AS Connectedness Based on Multiple Vantage Points and the Resulting Topologies Steven Fisher University of Nevada, Reno CS 765 Steven Fisher (UNR) CS 765 CS 765 1 / 28
Table of Contents 1 Introduction 2 Methods 3 Issues 4 Related Works DIMES: Let the Internet Measure Itself Characterizing the Internet Hierarchy from Multiple Vantage Points 10 Lessons from 10 Years of Measuring and Modeling the Internet s Autonomous Systems Heuristics for Internet Map Discovery 5 Proposed Project 6 Conclusion Steven Fisher (UNR) CS 765 CS 765 2 / 28
Introduction The internet is the largest man made network in existence, which is always evolving. There are various reasons for wishing to investigate the properties of this network. These could aide in the following: New Deployments Cyber-security Find problems/issues Protocol Design Determine how it has changed Steven Fisher (UNR) CS 765 CS 765 3 / 28
Introduction Definition Vantage Point(VP): A vantage point is a device or node that we are using in order to connect to an ingress of an Autonomous System(AS) Definition Autonomous System(AS): a connected group of one or more IP prefixes run by one or more network operators which has a single and clearly defined routing policy. Each AS has a unique number for identification purposes in inter-domain routing amoung ASes. Steven Fisher (UNR) CS 765 CS 765 4 / 28
Introduction Definition Border Gateway Protocol(BGP): routing protocol used in the internet to exchange reachability information amoung ASes and interconnect them. 1 http://ipsit.bu.edu/sc546/sc441spring2003/bgp/bgpweb.html Steven Fisher (UNR) CS 765 CS 765 5 / 28
Introduction Definition Ingress: An ingress is the device that is at the edge of a network, which is the point to which traffic enters the network. 1 http://www.tcpipguide.com/free/t TCPIPRouteTracingUtilitytraceroutetracerttracerout-2.htm Steven Fisher (UNR) CS 765 CS 765 6 / 28
Methods There are two prominent techniques used today to create Internet maps. The first is active probing and the second is AS Path inference. Steven Fisher (UNR) CS 765 CS 765 7 / 28
Active Probing Active Probing: Works on the data plane of the Internet. It is used to infer Internet topology based on router adjacencies. It uses traceroute-like probing on the IP address space. These probes report back IP forwarding paths to the destination address. This method is likely to find peering links between ISPs. Advantage: paths returned by probes constitute the actual forwarding path that data takes through networks. Disadvantage: redundancy of using edges, could be considered possible DDoS attack, possible issues with the same router having multiple alias and load balancing, which could lead to false topologies. 1 Wikipedia. Network mapping. http://en.wikipedia.org/w/index.php?title=network%20mapping&oldid=802648654, 2017 Steven Fisher (UNR) CS 765 CS 765 8 / 28
AS Path Inference AS Path Inference: works on the control plane and infers autonomous system connectivity based on BGP data. Advantage: paths can be used to infer AS-level connectivity and thus be used to help build AS topology graphs. Disadvantage: paths do not necessarily reflect how data is actually forwarded. A single AS link can in reality be several router links. Also it is harder to infer peerings between ASes, as these peering relationships are only propagated to an ISP s customer networks 1 Wikipedia. Network mapping. http://en.wikipedia.org/w/index.php?title=network%20mapping&oldid=802648654, 2017 Steven Fisher (UNR) CS 765 CS 765 9 / 28
Issues Sampling Bias[1]: Since, there are a limited number of vantage points and a large number of destinations, there could be a bias towards particular vantage points. Load Balancing[1]: Load balancing by ISPs could result in the traceroute returning IP addresses that do not correspond to a real end-to-end path in the network. Probing Overhead[1]: The volume of active probing can cause redundancy. It is important to minimize redundant probing. Steven Fisher (UNR) CS 765 CS 765 10 / 28
Issues Cont. Unresponsive Routers Resolution[1]: Routers that passive to measurement nodes. These routers may appear as a * in traceroute outputs; therefore, we need to identify * s that belong to the same router. IP Alias Resolution[1]: Routers have multiple interfaces, each interface has a unique IP address. A router may appear on multiple path traces with different IP addresses. Subnet Resolution[1]: Routers are connected to each other over sub networks and subnet resolution helps in identifying the underlying subnets Steven Fisher (UNR) CS 765 CS 765 11 / 28
DIMES: Let the Internet Measure Itself[2] Distributed Internet Measurements and Simulations (DIMES) measurements by software agents downloaded by volunteers and installed on their privately owned machines agent operates at a very low rate so as to have minimal impact on the machine performance and on its network connection DIMES focuses on PoP(point of presence) level topology mapping, which is often the best information that an ISP makes available studied the structure and topology of the Internet to obtain map and annotate it with delay, loss and link capacity Steven Fisher (UNR) CS 765 CS 765 12 / 28
Characterizing the Internet Hierarchy from Multiple Vantage Points[3] This paper focused on the topological structure of the Interent in terms of customer-provider and peer-peer realtionships between ASes, as manifested in the BGP routing policies. Focused on the type-of-relationship problem which was as follows: undirected graph G vertex set V edge set E and a set of paths P label E -1,0, or 1 to maximize valid paths in P G represents entire topology where nodes are an AS and each edge represents a relationship between ASes P consists of all paths seen from various vantage points Speculated that type-of-realtionship is NP-complete, did not prove Steven Fisher (UNR) CS 765 CS 765 13 / 28
Characterizing the Internet Hierarchy from Multiple Vantage Points[3] categorized the ASes in three communities: dense core, transit core, and outer core outer core consists of ASes that belong to smaller ISPs and have a small customer based dense core contains the larger ASes present in the internet. This community is defined that if one AS is in the core then its neighbours are also in the core transit core was determined to contain ASes that could peer into the dense core; however, these AS s do not connect to many of the dense core ASes only utilized 10 vantage points, in determining the AS hierarchy. Steven Fisher (UNR) CS 765 CS 765 14 / 28
10 Lessons from 10 Years of Measuring and Modeling the Internet s Autonomous Systems[4] This paper focuses on issues that have arose based on what they learned from a decade of published research on AS-level Internet. The issues that they focused on where: inter-domain topolgoy of the Internet needs a more precise definition abstracting ASes to generic atomic nodes without internal structure is an oversimplification that limits ability to capture features of real-world ASes BGP routing data have practical value for network operators, wasn t meant for inferring or mapping AS-level connectivity. BGP s purpose is to enable ASes to express and realize routing policies without revealing internal features. Steven Fisher (UNR) CS 765 CS 765 15 / 28
10 Lessons from 10 Years of Measuring and Modeling the Internet s Autonomous Systems[4] Traceroute data from ARK, DIMES, or iplane are publicly available, but limited for faithfully inferring or mapping the AS-level connectivity of the Internet. Traceroute was not designed for Internet topology discovery/mapping; it was designed as a diagnostic tool for tracking the route or path of packet s to some host. Significant efforts are required before current models of the Internet s inter-domain topology derived from publicly available data can be used to study the performance of routing protocols and/or perform meaningful studies. Steven Fisher (UNR) CS 765 CS 765 16 / 28
10 Lessons from 10 Years of Measuring and Modeling the Internet s Autonomous Systems[4] Examining the vulnerability of the Internet to various real-world threats or studying the Internet as a critical infrastructure, it is in general inappropriate to equate the Internet with a measures AS topology. Vulnerability aspects require a more holistic approach to Internet connectivity. Results of observational studies of ASes in general are hard to interpret. Steven Fisher (UNR) CS 765 CS 765 17 / 28
10 Lessons from 10 Years of Measuring and Modeling the Internet s Autonomous Systems[4] Studies starting with a definite application and collect best data available for that application have higher success rate than studies that target datasets collected by third-parties Internet experiences high-variability phenomena; need to apply data-analytic methods that have a strong robustness properties to the known deficiencies in observations and account for the presence of extreme values in the data. Steven Fisher (UNR) CS 765 CS 765 18 / 28
Heuristics for Internet Map Discovery[5] In this paper the authors focused on Mercator, which is a program that uses hop-limited probes to infer an Internet map. It utilizes informed random address robing to explore the IP address space when determining router adjacencies. They also employ mechanisms for resolving aliases. Steven Fisher (UNR) CS 765 CS 765 19 / 28
Heuristics for Internet Map Discovery[5] Use a single, arbitrary, location Use only hop-limited probes Mercator instance might discover more that one interface belonging to same router. Steven Fisher (UNR) CS 765 CS 765 20 / 28
Heuristics for Internet Map Discovery[5] Solution: suppose a host S addresses a UDP packet to interface A of a router. Suppose further the packet is addressed to a non-existent port. The corresponding ICMP port unreachable response to this packet will contain, as its source address, the address of the outgoing interface for the unicast route towards S. Simple heuristic for alias resolution: Send alias probe to X. If the source address on the resulting ICMP message is Y, then X and Y are aliases for the same router. Steven Fisher (UNR) CS 765 CS 765 21 / 28
Heuristics for Internet Map Discovery[5] Mercator cannot discover all interface addresses belonging to a router; instead, discovers only those interfaces through which paths fro Mercator hosts enter the router. Use source-routed path probing to help increase number of interfaces discovered. Mercator does not implement heuristics for discovering shared media. To do this, it would have to infer the subnet mask assigned to router interfaces. Mercator is designed to reduce overhead, takes several weeks to discover the map of the Internet. Mercator discovers time-averaged routed topology Steven Fisher (UNR) CS 765 CS 765 22 / 28
Proposed Project My project will consist of the following ideas/concepts: VP Characteristics and Edge detection: how different VP s contribute to edge discovery characteristics of an effective vp AS topologies how they differ and determine the characteristics of the AS topologies Determine if map is power law try to determine completeness of map Steven Fisher (UNR) CS 765 CS 765 23 / 28
Proposed Project Ingress to AS compare AS ingress to other ingress s reachability of the ingress through differing vantage points mulitple AS vs. one AS play a role in the determine the topology of the internet Steven Fisher (UNR) CS 765 CS 765 24 / 28
Conclusion We have discussed different methods that have been utilized with trying to determine the topology of the Internet. Some, have considered the inter-domain structure of the ASes. In going forward we will be trying to possibly build on some of these ideas and in addition find ways to work around some of the problems that have resulted in some of these studies. Steven Fisher (UNR) CS 765 CS 765 25 / 28
Questions? Steven Fisher (UNR) CS 765 CS 765 26 / 28
References I H. Kardes, M. Gunes, and T. Oz, Cheleby: A subnet-level internet topology mapping system. Y. Shavitt and E. Shir, Dimes: Let the internet measure itself, ACM SIGCOMM Computer Communication Review, vol. 35, no. 5, pp. 71 74, 2005. L. Subramanian, S. Agarwal, J. Rexford, and R. H. Katz, Characterizing the internet hierarchy from multiple vantage points. M. Roughan, W. Willinger, O. Maennel, and D. P. R. Bush, 10 lessons from 10 years of measuring and modeling the internet s autonomous systems. Steven Fisher (UNR) CS 765 CS 765 27 / 28
References II R. Govindan and H. Tangmunarunkit, Heuristics for internet map discovery, in INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 3. IEEE, 2000, pp. 1371 1380. Steven Fisher (UNR) CS 765 CS 765 28 / 28