chelebi : subnet-level internet mapper
DESCRIPTION
Chelebi : Subnet-level Internet Mapper. Mehmet H. Gunes University of Nevada, Reno. Goal. Build an efficient system that produces a map of the Internet such that Alias IP addresses that belong to the same router, Star (*) occurrences that stand for the same router, - PowerPoint PPT PresentationTRANSCRIPT
Chelebi:Subnet-level Internet Mapper
Mehmet H. GunesUniversity of Nevada, Reno
Goal
Build an efficient system that produces a map of the Internet such that
– Alias IP addresses that belong to the same router,
– Star (*) occurrences that stand for the same router,
– IPs that belong to the same subnet are identified.
Subnet-level Internet mapping 2
Outline• Goal
– Subnet-level Internet Mapping• Issues
– Anonymous Routers Resolution• Structural Graph Indexing
– Subnet Inference• Distance Preservation
– Alias IP Addresses Resolution• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 3
Anonymous Routers• Anonymous routers do not respond to traceroute
probes and appear as in traceroute output– Same router may appear as in multiple traces.
Subnet-level Internet mapping : Anonymous Routers 4
y: S – L – H – x
x: H – L – S – y
y: S – – H – x
x: H – – S – y
S
L
H
y
x
S
L
H
y
x
y
S
1 2
H
x
Current daily raw topology data sets include• ~ 20 million path traces with• ~ 20 million occurrences of s along with• ~ 500K public IP addresses
The raw topology data is far from representing the underlying sampled network topology
Anonymous Router Resolution
Subnet-level Internet mapping : Anonymous Routers 5
U K C N
L H A W
S
d
e
f
Sampled network
d
e
fS U
L
C
AW
Resulting network
Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e
Previous Approaches• Basic heuristics
– IP: Combine anonymous nodes between same known nodes [Bilir 05]• Limited resolution
– NM: Combine all anonymous neighbors of a known node [Jin 06]• High false positives
Subnet-level Internet mapping : Anonymous Routers 6
U K C N
L H A W
S
xy
z
Sampled network
x
y
zS U
L
C
A W
After resolutionx
y
zS U
L
C
A
After resolution
WH
x
y
zS U
L
C
A
W
Resulting network
7
Previous Approaches• More theoretic approaches
– Graph minimization [Yao 03]• Combine s as long as they do not violate two accuracy conditions:• (1) Trace preservation condition and (2) distance preservation condition• High complexity O(n5) – n is number of s
– ISOMAP based dimensionality reduction [Jin 06]• Build an nxn distance matrix then use ISOMAP to reduce it to a nx5 matrix
Distance: (1) hop count or (2) link delay• High complexity O(n3) – n is number of nodes
– Semisupervised Spectral Clustering [Shavitt 08]• A node will not be chosen to be an unknown root if it shares two or more neighbors
with an unknown root. • Nodes that share two or more neighbors are usually very close to each other, and it
is difficult to distinguish between them even manually. • After splitting them into unknowns, these nodes will have at least one common
unknown node. – This makes the task of cleanly separating the unknowns impossible
Subnet-level Internet mapping : Anonymous Routers
Structural Graph Indexing (SGI)• Structural Graph Indexing
– A graph data mining technique• Index all pre-defined substructures in a graph data
• Use of SGI for anonymous router resolution– Apply SGI to collected path traces– Merge anonymous routers using identified
structures• Trace Preservation Condition
– Don’t merge anonymous routers within the same trace• Subnet distance as tie-breaker
Subnet-level Internet mapping : Anonymous Routers 8
9
Common Structures due to ARs
Ax C y2Ax C y2
Parallel -substring
y1
y3
y1
y3
DA wx
C y
E z
DA wx
C y
E z
Star
A
C
x
y
D w
F v
E z
A
C
x
y
D w
F v
E z
Complete Bipartite
A
C
x
y
D w
E z
A
C
x
y
D w
E z
Clique
Subnet-level Internet mapping : Anonymous Routers
Graph Indexing based Resolution
Indexing Phase
parallel
star
bipartite
clique Subnet-level Internet mapping : Anonymous Routers 10
Resolution Phase
parallel
clique
bipartite
star
Outline• Goal
– Subnet-level Internet Mapping• Issues
– Anonymous Routers Resolution• Structural Graph Indexing
– Subnet Inference• Distance Preservation
– Alias IP Addresses Resolution• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 11
Subnet Inference
Subnet-level Internet mapping : Subnet Inference 12
IP2 IP3
IP1
IP2 IP3
IP1
(observed topology) (inferred topology) (underlying topology)
C D
A B
C D
A B
Subnet resolution• Identify IP addresses that are connected over the same medium
Improve the quality of resulting topology map
C D
A B
C D
A B
Subnet Inference Approach
Subnet-level Internet mapping : Subnet Inference 13
129.110.1.1
129.110.1.2
129.110.2.0
129.110.2.1
129.110.4.1
129.110.4.83
129.110.4.217
129.110.12.1
129.110.12.2
129.110.12.6
129.110.17.1
129.110.17.135
129.110.219.1
V.P.
/30
/31
/24
/24
/24/28
/29
129.110.4.0/24
129.110.6.0/28129.110.17.0/24
129.110.12.0/29
129.110.219.0/24
129.110.1.0/30
129.110.2.0/31
2
3
3
4
2
1
2
4
5
5
4
5
3
129.110.2.0/30
129.110.4.0/24
129.110.12.0/29
129.110.17.0/24
129.110.0.0/16129.110.1.0/31
Subnet Inference Approach Inferring Subnets
• Cluster IP addresses into maximal subnets up to a given size (e.g. /22)• Distance analysis on candidate subnets to break them down as necessary
IP1IP2IP3IP4IP5IP6IP7IP8IP9
• Completeness: Ignore candidate subnets that have less than one quarter of their IP addresses present • after additional probing
/25
/29
/26
/30
/31
/27A /27 subnet can have up to 25 IP addresses./22
Subnet-level Internet mapping : Subnet Inference 14
Inference with Distance Matrix• Obtain distance of each IP from 8 vantage points (VP)
• Only one IP at a subnet might be at a distance ‘hop-1’ per VP
• IPs after per-destination and per-packet load-balancers– Get minimum hop (seen at any ICMP Paris Traceroute) of an IP per VP– IP hops after a LB has lower trust
• Two rounds of computations• Compensate for diamond asymmetry if per-destination LB
Subnet-level Internet mapping : Subnet Inference 15
VP: 1 2 3 4 5 … 672IP1 0 5 4 0 0 … 7IP2 0 0 3 5 0 … 7IP3 2 5 0 4 0 … 6…
Outline• Goal
– Subnet-level Internet Mapping• Issues
– Anonymous Routers Resolution• Structural Graph Indexing
– Subnet Inference• Distance Preservation
– Alias IP Addresses Resolution• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 16
IP Alias Resolution
17
S
L
UC
N
W
A
s.2
l.1
s.3
u.1
l.3
u.3
h.1
k.3
h.2
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3
w.1c.2
n.1n.3
w.2
l.2
K
c.1
k.2
h.3
dh.4
s.1e f
n.2
H
Traces d - h.4 - l.3 - s.2 - e d - h.4 - a.3 - w.3 - n.3 - f e - s.1 - l.1 - h.1 - d e - s.1 - u.1 - k.1 - c.1 - n.1 - f f - n.2 - c.2 - k.2 - h.2 - d f - n.2 - c.2 - k.2 - u.2 - s.3 - e
Subnet-level Internet mapping : IP Aliases
IP Alias Resolution
18
U K C N
L H A W
S
d
e
fSampled network
Sample map without alias resolution
s.3
s.1
s.2
l.3
l.1
u.1
u.2
k.1 c.1 n.1
n.2k.2 c.2
w.3a.3
h.2
h.4
h.1
e
d
f
n.3
Traces d - h.4 - l.3 - s.2 - e d - h.4 - a.3 - w.3 - n.3 - f e - s.1 - l.1 - h.1 - d e - s.1 - u.1 - k.1 - c.1 - n.1 - f f - n.2 - c.2 - k.2 - h.2 - d f - n.2 - c.2 - k.2 - u.2 - s.3 - eSubnet-level Internet mapping : IP Aliases
19
Previous Approaches
Dest = A
B
Dest = A
Dest = B
A, ID=100
Dest = BB, ID=99B, ID=103
AB
AB
• Source IP Address Based Method [Pansiot 98]– Relies on a particular implementation of ICMP error generation.
• IP Identification Based Method (ally) [Spring 03]– Relies on a particular implementation of IP identifier field,– Many routers ignore direct probes.
• DNS Based Method [Spring 04]– Relies on similarities in the host name structures
sl-bb21-lon-14-0.sprintlink.net sl-bb21-lon-8-0.sprintlink.net
– Works when a systematic naming is used.
• Record Route Based Method [Sherwood 06]– Depends on router support to IP route record processing
Subnet-level Internet mapping : IP Aliases
Analytical Alias Resolution
20
MIT
UTD
18.7.21.1
18.168.0.27
129.110.95.1129.110.5.1
206.223.141.73
192.5.89.89
206.223.141.70
192.5.89.10
198.32.8.34
198.32.8.85198.32.8.66198.32.8.65
198.32.8.84
198.32.8.33
192.5.89.9
206.223.141.69
192.5.89.90
206.223.141.74
18.168.0.25
no response
18.7.21.84
no response
Aliases 129.110.5.1 - 206.223.141.74206.223.141.73 - 206.223.141.69 206.223.141.70 - 198.32.8.33
…
Subnet-level Internet mapping : IP Aliases
Analytical & Probe-based Alias Resolution
• There is possibility of– incorrect subnet assumption,
• Two /30 subnets assumed as a /29,– incorrect alignment of path traces.
• IP4 and IP8 are thought of as aliases.
• To prevent false positives, some conditions are defined– Trace preservation,– Distance preservation (probing component of APAR),– Completeness,– Common neighbor.
21
a sample network
ac d
b
e f
IP1
IP2
IP9
IP3
IP4
IP8
IP7
Subnet-level Internet mapping : IP Aliases
Outline• Goal
– Subnet-level Internet Mapping• Issues
– Anonymous Routers Resolution• Structural Graph Indexing
– Subnet Inference• Distance Preservation
– Alias IP Addresses Resolution• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 22
Chelebi Mapping System
Subnet-level Internet mapping : Chelebi Mapping System 23
Chelebi Server
Route Views
AS IP query
IP range
DNS server
DNS queryDNS names
PlanetLab Node
Paris ICMP trace
Path Traces
Region 1 Region 2 Region 3 Region 8
PlanetLab Node
Paris ICMP tracePath Traces
…
PlanetLab Node
PlanetLab Node
Outer Space 3D Visualization– Multiple zoom levels
• Autonomous System-level• Router-level• Subnet-level
Subnet-level Internet mapping : Chelebi Mapping System 25
idea
Questions
Subnet-level Internet mapping 26