Locating hosts by TULIP (Trilateration Utility for Locating IP hosts)

of 17 /17
Locating hosts by TULIP (Trilateration Utility for Locating IP hosts) Prepared by: Les Cottrell SLAC , Faran Javed NIIT , Shahryar Khan NIIT ,Umar Kalim NIIT Internet2 fall members meeting San Diego, October 2007 http://www.slac.stanford.edu/grp/scs/net/talk07/i2mmfall07.ppt

Embed Size (px)

description

Locating hosts by TULIP (Trilateration Utility for Locating IP hosts). Prepared by: Les Cottrell SLAC , Faran Javed NIIT , Shahryar Khan NIIT ,Umar Kalim NIIT Internet2 fall members meeting San Diego, October 2007. http://www.slac.stanford.edu/grp/scs/net/talk07/i2mmfall07.ppt. Purpose. - PowerPoint PPT Presentation

Transcript of Locating hosts by TULIP (Trilateration Utility for Locating IP hosts)

  • Locating hosts by TULIP (Trilateration Utility for Locating IP hosts)Prepared by: Les CottrellSLAC,Faran JavedNIIT, Shahryar KhanNIIT,Umar KalimNIITInternet2 fall members meeting San Diego, October 2007http://www.slac.stanford.edu/grp/scs/net/talk07/i2mmfall07.ppt

  • PurposeGeo locate a host given its name or addressUses ping (RTT) measurements from landmarks landmarks at known locations worldwideRTT roughly proportional to distance in many casesDistance (km) = alpha * RTT (ms)Velocity light in fibre ~ 0.6c or 1ms for 100km.Use min RTT to reduce effect of queueingUsing distance from RTT, triangulate to get lat/long

  • GoalsPlatform agnostic (Java & Perl (CGI))Open, non-proprietary (cf. Traceware, Edgescape)Minimize security concernsInclude developing regionsSustainable robust serviceMinimize manual effort (keep databases current)Provide an API to enable other applicationsWe also wanted to verify the locations of the hosts in the PingER database.

  • Uses of Locating HostsChoose content to send (e.g. language, local store)Security: pin-point suspicious hostsWhere to get replicated service (e.g. Grid)Information for maps (e.g. visualroute)Efficiency of routingFor Digital Divide & world-wide collaborations

  • How to get the locationDatabase (e.g. DNS, whois, Geo IP tools)Hard to keep up, may require subscription, maybe inaccurate, out-of-date or incompleteTraceroute and heuristics on names (Visual traceroute)RTTs (e.g. Octant from Cornell, Constraint based Geolocation from Belgium/Boston U)Neither are active any more (student projects pointing the way?)They are complementary Each has own strengths and weaknessesCould/should be used together to validate each other and make corrections.

  • Simple Methodology (1)Client loads (Java Webstart), runs Java applet gets target from userClient requests Reflector to get pings to targetReflector requests Landmarks to ping target,ReflectorLandmarksClientTargetPing target(web server running CGI script)

  • Simple Methodology (2)Client analyses data,

    Reflector send RTTs back to ClientLandmarks send results back to ReflectorReflectorLandmarksClientTargetPing target(web server running CGI script)visualizes and provides to user

  • LandmarksWant good geographical coverage for world.Need to be reliable, answerNo connection, timeouts, 100%loss (24 excellent PlanetLabs)Respond quicklyNot satellite connectionNot a proxyPlanetLab ~ 150 landmarksMainly in N. America and EuropeSLAC/PingER reverse traceroute servers~ 60, but more diverse, see www.slac.stanford.edu/comp/net/wan-mon/traceroute-srv.html

  • Security (lots of concerns)Can be used for DoS attacks against a targetLooks like a potential scan of the target vs many hostsTarget ICMP replies to a large number of hostsCGI scripts (Perl) needs to be well vetted for holesAbility to discover & then blackhole abusersOnly one TULIP client per hostLandmarks and reflector both limit the number of running requestsCentralized logging of all requests and results, plus analysis Look for anomaliesAlso discovers what landmarks are failing, who is requestingPossible privacy problems if locate a persons host accurately (could add fuzz)

  • ProblemsGeostationary satellite connections 24Kmiles => RTT >370ms, heavily used in C. Asia and AfricaIP name refers to multiple hosts (e.g. Google, Akamai, root name servers) in many locationsHosts move, have proxies etc.Indirect routing so RTT !~ distanceE. Asia vs. Australia seen from USSecurity concernsDuration for measurements (50 seconds to complete, results start arriving earlier)Optimizing # of parallel requests from reflector, timeouts, tiering, remove poor landmarksOptimizing alpha in distance (km) = alpha * RTT (ms).Optimizing the choice of tier 0 landmarks, reliable & at edges, want very few, yet few false positives or mistakes N. America: SLAC/CA, BNL/NY, AMPATH/FL, TRIUMF/CA(Vancouver), Winnipeg/CA, Houston, Saint Louis, ChicagoEurope: CERN/CH, ICTP/IT, DL/UK

  • Demo of early versionwww.slac.stanford.edu/comp/net/wan-mon/tulip2 sets of landmarks: PlanetLabs & SLAC/PingER typeEnter host name or address & Locate SiteRaw results in Ping Results windowVisualize results in map

  • Evaluation of early versionUse ~600 PingER hosts with known lat/longHosts in over 130 countriesAlso validates PingER data

    50% accurate to within 200 km, 70% within 1000kmOuch, not very successful, worse with RTTNeed landmarks close to targets

  • ImprovementsAdd more landmarks for better coverage: PlanetLab & more SLAC landmark deployment (especially in developing world)Understand outliers, correct PingER dB

    Outliers:Multi-homed, e.g. yahoo, root servers, Move: e.g. supercompNot at site of ASN: e.g. 134.79 SLAC host in ArizonaIndirect routing: SFO-LA-SEA-VICAlpha = 48.54 RTT/Dist (km/ms)

  • Look at AlphaSet alpha to right value to get correct distance from RTT and look at distributionsDone for major US to N. America & major Europe to Europe sites

  • In progressHave stable version 1 www.slac.stanford.edu/comp/net/wan-mon/tulip/Adding:More landmark, filter out non-working instancesIntegrate PlanetLabs & other landmark databasesImproved map visualization and zoomOptimizing timing parameters (parallel streams, timeouts, landmark choices, alpha )Faster landmark responseGeoIP Tool estimateshttp://www.geoiptool.com/TieringRedo evaluation, compare with other methods

  • TieringWant to reduce the traffic hitting a targetFirst find region target is in (tier 0 search)Use few best landmarks in regionHighly responsive, at edges of regionDetermine most likely region (N. America, Europe, the rest)Then if client wants more detail use all landmarks in region to pin-point targetTake 1/10 time for tier 0s vs all for N. America

  • More information/QuestionsAcknowledgements:PlanetLab, SLAC reverse tracroute servers hosted in Africa, E. Asia, Latin America, Middle East, Russia, S. AsiaTULIP Home Page:http://www.slac.stanford.edu/comp/net/wan-mon/tulip/PingER (driving reason for tool)www-iepm.slac.stanford.edu/pinger, TULIP 1st Prize at All Asia Softec 2007http://www.niit.edu.pk/press/pages/releases/tulip.php

    This talk will define the Digital Divide, show why it matters, and then go on to show how we can measure it in terms of Internet performance. Results from the measurements will show worldwide improvement trends in round trip times as links move from satellite to terrestrial, throughput as the speed of links improve, losses and reachability as robustness is increased. Comparing the performance for developed vs. developing regions will show which regions are catching up, keeping up, or falling further behind, and how well the Internet performance correlates with UN and ITU development indices. We will close out with some results from case studies on Africa and South Asia.