INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University of Nevada, Reno M.Sc.
Dec 24, 2015
INTERNET TOPOLOGY MAPPING
INTERNET MAPPING PROBING OVERHEAD MINIMIZATION
Intra- and inter-monitor redundancy reduction
IBRAHIM ETHEM COSKUNUniversity of Nevada, RenoM.Sc.
TOPOLOGY OF THE INTERNET
Network of networks linked together world wide
WHY IMPORTANT?
Identify vulnerabilities
Identify threats
Create new protocols
Examine internet evolution
Economics (Internet based services)
An autonomous system (AS) is a network or a collection of networks that are all managed and supervised by a single entity or organization.
TOPOLOGY OF THE INTERNET
AS 1AS 2
AS 4
AS 3
• Interconnection of Autonomous Systems (Internet Service Providers, Universities, Companies)
• Distinct regions of administrative control
Connection between ASes AS needs to know how to reach the rest of the Internet
BGP (Border Gateway Protocol) provides reachability across the whole Internet exchange routing information between ASes iBGP, eBGP eBGP: Border router
a direct link to another border router in another AS
TOPOLOGY OF THE INTERNET
AS 1 AS 2
Traceroute Sends a series of probes to successive nodes
along a route to a destination Records source address and time delay of the
message returned by each hop.
Tools for Topology Mapping
cb d f he ga
130.217.250.10
130.217.250.80
190.200.1.1
190.200.1.2
192.168.0.1
192.168.0.2
72.14.207.99
72.14.207.254
b
1 h
b
1 h
b
1 h
2 h
d
2 h
d
Figure: Tony McGregor
RIPE NCC Visiting Researcher
The reason of sending 3 packetsis to calculate the average RTT.
Traceroute
RTT: the delay between sending the packet and getting the response
Probing Overhead Causes DoS attacks Reduces efficiency
THE PROBLEM
Intra –monitor redundancy
Occurs when all traceroutes start from a single point
Inter –monitor redundancy
Occurs when multiple monitors visit the same point
INTRA AND INTER –MONITOR REDUNDANCY
INTRA –MONITOR REDUNDANCY
Monitor 1
Destination 1Destination 2
Destination 3
INTER –MONITOR REDUNDANCY
Monitor 1
Monitor 2
Monitor 3
Destination 1
130.217.250.56
Introduced by Benoit Donnet, Philippe Raoult, Timur Friedman,
Mark Crovella
Significantly reduces both kinds of redundancy: inter- and intra-
monitor
Key ideas:
utilize tree-like structure of routes
probe each target by starting midpoint of the path
DOUBLETREE
Intra-monitor: Monitor-Rooted tree
Start probing far from the monitor (vantage point)
Probe forwards and backwards
If an interface is encountered that has already been discovered by the
vantage point:
stop probing
add the discovered interface to the “local stop set”
DOUBLETREE
Doubletree: Monitor-Rooted Tree
Intra-Monitor
Inter-monitor: Destination-Rooted tree
Probe forwards and backwards
If facing an interface that has already been discovered
stop probing
add the discovered interface to the “global stop set”
Monitors (vantage points) need to share information of discovered interfaces
VPs have to work in coordination
DOUBLETREE
Doubletree: Destination-Rooted Tree
Inter-Monitor
Must determine a paths mid point
Information sharing between nodes causes another traffic
Doesn’t deal well with load balancing
DOUBLETREE
Reduce intra-monitor redundancy by performing partial traces to some
destination IP addresses.
Once having a full trace to an IP address in an AS,
start traceroute queries from the hop distance hi of the ingress router
If the first IP of the new trace has not appeared at the same hop distance
hj in any of the earlier full traces to the AS,
then completes the trace, otherwise does not complete the trace.
CHELEBY
Intra –monitor redundancy
CHELEBY - Intra-Monitor Redundancy
AS 1
B CAD
EF
G
H
Start the trace from 4th hop (D)
A destination IP is probed by only one monitor (Vantage Point) of a
team
Vantage Points in the same area are geographically close
Their contribution to identify a new link/node is small
Identify ingress points of ASes to dynamically establish teams for each
destination AS
One vantage point probing through each ingress point of an AS
CHELEBY
Inter –monitor redundancy
CHELEBY - Inter-Monitor Redundancy
VA 1
VA 2
VB 1
VB 2
VB 3
D
Area A
Area B
By Guillermo Baltra, Robert Beverly, Geoffrey G. Xie
A new interface-level network mapping technique
Underlying IPS
is the observation that a target AS is multi-homed and multi-connected
INGRESS POINT SPREADING (IPS)
An AS being connected to two or more separate ISPs (more than one AS).
If one outgoing link fails, outgoing traffic will automatically be routed via one of the remaining links.
Has multiple ingress points
AS Multi-homing
If probes enter the AS (multihomed) via different ingress points
Not only reduce the probing overhead but likely to reveal more of the target network’s topological structure
D1
D3
D2
V2
V1
V3
A Multi-Homed AS
INGRESS POINT SPREADING (IPS)
1. Infer the number of ingress points for a target network
2. Select the VP with the highest likelihood to traverse an
ingress point that has not yet been covered
3. To infer potential ingress points:
Subnet Centric Probing
IPS algorithm computes a per-destination network rank-
ordered list of VPs based on prior rounds of probing.
INGRESS POINT SPREADING (IPS)
IPS seeks to utilize all of the ingress points discovered in
prior rounds of probing
future probing can induce probe traffic to flow through each of these
known ingresses
explore more of the destination network’s topology
INGRESS POINT SPREADING (IPS)
Uses one day’s worth of prior probing results to infer potential ingress points at
different notional network boundaries for each target prefix
Use the knowledge of how networks are subnetted to select addresses to
probe within each BGP advertised prefix
Adapt the number of probes to the degree of subnetting within the prefix to
avoid wasted probing
Subnet Centric Probing
Reducing the probing redundancy by
- Generalizes DoubleTree without parametrization
- Intelligently tuning (via TTL) the set of hops each trace interrogates
- Start a trace with a TTL suitable to reach the destination and iteratively decrement
the TTL until a previously discovered hop (i.e. at the AS ingress) is found.
- Discover AS ingress points and paths to the AS via multiple vantage points
AS ingress
http://www-sop.inria.fr/coati/events/rescom2014/slides/teixeira.pdf http://www.cmand.org/direct/20140314-dhs.pdf
REFERENCES
?QUESTIONS?