Measured Impact of Crooked Traceroute

Slides:



Advertisements
Similar presentations
University of Nevada, Reno Router-level Internet Topology Mapping CS790 Presentation Modified from Dr. Gunes slides by Talha OZ.
Advertisements

Measurement: Techniques, Strategies, and Pitfalls Nick Feamster CS 7260 February 7, 2007.
Measuring the Deployment of IPv6: Topology, Routing, and Performance Amogh Dhamdhere, Matthew Luckie, Bradley Huffaker, kc claffy (CAIDA / UC San Diego)
SOFTWARE TESTING. INTRODUCTION  Software Testing is the process of executing a program or system with the intent of finding errors.  It involves any.
User-level Internet Path Diagnosis Ratul Mahajan, Neil Spring, David Wetherall and Thomas Anderson Designed by Yao Zhao.
Geometry of large networks (computer science perspective) Dmitri Krioukov (CAIDA/UCSD) AIM, November 2011.
1 Internet Path Inflation Xenofontas Dimitropoulos.
Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Detecting Traffic Differentiation in Backbone ISPs with NetPolice Ying Zhang Zhuoqing Morley Mao Ming Zhang.
Internet Topology Mapping
Router-level Internet Topology Mapping By Talha OZ.
1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.
Delayed Internet Routing Convergence Craig Labovitz, Abha Ahuja, Abhijit Bose, Farham Jahanian Presented By Harpal Singh Bassali.
Heuristics for Internet Map Discovery Ramesh Govindan USC/Information Sciences Institute Joint work with Hongsuda Tangmunarunkit.
Measurement in the Internet. Outline Internet topology Bandwidth estimation Tomography Workload characterization Routing dynamics.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
Heuristics for Internet Map Discovery R. Govindan, H. Tangmunarunkit Presented by Zach Schneirov.
1 Computer Networks Routing Algorithms. 2 IP Packet Delivery Two Processes are required to accomplish IP packet delivery: –Routing discovering and selecting.
Measuring ISP topologies with Rocketfuel Ratul Mahajan Neil Spring David Wetherall University of Washington ACM SIGCOMM 2002.
1 Network Topology Measurement Yang Chen CS 8803.
PALMTREE M. Engin TozalKamil Sarac The University of Texas at Dallas.
1 Studying Black Holes on the Internet with Hubble Ethan Katz-Bassett, Harsha V. Madhyastha, John P. John, Arvind Krishnamurthy, David Wetherall, Thomas.
INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION  Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University.
1 Meeyoung Cha (KAIST) Sue Moon (KAIST) Chong-Dae Park (KAIST) Aman Shaikh (AT&T Labs – Research) IEEE INFOCOM 2005 Poster Session Positioning Relay Nodes.
TRACENET M.Engin TozalKamil Sarac The University of Texas at Dallas.
1 Meeyoung Cha, Sue Moon, Chong-Dae Park Aman Shaikh Placing Relay Nodes for Intra-Domain Path Diversity To appear in IEEE INFOCOM 2006.
Measuring ISP Toplogies with Rocketfuel Neil Spring, Ratul Mahajan, and David Wetherall Presented By: David Deschenes March 25, 2003.
BGP ANYCAST Simulations Using GTNetS (work in progress) Talal Jaafar Georgia Tech & CAIDA.
Quantifying the Causes of Path Inflation Neil Spring, Ratul Mahajan, and Thomas Anderson Presented by Luv Kohli COMP November 24, 2003.
Tony McGregor RIPE NCC Visiting Researcher The University of Waikato Optimising Path Discovery Doubletree.
Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
VeriFlow: Verifying Network-Wide Invariants in Real Time
Issues with Inferring Internet Topological Attributes Lisa Amini ab, Anees Shaikh a, Henning Schulzrinne b a IBM T.J. Watson Research Center b Columbia.
1 Week 5 Lecture 2 IP Layer. 2 Network layer functions transport packet from sending to receiving hosts transport packet from sending to receiving hosts.
A Measurement Study on the Impact of Routing Events on End-to-End Internet Path Performance Feng Wang 1, Zhuoqing Morley Mao 2 Jia Wang 3, Lixin Gao 1,
How DNS Misnaming Distorts Internet Topology Mapping Ming Zhang, Microsoft Research Yaoping Ruan, IBM Research Vivek Pai, Jennifer Rexford, Princeton University.
Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno.
A Light-Weight Distributed Scheme for Detecting IP Prefix Hijacks in Real-Time Lusheng Ji†, Joint work with Changxi Zheng‡, Dan Pei†, Jia Wang†, Paul Francis‡
Detection of Routing Loops and Analysis of Its Causes Sue Moon Dept. of Computer Science KAIST Joint work with Urs Hengartner, Ashwin Sridharan, Richard.
1 Quantifying Path Exploration in the Internet Ricardo Oliveira, Rafit Izhak-Ratzin, Lixia Zhang, UCLA Beichuan Zhang, UArizona Dan Pei, AT&T Labs -- Research.
1 A Framework for Measuring and Predicting the Impact of Routing Changes Ying Zhang Z. Morley Mao Jia Wang.
N. Hu (CMU)L. Li (Bell labs) Z. M. Mao. (U. Michigan) P. Steenkiste (CMU) J. Wang (AT&T) Infocom 2005 Presented By Mohammad Malli PhD student seminar Planete.
Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.
Presentation by Michael Smathers, Usman Jafarey CS395/495 IMRE, April 24, 2006 PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area.
Transport Layer3-1 Network Layer Every man dies. Not every man really lives.
1 Effective Diagnosis of Routing Disruptions from End Systems Ying Zhang Z. Morley Mao Ming Zhang.
Inferring AS Relationships. The Problem  One view  AS relationships  BGP route tables  The other view  BGP route tables  AS relationships  Available.
ISMA 2011 AIMS-3 Workshop on Active Internet Measurements Workshop Summary Mehmet Burak Akgun February 9-11, 2011 UCSD, La Jolla, CA.
Placing Relay Nodes for Intra-Domain Path Diversity Meeyoung Cha Sue Moon Chong-Dae Park Aman Shaikh Proc. of IEEE INFOCOM 2006 Speaker 游鎮鴻.
1 On the Impact of Route Monitor Selection Ying Zhang* Zheng Zhang # Z. Morley Mao* Y. Charlie Hu # Bruce M. Maggs ^ University of Michigan* Purdue University.
PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton.
Comparative Analysis of Internet Topology Data Sets
Software Testing.
Avoiding traceroute anomalies with Paris Traceroute
Network Tools and Utilities
Comparative Analysis of Internet Topology Data Sets
Improved Algorithms for Network Topology Discovery
Routing and Routing Protocols: Routing Static
Introduction to Networking
Detection of Routing Loops and Analysis of Its Causes
RESOLVING IP ALIASES USING DISTRIBUTED SYSTEMS
Routing and Routing Protocols: Routing Static
IP Traceback Problem: How do we determine where malicious packet came from ? It’s a problem because attacker can spoof source IP address If we know where.
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Measuring Load-Balanced Paths in the Internet
Multipath tracing with Paris Traceroute
Lecture 26: Internet Topology CS 765: Complex Networks.
COMPUTER NETWORKS CS610 Lecture-29 Hammad Khalid Khan.
An Empirical Evaluation of Wide-Area Internet Bottlenecks
Stable and Practical AS Relationship Inference with ProbLink
Presentation transcript:

Measured Impact of Crooked Traceroute Matthew Luckie, David Murrell (Univ. of Waikato) Amogh Dhamdhere, kc Claffy (CAIDA/UCSD)

Measured Impact of Crooked Traceroute - AIMS 2011 The Problem Traceroute-based algorithms are critical to macroscopic topology collection efforts Until recently, such algorithms ignored the effects of per-flow load balancing Classic traceroute + per-flow load balancing: Inference of false loops -- Augustin et al. IMC ’06 Lower destination reachability -- Luckie et al. IMC ’08 Inference of false links 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 The Problem Classic traceroute: probes toward a destination can take different paths Augustin et al. IMC’07: 39% of paths have at least one per-flow load-balancer We try to quantify false link inference rate Can’t go back and fix pre-2006 data 1 A C 1 1 2 X Y 2 1 B D 1 1 X0 A0 D0 Y0 X0 B0 C0 Y0 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 Terminology Artifact links: links that are inferred by classic traceroute but not actually traversed by packets in flows Artifact links would not be inferred with a traceroute algorithm that enumerates per-flow load-balanced paths toward the destination, e.g., MDA traceroute An artifact link is not necessarily false! False links: Artifact links which we believe to not exist in the topology 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 X Interface graph With load balancing at X, A, and B, MDA traceroute would see this graph A B C D E F Y 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Inferred using classic traceroute Interface graph Inferred using classic traceroute X A B C D E F A-E is an artifact of classic traceroute Y 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

revealed using classic traceroute X X A B A,B Y C D E F C D E F Y A-E does not introduce a false link if A+B are aliases in the router topology Interface graph revealed using classic traceroute 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

revealed using classic traceroute X Y A E B C D F X C,E Y D,F A B A-E does not introduce a false link if C+E are aliases in the router topology Interface graph revealed using classic traceroute 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

revealed using classic traceroute X Y A E B C D F X C,D Y E,F A B Interface graph revealed using classic traceroute A-E could introduce a false link in this router topology 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Not all load balancing could produce an artifact  X X C A B Y D A B  X Y A B C D E F  Y 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 Methodology 22 ark monitors, each probing a list of 16189 addresses Derived from BGP data from Routeviews in Sept 2010 Identify artifact links in classic traceroute data MDA to infer all possible links towards a destination to 99% confidence Artifact links appear in the output of classic traceroute but not in MDA traceroute Determine if the artifact could introduce a false router link 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Identifying False Links Use Ally and Mercator to check for aliases If (A,B) or (E,C) or (E,D) are aliases, then the artifact link is not false (classification: valid) If (A, B, C, D, E) all exhibit incrementing IPID but no alias is found, the artifact could be a false link Otherwise artifact is unclassified. Assumption (validated) is that IPID-based alias resolution can determine whether or not two IP addresses are aliases if incrementing IPID values are observed. A E B C D F 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 Routing Changes To guard against false positives as a result of path changes, we use the following procedure Initial Paris traceroute Classic traceroute MDA traceroute to 99% confidence Final Paris traceroute Infer stable routing if neither Paris trace infers a link not also seen with MDA 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 Summary of Results Total IP-level links ICMP UDP Classic 427,211 413,040 Paris 422,130 398,179 MDA 455,965 462,762 Artifact links 13,313 32,233 Fraction of classic links 3.12% 7.8% Inferred valid 45.9% 38.6% Inferred false 24.3% 34.7% Unclassified 29.9% 26.7% False Links 3,230 11,179 0.76% 2.71% 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 False AS links Traceroute is often used to infer AS-level connectivity Using prefix-AS mapping on each interface False router links in classic traceroute can cause false AS links 26733 AS links in UDP-based graph, 28591 in ICMP graph 58 false AS links in UDP, 23 in ICMP 3 AS links (UDP) and 2 AS links (ICMP) were found in UCLA’s BGP AS topology 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

ISP-level Impact of False Links We found small impact of false links on macroscopic topology But what about mapping specific ISPs? Obtained ground truth from tier-1 ISP: 1986 routers, and set of interfaces on each router Probed prefixes in ISP’s customer cone from 265 Planetlab sites Observed interfaces from ~45% of ISP’s routers, ~1400 links with Paris traceroute, ~4000 with Classic 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

ISP Router Degree Distribution UDP-Classic makes the ISP appear to have much richer connectivity Router degrees inflated by a median factor of 2.9 in UDP-Classic vs UDP-Paris 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

ISP PoP-level Path Diversity We map routers to PoPs using geographic information We compute the number of edge and node-disjoint paths between each pair of PoPs UDP-Classic overestimates path diversity 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 Summary Quantified the impact of classic traceroute + per-flow load balancing Macroscopic topology: small impact 0.76% of links in classic ICMP traceroute are invalid 2.71% of links in classic UDP traceroute are invalid Classic ICMP-echo approach not as affected by per-flow load balancers as UDP ISP mapping: larger impact Classic traceroute overestimates router degrees (median factor 2.9), PoP level path diversity 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Measured Impact of Crooked Traceroute - AIMS 2011 Thanks! Questions? www.caida.org/~amogh/crooked-CCR10.pdf 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Artifact link impact: analytical alias resolution Analytical alias resolution rule: two addresses in a traceroute path can’t be aliases if there are no loops. X X C Y Y D 1 A C B 1 10-15% of false links are of this form Y D 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Validating use of Ally technique to classify artifact links Use ping –R and ICMP-Paris traceroute towards destination RR IP address usually from egress interface ICMP time-exceeded IP address usually from ingress interface Infer addresses used in a sequence of /30 subnets Identify ICMP/TCP/UDP IP-ID behaviour for each Resolve for aliases using Ally for pairs of addresses with incrementing IPID values. RR a.b.c.5 d.e.f.86 g.h.i.194 traceroute a.b.c.6 d.e.f.85 g.h.i.193 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Validating use of Ally technique: results 22 ark monitors, 26,510 pairs of likely /30 aliases tested Classification obtained for 20,762 (78%) Others did not have an incrementing IP-ID Some were incrementing but unresponsive to Ally. 93.8% inferred as aliases Of not aliases, 6 IPs are involved in 88% of pairs Suggests 6 outliers rather than a systematic erro 15 November 2018 Measured Impact of Crooked Traceroute - AIMS 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.