Measured Impact of Tracing Straight. Matthew Luckie, David Murrell WAND Network Research Group Department of Computer Science University of Waikato

Similar documents
Updates and Analyses

Internet Topology Research

Measured impact of crooked traceroute

The Impact of Router Outages on the AS-Level Internet

AS Connectedness Based on Multiple Vantage Points and the Resulting Topologies

Dig into MPLS: Transit Tunnel Diversity

Cheleby: Subnet-level Internet Mapper

Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization

Introduction Problems and Improvements RR DLP DisCarte Results. DisCarte. A Disjunctive Internet Cartographer. Sebastian Schlunke

Internet-Scale IP Alias Resolution Techniques

Revealing the load-balancing behavior of YouTube traffic of interdomain links

Cheleby: Subnet Level Internet Topology

Internet measurements: topology discovery and dynamics. Renata Teixeira MUSE Team Inria Paris-Rocquencourt

Measuring and Characterizing IPv6 Router Availability

Validity of router responses for IP aliases resolution

Updates and Case Study

AS Router Connectedness Based on Multiple Vantage Points and the Resulting Topologies

Measurement: Techniques, Strategies, and Pitfalls. David Andersen CMU

Revealing MPLS Tunnels Obscured from Traceroute

A Characterization of IPv6 Network Security Policy

CS459 Internet Measurements

Quantifying Violations of Destination-based Forwarding on the Internet

Internet Measurements. Motivation

Pamplona-traceroute: topology discovery and alias resolution to build router level Internet maps

The Interconnection Structure of. The Internet. EECC694 - Shaaban

Real-time Blackhole Analysis with Hubble

CMSC711 Project: Alias Resolution

INFERRING PERSISTENT INTERDOMAIN CONGESTION

Achieving scale: Large scale active measurements from PlanetLab

IRNC-SP: Sustainable data-handling and analysis methodologies for the IRNC networks


This is a sample Lab report from ECE 461 from previous years. L A B 6

Palmtree:An IP Alias Resolution Algorithm with Linear Probing Complexity

Topic: Topology and Backbone Networking DisCarte: A Disjunctive Internet Cartographer

Importance of IP Alias Resolution in Sampling Internet Topologies

ICMP (Internet Control Message Protocol)

Ping, tracert and system debugging commands

set active-probe (PfR)

MAPPING INTERNET INTERDOMAIN CONGESTION

Contents. Ping, tracert, and system debugging commands 1. debugging 1 display debugging 1 ping 2 ping ipv6 5 tracert 7 tracert ipv6 10

Detection, Understanding, and Prevention of Traceroute Measurement Artifacts

Table of Contents 1 System Maintaining and Debugging 1-1

MPLS Under the Microscope: Revealing Actual Transit Path Diversity

Location Matters: Eliciting Responses to Direct Probes

High-frequency mapping of the IPv6 Internet using Yarrp

IP Spoofer Project. Observations on four-years of data. Rob Beverly, Arthur Berger, Young Hyun.

Hynetd v0.2.5 Manual. Alessio Botta, Walter de Donato and Antonio Pescapè University of Naples Federico II

Detecting Third-party Addresses in Traceroute Traces with IP Timestamp Option

Internet Mapping Primitives

ECCouncil EC Ethical Hacking and Countermeasures V7. Download Full Version :

Cisco. Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM)

TCP Spatial-Temporal Measurement and Analysis

Exam E1 Copyright 2010 Thaar AL_Taiey

The Traceroute Command in MPLS

Fixing Ally s Growing Pains with Velocity Modeling

Testing the reachability of (new) address space

Configuring Routes on the ACE

Table of Contents 1 System Maintaining and Debugging Commands 1-1

Lab Assignment 4 ECE374 Spring Posted: 03/22/18 Due: 03/29/18. In this lab, we ll take a quick look at the ICMP and IP protocols.

Topology Inference from Co-Occurrence Observations. Laura Balzano and Rob Nowak with Michael Rabbat and Matthew Roughan

Scamper. Matthew Luckie

Reverse Traceroute. NSDI, April 2010 This work partially supported by Cisco, Google, NSF

IPv6 Topology Mapping

Firewall Stateful Inspection of ICMP

Computer Networks ICS 651. IP Routing RIP OSPF BGP MPLS Internet Control Message Protocol IP Path MTU Discovery

Resolving IP Aliases with Prespecified Timestamps

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Hynetd v0.2.4 Manual. (Hybrid Network Topology Discovery) Alessio Botta, Walter de Donato and Antonio Pescapè University of Naples Federico II

Studying Black Holes on the Internet with Hubble

Table of Contents 1 System Maintenance and Debugging Commands 1-1

Internet Control Message Protocol (ICMP)

Vendor: Alcatel-Lucent. Exam Code: 4A Exam Name: Alcatel-Lucent Interior Routing Protocols and High Availability.

Mapping PoP-Level Connectivity of Large Content Providers

Software Systems for Surveying Spoofing Susceptibility

MAPPING PEERING INTERCONNECTIONS TO A FACILITY

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering

AlcatelLucent.Selftestengine.4A0-107.v by.Ele.56q. Exam Code: 4A Exam Name: Alcatel-Lucent Quality of Service

Avaya ExpertNet Lite Assessment Tool

Efficient strategies for active interface-level network topology discovery

CS 5114 Network Programming Languages Control Plane. Nate Foster Cornell University Spring 2013

TDC 363 Introduction to LANs

Analysis of Country-wide Internet Outages Caused by Censorship

MPLS Ping and Traceroute for BGP and IGP Prefix-SID

T he Electronic Magazine of O riginal Peer-Reviewed Survey Articles ABSTRACT

ICMP Computer Networks Lab Lab Course Number: Lab Course Name: Computer Networks (A) 3. Lab Name: ICMP

Detection, understanding, and prevention of traceroute measurement artifacts

PinPoint: A Ground-Truth Based Approach for IP Geolocation

1 University of Würzburg. Institute of Computer Science Research Report Series

Toward Topology Dualism: Improving the Accuracy of AS Annotations for Routers

PERISCOPE: Standardizing and Orchestrating Looking Glass Querying

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

521262S Computer Networks 2 (fall 2007) Laboratory exercise #2: Internetworking

Computer Networks CS 552

Computer Networks CS 552

MAPPING PEERING INTERCONNECTIONS TO A FACILITY

Using Loops Observed in Traceroute to Infer the Ability to Spoof

Measuring the Adoption of Route Origin Validation and Filtering

Module 18 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

Contents. Ping, tracert, and system debugging commands 1 debugging 1 display debugging 2 ping 2 ping ipv6 5 tracert 7 tracert ipv6 9

Transcription:

Measured Impact of Tracing Straight Matthew Luckie, David Murrell WAND Network Research Group Department of Computer Science University of Waikato 7 February 2010

The Problem Until recently, load balancing was ignored by macroscopic traceroute collection software Negative impacts include inference of false loops Augustin et al. IMC 06 lower destination reachability Luckie et al. IMC 08 inference of false links 2

The Problem Classic traceroute: probes toward a destination can take different paths Augustin et al. IMC 07: 39% of paths have at least one per-flow load-balancer Link inferences from classic traceroute data on questionable ground Assumption is the interfaces represent distinct routers which are connected Traceroute technique did not evolve with the Internet Lots of traceroute data collected using classic technique This work is about trying to quantify false link inference rate Can t go back and fix pre-2006 data 3

X A C D E F Interface graph 4

A X Interface graph Inferred using classic traceroute C D E F A-E is an artifact of classic traceroute 5

X X A A, C D E F C D E F Interface graph revealed using classic traceroute A-E does not introduce a false link if A+ are aliases in the router topology 6

X X A A C D E F C,E D,F Interface graph revealed using classic traceroute A-E does not introduce a false link if C+E are aliases in the router topology 7

X X A A C D E F C,D E,F Interface graph revealed using classic traceroute A-E could introduce a false link in this router topology 8

Not all load balancing could produce an artifact A X A X A X C C D E F D 9

Methodology 12 ark monitors, each probing a list of 19116 addresses derived from GP data from routeviews on 18 th Jan 2010 each list contains addresses from distinct prefixes For each destination: 1. Identify artifact links in classic traceroute data use Multipath Detection Algorithm (MDA) to infer all possible links towards a destination to 99% confidence. Augustin et al. IMC 07 artifact links are those that appear in the output of classic traceroute but not in MDA traceroute. 2. Determine if the artifact could introduce a false router link 10

Methodology To guard against false positives as a result of path changes, we use the following procedure 1.Initial Paris traceroute 2.Classic traceroute 3.MDA traceroute to 99% confidence 4.Final Paris traceroute Traces 1 and 4 have to agree, otherwise we discard. Roughly ~1k traces from each VP s ~19k traces were discarded. 11

Methodology A C D E F Determine if an artifact could introduce a false link Use Ally technique where incrementing IPID behaviour is observed for both addresses (Spring et al. 2002) If (A,) or (E,C) or (E,D) are aliases, then the artifact does not introduce a false router adjacency (classification: valid) If (A,, C, D, E) all exhibit incrementing IPID but no alias is found, we reason the artifact could introduce a false link Otherwise artifact is unclassified. Assumption (validated) is that IPID-based alias resolution can rule on whether or not two IP addresses are aliases if incrementing IPID values are observed. 12

Summary of data Each vantage point (VP) saw roughly the same overall raw link counts: ~52k links MDA-icmp ~55k links MDA-udp ~46k links traceroute 13

Result: traces with at least one artifact 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% ICMP UDP eug-us hlz-nz hnl-us lax-us lej-de nap-it otp-ro san-us sea-us tpe-tw yow-ca yto-ca ICMP: 4.9% of traces (on average) have at least one artifact UDP: 16.5% of traces (on average) have at least one artifact Note: figures exclude tpe-tw and lej-de 14

Result: unique artifact links, ICMP 2500 2000 1500 1000 500 unclass valid false 0 eug-us hlz-nz hnl-us lax-us lej-de nap-it otp-ro san-us sea-us tpe-tw yow-ca yto-ca On average, 372 links per VP are classified as false links. 0.8% of each VP s link set. 9618 total artifacts. 3359 (35%) false links. 15

Result: unique artifact links, UDP 4500 4000 3500 3000 2500 2000 1500 1000 unclass valid false 500 0 eug-us hlz-nz hnl-us lax-us lej-de nap-it otp-ro san-us sea-us tpe-tw yow-ca yto-ca On average, 1094 links per VP are classified as invalid. 2.4% of each VP s link set. 27570 total artifacts. 10653 (39%) false links. 16

Artifact link impact: analytical alias resolution Analytical alias resolution rule: two addresses in a traceroute path can t be aliases if there are no loops. 0 0 A 0 X 0 1 0 C X C 1 D 0 0 1 0 0 ICMP: 598 / 3359 (18%) UDP: 1374 / 10653 (13%) 0 D 17

Validating use of Ally technique to classify artifact links Use ping R and ICMP-Paris traceroute towards destination RR IP address usually from egress interface ICMP time-exceeded IP address usually from ingress interface Infer addresses used in a sequence of /30 subnets Identify ICMP/TCP/UDP IP-ID behaviour for each Resolve for aliases using Ally for pairs of addresses with incrementing IPID values. RR a.b.c.5 d.e.f.86 g.h.i.194 traceroute a.b.c.6 d.e.f.85 g.h.i.193 18

Validating use of Ally technique: results 17 ark monitors, 128237 RR/trace pairs. 16285 pairs of likely /30 aliases tested Classification obtained for 12200 (75%) Others did not have an incrementing IP-ID for UDP/ICMP/TCP A few targets were classified but then unresponsive to Ally. 468 (3.8%) pairs of not-aliases 4.68.110.66 in 156 pairs : structural rejection of /30 inferences, infer that Ally is correct. 64.57.29.98 in 252 pairs : structural rejection of /30 inferences, infer that Ally is correct. Have not investigated other 0.5% Result taken: safe to use Ally to rule on aliases where it is usable. 19

Summary Small but measurable impact on graph produced 0.8% of links in classic ICMP traceroute are invalid per VP 2.4% of links in classic UDP traceroute are invalid per VP Classic ICMP-echo approach not as affected by perflow load balancers as UDP approach. Larger problem: heuristics and hacks we use to build IP-layer maps of the Internet sometimes don t hold. VER HARD TO VALIDATE. 20

Future Work, Open Questions Future work Extend data collection to use 40 Ark VPs rather than 12 Work towards techniques that annotate graphs with the likelihood a traceroute link is valid. Hard, as heuristics fall over in face of incomplete data. Ground truth data Open questions How do false links accumulate in traceroute graphs? What is the impact of false links on the graph s properties? What are the limitations of this work s methodology, and can they be addressed? 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback