Measuring the Measurers: How is Atlas Used? Cristel Pelsser <pelsser@unistra.fr> Emile Aben <emile.aben@ripe.net> Laurent Vanbever <lvanbever@ethz.ch> Randy Bush <randy@psg.com> Romain Fontugne <romain@iij.ad.jp> Thomas Holterbach <thomahol@ethz.ch> 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike Agenda What Tools are Popular? What Measurements are Made? The Major User Classes Built-Ins (DNS Roots, Anchors) – One ’Measurement’ System users (DNSmon etc.) Privileged Users (Long Running RIPE Experiments) Normal Users (Operators & Researchers) Ops and Researchers No Personal Data were Used or Published 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike What Tools are Popular? 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike How Many Users Used Each Tool? 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike Remember, Built-ins are Counted as One User 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike How Many Pings and Traceroutes? 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike Built-ins Dominate 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike System Users Dominate 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike Can We Tell Ops from Researchers? 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike Shooters & Sprayers shooters, who predominantly source measurements from, or perform measurements to, a single AS (ops?) sprayers, where the sources and destinations of measurements are more diverse (researchers?) 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike shooters sprayers 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike We Also Looked at Probe Diversity, Geographic and Topological 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike We Also Looked at Measurement Diversity, Geographic and Topological 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

so not yet distributable) https://archive.psg.com/ And it is All in Our Lovely Paper (in submission to IMC so not yet distributable) https://archive.psg.com/ imc-atlas-meta.pdf 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

What Can We Do Using Only the Built-In & Anchor Traceroutes?

Challenge: Traffic is asymetric The differential RTT ≠ delay of link B-C but … 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

Delays along non-common paths are independent this delay is independent of this delay 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

The central theorem tells us that with enough samples we have a normal distribution Figure from wikipedia: By Chen-Pan Liao - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=36773774 We only keep links that are observed from a significant number of ASs 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

Detection of RTT changes Example: DDoS attacks against DNS root servers Reference Interval 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

We Have a Similar Technique to Detect Forwarding Changes & Drops 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike

Telekom Malaysia BGP route leak 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

But Why Did We Look at That? Per-AS Alarm! For Delay 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike And Forwarding Too! Per-AS Alarm! For Forwarding 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike Congestion: Red nodes depict IP addresses detected by forwarding anomalies Malaysia 10,200km this way 2016.05.22 Atlas Hackathon Creative Commons: Attribution & Share Alike

Creative Commons: Attribution & Share Alike See! Research Can Be Operationally Useful! 2016.05.24 Atlas Meta Creative Commons: Attribution & Share Alike