Heuristics for Internet Map Discovery
description
Transcript of Heuristics for Internet Map Discovery
![Page 1: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/1.jpg)
Heuristics for Internet Map Discovery
R. Govindan, H. Tangmunarunkit
Presented by Zach Schneirov
![Page 2: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/2.jpg)
Mercator
• Infers a topological Internet map through– Hop-limited probes– Informed random address probing– Resolution of aliases
![Page 3: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/3.jpg)
Why build router-level maps?
• It is the first step in understanding the large-scale physical structure of the Internet
• It can be used in input simulations• It can directly determine network scaling
limits
![Page 4: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/4.jpg)
What exactly is an Internet map?
• A map in this case is a graph with nodes as routers and links as indications of adjacency, where adjacent routers have one IP hop between them
![Page 5: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/5.jpg)
Previous work
• All previous maps have built router adjacencies using probes from a single node
• Obtained destination addresses from BGP routing tables and generated addresses with random prefixes
• Used routing activity between autonomous systems, with links representing inter-ISP peering
• Used router-level support, such as SNMP and multicast IGMP queries to find neighbor lists
![Page 6: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/6.jpg)
Goals
• Map the Internet from any single arbitrary node
• Use only hop-limited probes (implies an absence of a database)
• Map must be complete• Not impose significant overhead• At least as fast as previous methods
![Page 7: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/7.jpg)
Methods
• Informed random address probing• Source-routed path probing• Alias resolution
![Page 8: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/8.jpg)
Informed random address probing
• Targets of probes depend on previous probes and IP block allocation policies
• Two ways to generate an address:– Guess an IP addressable prefix based on
prefix of source address in responses to probes
– Assume that other subnets at the same prefix level are neighbors
![Page 9: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/9.jpg)
IRAP Procedure
• Start with an IP prefix (taken from the host machine by default)
• Repeating these two methods will gradually build a population of IP address prefixes– 1st method ensures that addressable prefixes are
explored first– 2nd ensures that all possible addresses are explored
![Page 10: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/10.jpg)
IRAP Procedure (continued)
• Terminates when one of the following occurs:– Subsequent ICMP-time-exceeded packets are not
received– Mercator detects a loop– Chosen destination address is reached
• Sequence of routers is inserted into the map of links:
• (R1, R2, R3) becomes R1->R2, R2->R3
![Page 11: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/11.jpg)
Reducing Overhead for IRAP
• Avoids probing known routers multiple times by adjusting the TTL to skip the furthest known router in the map
![Page 12: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/12.jpg)
Speeding up map discovery
• Uses lottery scheduling algorithm to select prefixes– Each prefix is assigned a lottery tick– Probability of that prefix’s ticket “winning”
is proportional to the faction of successful probes to the prefix
• Results in a bias towards densely-addressed prefixes
![Page 13: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/13.jpg)
Source-routing
• Cross-links can be discovered by sending probes in one direction instead of sending them radiallyThat is, send probes to already-discovered routers
• This essentially allows Mercator to send probes from multiple locations by proxy
![Page 14: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/14.jpg)
Determining if router can do source-routing
• Send UDP datagrams to a random high port
• See if router sends back an ICMP-port-unreachable message
![Page 15: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/15.jpg)
Alias resolution
• Problem: a single host can have multiple IP aliases. Probes technically discover router interfaces--not routers themselves
• Solution: paths from Mercator to destination host can overlap in the cases of:– Policy differences– Primary and backup paths– Source-routed paths probing from different
perspectives
![Page 16: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/16.jpg)
Alias resolution procedure
• Send UDP packets to non-existent ports on a router
• ICMP port-unreachable message will contain the outgoing interface for the return route
• If this is different than the original destination interface, then these interfaces are aliases for the same router
• Alias probes can also be source-routed to deal with incomplete backbone routing tables
![Page 17: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/17.jpg)
Mercator Software Design
• Implemented from scratch for greater experimental flexibility
• Implemented with Libserv– Allows non-blocking network and file system
access– So simultaneous independent path probes,
source-routed path probes, and alias probes are possible
• Periodically saves map for reverting to and resumption from previous states
![Page 18: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/18.jpg)
Theoretical Results
• How well do these methods satisfy the goals?– Cannot guarantee discovery of all aliases due to
finite perspectives– Cannot find shared media– Map is not instantaneous– Unable to find adjacencies between physical
neighbors who aren’t on speaking terms
![Page 19: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/19.jpg)
More results-Map is incomplete
• Can’t discover details of networks that do not route traffic to other autonomous systems
• It is however complete with respect to the portion of the Internet over which packets tend to travel between hosts
![Page 20: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/20.jpg)
Real world results
• Ran Mercator on a Linux PC with 15 simultaneous probes
• Found 150,000 interfaces and 200,000 links in 3 weeks
• Could only discover 20,000 router interfaces due to unroutable addresses
• Source-routed paths discovered only 3,000 paths
![Page 21: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/21.jpg)
Internet map validation
• Compared subgraphs against published ISP maps using DNS names of routers
• All but one link was discovered for an ISP and an educational/research network
• More complexly-meshed ISPs have not been tested
• Will improve with more widespread use of ICMP-time-exceeded messages and source-routing
![Page 22: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/22.jpg)
Measuring ISP Topologies with Rocketfuel
N. Spring, R. Mahajan, D. Wetherall
![Page 23: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/23.jpg)
Rocketfuel
• Directly measure router-level ISP topologies more efficiently than brute-force
• Uses BGP routing tables• Eliminates redundant measurement• Better alias resolution• DNS for identifying ISPs
![Page 24: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/24.jpg)
Goals
• Infer high quality ISP topological maps• Use as few measurements as possible• An ISP will consist of multiple POPs
(point-of-presence) connected by backbones
![Page 25: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/25.jpg)
Methods
• Uses only traceroute for measuring paths• Merges traceroute paths from multiple
sources to multiple destinations• Choose traceroutes that contribute the most
information (directed probing and path reductions)
• Alias resolution through “personality”• Identifying routers through DNS
![Page 26: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/26.jpg)
Directed probing
• Use BGP routing information to choose only the traceroutes likely to transit the target ISP
• Traceroutes will transit the ISP if they are:– Sent to dependent prefixes (sent to a destination
within the ISP)– Sent from within a dependent prefix (traceroute
server is within the ISP)– Either may be true depending on several
different destination prefixes in BGP table
![Page 27: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/27.jpg)
Expected problems with directed probing
• Incomplete routing tables or non-determinism in the routing tables will cause:– False positives: when traceroutes are
performed on paths that don’t traverse ISP– False negatives: when removing traceroutes
results in less information
![Page 28: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/28.jpg)
Path reductions
• Don’t do traceroutes that enter and/or leave the ISP through the same points; they will probably take the same path through the ISP
• Ingress reduction• Egress reduction• Next-hop AS reduction
![Page 29: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/29.jpg)
Ingress reduction
Egress reduction
Next-hop AS reduction
![Page 30: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/30.jpg)
Alias resolution
• Improves Mercator’s UDP-port-unreachable triggering
• Assumes that router aliases will have some set of characteristics that is constant between its aliases
• Tests one pair of addresses at a time
![Page 31: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/31.jpg)
Alias resolution methods
• Compare TTLs in responses to UDP requests• Test ICMP rate limiting
– If two probes to two addresses are sent right away with only one response returned, then it is a single router
• Assume that packets sent consecutively will have incrementing IP ID in the response
![Page 32: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/32.jpg)
Identifying routers
• How to determine– Which routers correspond to the ISP in question– What are the routers’ physical locations?– Which other routers they connect to?
• Use DNS names– Support of BGP on routers is irrelevant– Can identify network edges by changes in names– Customer nodes (cable, DSL, dialup) are named
differently– Can guess location through naming convention
![Page 33: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/33.jpg)
Rocketfuel Results
Statistics for 10 mapped ISPs using 294 publicly available traceroute servers
![Page 34: Heuristics for Internet Map Discovery](https://reader035.fdocuments.us/reader035/viewer/2022062521/5681681e550346895dddade3/html5/thumbnails/34.jpg)
Traceroute reduction results