INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University of Nevada, Reno M.Sc.
TOPOLOGY OF THE INTERNET Network of networks linked together world wide WHY IMPORTANT? Identify vulnerabilities Identify threats Create new protocols Examine internet evolution Economics (Internet based services)
An autonomous system (AS) is a network or a collection of networks that are all managed and supervised by a single entity or organization. TOPOLOGY OF THE INTERNET AS 1 AS 2 AS 4 AS 3 Interconnection of Autonomous Systems (Internet Service Providers, Universities, Companies) Distinct regions of administrative control
Connection between ASes AS needs to know how to reach the rest of the Internet BGP (Border Gateway Protocol) provides reachability across the whole Internet exchange routing information between ASes iBGP, eBGP eBGP: Border router a direct link to another border router in another AS TOPOLOGY OF THE INTERNET AS 1 AS 2
Traceroute Sends a series of probes to successive nodes along a route to a destination Records source address and time delay of the message returned by each hop. Tools for Topology Mapping
Figure: Tony McGregor RIPE NCC Visiting Researcher The reason of sending 3 packets is to calculate the average RTT. Traceroute RTT: the delay between sending the packet and getting the response
Probing Overhead Causes DoS attacks Reduces efficiency THE PROBLEM
Intra –monitor redundancy Occurs when all traceroutes start from a single point Inter –monitor redundancy Occurs when multiple monitors visit the same point INTRA AND INTER –MONITOR REDUNDANCY
INTRA –MONITOR REDUNDANCY Monitor 1 Destination 1 Destination 2 Destination 3
INTER –MONITOR REDUNDANCY Monitor 1 Monitor 2 Monitor 3 Destination 1
Introduced by Benoit Donnet, Philippe Raoult, Timur Friedman, Mark Crovella Significantly reduces both kinds of redundancy: inter- and intra- monitor Key ideas: utilize tree-like structure of routes probe each target by starting midpoint of the path DOUBLETREE
Intra-monitor: Monitor-Rooted tree Start probing far from the monitor (vantage point) Probe forwards and backwards If an interface is encountered that has already been discovered by the vantage point: stop probing add the discovered interface to the “local stop set” DOUBLETREE
Doubletree: Monitor-Rooted Tree Intra-Monitor
Inter-monitor: Destination-Rooted tree Probe forwards and backwards If facing an interface that has already been discovered stop probing add the discovered interface to the “global stop set” Monitors (vantage points) need to share information of discovered interfaces VPs have to work in coordination DOUBLETREE
Doubletree: Destination-Rooted Tree Inter-Monitor
Must determine a paths mid point Information sharing between nodes causes another traffic Doesn’t deal well with load balancing DOUBLETREE
Reduce intra-monitor redundancy by performing partial traces to some destination IP addresses. Once having a full trace to an IP address in an AS, start traceroute queries from the hop distance h i of the ingress router If the first IP of the new trace has not appeared at the same hop distance h j in any of the earlier full traces to the AS, then completes the trace, otherwise does not complete the trace. CHELEBY Intra –monitor redundancy
CHELEBY - Intra-Monitor Redundancy AS 1 B C A D E F G H Start the trace from 4 th hop (D)
A destination IP is probed by only one monitor (Vantage Point) of a team Vantage Points in the same area are geographically close Their contribution to identify a new link/node is small Identify ingress points of ASes to dynamically establish teams for each destination AS One vantage point probing through each ingress point of an AS CHELEBY Inter –monitor redundancy
CHELEBY - Inter-Monitor Redundancy V A 1 V A 2 V B 1 V B 2 V B 3 D Area A Area B
By Guillermo Baltra, Robert Beverly, Geoffrey G. Xie A new interface-level network mapping technique Underlying IPS is the observation that a target AS is multi-homed and multi-connected INGRESS POINT SPREADING (IPS)
An AS being connected to two or more separate ISPs (more than one AS). If one outgoing link fails, outgoing traffic will automatically be routed via one of the remaining links. Has multiple ingress points AS Multi-homing
If probes enter the AS (multihomed) via different ingress points Not only reduce the probing overhead but likely to reveal more of the target network’s topological structure D1D1 D3D3 D2D2 V2V2 V1V1 V3V3 A Multi-Homed AS INGRESS POINT SPREADING (IPS)
1. Infer the number of ingress points for a target network 2. Select the VP with the highest likelihood to traverse an ingress point that has not yet been covered 3. To infer potential ingress points: Subnet Centric Probing IPS algorithm computes a per-destination network rank- ordered list of VPs based on prior rounds of probing. INGRESS POINT SPREADING (IPS)
IPS seeks to utilize all of the ingress points discovered in prior rounds of probing future probing can induce probe traffic to flow through each of these known ingresses explore more of the destination network’s topology INGRESS POINT SPREADING (IPS)
Uses one day’s worth of prior probing results to infer potential ingress points at different notional network boundaries for each target prefix Use the knowledge of how networks are subnetted to select addresses to probe within each BGP advertised prefix Adapt the number of probes to the degree of subnetting within the prefix to avoid wasted probing Subnet Centric Probing
Reducing the probing redundancy by - Generalizes DoubleTree without parametrization -Intelligently tuning (via TTL) the set of hops each trace interrogates -Start a trace with a TTL suitable to reach the destination and iteratively decrement the TTL until a previously discovered hop (i.e. at the AS ingress) is found. - Discover AS ingress points and paths to the AS via multiple vantage points AS ingress
REFERENCES
? QUESTIONS?