Lecture 14 Internet Measurements. 2 Web of interconnected networks Grows with no central authority...
36
Lecture 14 Internet Measurements
-
Upload
simon-knight -
Category
Documents
-
view
221 -
download
2
Transcript of Lecture 14 Internet Measurements. 2 Web of interconnected networks Grows with no central authority...
Lecture 14Internet Measurements
2
Web of interconnected networks• Grows with no central authority
• Autonomous Systems optimize local communication efficiency
• The building blocks are engineered and studied in depth
• Global entity has not been characterized
Most real world complex-networks have non-trivial properties.
Global properties can not be inferred from local ones• Engineered with large technical diversity
• Range from local campuses to transcontinental backbone providers
Internet
Need for Internet measurements arises due to commercial, social, and technical issues
• Realistic simulation environment for developed products,
• Improve network management
• Robustness with respect to failures/attacks
• Comprehend spreading of worms/viruses
• Know social trends in Internet use
• Scientific discovery
• Scale-free (power-law), Small-world, Rich-club, Dissasortativity,…
Internet Measurements
3
Internet Topology Measurement
4CAIDA 2006
Internet Topology Measurement
5CAIDA 2006
Internet Topology Measurement
6Dandelion 2001
Internet Topology Measurement
7
8Walrus
Internet Topology Measurement
9CAIDA 2006
Direct probing
Indirect probing
A DB C
Internet Topology MeasurementsProbing
IPB TTL=64
IPB
IPD TTL=64
IPD
Vantage Point
A DB C
Vantage Point
IPB
IPD TTL=2IPD TTL=1
IPC
10
Probe packets are carefully constructed to elicit intended response from a probe destination
traceroute probes all nodes on a path towards a given destination• TTL-scoped probes obtain ICMP error messages from routers on the path
• ICMP messages includes the IP address of intermediate routers as its source
Merging end-to-end path traces yields the network map
S DA B C
Destination
Internet Topology MeasurementTopology Collection (traceroute)
TTL=1
IPA
TTL=2
IPB
TTL=3
IPC
TTL=4
IPD
Vantage Point
11
Internet Topology Measurement:Background
12
S
L
U
H
C
N
W
A
s.2
l.1
s.3
u.1
l.3
u.3
h.1
k.3
h.2
h.3
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3
w.1c.2
n.1 n.3
w.2
l.2
K
c.1
k.2
dh.4
Trace to Seattle
h.4
l.3
s.2
Trace to NY
h.4
a.3
w.3
n.3
Internet2 backbone
Internet Topology Measurement:Background
13
S
L
UC
N
A
s.2
l.1
s.3
u.1
l.3
h.1
k.3
h.2
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3
w.1c.2
n.1 n.3
w.2
l.2
K
c.1
k.2
h.3
dh.4
s.1e f
n.2
H
W
u.3
14
Sampling to discover networks • Infer characteristics of the topology
Different studies considered • Effect of sample size [Barford 01]
• Sampling bias [Lakhina 03]
• Path accuracy [Augustin 06]
• Sampling approach [Gunes 07]
• Utilized protocol [Gunes 08]
• ICMP echo request
• TCP syn
• UDP port unreachable
Topology SamplingIssues
Anonymous Router Resolution Problem
Anonymous routers do not respond to traceroute probes and appear as a in path traces• Same router may appear as a in multiple traces.
• Anonymous nodes belonging to the same router should be resolved.
Anonymity Types1. Ignore all ICMP packets
2. ICMP rate-limiting
3. Ignore ICMP when congested
4. Filter ICMP at border
5. Private IP address
15
Anonymous Router Resolution Problem
Internet2 backboneS
L
U
K
C
H
A
W
N
e
d
Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e
16
f
Anonymous Router Resolution Problem
U K C N
L H A W
S
d
e
f
Sampled network
d
e
fS U
L
C
AW
Resulting network
17
Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e
18
Graph Based InductionCommon Structures
Parallel nodes
Ax C y2
y1
y3
Ax C y2
y1
y3
Star
DA wx
C y
E z
DA wx
C y
E z
Complete Bipartite
A
C
x
y
D w
F v
E z
A
C
x
y
D w
F v
E z
Clique
A
C
x
y
D w
E z
A
C
x
y
D w
E z
Each interface of a router
has an IP address. A router may respond with
different IP addresses to
different queries.
Alias Resolution is the process of grouping the interface IP addresses of each router into a single node.
Inaccuracies in alias resolution may result in a network map that• includes artificial links/nodes
• misses existing links
Alias Resolution:
.5.33
.18
.13.7
Denver
19
20
S
L
UC
N
W
A
s.2
l.1
s.3
u.1
l.3
u.3
h.1
k.3
h.2
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3
w.1c.2
n.1n.3
w.2
l.2
K
c.1
k.2
h.3
d
h.4
s.1e f
n.2
HTraces• d - h.4 - l.3 - s.2 - e• d - h.4 - a.3 - w.3 - n.3 - f• e - s.1 - l.1 - h.1 - d• e - s.1 - u.1 - k.1 - c.1 - n.1 - f• f - n.2 - c.2 - k.2 - h.2 - d• f - n.2 - c.2 - k.2 - u.2 - s.3 - e
IP Alias ResolutionProblem
21
IP Alias ResolutionProblem
U K C N
L H A W
S
d
e
fSampled network
Sample map without alias resolution
s.3
s.1
s.2
l.3
l.1
u.1
u.2
k.1 c.1 n.1
n.2k.2 c.2
w.3
a.3
h.2
h.4
h.1
e
d
f
n.3
Traces• d - h.4 - l.3 - s.2 - e• d - h.4 - a.3 - w.3 - n.3 - f• e - s.1 - l.1 - h.1 - d• e - s.1 - u.1 - k.1 - c.1 - n.1 - f• f - n.2 - c.2 - k.2 - h.2 - d• f - n.2 - c.2 - k.2 - u.2 - s.3 - e
22
Genuine Subnet ResolutionProblem
Alias resolution
• IP addresses that belong to the same router
Subnet resolution
• IP addresses that are connected over the same medium
IP2 IP3
IP4IP1
IP6 IP5
IP2 IP3
IP1
IP2 IP3
IP1
Autonomous System Level Mapping
23
Historical
Internet Topology Discovery 24
Internet Topology Discovery 25
Autonomous System Level Mapping
26
27
Traffic Measurements Monitoring and measuring network traffic
• to produce better models of network behavior
• to diagnose failures and detect anomalies
• to defend against unwanted traffic
Live weather map• Internernet2
PlanetLab
28
Code-Red Worm On July 19, 2001, more than 359,000 computers connected to the
Internet were infected with the Code-Red (CRv2) worm in less than 14 hours
Spread
29
Sapphire Worm was the fastest computer worm in history
• doubled in size every 8.5 seconds
• infected more than 90 percent of vulnerable hosts within 10 minutes.
30
Witty Worm reached its peak activity after approximately 45 minutes
• at which point the majority of vulnerable hosts had been infected
World USA
31
Nyxem Email Virus Estimate of total number of infected computers is
between 470K and 945K At least 45K of the infected computers were also
compromised by other forms of spyware or botware
Spread
32
Scam Hosting Study dynamics of scam hosting infrastructure
33
Measurement Studies Glasnost
• tests whether BitTorrent is being blocked or throttled
BW-meter• Measurement tools for the capacity and load of Internet paths
NPAD Diagnostics Servers• Automatic diagnostic server for troubleshooting end-systems
and last-mile network problems
iPlane• construct a router interface-level atlas of the Internet
• measuring link attributes
Hubble• find persistent Internet black holes as they occur
34
Internet Measurements The Internet is man-made, so why do we need to
measure it?
• Because we still don’t really understand it• Sometimes things go wrong
• Malicious users
• Measurement for network operations• Detecting and diagnosing problems
• What-if analysis of future changes
• Measurement for scientific discovery• Creating accurate models that represent reality
• Identifying new features and phenomena
35
Questions ?
Internet Topology Discovery 36
