Locating hosts by TULIP (Trilateration Utility for Locating IP hosts) Prepared by: Les Cottrell SLAC , Faran Javed NIIT , Shahryar Khan NIIT ,Umar Kalim NIIT Internet2 fall members meeting San Diego, October 2007 http://www.slac.stanford.edu/grp/scs/net/talk07/i2mmfall07.ppt
17
Embed
Locating hosts by TULIP (Trilateration Utility for Locating IP hosts)
Locating hosts by TULIP (Trilateration Utility for Locating IP hosts). Prepared by: Les Cottrell SLAC , Faran Javed NIIT , Shahryar Khan NIIT ,Umar Kalim NIIT Internet2 fall members meeting San Diego, October 2007. http://www.slac.stanford.edu/grp/scs/net/talk07/i2mmfall07.ppt. Purpose. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Locating hosts by TULIP (Trilateration Utility for Locating IP
hosts)Prepared by: Les CottrellSLAC,
Faran JavedNIIT, Shahryar KhanNIIT,Umar KalimNIIT
Internet2 fall members meeting San Diego, October 2007
Security (lots of concerns)• Can be used for DoS attacks against a target• Looks like a potential scan of the target vs many hosts
– Target ICMP replies to a large number of hosts• CGI scripts (Perl) needs to be well vetted for holes• Ability to discover & then blackhole abusers• Only one TULIP client per host• Landmarks and reflector both limit the number of running
requests• Centralized logging of all requests and results, plus
analysis – Look for anomalies– Also discovers what landmarks are failing, who is requesting
• Possible privacy problems if locate a person’s host accurately (could add fuzz)
Problems• Geostationary satellite connections
– 24Kmiles => RTT >370ms, heavily used in C. Asia and Africa• IP name refers to multiple hosts (e.g. Google, Akamai, root name
servers) in many locations• Hosts move, have proxies etc.• Indirect routing so RTT !~ distance
– E. Asia vs. Australia seen from US• Security concerns• Duration for measurements (50 seconds to complete, results start
arriving earlier)– Optimizing # of parallel requests from reflector, timeouts, tiering, remove poor
landmarks• Optimizing alpha in distance (km) = alpha * RTT (ms).• Optimizing the choice of tier 0 landmarks, reliable & at edges, want
very few, yet few false positives or mistakes – N. America: SLAC/CA, BNL/NY, AMPATH/FL, TRIUMF/CA(Vancouver),
Winnipeg/CA, Houston, Saint Louis, Chicago– Europe: CERN/CH, ICTP/IT, DL/UK
Demo of early version• www.slac.stanford.edu/comp/net/wan-mon/tulip
– 2 sets of landmarks: PlanetLabs & SLAC/PingER type– Enter host name or address & Locate Site– Raw results in Ping Results window– Visualize results in map
Evaluation of early version• Use ~600 PingER hosts with “known” lat/long
– Hosts in over 130 countries– Also validates PingER data
• 50% accurate to within 200 km, 70% within 1000km
• Ouch, not very successful, worse with RTT
Need landmarks close to targets
Improvements• Add more landmarks for better coverage: PlanetLab &
more SLAC landmark deployment – (especially in developing world)
• Understand outliers, correct PingER dB
Outliers:Multi-homed, e.g. yahoo, root servers, Move: e.g. supercompNot at site of ASN: e.g. 134.79 SLAC host in ArizonaIndirect routing: SFO-LA-SEA-VIC
Alpha = 48.54 RTT/Dist (km/ms)
Look at Alpha• Set alpha to right value to get
correct distance from RTT and look at distributions
• Done for major US to N. America & major Europe to Europe sites
In progress• Have stable version 1
– www.slac.stanford.edu/comp/net/wan-mon/tulip/
• Adding:– More landmark, filter out non-working instances– Integrate PlanetLabs & other landmark databases– Improved map visualization and zoom– Optimizing timing parameters (parallel streams, timeouts,