Post on 19-Jan-2018
description
Internet Measurements
2
Web of interconnected networks• Grows with no central authority• Autonomous Systems optimize local communication efficiency• The building blocks are engineered and studied in depth• Global entity has not been characterized
Most real world complex-networks have non-trivial properties.
Global properties can not be inferred from local ones• Engineered with large technical diversity• Range from local campuses to transcontinental backbone
providers
Internet
Need for Internet measurements arises due to commercial, social, and technical issues
• Realistic simulation environment for developed products,
• Improve network management
• Robustness with respect to failures/attacks
• Comprehend spreading of worms/viruses
• Know social trends in Internet use
• Scientific discovery
• Scale-free (power-law), Small-world, Rich-club, Dissasortativity,…
Internet Measurements
3
Internet Topology Measurement
4CAIDA 2006
Internet Topology Measurement
5CAIDA 2006
Internet Topology Measurement
6Dandelion 2001
Internet Topology Measurement
7
8Walrus
Internet Topology Measurement
9CAIDA 2006
Direct probing
Indirect probing
A DB C
Internet Topology MeasurementsProbing
IPB TTL=64
IPB
IPD TTL=64
IPD
Vantage Point
A DB C
Vantage Point
IPB
IPD TTL=2IPD TTL=1
IPC
10
Autonomous System Level Mapping
11
Historical
Internet Topology Discovery 12
Internet Topology Discovery 13
Autonomous System Level Mapping
14
15
Traffic Measurements Monitoring and measuring network traffic
• to produce better models of network behavior• to diagnose failures and detect anomalies• to defend against unwanted traffic
Live weather map• Internernet2
PlanetLab
16
Code-Red Worm On July 19, 2001, more than 359,000 computers connected to the
Internet were infected with the Code-Red (CRv2) worm in less than 14 hours
Spread
17
Sapphire Worm was the fastest computer worm in history
• doubled in size every 8.5 seconds• infected more than 90 percent of vulnerable hosts within 10
minutes.
18
Witty Worm reached its peak activity after approximately 45 minutes
• at which point the majority of vulnerable hosts had been infected World USA
19
Nyxem Email Virus Estimate of total number of infected computers is
between 470K and 945K At least 45K of the infected computers were also
compromised by other forms of spyware or botware
Spread
20
Scam Hosting Study dynamics of scam hosting infrastructure
21
Measurement Studies Glasnost
• tests whether BitTorrent is being blocked or throttled BW-meter
• Measurement tools for the capacity and load of Internet paths NPAD Diagnostics Servers
• Automatic diagnostic server for troubleshooting end-systems and last-mile network problems
iPlane• construct a router interface-level atlas of the Internet• measuring link attributes
Hubble• find persistent Internet black holes as they occur
22
Internet Measurements The Internet is man-made, so why do we need to
measure it?
• Because we still don’t really understand it• Sometimes things go wrong• Malicious users
• Measurement for network operations• Detecting and diagnosing problems• What-if analysis of future changes
• Measurement for scientific discovery• Creating accurate models that represent reality• Identifying new features and phenomena
23
Questions ?
Internet Topology Discovery 24
Probe packets are carefully constructed to elicit intended response from a probe destination
traceroute probes all nodes on a path towards a given destination• TTL-scoped probes obtain ICMP error messages from routers on the path• ICMP messages includes the IP address of intermediate routers as its source
Merging end-to-end path traces yields the network map
S DA B C
Destination
Internet Topology MeasurementTopology Collection (traceroute)
TTL=1
IPA
TTL=2
IPB
TTL=3
IPC
TTL=4
IPD
Vantage Point
25
Internet Topology Measurement:Background
26
S
L
U
H
C
N
W
A
s.2
l.1
s.3
u.1
l.3
u.3
h.1
k.3
h.2
h.3
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3w.1
c.2
n.1 n.3
w.2
l.2
K
c.1
k.2
dh.4
Trace to Seattle
h.4
l.3
s.2
Trace to NY
h.4
a.3
w.3
n.3
Internet2 backbone
Internet Topology Measurement:Background
27
S
L
UC
N
A
s.2
l.1
s.3
u.1
l.3
h.1
k.3
h.2
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3w.1
c.2
n.1 n.3
w.2
l.2
K
c.1
k.2
h.3
dh.4
s.1e f
n.2
H
W
u.3
28
Sampling to discover networks • Infer characteristics of the topology
Different studies considered • Effect of sample size [Barford 01]• Sampling bias [Lakhina 03]• Path accuracy [Augustin 06] • Sampling approach [Gunes 07]• Utilized protocol [Gunes 08]
• ICMP echo request• TCP syn • UDP port unreachable
Topology SamplingIssues
Anonymous Router Resolution Problem
Anonymous routers do not respond to traceroute probes and appear as a in path traces• Same router may appear as a in multiple traces.• Anonymous nodes belonging to the same router should be resolved.
Anonymity Types1. Ignore all ICMP packets2. ICMP rate-limiting3. Ignore ICMP when congested4. Filter ICMP at border5. Private IP address
29
Anonymous Router Resolution Problem
Internet2 backboneS
L
U
K
C
H
A
W
Ne
d
Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e
30
f
Anonymous Router Resolution Problem
U K C N
L H A W
S
d
e
f
Sampled network
d
e
fS U
L
C
AW
Resulting network
31
Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e
32
Graph Based InductionCommon Structures
Parallel nodes
Ax C y2y1
y3
Ax C y2y1
y3
Star
DA wx
C y
E z
DA wx
C y
E z
Complete Bipartite
A
C
x
y
D w
F v
E z
A
C
x
y
D w
F v
E z
Clique
A
C
x
y
D w
E z
A
C
x
y
D w
E z
Each interface of a router has an IP address.
A router may respond withdifferent IP addresses to different queries.
Alias Resolution is the process of grouping the interface IP addresses of each router into a single node.
Inaccuracies in alias resolution may result in a network map that• includes artificial links/nodes • misses existing links
Alias Resolution:
.5.33
.18
.13.7
Denver
33
34
S
L
UC
N
W
A
s.2
l.1
s.3
u.1
l.3
u.3
h.1
k.3
h.2
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3
w.1c.2
n.1n.3
w.2
l.2
K
c.1
k.2
h.3
dh.4
s.1e f
n.2
HTraces• d - h.4 - l.3 - s.2 - e• d - h.4 - a.3 - w.3 - n.3 - f• e - s.1 - l.1 - h.1 - d• e - s.1 - u.1 - k.1 - c.1 - n.1 - f• f - n.2 - c.2 - k.2 - h.2 - d• f - n.2 - c.2 - k.2 - u.2 - s.3 - e
IP Alias ResolutionProblem
35
IP Alias ResolutionProblem
U K C N
L H A W
S
d
e
fSampled network
Sample map without alias resolution
s.3
s.1
s.2
l.3
l.1
u.1
u.2
k.1 c.1 n.1
n.2k.2 c.2
w.3a.3
h.2
h.4
h.1
e
d
f
n.3
Traces• d - h.4 - l.3 - s.2 - e• d - h.4 - a.3 - w.3 - n.3 - f• e - s.1 - l.1 - h.1 - d• e - s.1 - u.1 - k.1 - c.1 - n.1 - f• f - n.2 - c.2 - k.2 - h.2 - d• f - n.2 - c.2 - k.2 - u.2 - s.3 - e
36
Genuine Subnet ResolutionProblem
Alias resolution• IP addresses that belong to the same router
Subnet resolution• IP addresses that are connected over the same medium
IP2 IP3
IP4IP1
IP6 IP5
IP2 IP3
IP1
IP2 IP3
IP1