Network Diagnostic and Discovery with Traceroute Prepared and presented by PhD candidate,Yihua He.
14
Network Diagnostic Network Diagnostic and Discovery with and Discovery with Traceroute Traceroute Prepared and presented by Prepared and presented by PhD candidate,Yihua He PhD candidate,Yihua He
-
Upload
clementine-lynch -
Category
Documents
-
view
214 -
download
2
Transcript of Network Diagnostic and Discovery with Traceroute Prepared and presented by PhD candidate,Yihua He.
Network Diagnostic and Network Diagnostic and Discovery with TracerouteDiscovery with Traceroute
Prepared and presented byPrepared and presented by
PhD candidate,Yihua HePhD candidate,Yihua He
RoadmapRoadmap
Identifying the AS PATHIdentifying the AS PATH• Which AS a packet goes throughWhich AS a packet goes through
Review of how traceroute worksReview of how traceroute works Possible ways to do IP->ASPossible ways to do IP->AS Hands-on experience with BGP tablesHands-on experience with BGP tables What can traceroute tell us besides What can traceroute tell us besides
reachability?reachability? Internet routes are not symmetricInternet routes are not symmetric
AS A
AS BAS C
AS DAutonomous System (AS)
Autonomous System Autonomous System Forwarding PathForwarding Path
Example: Pinpoint forwarding loop & responsible ASExample: Pinpoint forwarding loop & responsible AS
IP trafficInternet
sourcedestination
Border Gateway Protocol Border Gateway Protocol (BGP)(BGP)
BGP path may differ from forwarding AS BGP path may differ from forwarding AS pathpath• Routing loops and deflectionsRouting loops and deflections• Route aggregation and filteringRoute aggregation and filtering• BGP misconfigurationBGP misconfiguration
AS A AS B AS C
prefix d
Signaling path: control traffic
d: path=[C]
Forwarding path: data traffic
d: path=[BC]Origin ASd: path=[B C]d: path=[A B C]
Traceroute: Measuring the Traceroute: Measuring the Forwarding PathForwarding Path
Time-To-Live field in IP packet headerTime-To-Live field in IP packet header• Source sends a packet with a TTL of Source sends a packet with a TTL of nn• Each router along the path decrements the TTLEach router along the path decrements the TTL• ““TTL exceeded” sent when TTL reaches TTL exceeded” sent when TTL reaches 00
Traceroute tool exploits this TTL behaviorTraceroute tool exploits this TTL behavior
source destination
TTL=1
Time exceeded
TTL=2
Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message
TracerouteTraceroute gives IP-level gives IP-level forwarding pathforwarding path
1 169.229.62.1
2 169.229.59.225
3 128.32.255.169
4 128.32.0.249
5 128.32.0.66
6 209.247.159.109
7 *
8 64.159.1.46
9 209.247.9.170
10 66.185.138.33
11 *
12 66.185.136.17
13 64.236.16.52
Traceroute output: (hop number, IP address, DNS name)
Traceroute from Berkeley to www.cnn.com (64.236.16.52)
inr-daedalus-0.CS.Berkeley.EDU
soda-cr-1-1-soda-br-6-2
vlan242.inr-202-doecev.Berkeley.EDU
gigE6-0-0.inr-666-doecev.Berkeley.EDU
qsv-juniper--ucb-gw.calren2.net
POS1-0.hsipaccess1.SanJose1.Level3.net
?
?
pos8-0.hsa2.Atlanta2.Level3.net
pop2-atm-P0-2.atdn.net
?
pop1-atl-P4-0.atdn.net
www4.cnn.com
Map Traceroute Hops to ASesMap Traceroute Hops to ASes
1 169.229.62.1
2 169.229.59.225
3 128.32.255.169
4 128.32.0.249
5 128.32.0.66
6 209.247.159.109
7 *
8 64.159.1.46
9 209.247.9.170
10 66.185.138.33
11 *
12 66.185.136.17
13 64.236.16.52
Traceroute output: (hop number, IP)AS25
AS25
AS25
AS25
AS11423
AS3356
AS3356
AS3356
AS3356
AS1668
AS1668
AS1668
AS5662
Berkeley
CNN
Calren
Level3
AOL
Need accurate IP-to-AS mappings(for network equipment).
Possible Ways to Possible Ways to Get IP-to-AS Mapping(1)Get IP-to-AS Mapping(1)
DNS names: DNS names: • Inaccurate, and in a lot of times, Wrong!Inaccurate, and in a lot of times, Wrong!
Anyone, with $5/year, can register a Anyone, with $5/year, can register a www.whateveryoulike.comwww.whateveryoulike.com and point it to any IP address!and point it to any IP address!
• Some of the IPs do not have any DNS name.Some of the IPs do not have any DNS name. Routing address registry (WHOIS)Routing address registry (WHOIS)
• That’s what you did in Lab1That’s what you did in Lab1• More accurate. However…More accurate. However…• Voluntary public registry such as Voluntary public registry such as whois.radb.netwhois.radb.net• Prone to human input errorsProne to human input errors• Incomplete and maybe out-of-dateIncomplete and maybe out-of-date
Mergers, acquisitions, delegation to customersMergers, acquisitions, delegation to customers
Possible Ways to Possible Ways to Get IP-to-AS Mapping (2)Get IP-to-AS Mapping (2)
Origin ASOrigin AS in BGP paths in BGP paths• Prefix=198.133.206.0/24, ASpath=[1239 2914 Prefix=198.133.206.0/24, ASpath=[1239 2914 31303130]]• Public BGP routing tables such as Public BGP routing tables such as RouteViewsRouteViews• Almost real time and avoiding most human input errorsAlmost real time and avoiding most human input errors• It’s approximately 98% accurate, It’s approximately 98% accurate,
Multiple Origin ASes (MOAS) Multiple Origin ASes (MOAS) • due to merge in a lot of casesdue to merge in a lot of cases• E.g., around 2002-2003, 148.231.0.0/16 had two ASes E.g., around 2002-2003, 148.231.0.0/16 had two ASes
announced its address block: AS5677 and AS7132. That announced its address block: AS5677 and AS7132. That was PacBell and SBC was PacBell and SBC
• Now AS5677 does not exist anymoreNow AS5677 does not exist anymore No mappingNo mapping
• Some ASes intentionally do not want to advertise the Some ASes intentionally do not want to advertise the route/IPsroute/IPs
• Incomplete viewIncomplete view
Hands-on Experience with BGP Hands-on Experience with BGP Routing TablesRouting Tables
Telnet://route-views.routeviews.orgTelnet://route-views.routeviews.org• Show ip bgp summaryShow ip bgp summary
Whose BGP feeds do the router take?Whose BGP feeds do the router take?
• Show ip bgpShow ip bgp PrefixPrefix Origin ASOrigin AS AS PathAS Path
Collected at Collected at http://archive.routeviews.org/http://archive.routeviews.org/ Other BGP table collections are:Other BGP table collections are:
• http://www.ripe.net/projects/ris/rawdata.htmlhttp://www.ripe.net/projects/ris/rawdata.html• http://www.cs.http://www.cs.ucrucr.edu/.edu/bgpbgp//
What can traceroute tell us?What can traceroute tell us?
Where are those routers?Where are those routers?• from DNSfrom DNS
City nameCity name Airport nameAirport name
• From roundtrip timeFrom roundtrip time Light travels approximately 2*10^8 meters/sec in Light travels approximately 2*10^8 meters/sec in
fiber cablesfiber cables When non-congested, the major delay is propagation When non-congested, the major delay is propagation
delaydelay If you see a host with roundtrip time of 10ms, you If you see a host with roundtrip time of 10ms, you
know it must be within 600 miles radius.know it must be within 600 miles radius. Theoretically, with multiple vantage point, you can Theoretically, with multiple vantage point, you can
pinpoint where the routers are.pinpoint where the routers are.
Internet routes are not symmetric!Internet routes are not symmetric!
Try traceroute from both endsTry traceroute from both ends And we’ll find most routes are not And we’ll find most routes are not
symmetric!symmetric! Why? Why?
• Hot potato routing --- try to use other Hot potato routing --- try to use other guys’ network as much as possibleguys’ network as much as possible
• Policy routing --- when multihomedPolicy routing --- when multihomed
Traceroute from other placesTraceroute from other places
http://www.traceroute.orghttp://www.traceroute.org• Remote traceroute serversRemote traceroute servers• Hundreds of themHundreds of them• Limited probe rateLimited probe rate• Not always availableNot always available
http://www.caida.org/tools/measurement/shttp://www.caida.org/tools/measurement/skitter/kitter/• Dedicated remote traceroute monitorsDedicated remote traceroute monitors• Almost unlimited probe rateAlmost unlimited probe rate• Only a couple of dozens of themOnly a couple of dozens of them
Any questions?Any questions?
