1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.

Slides:

Advertisements

Similar presentations

Locating Prefix Hijackers using LOCK Tongqing Qiu +, Lusheng Ji *, Dan Pei * Jia Wang *, Jun (Jim) Xu +, Hitesh Ballani ++ + College of Computing, Georgia.

Advertisements

BGP route propagation between neighboring domains Renata Teixeira Laboratoire LIP6 – CNRS University Pierre et Marie Curie – Paris 6 with Steve Uhlig (Delft.

Martin Suchara in collaboration with I. Avramopoulos and J. Rexford How Small Groups Can Secure Interdomain Routing.

Consensus Routing: The Internet as a Distributed System John P. John, Ethan Katz-Bassett, Arvind Krishnamurthy, and Thomas Anderson Presented.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.

Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.

1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.

Traffic Engineering With Traditional IP Routing Protocols

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.

Analysis of BGP Routing Tables

Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

02/06/2006ecs236 winter Intrusion Detection ecs236 Winter 2006: Intrusion Detection #4: Anomaly Detection for Internet Routing Dr. S. Felix Wu Computer.

Graphs and Topology Yao Zhao. Background of Graph A graph is a pair G =(V,E) –Undirected graph and directed graph –Weighted graph and unweighted graph.

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Ningning HuCarnegie Mellon University1 A Measurement Study of Internet Bottlenecks Ningning Hu (CMU) Joint work with Li Erran Li (Bell Lab) Zhuoqing Morley.

Root cause analysis of BGP routing dynamics Matt Caesar, Lakshmi Subramanian, Randy H. Katz.

2003/11/051 The Temporal and Topological Characteristics of BGP Path Changes Di-Fa Chang Ramesh Govindan John Heidemann USC/Information Sciences Institute.

University of Massachusetts, Amherst 1 On the Evaluation of AS Relationship Inferences Jianhong Xia and Lixin Gao Department of Electrical and Computer.

Scalable Construction of Resilient Overlays using Topology Information Mukund Seshadri Dr. Randy Katz.

1 Network Topology Measurement Yang Chen CS 8803.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

Yaping Zhu with: Jennifer Rexford (Princeton University) Subhabrata Sen and Aman Shaikh (AT&T Labs-Research) Impact of Prefix-Match.

1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.

INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION  Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University.

A LIGHT-WEIGHT DISTRIBUTED SCHEME FOR DETECTING IP PREFIX HIJACKS IN REAL TIME Changxi Zheng, Lusheng Ji, Dan Pei, Jia Wang and Paul Francis. Cornell University,

1 Meeyoung Cha, Sue Moon, Chong-Dae Park Aman Shaikh Placing Relay Nodes for Intra-Domain Path Diversity To appear in IEEE INFOCOM 2006.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

Path Stitching: Internet-Wide Path and Delay Estimation from Existing Measurements DK Lee, Keon Jang, Changhyun Lee, Sue Moon, Gianluca Iannaccone* ASIAFI.

Impact of Prefix Hijacking on Payments of Providers Pradeep Bangera and Sergey Gorinsky Institute IMDEA Networks, Madrid, Spain Developing the Science.

Real-Time BGP Data Access 1 Mikhail Strizhov Colorado State University.

Quantifying the Causes of Path Inflation Neil Spring, Ratul Mahajan, and Thomas Anderson Presented by Luv Kohli COMP November 24, 2003.

9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.

1 Controlling IP Spoofing via Inter-Domain Packet Filters Zhenhai Duan Department of Computer Science Florida State University.

1 On the Placement of Web Server Replicas Lili Qiu, Microsoft Research Venkata N. Padmanabhan, Microsoft Research Geoffrey M. Voelker, UCSD IEEE INFOCOM’2001,

Issues with Inferring Internet Topological Attributes Lisa Amini ab, Anees Shaikh a, Henning Schulzrinne b a IBM T.J. Watson Research Center b Columbia.

On AS-Level Path Inference Jia Wang (AT&T Labs Research) Joint work with Z. Morley Mao (University of Michigan, Ann Arbor) Lili Qiu (University of Texas,

Reducing Transient Disconnectivity using Anomaly-Cognizant Forwarding Andrey Ermolinskiy, Scott Shenker University of California – Berkeley and ICSI.

Advanced Networking Lab. Given two IP addresses, the estimation algorithm for the path and latency between them is as follows: Step 1: Map IP addresses.

HAIR: Hierarchical Architecture for Internet Routing Anja Feldmann TU-Berlin / Deutsche Telekom Laboratories Randy Bush, Luca Cittadini, Olaf Maennel,

Aditya Akella The Performance Benefits of Multihoming Aditya Akella CMU With Bruce Maggs, Srini Seshan, Anees Shaikh and Ramesh Sitaraman.

TDTS21: Advanced Networking Lecture 7: Internet topology Based on slides from P. Gill and D. Choffnes Revised 2015 by N. Carlsson.

1 On the Placement of Web Server Replicas Lili Qiu, Microsoft Research Venkata N. Padmanabhan, Microsoft Research Geoffrey M. Voelker, UCSD IEEE INFOCOM’2001,

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

A comparison of overlay routing and multihoming route control Hayoung OH

A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,

A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡

1 Quantifying Path Exploration in the Internet Ricardo Oliveira, Rafit Izhak-Ratzin, Lixia Zhang, UCLA Beichuan Zhang, UArizona Dan Pei, AT&T Labs -- Research.

1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

02/01/2006USC/ISI1 Updates on Routing Experiments Cyber DEfense Technology Experimental Research (DETER) Network Evaluation Methods for Internet Security.

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

Low-Rate TCP-Targeted DoS Attack Disrupts Internet Routing Ying Zhang Z. Morley Mao Jia Wang Presented in NDSS07 Prepared by : Hale Ismet.

CSE534- Fundamentals of Computer Networking Lecture 12-13: Internet Connectivity + IXPs (The Underbelly of the Internet) Based on slides by D. Choffnes.

1 Agenda for Today’s Lecture The rationale for BGP’s design –What is interdomain routing and why do we need it? –Why does BGP look the way it does? How.

Has the Internet Delay Gotten Better or Worse? Universidad Carlos III de Madrid DK Lee, Keon Jang, Changhyun Lee, Gianluca Iannaccone, Kenjiro.

A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,

1 Effective Diagnosis of Routing Disruptions from End Systems Ying Zhang Z. Morley Mao Ming Zhang.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

Placing Relay Nodes for Intra-Domain Path Diversity Meeyoung Cha Sue Moon Chong-Dae Park Aman Shaikh Proc. of IEEE INFOCOM 2006 Speaker 游鎮鴻.

Border Gateway Protocol BGP-4 BGP environment How BGP works BGP information BGP administration.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

1 Relates to Lab 4. This module covers link state routing and the Open Shortest Path First (OSPF) routing protocol. Dynamic Routing Protocols II OSPF.

Dynamic Routing Protocols II OSPF

COMP 3270 Computer Networks

Stable and Practical AS Relationship Inference with ProbLink

Presentation transcript:

1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University # Carnegie Mellon and Akamai Technologies ^

Internet route monitoring systems  Monitor the Internet routing system  Establish passive, default-free BGP sessions with many networks  Collect real-time BGP updates and periodic table snapshots  Discover dynamic changes (e.g., misconfigs, routing attacks)  Example public systems: RouteViews and RIPE 2 AS 7018 AS 3561 AS 174 Internet AS 701 AS 1239 Route monitor Prefix /24 “I can reach /24” via AE “I can reach /24” via DE

Limited coverage  Coverage and representativeness  Only monitor a subset of ASes in the Internet  Only monitor at most one router in each AS  Difficulties in obtaining full coverage  Scalability and privacy concerns 3 AS 7018 AS 3561 AS 174 Internet AS 701 AS 1239 Route monitor AS 237AS 105 “I can reach /24” via CDG “I can reach /24” via CFG

Limited visibility on IP Hijacking detection  The accuracy of detection depends on route monitor systems’ visibility  Example problems caused by limited visibility  IP prefix hijacking: ASG hijacks ASE’s prefix  Missed The route monitor system does not cover polluted ASes 4 AS 7018 AS 3561 AS 174 AS 701 AS 1239 Route monitor AS 237AS 105 Path[p] = ABE Path[p] = BE Path[p] = CE Path[p] = DE Path[p] = GDE Path[p] = FGDE Hijack: Path[p] = G Path[p] = AG Path[p] = BE Path[p] = CE Path[p] = DE Path[p] = G Path[p] = FG Path[p] = E Prefix p Prefix p’s origin AS is E Prefix p’s origin AS has changed to be G

Motivation  Many research studies rely on BGP data from public route monitors:  Network topology discovery, AS relationship inference, AS level path prediction, etc.  The limitation of coverage and representativeness of the monitors is critical to their results.  Obtaining full coverage is difficult in practice.  Understanding limitation can assist improved route monitor placement. 5

Outline  Motivation  Methodology  Discovery of static network properties  Discovery of dynamic network properties  Inference of network properties 6

Methodology  Data collection  Public BGP monitoring vantage points: RouteViews and RIPE  Private peering vantage points: 200 distinct ASes  Comparison across different combinations of vantage points  Monitor selection schemes  Random: select monitor nodes randomly  Degree based: select the node with largest degree  Greedy: select the node with largest unobserved links  Address block based: select the node originating largest IP addresses 7

Outline  Motivation  Methodology  Discovery of static network properties  Discovery of dynamic network properties  Inference of network properties 8

Static network properties  Network topology discovery  IP prefix to origin AS mappings  Identifying stub AS and its providers  Multi-homed ASes  Observed AS paths 9

Network topology discovery  The number of observed AS level links  Greedy based selection performs best 10

Multi-homed ASes discovery  Discover multi-homed ASes to understand edge network resilience  Greedy based scheme performs best: additional discovered links help discover multi-homed stub ASes 11

Outline  Motivation  Methodology  Discovery of static network properties  Discovery of dynamic network properties  Inference of network properties 12

Dynamic network properties  Routing instability monitoring  Number of routing updates observed  IP prefix hijacking detection  The visibility of inconsistent origin ASes across routing updates 13

Routing instability monitoring 14  Fraction of BGP routing events observed by the set of vantage points  Huge difference between random and other three: core networks are more likely to observe network instabilities

IP Prefix hijacking detection  Detected hijacking: as long as one vantage point can observe hijacked routes  Greedy based scheme performs slightly better 15 With 10 vantage points deployed, 0.35% of all possible attacker- victim pairs can evade detection

Outline  Motivation  Methodology  Discovery of static network properties  Discovery of dynamic network properties  Inference of network properties 16

Inference of network properties  AS relationship inference  Commonly used Gao’s degree-based relationship inference [Gao00]  AS-level path prediction  AS-relationship based profit-driven AS path inference [Mao05]  AS-relationship-independent path prediction [Muhlbauer06] 17

AS relationship inference and path prediction  Accuracy: comparing the predicted paths with the observed paths  More vantage points may not increase the accuracy 18

AS relationship inference and path prediction – further explanation  More vantage points may not increase the accuracy  It may be due to nature of the degree-based relationship inference  We study the changes of the top degree node per path  More vantage points do not consistently improve the estimation of the top degree nodes 19

Conclusion  Examined the route monitor placement impact on various applications  Evaluated four simple placement schemes  Demonstrated the limitation of studies relying on the existing monitoring system  Future work: develop a better placement technique. 20

Thank you! Questions? 21

AS relationship-independent path prediction  Recent proposed path prediction algorithm not relying on AS relationships  Matched percentage of unobserved does not increase with more monitors 22