Locating hosts by TULIP (Trilateration Utility for Locating IP

hosts)Prepared by: Les CottrellSLAC,

Faran JavedNIIT, Shahryar KhanNIIT,Umar KalimNIIT

Internet2 fall members meeting San Diego, October 2007

http://www.slac.stanford.edu/grp/scs/net/talk07/i2mmfall07.ppt

Purpose• Geo locate a host given its name or address

• Uses ping (RTT) measurements from landmarks– landmarks at known locations worldwide– RTT roughly proportional to distance in many cases

• Distance (km) = alpha * RTT (ms)– Velocity light in fibre ~ 0.6c or 1ms for 100km.

– Use min RTT to reduce effect of queueing

• Using distance from RTT, triangulate to get lat/long

Goals• Platform agnostic (Java & Perl (CGI))

• Open, non-proprietary (cf. Traceware, Edgescape)

• Minimize security concerns

• Include developing regions

• Sustainable robust service

• Minimize manual effort (keep databases current)

• Provide an API to enable other applications

• We also wanted to verify the locations of the hosts in the PingER database.

Uses of Locating Hosts• Choose content to send (e.g. language, local store)

• Security: pin-point suspicious hosts

• Where to get replicated service (e.g. Grid)

• Information for maps (e.g. visualroute)

• Efficiency of routing

• For Digital Divide & world-wide collaborations

How to get the location• Database (e.g. DNS, whois, Geo IP tools)

– Hard to keep up, may require subscription, maybe inaccurate, out-of-date or incomplete

• Traceroute and heuristics on names (Visual traceroute)• RTTs (e.g. Octant from Cornell, Constraint based

Geolocation from Belgium/Boston U)– Neither are active any more (student projects pointing the way?)

• They are complementary – Each has own strengths and weaknesses– Could/should be used together to validate each other

and make corrections.

Simple Methodology (1)Client loads (Java Webstart), runs Java applet gets target

from user

Client requests Reflector to get pings to target

Reflector requests Landmarks to ping target,

Reflector

Landmarks

Client

Target

Ping target

(web server running CGI script)

Simple Methodology (2)Client analyses data,

Reflector send RTTs back to Client

Landmarks send results back to Reflector

Reflector

Landmarks

Client

Target

Ping target

(web server running CGI script)

visualizes and

provides to user

Landmarks• Want good geographical coverage for world.• Need to be reliable, answer

– No connection, timeouts, 100%loss (24 excellent PlanetLabs)– Respond quickly

• Not satellite connection• Not a proxy

PlanetLab ~ 150 landmarksMainly in N. America and Europe

SLAC/PingER reverse traceroute servers~ 60, but more diverse, see

www.slac.stanford.edu/comp/net/wan-mon/traceroute-srv.html

Security (lots of concerns)• Can be used for DoS attacks against a target• Looks like a potential scan of the target vs many hosts

– Target ICMP replies to a large number of hosts• CGI scripts (Perl) needs to be well vetted for holes• Ability to discover & then blackhole abusers• Only one TULIP client per host• Landmarks and reflector both limit the number of running

requests• Centralized logging of all requests and results, plus

analysis – Look for anomalies– Also discovers what landmarks are failing, who is requesting

• Possible privacy problems if locate a person’s host accurately (could add fuzz)

Problems• Geostationary satellite connections

– 24Kmiles => RTT >370ms, heavily used in C. Asia and Africa• IP name refers to multiple hosts (e.g. Google, Akamai, root name

servers) in many locations• Hosts move, have proxies etc.• Indirect routing so RTT !~ distance

– E. Asia vs. Australia seen from US• Security concerns• Duration for measurements (50 seconds to complete, results start

arriving earlier)– Optimizing # of parallel requests from reflector, timeouts, tiering, remove poor

landmarks• Optimizing alpha in distance (km) = alpha * RTT (ms).• Optimizing the choice of tier 0 landmarks, reliable & at edges, want

very few, yet few false positives or mistakes – N. America: SLAC/CA, BNL/NY, AMPATH/FL, TRIUMF/CA(Vancouver),

Winnipeg/CA, Houston, Saint Louis, Chicago– Europe: CERN/CH, ICTP/IT, DL/UK

Demo of early version• www.slac.stanford.edu/comp/net/wan-mon/tulip

– 2 sets of landmarks: PlanetLabs & SLAC/PingER type– Enter host name or address & Locate Site– Raw results in Ping Results window– Visualize results in map

Evaluation of early version• Use ~600 PingER hosts with “known” lat/long

– Hosts in over 130 countries– Also validates PingER data

• 50% accurate to within 200 km, 70% within 1000km

• Ouch, not very successful, worse with RTT

Need landmarks close to targets

Improvements• Add more landmarks for better coverage: PlanetLab &

more SLAC landmark deployment – (especially in developing world)

• Understand outliers, correct PingER dB

Outliers:Multi-homed, e.g. yahoo, root servers, Move: e.g. supercompNot at site of ASN: e.g. 134.79 SLAC host in ArizonaIndirect routing: SFO-LA-SEA-VIC

Alpha = 48.54 RTT/Dist (km/ms)

Look at Alpha• Set alpha to right value to get

correct distance from RTT and look at distributions

• Done for major US to N. America & major Europe to Europe sites

In progress• Have stable version 1

– www.slac.stanford.edu/comp/net/wan-mon/tulip/

• Adding:– More landmark, filter out non-working instances– Integrate PlanetLabs & other landmark databases– Improved map visualization and zoom– Optimizing timing parameters (parallel streams, timeouts,

landmark choices, alpha …)– Faster landmark response– GeoIP Tool estimates

• http://www.geoiptool.com/

– Tiering

• Redo evaluation, compare with other methods

Tiering• Want to reduce the traffic hitting a target• First find region target is in (tier 0 search)

– Use few best landmarks in region• Highly responsive, at edges of region

– Determine most likely region (N. America, Europe, the rest)

• Then if client wants more detail use all landmarks in region to pin-point target

• Take 1/10 time for tier 0s vs all for N. America

More information/Questions• Acknowledgements:

– PlanetLab, SLAC reverse tracroute servers hosted in Africa, E. Asia, Latin America, Middle East, Russia, S. Asia

• TULIP Home Page:– http://www.slac.stanford.edu/comp/net/wan-mon/tulip/

• PingER (driving reason for tool)– www-iepm.slac.stanford.edu/pinger,

• TULIP 1st Prize at All Asia Softec 2007– http://www.niit.edu.pk/press/pages/releases/tulip.php