Primitives for Active Internet Topology Mapping: Toward ... Topology, Network Topology, Adaptive Probing

Embed Size (px)

Text of Primitives for Active Internet Topology Mapping: Toward ... Topology, Network Topology, Adaptive...

  • Primitives for Active Internet Topology Mapping: TowardHigh-Frequency Characterization

    Robert BeverlyNaval Postgraduate School

    rbeverly@nps.edu

    Arthur BergerMIT CSAIL / Akamai

    awberger@csail.mit.edu

    Geoffrey G. XieNaval Postgraduate School

    xie@nps.edu

    ABSTRACTCurrent large-scale topology mapping systems require multi-ple days to characterize the Internet due to the large amountof probing traffic they incur. The accuracy of maps fromexisting systems is unknown, yet empirical evidence sug-gests that additional fine-grained probing exposes hiddenlinks and temporal dynamics. Through longitudinal anal-ysis of data from the Archipelago and iPlane systems, inconjunction with our own active probing, we examine howto shorten Internet topology mapping cycle time. In par-ticular, this work develops discriminatory primitives thatmaximize topological fidelity while being efficient.

    We propose and evaluate adaptive probing techniques thatleverage external knowledge (e.g., common subnetting struc-tures) and data from prior cycle(s) to guide the selection ofprobed destinations and the assignment of destinations tovantage points. Our Interface Set Cover (ISC) algorithmgeneralizes previous dynamic probing work. Crucially, ISCruns across probing cycles to minimize probing while de-tecting load balancing and reacting to topological changes.To maximize the information gain of each trace, our SubnetCentric Probing technique selects destinations more likelyto expose their networks internal structure. Finally, theVantage Point Spreading algorithm uses network knowledgeto increase path diversity to destination ingress points.

    Categories and Subject DescriptorsC.2.3 [Computer Communication Networks]: NetworkOperationsnetwork monitoring ; C.2.1 [Computer Com-munication Networks]: Network Architecture and Design

    General TermsMeasurement, Experimentation

    KeywordsInternet Topology, Network Topology, Adaptive Probing

    Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.IMC10, November 13, 2010, Melbourne, Australia.Copyright 2010 ACM 978-1-4503-0057-5/10/11 ...$10.00.

    1. INTRODUCTIONThe scale of the Internet makes obtaining representative

    metrics and characteristics challenging. Compounding thischallenge, the Internet is poorly instrumented, lacks mea-surement and management mechanisms [5], and providershide information. Researchers therefore must frequently makeinferences over limited available data, and may form falseconclusions [15].

    Understanding the complex structure of the Internet is vi-tal for network research including routing, protocol valida-tion, developing new architectures, etc. More importantly,building robust networks, and protecting critical infrastruc-ture, depends on accurate topology mapping.

    While dedicated platforms exist to perform topology mea-surements, e.g. [11, 19], these must balance induced mea-surement load against model fidelity. Unfortunately, in prac-tice, such balancing results in multiple days worth of mea-surement to capture even an incomplete portion of the Inter-net. Employing more vantage points is an effective techniqueto improve topological recall [23], but does not reduce totalload or cycle time.

    This work proposes primitives toward the eventual goalof performing high-frequency active Internet topology mea-surement. Measurement load hinders the ability to capturesmall-scale dynamics and transient effects that occur at fre-quencies higher than the measurement period; effectivelycreating Nyquist aliasing loss. For example, recent work[20] shows fewer than 50% of Internet paths remain station-ary across consecutive days. Our own analysis of set covertechniques [10] finds that the rate of missed interfaces in-creases in proportion to the time since the covering set wascreated: implying that train-then-test methodologies areinsufficient.

    Our work therefore focuses on two separable problems viaa unified methodology, how to: i) select destinations in thenetwork to probe; and ii) perform the probe. We examine thehypothesis that by leveraging external network knowledge,e.g. routing, address structure, etc., and adaptive probing,the active traffic load can be significantly reduced withoutsacrificing the inferred topology fidelity. Our methodologyextends prior schemes, e.g. [8] which attempt to reduce mea-surement overhead, but are artificially parametrized, lossy,and ignore temporal effects across measurement periods. To-ward high-frequency Internet topology mapping, we:

    1. Quantify unnecessary probing performed by produc-tion topology measurement platforms.

    2. Develop three algorithms that use network knowledgeto intelligently drive adaptive probing.

    165

  • 0

    0.1

    0.2

    0.3

    0.4

    0.5

    0.6

    0.7

    0.8

    0.9

    1

    0 5 10 15 20 25

    Cum

    ulat

    ive F

    ract

    ion

    of P

    ath

    Pairs

    Levenshtein Edit Distance

    Intra-BGP Prefix (Ark)Intra-BGP Prefix (iPlane)

    Random Prefix Pair

    (a) Unnecessary probing: > 60% of intra-BGP traceshave ED 3; fewer than 50% of random traces haveED 10.

    0.1

    0.2

    0.3

    0.4

    0.5

    0.6

    0.7

    0.8

    0.9

    1

    0 5 10 15 20 25

    Cum

    ulat

    ive F

    ract

    ion

    of P

    ath

    Pairs

    Levenshtein Edit Distance (last-hop AS removed)

    Intra-BGP Prefix (Ark)Intra-BGP Prefix (iPlane)

    Random Prefix Pair

    (b) Contribution of last-hop AS to path variance: 70% of probes to same prefix yield no informationgain beyond the leaf AS.

    Figure 1: Edit distance (ED) distribution of Ark ( 260k) and iPlane ( 150k) traces to different addresseswithin the same BGP prefix compared to baseline ED between random trace pairs.

    2. UNNECESSARY PROBINGSeveral large topology measurement experiments have been

    deployed, including CAIDAs Skitter/Archipelago project(Ark) [11, 13], iPlane [19], and DIMES [22]. To better un-derstand the challenges in topology mapping, this section fo-cuses on the existing practice of Ark and iPlane which inferinterface-level topologies via traceroute-like [1, 17] probing.

    So that measurement is tractable, production systems of-ten follow common assumptions over the Internets struc-ture, for instance by probing a target in each subnetwork ofsize 28 (herein referred to via common /24 prefix notation).Ark subdivides all routed prefixes (i.e. visible in BGP) into/24s. A cycle of probing is a complete set of measure-ments to one destination address within each routed /24.The probe target for a given /24 is randomly selected fromthe 28 possible addresses.

    With approximately half of all IP addresses globally routable,a cycle consists of 2318 /24s. Due to this large number of/24s to be probed in a cycle, approximately 9M, Ark dividesthe probing work among multiple vantage points (measure-ment sites). Probing at a /24 granularity requires significanttime, and load. With asynchronous, distributed probing tomitigate per-path RTT variance, a full cycle requires multi-ple days to partially characterize the Internet.

    Traces can be distilled into an interface-level representa-tion of the Internet graph. Some traces yield more informa-tion than others based on the choice of prior probes. Forinstance, we expect traces to different addresses within thesame BGP prefix to be similar, while probes to very differentdestination addresses are likely to have a higher informationgain.

    2.1 A Path Pair Distance MetricTo quantify the information gain of intra-BGP traces, we

    use the Levenshtein, or edit, distance which is a measure ofthe minimum number of insert, delete or modify operationsrequired to equate two strings.

    Let the alphabet of symbols be the unsigned 32-bit in-teger space, = {0, . . . , 232 1}. We compute the editdistance (ED) between trace pairs using each IP addressalong the path. An ED of zero implies that the two paths

    are identical, whereas an ED of one implies that the twotraces differ by a single interface addition, subtraction, orreplacement. For example, for the following two interfacepaths, ED(t1, t2) = 2:

    t1 = 1.2.6.1, 1.186.254.13, 2.245.179.52, 4.53.34.1

    t2 = 1.2.6.1, 2.245.179.52, 4.69.15.1

    We use data from a single Ark and single iPlane monitorin a January, 2010 cycle for ED analysis. As a compara-tive baseline, we also compute ED over an equal number ofrandom trace pairs.

    2.2 Quantifying Unnecessary ProbingFigure 1(a) shows the cumulative fraction of path pairs in

    Ark and iPlane as a function of ED. The ED is larger forthe randomly selected traceroute path pairs than the pairsfrom within the same BGP prefix, as determined by a con-temporaneous Routeviews [21] BGP routing table. Approx-imately 60% of traces to destination in the same BGP prefixhave ED 3 while fewer than 50% of random traces haveED 10. Thus, as we intuitively expect, there is value tousing the BGP structure to drive the probe target selectionin order to maximize the information gain.

    Next, we wish to quantify the contribution of the last hopautonomous system (AS) to the edit distance of traces to thesame BGP prefix, i.e. path difference attributable to subnet-ting within an AS. For example, Figure 2 depicts the sourcesof path diversity observed as an hourglass with multiplevantage points contributing to diversity into an ASs ingresspoints, and the degree of subnetting within the destinationAS c