Day In The Life of the Internet 2008 Data Collection Event.

Similar documents
Two days in The Life of The DNS Anycast Root Servers

2007 Day In The Life DNS Root Server Analysis

Measurements of traffic in DITL 2008

Is Your Caching Resolver Polluting the Internet?

BROAD AND LOAD-AWARE ANYCAST MAPPING WITH VERFPLOETER

Updates and Analyses

Understanding and preparing for DNS evolution

Strange Things Found in an Open Resolver Survey

RIPE Network Coordination Centre. K-root and DNSSEC. Wolfgang Nagele RIPE NCC.

Recursives in the Wild: Engineering Authoritative DNS Servers

Increase of Root and JP queries -- Long-term trends of number of queries --

Measurement of Anycast Effects - from the experience on.jp anycast deployment -

Open Resolvers in COM/NET Resolution!! Duane Wessels, Aziz Mohaisen! DNS-OARC 2014 Spring Workshop! Warsaw, Poland!

An Update on Anomalous DNS Behavior

The Spoofer Project Inferring the Extent of Source Address Filtering on the Internet

Measurement of BGP Anycast effects experiences in.jp

IPv6 World View and World IPv6 Day A global view of IPv6 commercial readiness

Packet Traces from a Simulated Signed Root

RFC1918 updates on servers near M and F roots C A I D A. Andre Broido, work in progress. CAIDA WIDE Workshop ISI, CAIDA / SDSC / UCSD

A Root DNS Server. Akira Kato. Brief Overview of M-Root. WIDE Project

RIPE NCC Technical Services. Kaveh Ranjbar, Chief Information Officer

Is Your Caching Resolver Polluting the Internet?

IP Spoofer Project. Observations on four-years of data. Rob Beverly, Arthur Berger, Young Hyun.

Dense Anycast Deployment of DNS Authority Servers

Is Your Caching Resolver Polluting the Internet?

Computer Science 461 Final Exam May 22, :30-3:30pm

Tracing a DNS Reflection Attack via Anycast Routing Changes. Duane Wessels October, 2011

Illegitimate Source IP Addresses At Internet Exchange Points

Understanding the Efficacy of Deployed Internet Source Address Validation Filtering

Measuring and Characterizing IPv6 Router Availability

Internet Anycast: Performance, Problems and Potential

Measuring and Modeling the Adoption of IPv6

IETF 81 World IPv6 Day Operators Review

How Akamai delivers your packets - the insight. Christian Kaufmann SwiNOG #21 11th Nov 2010

An overview on Internet Measurement Methodologies, Techniques and Tools

Some Lacunae in APNIC DNS Measurement. George Michaelson CAIDA WIDE Workshop Marina Del Ray 2006

IDN query trends seen at JP and Root. Kazunori Fujiwara, JPRS 2016/4/3, IEPG meeting

DITL George Michaelson APNIC

Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations

IRNC-SP: Sustainable data-handling and analysis methodologies for the IRNC networks

NET ID. CS519, Prelim (March 17, 2004) NAME: You have 50 minutes to complete the test. 1/17

An Approach for Determining the Health of the DNS

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

Software Systems for Surveying Spoofing Susceptibility

Root DNS Anycast in South Asia

Observing DNSSEC validation in the wild

Measurement: Techniques, Strategies, and Pitfalls. David Andersen CMU

Is Explicit Congestion Notification usable with UDP? Stephen McQuistin and Colin Perkins

DNS Flag day. A tale of five cctlds. Hugo Salgado,.CL Sebastián Castro,.NZ DNS-OARC 29, Amsterdam

IPv6 Pollution Traffic Analysis

Enumerating Privacy Leaks in DNS Data Collected above the Recursive

IPv6 at Google. a case study. Angus Lees Site Reliability Engineer. Steinar H. Gunderson Software Engineer

Dataset Comparison. IPv4 vs IPv6 traffic seen at DNS root servers. Bradley Huffaker, Marina Fomenkov, and kc claffy

The UCSD Network Telescope

A Measurement Study of BGP Misconfiguration

CDAR Continuous Data-driven Analysis of Root Stability

DDoS, Peering, Automation and more

The Evolving Architecture of the Web. Nick Sullivan

activities CAIDA = Cooperative Association for Internet Data Analysis Marina Fomenkov, CAIDA 2nd CAIDA-WIDE-CASFI workshop Seoul, April 4, 2009

RIPE Labs Operator Tools, Ideas, Analysis

Computer Science 461 Midterm Exam March 14, :00-10:50am

Dense Anycast Deployment of DNS Authority Servers

f.root-servers.net ISOC cctld Workshop Nairobi, Kenya, 2005

DNS Measurements at the.cn TLD Servers

Case Studies in Intra-Domain Routing Instability

(Further) Dispatches from the DNS Frontier. Keith Mitchell DNS-OARC NANOG71 San Jose, Oct 2017

Peering and Network Deployment at 10G. Nigel Titley

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

Request for Comments: Network Research/UCSD September 1997

The Measurement Manager Modular End-to-End Measurement Services

IPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Partitioning the Internet

Network infrastructure, routing and traffic. q Internet inter-domain traffic q Traffic estimation for the outsider

RIPE Atlas. Measuring the Internet

Life and Times of J-ROOT

The Need for IPv6 Deployment in the Domain Business

A Segment Routing (SR) Tutorial. R. Bonica NANOG70 June 6, 2017

RIPE Atlas. Global Internet Measurement Network March 2016 MENOG 16, Istanbul

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Draft Applicant Guidebook, v3

Analysis of query traffic to.com/.net name servers! Duane Wessels, Matt Larson, Allison Mankin! Verisign Labs! APRICOT 2013!

Computer Networks CS 552

Computer Networks CS 552

Factors Affecting Performance of Web Flows in Cellular Networks

Internet Measurements. Motivation

RIPE Atlas. Philip Smith Network Startup Resource Center (NSRC) PacNOG th July 2014, Port Vila, Vanuatu

Cell Spotting: Studying the Role of Cellular Networks in the Internet. John Rula. Fabián E. Bustamante Moritz Steiner 2017 AKAMAI FASTER FORWARD TM

Server Selection Mechanism. Server Selection Policy. Content Distribution Network. Content Distribution Networks. Proactive content replication

A Day at the Root of the Internet

BGP Anycast Node Requirements for Authoritative Name Servers

Design Principles : Fundamentals of Computer Networks Bill Nace

Update from the RIPE NCC

RIPE NCC Academic Day. November 2016 Saudi Arabia

Cloud DNS Phone: (877)

New IP Header. Why change IP. Address Notation. Changes. Information Sources. IP Version 6 ITL

Information Sources Hans Kruse & Shawn Ostermann, Ohio University

Internet Topology Research

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

DNS & Iodine. Christian Grothoff.

Transcription:

Day In The Life of the Internet 2008 Data Collection Event http://www.caida.org/projects/ditl Duane Wessels The Measurement Factory/CAIDA k claffy CAIDA NANOG 42 February 19, 2008 NANOG 42 0 The Measurement Factory

Short Story 2008 Day In the Life of the Internet data collection event this March. We got some good data in 2006 and 2007 You have interesting data. Your data can help researchers answer interesting questions. We would love for you to participate. We don t necessarily want you to send your data to us. Although we can store it for you if you prefer. After you collect data, we d like you to annotate/describe it and tell others how they might be able to get it. NANOG 42 1 The Measurement Factory

Motivation In 2001 a National Academy of Science report challenged the research community to capture a day in the life of the Internet with as much scientifically grounded methodology as possible, and with resulting data as widely accessible as possible. In 2006 CAIDA and OARC coordinated 48-hour data captures from as many DNS root nameservers as possible. In 2007 we expanded participation, and developed supporting infrastructure, documentation, and analyses. Results, e.g., The DNS Root Name Servers: a 2007 Snapshot Inspired to further expand scope in 2008 NANOG 42 2 The Measurement Factory

2007 Participants & The Data 1. OARC DNS Root Nameservers: C, E, F, K, M dns packet traces with payload. 2. NaMeX Internet Exchange: AS112 data. 3. Open Root Server Network (ORSN): dns packet traces with payload. 4. Japan: WIDE, GigE campus/transit packet traces. 5. Korea: universities (3), R&E backbone access link (1) and commercial GigE link packet traces. 6. AMPATH: Miami IXP, anonymized OC12 trace (.edu link). 7. CAIDA: topology, ucsd telescope, IRcache squid logs. 8. Other available data: Internet2 netflows and Routeviews. NANOG 42 3 The Measurement Factory

What did we learn from DITL 2007 data? 5% of clients contribute 95% of the query load (5 roots) diverse query rate distribution 1 2% of queries to roots are legitimate repeated, identical, referral-not-cached queries are 69% of total the higher the query rate, the lower fraction of legitimate queries for low rate queriers, similar distribution of query types quite a few A6 (deprecated) queries Query rates at observed servers approximately doubled from 2006 DITL. Anycast at roots is effective at localizing resource consumption and limiting impact of DOS attacks stable: 98 99% of clients use only one instance of an anycast cloud NANOG 42 4 The Measurement Factory

Where do root queries come from? (DITL 2007) F: San Francisco (US) F: New York (US) F: Santiago (CL) F: Sao Paulo (BR) K: Reykjavik (IS) K: Helsinki (FI) F:Johannesburg(SA) F:Nairobi (KY) F: Auckland (NZ) F: Brisbane (AU) F: Tel Aviv (IL) M: Tokyo (JP) 100 % of Clients 75 50 25 NorthAmerica SouthAmerica Europe Africa Asia Oceania Unknown f sfo2 m sfo f pao1 c lax1 N. America S. Amer Europe Africa Asia Oceania c jfk1 c iad1 k miami c ord1 m cdg k london k amsterdam k delhi m icn k tokyo m nrt dixie m nrt jpix m nrt jpnap Server locations (longitude) on X-axis, Client geography by color. NANOG 42 5 The Measurement Factory

What is all the pollution at the roots? (DITL 2007) 1 1 0.8 0.8 Fraction of queries 0.6 0.4 Fraction of queries 0.6 0.4 0.2 0.2 0 0 0.0001 0.001 0.001 0.01 0.01 0.1 0.1 1 Queries/sec 1 10 10 100 0.0001 0.001 0.001 0.01 0.01 0.1 0.1 1 Queries/sec 1 10 10 100 C-root F-root Unused query class A for A Invalid TLD Non printable char Queries with underscore RFC 1918 PTR Identical queries Repeated queries Referal not cached Legitimate NANOG 42 6 The Measurement Factory

What did we learn from DITL 2007 collection process? You need more disk than you think. Some remote collection sites don t have enough bandwidth to upload data. Collecting data is easy; Indexing and annotating data is hard. Some clocks will be skewed, despite best efforts. Why use tcpdump when you can use dnscap? We re addressing all of these issues for the 2008 collection: http://www.caida.org/research/dns/roottraffic/dnsroot_measurement_ recommendations.xml NANOG 42 7 The Measurement Factory

Questions to pursue with DITL data: DNS Who/what is the source of root server garbage traffic? What does root server data suggest about trends in IPv6, DNSSEC, DNS packet sizes, prevalence of TCP-based DNS queries, and use of unallocated or unassigned IP address space? Can we characterize workload and performance of IDN deployments? Why are millions of clients querying old IP addresses of roots? How prevalent are misconfigurations, e.g., lame delegations? Is there correlation of DNS query target to geographic origin? NANOG 42 8 The Measurement Factory

Questions to pursue with DITL data: traffic/performance What observable behavior is attributable to botnets? How can we identify applications (web, VoIP, video, p2p) and estimate their share of traffic and responsiveness to congestion? Do IPv6 traffic characteristics differ from IPv4? Is latency and jitter on the Internet increasing or decreasing? How are flow and packet size distributions changing, including bandwidth symmetry? How are TCP characteristics changing: buffer sizes, new versions? flags, retransmits, How is R&E traffic different from commercial traffic? How much web data is unnecessarily uncacheable? NANOG 42 9 The Measurement Factory

Questions to pursue with DITL data: routing/topology What are the convergence properties of current and proposed routing protocols? Which ASes control how much of the Internet address space? What percent of Internet links block ICMP or other probing traffic? Estimate the distribution of hosts behind NATs. What percentage of users on open wireless networks use VPNs? How much allocated but unused IPv4 space remains? NANOG 42 10 The Measurement Factory

Types of data needed for the above questions DNS query packet traces and/or logs from various places (roots, TLDs, IN-ADDR.ARPAs, ISP resolvers). Other dns-related measurements (passive and active). IPv4/IPv6 topology probing data. BGP feeds/updates, ideally with adjacent topology probes. Web cache logs. Anonymized report generator, e.g, coralreef, netflow-based. Router-level topology (anonymized), with event log per link. Consistent macroscopic ping data over years. Packet traces, appropriately anonymized. NANOG 42 11 The Measurement Factory

Accommodating legal/privacy concerns: 2008 participation modes Make data selectively available under terms of your choosing. Index your data into CAIDA s DatCat. Announce existence of your data. Submit only meta-data or statistics about the data. Contribute more cooked data, e.g., logfile summaries, RRD graphs, reports based on data collected internally by networks during the DITL dates. Contribute questions, feedback, analysis. NANOG 42 12 The Measurement Factory

So, please participate!

Related Links A Day In The Life of the Internet http://www.caida.org/projects/ditl/ A Summary of the January 9-10, 2007 Collection Event http://www.caida.org/projects/ditl/summary-2007-01/ Internet Measurement Data Catalog (DatCat) http://imdc.datcat.org/ Day in the Life of the Internet, January 9-10, 2007 (DITL- 2007-01-09) http://imdc.datcat.org/collection/1-031b-q To participate, contact: k :: kc@caida.org Duane :: wessels@measurement-factory.com NANOG 42 14 The Measurement Factory

The End

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback