INTERNET TOPOLOGY MAPPING

INTERNET MAPPING PROBING OVERHEAD MINIMIZATION

Intra- and inter-monitor redundancy reduction

IBRAHIM ETHEM COSKUNUniversity of Nevada, RenoM.Sc.

TOPOLOGY OF THE INTERNET

Network of networks linked together world wide

WHY IMPORTANT?

Identify vulnerabilities

Identify threats

Create new protocols

Examine internet evolution

Economics (Internet based services)

An autonomous system (AS) is a network or a collection of networks that are all managed and supervised by a single entity or organization. 

TOPOLOGY OF THE INTERNET

AS 1AS 2

AS 4

AS 3

• Interconnection of Autonomous Systems (Internet Service Providers, Universities, Companies)

• Distinct regions of administrative control

Connection between ASes AS needs to know how to reach the rest of the Internet

BGP (Border Gateway Protocol) provides reachability across the whole Internet exchange routing information between ASes iBGP, eBGP eBGP: Border router

a direct link to another border router in another AS

TOPOLOGY OF THE INTERNET

AS 1 AS 2

Traceroute Sends a series of probes to successive nodes

along a route to a destination Records source address and time delay of the

message returned by each hop.

Tools for Topology Mapping

cb d f he ga

130.217.250.10

130.217.250.80

190.200.1.1

190.200.1.2

192.168.0.1

192.168.0.2

72.14.207.99

72.14.207.254

b

1 h

b

1 h

b

1 h

2 h

d

2 h

d

Figure: Tony McGregor

RIPE NCC Visiting Researcher

The reason of sending 3 packetsis to calculate the average RTT.

Traceroute

RTT: the delay between sending the packet and getting the response

Probing Overhead Causes DoS attacks Reduces efficiency

THE PROBLEM

Intra –monitor redundancy

Occurs when all traceroutes start from a single point

Inter –monitor redundancy

Occurs when multiple monitors visit the same point

INTRA AND INTER –MONITOR REDUNDANCY

INTRA –MONITOR REDUNDANCY

Monitor 1

Destination 1Destination 2

Destination 3

INTER –MONITOR REDUNDANCY

Monitor 1

Monitor 2

Monitor 3

Destination 1

130.217.250.56

Introduced by Benoit Donnet, Philippe Raoult, Timur Friedman,

Mark Crovella

Significantly reduces both kinds of redundancy: inter- and intra-

monitor

Key ideas:

utilize tree-like structure of routes

probe each target by starting midpoint of the path

DOUBLETREE

Intra-monitor: Monitor-Rooted tree

Start probing far from the monitor (vantage point)

Probe forwards and backwards

If an interface is encountered that has already been discovered by the

vantage point:

stop probing

add the discovered interface to the “local stop set”

DOUBLETREE

Doubletree: Monitor-Rooted Tree

Intra-Monitor

Inter-monitor: Destination-Rooted tree

Probe forwards and backwards

If facing an interface that has already been discovered

stop probing

add the discovered interface to the “global stop set”

Monitors (vantage points) need to share information of discovered interfaces

VPs have to work in coordination

DOUBLETREE

Doubletree: Destination-Rooted Tree

Inter-Monitor

Must determine a paths mid point

Information sharing between nodes causes another traffic

Doesn’t deal well with load balancing

DOUBLETREE

Reduce intra-monitor redundancy by performing partial traces to some

destination IP addresses.

Once having a full trace to an IP address in an AS,

start traceroute queries from the hop distance hi of the ingress router

If the first IP of the new trace has not appeared at the same hop distance

hj in any of the earlier full traces to the AS,

then completes the trace, otherwise does not complete the trace.

CHELEBY

Intra –monitor redundancy

CHELEBY - Intra-Monitor Redundancy

AS 1

B CAD

EF

G

H

Start the trace from 4th hop (D)

A destination IP is probed by only one monitor (Vantage Point) of a

team

Vantage Points in the same area are geographically close

Their contribution to identify a new link/node is small

Identify ingress points of ASes to dynamically establish teams for each

destination AS

One vantage point probing through each ingress point of an AS

CHELEBY

Inter –monitor redundancy

CHELEBY - Inter-Monitor Redundancy

VA 1

VA 2

VB 1

VB 2

VB 3

D

Area A

Area B

By Guillermo Baltra, Robert Beverly, Geoffrey G. Xie

A new interface-level network mapping technique

Underlying IPS

is the observation that a target AS is multi-homed and multi-connected

INGRESS POINT SPREADING (IPS)

An AS being connected to two or more separate ISPs (more than one AS).

If one outgoing link fails, outgoing traffic will automatically be routed via one of the remaining links.

Has multiple ingress points

AS Multi-homing

If probes enter the AS (multihomed) via different ingress points

Not only reduce the probing overhead but likely to reveal more of the target network’s topological structure

D1

D3

D2

V2

V1

V3

A Multi-Homed AS

INGRESS POINT SPREADING (IPS)

1. Infer the number of ingress points for a target network

2. Select the VP with the highest likelihood to traverse an

ingress point that has not yet been covered

3. To infer potential ingress points:

Subnet Centric Probing

IPS algorithm computes a per-destination network rank-

ordered list of VPs based on prior rounds of probing.

INGRESS POINT SPREADING (IPS)

IPS seeks to utilize all of the ingress points discovered in

prior rounds of probing

future probing can induce probe traffic to flow through each of these

known ingresses

explore more of the destination network’s topology

INGRESS POINT SPREADING (IPS)

Uses one day’s worth of prior probing results to infer potential ingress points at

different notional network boundaries for each target prefix

Use the knowledge of how networks are subnetted to select addresses to

probe within each BGP advertised prefix

Adapt the number of probes to the degree of subnetting within the prefix to

avoid wasted probing

Subnet Centric Probing

Reducing the probing redundancy by

- Generalizes DoubleTree without parametrization

- Intelligently tuning (via TTL) the set of hops each trace interrogates

- Start a trace with a TTL suitable to reach the destination and iteratively decrement

the TTL until a previously discovered hop (i.e. at the AS ingress) is found.

- Discover AS ingress points and paths to the AS via multiple vantage points

AS ingress

http://www-sop.inria.fr/coati/events/rescom2014/slides/teixeira.pdf http://www.cmand.org/direct/20140314-dhs.pdf

REFERENCES

?QUESTIONS?