Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Distributed firewall wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Computer network wikipedia , lookup
Deep packet inspection wikipedia , lookup
Net neutrality wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Net neutrality law wikipedia , lookup
Lecture 17 Internet Measurements Internet Web of interconnected networks • • • • Grows with no central authority Autonomous Systems optimize local communication efficiency The building blocks are engineered and studied in depth Global entity has not been characterized Most real world complex-networks have non-trivial properties. Global properties can not be inferred from local ones • • Engineered with large technical diversity Range from local campuses to transcontinental backbone providers 2 Internet Measurements Need for Internet measurements arises due to commercial, social, and technical issues • • • • • • Realistic simulation environment for developed products, Improve network management Robustness with respect to failures/attacks Comprehend spreading of worms/viruses Know social trends in Internet use Scientific discovery • Scale-free (power-law), Small-world, Rich-club, Dissasortativity,… 3 Internet Topology Measurement CAIDA 2006 4 Internet Topology Measurement CAIDA 2006 5 Internet Topology Measurement 6 Internet Topology Measurement CAIDA 2006 7 IPv4 address space (2010) browse 8 Internet Topology Measurements Probing Direct probing IPB IPD Vantage Point IPBD TTL=64 A B C D Indirect probing IPB IPC Vantage Point IPD TTL=1 TTL=2 A B C D 9 Internet Topology Measurement Topology Collection (traceroute) Probe packets are carefully constructed to elicit intended response from a probe destination IPB IPA IPC IPD Vantage Point Destination TTL=1 TTL=2 TTL=3 TTL=4 S A B C D traceroute probes all nodes on a path towards a given destination • • TTL-scoped probes obtain ICMP error messages from routers on the path ICMP messages includes the IP address of intermediate routers as its source Merging end-to-end path traces yields the network map movie 10 Internet Topology Measurement: Background Internet2 backbone S s.3 s.2 n.1 c.2 u.1 U c.1 u.2 k.1 u.3 l.1 K k.2 C w.1 c.3 c.4 L a.1 l.3 Trace to Seattle W w.2 w.3 k.3 l.2 n.3 N A a.2 Trace to NY a.3 h.2 h.1 H h.3 h.4 d 11 Internet Topology Measurement: Background s.1 e f S s.3 n.2 s.2 n.1 c.1 u.1 U u.2 k.1 u.3 l.1 K k.2 c.2 C w.1 c.3 n.3 N W w.2 w.3 c.4 k.3 L a.1 l.2 l.3 A a.2 a.3 h.2 h.1 H h.3 h.4 d 12 Topology Sampling Issues Sampling to discover networks • Infer characteristics of the topology Different studies considered • • • • • Effect of sample size [Barford 01] Sampling bias [Lakhina 03] Path accuracy [Augustin 06] Sampling approach [Gunes 07] Utilized protocol [Gunes 08] • • • ICMP echo request TCP syn UDP port unreachable 13 Unresponsive Router Resolution Problem Unresponsive routers do not respond to traceroute probes and appear as a in path traces • Same router may appear as a in multiple traces. • Unknown nodes belonging to the same router should be resolved. Unresponsiveness Types 1. 2. 3. 4. 5. Ignore all ICMP packets ICMP rate-limiting Ignore ICMP when congested Filter ICMP at border Private IP address 14 Unresponsive Router Resolution Problem e f Internet2 backbone S N C U W K L A H d Traces •d--L-S-e •d--A-W--f •e-S-L--d •e-S-U--C--f •f--C---d •f--C--U-S-e 15 Unresponsive Router Resolution Problem S U L e Traces •d--L-S-e •d--A-W--f •e-S-L--d •e-S-U--C--f •f--C---d •f--C--U-S-e H d S K C N A f W Sampled network C U f L A e d W Resulting network 16 Graph Based Induction Common Structures A x y1 y2 y3 C A x y1 y2 y3 C Parallel nodes x A D w x C E z y Clique x y A C C E F z x A v Complete Bipartite D w C y D A w x A E z C x A y F w E z w E D Star z D y C D E v 17 y w z Alias Resolution: Each interface of a router has an IP address. A router may respond with different IP addresses to different queries. .33 .5 .18 Denver .7 .13 Alias Resolution is the process of grouping the interface IP addresses of each router into a single node. Inaccuracies in alias resolution may result in a network map that • • includes artificial links/nodes misses existing links 18 IP Alias Resolution Problem s.1 e f S s.3 n.2 s.2 n.1 u.1 U u.2 c.1 k.1 l.1 C w.1 c.3 W w.2 w.3 c.4 K k.2 u.3 c.2 N n.3 k.3 L a.1 l.2 l.3 A a.2 a.3 h.2 h.1 H h.3 h.4 d Traces • d - h.4 - l.3 - s.2 - e • d - h.4 - a.3 - w.3 - n.3 - f • e - s.1 - l.1 - h.1 - d • e - s.1 - u.1 - k.1 - c.1 - n.1 - f • f - n.2 - c.2 - k.2 - h.2 - d • f - n.2 - c.2 - k.2 - u.2 - s.3 - e 19 IP Alias Resolution Problem S U K C N f Sampled network L e H A W d s.3 u.1 k.1 c.1 n.1 u.2 k.2 c.2 n.2 s.1 e f s.2 w.3 l.1 l.3 n.3 a.3 h.2 h.1 h.4 Sample map without alias resolution d Traces • d - h.4 - l.3 - s.2 - e • d - h.4 - a.3 - w.3 - n.3 - f • e - s.1 - l.1 - h.1 - d • e - s.1 - u.1 - k.1 - c.1 - n.1 - f • f - n.2 - c.2 - k.2 - h.2 - d • f - n.2 - c.2 - k.2 - u.220- s.3 - e Genuine Subnet Resolution Problem Alias resolution • IP addresses that belong to the same router IP2 IP3 IP1 IP4 IP6 IP5 Subnet resolution • IP addresses that are connected over the same medium IP1 IP1 IP2 IP3 IP2 IP3 21 Autonomous System Level Mapping Historical 22 Internet Topology Discovery 23 Internet Topology Discovery 24 Internet Topology Discovery 25 Autonomous System Level Mapping 26 27 2010 Internet Topology Discovery 28 Traffic Measurements Monitoring and measuring network traffic • • • to produce better models of network behavior to diagnose failures and detect anomalies to defend against unwanted traffic Live weather map • Internernet2 PlanetLab 29 30 Cisco US traffic estimate 31 DNS Workload for the Chilean TLD the number of queries and clients seen by one of the .CL nameservers in Chile • its hourly variation along two days of traces on July 3rd 2007 animation 32 Code-Red Worm On July 19, 2001, more than 359,000 computers connected to the Internet were infected with the Code-Red (CRv2) worm in less than 14 hours Spread 33 Sapphire Worm was the fastest computer worm in history • • doubled in size every 8.5 seconds infected more than 90 percent of vulnerable hosts within 10 minutes. 34 Witty Worm reached its peak activity after approximately 45 minutes • at which point the majority of vulnerable hosts had been infected World USA 35 Nyxem Email Virus Estimate of total number of infected computers is between 470K and 945K At least 45K of the infected computers were also compromised by other forms of spyware or botware Spread 36 Scam Hosting Study dynamics of scam hosting infrastructure 37 Measurement Studies Glasnost • tests whether BitTorrent is being blocked or throttled BW-meter • Measurement tools for the capacity and load of Internet paths NPAD Diagnostics Servers • Automatic diagnostic server for troubleshooting end-systems and last-mile network problems iPlane • • construct a router interface-level atlas of the Internet measuring link attributes Hubble • find persistent Internet black holes as they occur 38 Internet Measurements The Internet is man-made, so why do we need to measure it? • • • Because we still don’t really understand it • • Sometimes things go wrong Malicious users Measurement for network operations • • Detecting and diagnosing problems What-if analysis of future changes Measurement for scientific discovery • • Creating accurate models that represent reality Identifying new features and phenomena 39 Questions ? Internet Topology Discovery 40