.org/ioda/data/alerts?from=1547114400&until=1547118000&annotateMeta=true&human=true&meta=asn/3307

{
    "type": "watchtower.alerts",
    "error": null,
    "queryParameters": {
        ...
    },
    "data": {
        "alerts": [
            {
                ...
                "name": "BGP \/24s (min 50% ff-peer-ASNs)",
                "time": 1547117700,
                "level": "critical",
		...
                "condition": "\u003C historical * 0.5",
                "value": 0,
                "historyValue": 1,
                "metaType": "asn",
                "metaCode": "3307",
                "meta": {
                    "name": "AS3307 (Broadnet AS)",
                    "attrs": {
                        "fqid": "asn.3307",
                        "org": "Broadnet AS",
                        "ip_count": "256",
                        "name": "BANETELE-NORWAY"
                    }
                }
            }
        ]
    }
}