Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards an Accurate AS-level Traceroute Tool Z. Morley Mao*, Jennifer Rexford , Jia Wang , Randy Katz* *University of California at Berkeley  AT&T Labs--Research.

Published byBenedict Morgan Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards an Accurate AS-level Traceroute Tool Z. Morley Mao*, Jennifer Rexford , Jia Wang , Randy Katz* *University of California at Berkeley  AT&T Labs--Research."— Presentation transcript:

1 Towards an Accurate AS-level Traceroute Tool Z. Morley Mao*, Jennifer Rexford , Jia Wang , Randy Katz* *University of California at Berkeley  AT&T Labs--Research ACM SIGCOMM 2003 Karlsruhe Germany

2 Motivation  What is the forwarding path?  The path packets traverse through the Internet.  Why important?  Characterize end-to-end network paths  Detect routing anomalies  Discover Internet topology IP traffic Internet

3 Traceroute gives IP-level forwarding path 1 169.229.62.1 2 169.229.59.225 3 128.32.255.169 4 128.32.0.249 5 128.32.0.66 6 209.247.159.109 7 * 8 64.159.1.46 9 209.247.9.170 10 66.185.138.33 11 * 12 66.185.136.17 13 64.236.16.52 Traceroute output: (hop number, IP address, DNS name) Traceroute from Berkeley to www.cnn.com (64.236.16.52) inr-daedalus-0.CS.Berkeley.EDU soda-cr-1-1-soda-br-6-2 vlan242.inr-202-doecev.Berkeley.EDU gigE6-0-0.inr-666-doecev.Berkeley.EDU qsv-juniper--ucb-gw.calren2.net POS1-0.hsipaccess1.SanJose1.Level3.net ? pos8-0.hsa2.Atlanta2.Level3.net pop2-atm-P0-2.atdn.net ? pop1-atl-P4-0.atdn.net www4.cnn.com

4 AS A AS B AS C AS D Autonomous System (AS) Why is AS-level path useful? Example use: Locating routing loops to find responsible networks: Need AS-level forwarding path! IP traffic Internet Host X Host Y

5 BGP path is not the answer.  Requires timely access to BGP data  Signaling path may differ from forwarding path:  Routing anomalies: e.g., deflections, loops [Griffin2002]  Route aggregation and filtering  BGP misconfigurations: e.g., incorrect AS prepending AS A AS B AS C prefix d Forwarding path: data traffic Signaling path: control traffic d: path=[C] d: path=[BC] Interdomain Routing using Border Gateway Protocol (BGP) A’s local BGP table: PrefixBGP Path d[A B C] ……

6 Our approach to obtain AS-level path 1.Start with traceroute IP paths 2.Translate IPs to ASes 1 169.229.62.1 2 169.229.59.225 3 128.32.255.169 4 128.32.0.249 5 128.32.0.66 6 209.247.159.109 7 * 8 64.159.1.46 9 209.247.9.170 10 66.185.138.33 11 * 12 66.185.136.17 13 64.236.16.52 Traceroute output: (hop number, IP) AS25 AS11423 AS3356 AS1668 AS5662 Berkeley CNN Calren Level3 GNN Need accurate IP-to-AS mappings (for network equipment).

7 Strawman approaches to get IP-to-AS mappings  Routing address registry, e.g., whois.radb.net  Incomplete and out-of-date  Due to acquisitions, mergers, break-ups of institutions  Used by NANOG traceroute, prtraceroute  Origin AS in BGP paths, e.g., RouteViews  Multiple origin AS (MOAS)  Misconfiguration, multi-homing, Internet eXchange Points  Equipment addresses not advertised globally  Addresses announced by someone else  Supernet: shared, provider-announced

8 Assumptions  BGP data:  BGP paths and forwarding paths mostly match.  Equipment IP-to-AS mappings:  Mappings from BGP tables are mostly correct.  Change slowly.  Based on observations, analysis, and survey  E.g., 70% of BGP paths and traceroute paths match Solution: combine BGP and traceroute data to find a better answer!

9 Our approach to obtain IP-to-AS mappings Initial mappings from origin AS of a large set of BGP tables Traceroute paths from multiple locations Compare Look for known causes of mismatches (e.g., IXP, sibling ASes) Edit IP-to-AS mappings (a single change explaining a large number of mismatches) For each location: Combine all locations: Local BGP pathsTraceroute AS paths For each location: (Ignoring unstable paths)

10 Experiment methodology V2 V4 V1 V3 V5 V6 V7 V8 200,000 destinations: d 0, d 1, d 2, d 3, d 4, … d 200,000... For each d i at each V i: -Traceroute path -BGP path Combine data from multiple vantage points to modify IP-to-AS mappings.

11 Why BGP and traceroute paths differ?  “Inaccurate” mappings: (corrected)  Internet exchange points  “Sibling” ASes owned by the same institution  Unannounced infrastructure addresses  Traceroute problems:  Forwarding path changing during traceroute  Interface numbering at AS boundaries  ICMP response refers to outgoing interface  Legitimate mismatches: (interesting to study)  Route aggregation and filtering  Routing anomalies, e.g., deflections

12 Extra AS due to IXPs  Internet eXchange Points (IXP) identification  E.g., Mae-East, Mae-West, PAIX  Large number of fan-in and fan-out ASes  Non transit AS, small address block, likely MOAS A B C D E F G Traceroute AS pathBGP AS path Physical topology and BGP session graph do not always match! B C F G AE

13 Extra AS due to sibling ASes  Sibling: organizations with multiple ASes:  Sprint (AS1239, AS1791)  Mergers, acquisitions  Identification: Large fan-in and fan-out for the “sibling AS pair” Traceroute AS pathBGP AS path A B C D E F G H A B C D E F G

14 Measurement set up OrganizationLocationUpstream provider AT&T ResearchNJ, USUUNET, AT&T UC BerkeleyCA, USQwest, Level3, Internet 2 PSG home networkWA, USSprint, Verio Univ of WashingtonWA, USVerio, Cable&Wireless ArosNetUT, USUUNET NortelON, CanadaAT&T Canada Vineyard.NETMA, USUUNET, Sprint, Level3 Peak Web HostingCA, USLevel 3, Global Crossing, Teleglobe  Eight vantage points  Upstream providers: US-centric tier-1 ISPs  Sweep all routable IP address space  About 200,000 IP addresses, 160,000 prefixes, 15,000 destination ASes Many thanks to people who let us collect data!

15 Preprocessing BGP paths  Discard prefixes with BGP paths containing  Routing changes based on BGP updates  Private AS numbers  Empty AS paths (local destinations)  AS loops from misconfiguration  AS SET instead of AS sequence  Less than 1% prefixes affected

16 Preprocessing traceroute paths  Resolving incomplete traceroute paths  Unresolved hops within a single AS map to that AS  Unmapped hops between ASes  Try match to neighboring AS using DNS, Whois  Trim unresponsive (*) hops at the end  Compare with the beginning of local BGP paths  MOAS at the end of paths  Assume multi-homing without BGP  Validation using AT&T router configurations  More than 98% cases validated

17 Vantage point: UC Berkeley  Overall modification to mappings:  10% IP-to-AS mappings modified  25 IXPs identified  28 pairs of sibling ASes found  1150 of the /24 prefixes shared WhoisCombined BGP tables Resolving incompletes IXPSibling ASes Unannounced address space Match44.7%73.2%78.0%84.4%85.9%90.6% Mismatch29.4%8.3%9.0%8.7%7.8%3.5% Ratio1.58.89.09.711.026.0 Initial MappingsHeuristics

18 Validations – IXP heuristic  25 inferences: 19 confirmed  Whois/DNS data confirm 18 of 25 inferences  AS5459 -- “London Internet Exchange”  198.32.176.0/24: part of “Exchange Point Blocks” DNS name: sfba-unicast1-net.eng.paix.net  Known list from pch.net confirm 16 of 25  Missing 13 known IXPs due to  Limited number of measurement locations  Mostly tier-1 US-centric providers

19 Validations – Sibling heuristic  28 inferences: all confirmed  Whois for organization names (15 cases)  E.g., AS1299 and AS8233 are TeliaNet  MOAS origin ASes for several address blocks (13 cases)  E.g., 148.231.0.0/16 has MOAS: AS5677 and AS7132 (Pacific Bell Internet Services and SBC Internet Services)

20 Conclusion  Proposed techniques to improve infrastructure IP to AS mappings  Match/mismatch ratio improvement: 8-12 to 25-35  Reduction of incomplete paths: 18-22% to 6-7%  Dependence on operational realities:  Most BGP routes are relatively stable  Few private ASes, AS_SETs  Public, routable infrastructure addresses  Routers respond with ICMP replies

21 Ongoing work  Tool construction and usage:  IP-to-AS mapping is available at http://www.research.att.com/~jiawang/as_traceroute  Combining with router-level graphs  Automatically downloading the most up-to-date mappings  Systematic optimization:  Dynamic-programming and iterative improvement  95% match ratio, less than 3% changes  Write up available at Astrace Web page  Continuous and scalable data collection  Efficient and robust probing techniques  Need more diverse vantage points (PlanetLab?)

22 Towards an Accurate AS-level Traceroute Tool Z. Morley Mao*, Jennifer Rexford , Jia Wang , Randy Katz* *University of California at Berkeley  AT&T Labs--Research Tool information available at: http://www.research.att.com/~jiawang/as_traceroute

Download ppt "Towards an Accurate AS-level Traceroute Tool Z. Morley Mao*, Jennifer Rexford , Jia Wang , Randy Katz* *University of California at Berkeley  AT&T Labs--Research."

Similar presentations

Routing Basics.

Routing Basics.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Measuring the Internet: Featuring Traceroute Based on slides by Yihua He (PhD UCR 2007) Yihua He (PhD UCR 2007)

Measuring the Internet: Featuring Traceroute Based on slides by Yihua He (PhD UCR 2007) Yihua He (PhD UCR 2007)
Network Diagnostic and Discovery with Traceroute Prepared and presented by PhD candidate,Yihua He.

Network Diagnostic and Discovery with Traceroute Prepared and presented by PhD candidate,Yihua He.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.

1 A survey of Internet Topology Discovery. 2 Outline Motivations Internet topology IP Interface Level Router Level AS Level PoP Level.
1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.
Interdomain Routing Security COS 461: Computer Networks Michael Schapira.

Interdomain Routing Security COS 461: Computer Networks Michael Schapira.
1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background – Detection of Invalid Routing Announcement in the Internet –Open Discussions Thursday.

1 BGP Security -- Zhen Wu. 2 Schedule Tuesday –BGP Background –" Detection of Invalid Routing Announcement in the Internet" –Open Discussions Thursday.
1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ

1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ
Analysis of BGP Routing Tables

Analysis of BGP Routing Tables
Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ

Traffic Engineering in IP Networks Jennifer Rexford Computer Science Department Princeton University; Princeton, NJ
MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.

Accurate Real-Time Identification of IP Prefix Hijacking Z. Morley Mao Xin Hu 2007 IEEE Symposium on and Privacy Oakland, California 2007 IEEE Symposium.
Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)

Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)
Measuring the Autonomous System Path Through the Internet Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Measuring the Autonomous System Path Through the Internet Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Characterizing the Internet Hierarchy from Multiple Vantage Points Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park,

Characterizing the Internet Hierarchy from Multiple Vantage Points Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park,
Routing problems are easy to cause, and hard to diagnose (“Happy operators make happy packets”) Jennifer Rexford AT&T Labs—Research

Routing problems are easy to cause, and hard to diagnose (“Happy operators make happy packets”) Jennifer Rexford AT&T Labs—Research

Similar presentations

Ads by Google