internet topology mapping internet mapping probing overhead minimization intra- and inter-monitor...
TRANSCRIPT
![Page 1: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/1.jpg)
INTERNET TOPOLOGY MAPPING
INTERNET MAPPING PROBING OVERHEAD MINIMIZATION
Intra- and inter-monitor redundancy reduction
IBRAHIM ETHEM COSKUNUniversity of Nevada, RenoM.Sc.
![Page 2: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/2.jpg)
TOPOLOGY OF THE INTERNET
Network of networks linked together world wide
WHY IMPORTANT?
Identify vulnerabilities
Identify threats
Create new protocols
Examine internet evolution
Economics (Internet based services)
![Page 3: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/3.jpg)
An autonomous system (AS) is a network or a collection of networks that are all managed and supervised by a single entity or organization.
TOPOLOGY OF THE INTERNET
AS 1AS 2
AS 4
AS 3
• Interconnection of Autonomous Systems (Internet Service Providers, Universities, Companies)
• Distinct regions of administrative control
![Page 4: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/4.jpg)
Connection between ASes AS needs to know how to reach the rest of the Internet
BGP (Border Gateway Protocol) provides reachability across the whole Internet exchange routing information between ASes iBGP, eBGP eBGP: Border router
a direct link to another border router in another AS
TOPOLOGY OF THE INTERNET
AS 1 AS 2
![Page 5: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/5.jpg)
Traceroute Sends a series of probes to successive nodes
along a route to a destination Records source address and time delay of the
message returned by each hop.
Tools for Topology Mapping
![Page 6: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/6.jpg)
cb d f he ga
130.217.250.10
130.217.250.80
190.200.1.1
190.200.1.2
192.168.0.1
192.168.0.2
72.14.207.99
72.14.207.254
b
1 h
b
1 h
b
1 h
2 h
d
2 h
d
Figure: Tony McGregor
RIPE NCC Visiting Researcher
The reason of sending 3 packetsis to calculate the average RTT.
Traceroute
RTT: the delay between sending the packet and getting the response
![Page 7: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/7.jpg)
Probing Overhead Causes DoS attacks Reduces efficiency
THE PROBLEM
![Page 8: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/8.jpg)
Intra –monitor redundancy
Occurs when all traceroutes start from a single point
Inter –monitor redundancy
Occurs when multiple monitors visit the same point
INTRA AND INTER –MONITOR REDUNDANCY
![Page 9: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/9.jpg)
INTRA –MONITOR REDUNDANCY
Monitor 1
Destination 1Destination 2
Destination 3
![Page 10: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/10.jpg)
INTER –MONITOR REDUNDANCY
Monitor 1
Monitor 2
Monitor 3
Destination 1
![Page 11: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/11.jpg)
130.217.250.56
Introduced by Benoit Donnet, Philippe Raoult, Timur Friedman,
Mark Crovella
Significantly reduces both kinds of redundancy: inter- and intra-
monitor
Key ideas:
utilize tree-like structure of routes
probe each target by starting midpoint of the path
DOUBLETREE
![Page 12: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/12.jpg)
Intra-monitor: Monitor-Rooted tree
Start probing far from the monitor (vantage point)
Probe forwards and backwards
If an interface is encountered that has already been discovered by the
vantage point:
stop probing
add the discovered interface to the “local stop set”
DOUBLETREE
![Page 13: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/13.jpg)
Doubletree: Monitor-Rooted Tree
Intra-Monitor
![Page 14: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/14.jpg)
Inter-monitor: Destination-Rooted tree
Probe forwards and backwards
If facing an interface that has already been discovered
stop probing
add the discovered interface to the “global stop set”
Monitors (vantage points) need to share information of discovered interfaces
VPs have to work in coordination
DOUBLETREE
![Page 15: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/15.jpg)
Doubletree: Destination-Rooted Tree
Inter-Monitor
![Page 16: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/16.jpg)
Must determine a paths mid point
Information sharing between nodes causes another traffic
Doesn’t deal well with load balancing
DOUBLETREE
![Page 17: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/17.jpg)
Reduce intra-monitor redundancy by performing partial traces to some
destination IP addresses.
Once having a full trace to an IP address in an AS,
start traceroute queries from the hop distance hi of the ingress router
If the first IP of the new trace has not appeared at the same hop distance
hj in any of the earlier full traces to the AS,
then completes the trace, otherwise does not complete the trace.
CHELEBY
Intra –monitor redundancy
![Page 18: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/18.jpg)
CHELEBY - Intra-Monitor Redundancy
AS 1
B CAD
EF
G
H
Start the trace from 4th hop (D)
![Page 19: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/19.jpg)
A destination IP is probed by only one monitor (Vantage Point) of a
team
Vantage Points in the same area are geographically close
Their contribution to identify a new link/node is small
Identify ingress points of ASes to dynamically establish teams for each
destination AS
One vantage point probing through each ingress point of an AS
CHELEBY
Inter –monitor redundancy
![Page 20: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/20.jpg)
CHELEBY - Inter-Monitor Redundancy
VA 1
VA 2
VB 1
VB 2
VB 3
D
Area A
Area B
![Page 21: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/21.jpg)
By Guillermo Baltra, Robert Beverly, Geoffrey G. Xie
A new interface-level network mapping technique
Underlying IPS
is the observation that a target AS is multi-homed and multi-connected
INGRESS POINT SPREADING (IPS)
![Page 22: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/22.jpg)
An AS being connected to two or more separate ISPs (more than one AS).
If one outgoing link fails, outgoing traffic will automatically be routed via one of the remaining links.
Has multiple ingress points
AS Multi-homing
![Page 23: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/23.jpg)
If probes enter the AS (multihomed) via different ingress points
Not only reduce the probing overhead but likely to reveal more of the target network’s topological structure
D1
D3
D2
V2
V1
V3
A Multi-Homed AS
INGRESS POINT SPREADING (IPS)
![Page 24: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/24.jpg)
1. Infer the number of ingress points for a target network
2. Select the VP with the highest likelihood to traverse an
ingress point that has not yet been covered
3. To infer potential ingress points:
Subnet Centric Probing
IPS algorithm computes a per-destination network rank-
ordered list of VPs based on prior rounds of probing.
INGRESS POINT SPREADING (IPS)
![Page 25: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/25.jpg)
IPS seeks to utilize all of the ingress points discovered in
prior rounds of probing
future probing can induce probe traffic to flow through each of these
known ingresses
explore more of the destination network’s topology
INGRESS POINT SPREADING (IPS)
![Page 26: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/26.jpg)
Uses one day’s worth of prior probing results to infer potential ingress points at
different notional network boundaries for each target prefix
Use the knowledge of how networks are subnetted to select addresses to
probe within each BGP advertised prefix
Adapt the number of probes to the degree of subnetting within the prefix to
avoid wasted probing
Subnet Centric Probing
![Page 27: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/27.jpg)
Reducing the probing redundancy by
- Generalizes DoubleTree without parametrization
- Intelligently tuning (via TTL) the set of hops each trace interrogates
- Start a trace with a TTL suitable to reach the destination and iteratively decrement
the TTL until a previously discovered hop (i.e. at the AS ingress) is found.
- Discover AS ingress points and paths to the AS via multiple vantage points
AS ingress
![Page 28: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/28.jpg)
http://www-sop.inria.fr/coati/events/rescom2014/slides/teixeira.pdf http://www.cmand.org/direct/20140314-dhs.pdf
REFERENCES
![Page 29: INTERNET TOPOLOGY MAPPING INTERNET MAPPING PROBING OVERHEAD MINIMIZATION Intra- and inter-monitor redundancy reduction IBRAHIM ETHEM COSKUN University](https://reader030.vdocuments.us/reader030/viewer/2022032705/56649dcf5503460f94ac4238/html5/thumbnails/29.jpg)
?QUESTIONS?