DOCSLIB.ORG

Inference of Borders Between IP Networks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Inference of Borders Between IP Networks bdrmap: Inference of Borders Between IP Networks Matthew Luckie Amogh Dhamdhere Bradley Huffaker University of Waikato CAIDA / UC San Diego CAIDA / UC San Diego [email protected] [email protected] [email protected] David Clark kc claffy MIT CAIDA / UC San Diego [email protected] [email protected] ABSTRACT 1. INTRODUCTION We tackle the tedious and unsolved problem of auto- Every Internet researcher and operator is familiar matically and correctly inferring network boundaries in with traceroute, but not everyone is aware of the infer- traceroute. We explain why such a conceptually sim- ential challenges in interpreting traceroute output, the ple task is so hard in the real world, and how lack of diverse barriers to developing a more accurate Inter- progress has impeded a wide range of research and de- net path inference capability, and the resulting imped- velopment efforts for decades. We develop and validate iments to a range of research and development efforts. a method that uses targeted traceroutes, knowledge of Despite these impediments, researchers have relied on traceroute idiosyncrasies, and codification of topologi- traceroute to support measurement and analysis of In- cal constraints in a structured set of heuristics, to cor- ternet router-level topologies for two decades. rectly identify interdomain links at the granularity of Internet router-level topology discovery and inference individual border routers. In this study we focus on the is tedious and error-prone for at least five classes of rea- network boundaries we have most confidence we can sons. Most obviously, the TCP/IP architecture has no accurately infer in the presence of sampling bias: in- notion of interdomain boundaries at the network layer. terdomain links attached to the network launching the In fact, the architecture does not even have any mecha- traceroute. We develop a scalable implementation of nism to identify a complete router { an IP address iden- our algorithm and validate it against ground truth infor- tifies only a single interface on a router, and routers may mation provided by four networks on 3,277 links, which have hundreds of (or thousands of virtual) interfaces. showed 96.3% { 98.9% of our inferences were correct. Second, the measurement tool used for IP topology With 19 vantage points (VPs) distributed across a discovery implements a 30-year old clever hack in which large U.S. broadband provider, we use our method to re- an end host sends customized probe packets along a for- veal the tremendous density of router-level interconnec- ward path toward a destination to trick each router into tion between some ASes. In January 2016, the broad- revealing one of their interface IP addresses to the end band provider had 45 router-level links with a Tier-1 host. Constructing an Internet-scale topology requires peer. We also quantify the VP deployment required superimposing millions of such measurements from mul- to observe this ISP's interdomain connectivity, with 17 tiple sources, onto an interface topology graph, and VPs required to observe all 45 links. Our method forms then applying heuristic techniques to infer which IP the cornerstone of the system we are building to map addresses are interfaces on the same physical router, interdomain performance, and we release our code. i.e., alias resolution. Failure to accurately resolve such aliases for the same router will result in an inflated in- Keywords ference of the number of links between networks. Third, operator address assignment and router imple- Internet topology; Router ownership mentation practices limit the accuracy of the canonical approach of mapping an IP address observed in tracer- Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or oute to the organization that announces the longest distributed for profit or commercial advantage and that copies bear this notice matching prefix for that IP address in BGP [44]. Fourth, and the full citation on the first page. Copyrights for components of this work traceroute measurements repeatedly sample links close owned by others than ACM must be honored. Abstracting with credit is per- mitted. To copy otherwise, or republish, to post on servers or to redistribute to to the vantage point [22], resulting in topologies where lists, requires prior specific permission and/or a fee. Request permissions from links farther from the network are less likely to be ob- [email protected]. served. This sampling bias can reduce the accuracy IMC 2016, November 14–16, Santa Monica, CA, USA. of router ownership inferences because there are fewer c 2016 ACM. ISBN 978-1-4503-4526-2/16/11. $15.00 topological constraints available. DOI: http://dx.doi.org/10.1145/2987443.2987467 381 Finally, operators could overcome all of these issues the presence of an astounding 45 interdomain links with by assigning hostnames to router interfaces that identify one of the ISP's Tier-1 peers, geographically distributed the router itself, but concerns about revealing network throughout the ISP's network, with 25 of these links topology information to competitors, or to prospective only visible from a vantage point (VP) in specific re- attackers, align operator incentives away from trans- gions. For 73% of measured prefixes, we observed 5 { parency about their internal network topologies. 15 distinct border routers carrying probe traffic. These challenges impede many Internet research and (5) We publicly release the source code imple- development efforts, from realistic network modeling, mentation. To promote further validation and use of protocol design, to assessment of real-world network our network border mapping measurement and analy- properties such as interdomain congestion, infrastruc- sis algorithm, which we call bdrmap, we publicly release ture resiliency, and identifying vulnerabilities due to in- our source code implementation as part of scamper [23]. adequate security policies. In light of these challenges, Our method infers all interdomain links directly con- this paper makes the following five contributions: nected to and visible from the network hosting a single (1) We introduce a scalable method for accu- VP. Accurately inferring the parties involved in all inter- rately inferring the boundaries of a given net- domain links observed in traceroute requires overcoming work, and the other networks attached at each the natural sample bias in traceroute [22], i.e., poorer boundary. Our approach efficiently infers forward IP visibility into distant networks, which limits our abil- paths from traceroute measurements, resolves IP aliases ity to assemble constraints. We build on years of prior to construct a router-level topology [15, 40, 21], and work in topology discovery (e.g. [10, 2]), alias resolution then uses this topology as well as topological constraints (e.g. [15, 40, 5, 21]), AS relationship inference [25], and inferred from BGP data [25] to narrow the possible set active probing systems (e.g. [23]). Our contributions are of links and associated IP addresses that represent bor- a scalable system that synthesizes this prior work, and ders between networks. Our approach builds on gen- a set of novel heuristics that correctly infer router-level erally accepted assumptions about industry practices, interdomain links and the involved parties. such as numbering border router interfaces with IP ad- dresses that belong to an upstream provider's network. Our method explicitly accommodates known limitations 2. MOTIVATION of traceroute, e.g., sometimes a border router responds Network Modeling and Resilience: Early models to a traceroute probe using a source address belonging of Internet topology considered each AS a node, and an to a third-party AS, i.e., one that maps to neither net- interdomain link an edge between two ASes [43]. While work constituting the border. Even when a neighbor this simplistic model does not reflect the complexity of network does not respond to our probes, our algorithm Internet interconnection, it has reflected the inferential can still pinpoint where they interconnect. capabilities of the research community [43]. Our work (2) We develop an efficient system to allow enables the construction of a router-level map of in- deployment of our method on resource-limited terdomain connectivity, which will empirically ground devices. We show that the probing our algorithm uses efforts to accurately model AS topology evolution. obtains a complete and accurate router-level interdo- The capability to correctly identify the interdomain main map, but the densest measurement infrastructure links of a network also enables analysis of network re- deployments use resource-limited devices that cannot siliency and robustness in a way not previously possi- maintain state for the entire map themselves. We ex- ble. For instance, we can use comprehensive traceroutes tend our measurement tools to support low-resource (from archives or targeted) to estimate which routers, devices by interactively offloading data and state to a links, and interconnection facilities carry traffic to a sig- centrally-operated system. nificant fraction of the Internet [37], and the potential (3) We validate our algorithm's correctness us- of an attack or outage to disrupt connectivity. ing ground truth from four network operators Interdomain congestion: Exploding demand for as well as databases of IXP address use. We used high-bandwidth content (e.g., streaming video) has fu- ground truth provided by a research
Load more

Recommended publications
  • IBM Cognos Analytics - Reporting Version 11.1
    IBM Cognos Analytics - Reporting Version 11.1 User Guide IBM © Product Information This document applies to IBM Cognos Analytics version 11.1.0 and may also apply to subsequent releases. Copyright Licensed Materials - Property of IBM © Copyright IBM Corp. 2005, 2021. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. IBM, the IBM logo and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at " Copyright and trademark information " at www.ibm.com/legal/copytrade.shtml. The following terms are trademarks or registered trademarks of other companies: • Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. • Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. • UNIX is a registered trademark of The Open Group in the United States and other countries. • Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
    [Show full text]
  • A Dll Required for This Install Could Not Be Run
    A Dll Required For This Install Could Not Be Run Foldable Hannibal saunter anticipatorily and respectably, she reseat her wentletrap overlaid retractively. Which Arne igniting butso cheap berrying that her Dickie instruments triturated flying. her tanists? Analyzed Giovanne still encyst: salt and Circassian Whitby outface quite fervently This product was an option, microsoft distributed dll required dll for could not a install the problem for fixing the table doe Will not a install could be run this dll required for what is solved by multiple rows into boot. How to resolve my case, code and performance cookies and this dll for install a could not be run in. Any solution is required actions, hardware failure and be. If he're running Windows installation as the repair source or sale you're using Windows from a. Thank you for safe prompt response. A DLL required for this installation to complete could not be run. Does this solution from your pc scan with windows installer on target system is this tool in any proposed solutions to use windows updates about how did run a this dll required for could not install be. Reddit on the respective owners in this dll for a required. Set properties are you hate cookies may not a install be run this dll required for instant savings! Could not initialized handler. Your pc and framework, dll could not be able to customize it? Qgis also for this issue, dll required for could not a install it is a time i run. Fix problems installing Chrome Google Chrome Help.
    [Show full text]
  • System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1
    SUSE Linux Enterprise Server 15 SP1 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1 An administrator's guide for problem detection, resolution and optimization. Find how to inspect and optimize your system by means of monitoring tools and how to eciently manage resources. Also contains an overview of common problems and solutions and of additional help and documentation resources. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xiii
    [Show full text]
  • Diskgenius User Guide (PDF)
    www.diskgenius.com DiskGenius® User Guide The information in this document is subject to change without notice. This document is not warranted to be error free. Copyright © 2010-2021 Eassos Ltd. All Rights Reserved 1 / 236 www.diskgenius.com CONTENTS Introduction ................................................................................................................................. 6 Partition Management ............................................................................................................. 6 Create New Partition ........................................................................................................ 6 Active Partition (Mark Partition as Active) .............................................................. 10 Delete Partition ................................................................................................................ 12 Format Partition ............................................................................................................... 14 Hide Partition .................................................................................................................... 15 Modify Partition Parameters ........................................................................................ 17 Resize Partition ................................................................................................................. 20 Split Partition ..................................................................................................................... 23 Extend
    [Show full text]
  • Troubleshooting TCP/IP
    4620-1 ch05.f.qc 10/28/99 12:00 PM Page 157 Chapter 5 Troubleshooting TCP/IP In This Chapter ᮣ Troubleshooting TCP/IP in Windows 2000 Server ᮣ TCP/IP troubleshooting steps ᮣ Defining which is the best TCP/IP troubleshooting tool to solve your problem ᮣ Mastering basic TCP/IP utilities roubleshooting is, it seems, an exercise in matrix mathematics. That is, Twe use a variety of approaches and influences to successfully solve our problems, almost in a mental columns-and-rows format. These approaches may include structured methodologies, inductive and deductive reasoning, common sense, experience, and luck. And this is what troubleshooting is made of. Troubleshooting TCP/IP problems is really no different from troubleshooting other Windows 2000 Server problems mentioned in this book, such as instal- lation failures described in Chapter 2. Needless to say, Windows 2000 Server offers several TCP/IP-related tools and utilities to assist us, but more on the specifics in a moment. TCP/IP Troubleshooting Basics The goal in TCP/IP troubleshooting is very simple: fix the problem. Too often, it is easy to become overly concerned about why something happened instead of just fixing the problem. And by fixing the problem, I mean cost effectively. 1. Be cost effective. Don’t forget that several hours’ worth of MCSE-level consulting could more than pay for the additional bandwidth that may easily solve your TCP/IP WAN-related problem. Don’t overlook such an easy fix when struggling to make a WAN connection between sites utilizing Windows 2000 Server. Too little bandwidth is typically the result of being penny wise and pound foolish.
    [Show full text]
  • Facing the Challenge(S) of Windows Logs Collection to Leverage Valuable Iocs
    Facing the challenge(s) of Windows logs collection to leverage valuable IOCs . Michel de Crevoisier Security Analyst, Radar Cyber Security 15.10.2019, Berne © RadarServices // Classification: Public The five challenges © RadarServices // Classification: Public #1 High diversity of log sources Server Microsoft 3rd party Built-in roles software software Advanced Threat ADFS Application Analytics (ATA) Ivanti software Certification authority Exchange PowerShell Kaspersky DHCP server Skype Security DNS server SQL Server Veeam Backup System IIS web server SYSMON […] […] NPS Radius Defender © RadarServices // Classification: Public 3 #2 Different log extensions EVTX ETL TXT (standard Windows logs (analytical logs, like DNS (IIS, NPS, DHCP, in XML format) Server or PowerShell) PowerShell Transcript, former DNS logs) © RadarServices // Classification: Public 4 #3 Multiple architectural approaches Access method / Protocol (MS-EVEN6, RPC, WMI,…) Push vs Pull Agent vs Agentless Intermediate collector VS Direct sending to receiver Central file store vs Shared folder Managed agent VS Unmanaged agent © RadarServices // Classification: Public 5 #4 Disabled and restrictive event logs • Protected users (if configured, on DCs only) Valuable event • LSA (Local Security Authority) logs disabled • IIS web server • DNS client Event logs with • SMB server restrictive • SMB client access • IIS web server © RadarServices // Classification: Public 6 6 #5 Operational constraints Security Data exchange Performance Configuration Environment • Avoid usage of • Data
    [Show full text]
  • Electric Vehicle Fact Sheet Opens in a New Window
    ⇝ Get CHARGED UP in ROSENDALE! ⇜ SOME QUESTIONS AND ANSWERS ABOUT ELECTRIC VEHICLES (EVs): Do electric vehicles (EVs) cost more than gas-powered cars? All major car manufacturers are now producing either fully electric vehicles or plug-in hybrids, and there is a wide selection of styles and prices to choose from. If you buy now, you can benefit from generous state rebates and federal tax credits. These may reduce the base price of an EV to between $22,000 and $29,000.6,7,8 How do I charge an EV? There is no need for a special charging station at home; just plug into any regular electrical outlet. Rosendale has a public charging station, right in the municipal lot behind the Rosendale Theatre! EV owners can charge up while enjoying Main Street, catching a movie, or hiking up Joppenbergh! Many other towns and highway rest stops around the country now have public charging stations. Popular websites and FREE phone apps, such as Plugshare, allow you to 5,12 easily find the closest public charging station while traveling. Rosendale’s charging station. How far can I drive on electric power? Plug-in hybrids have both electrical ports and gas tanks. They can run 20-80 miles on pure electric power depending on the model, after which they convert to gas and run as a fuel-efficient car. Newer all-electric cars offer faster charging capacity and a higher range, like the Chevy Bolt (238 mi. range) and Nissan Leaf (107 mi. range). How is an electric vehicle better for the environment? Another benefit of EVs: Since it uses less energy, an EV has a lower carbon footprint, No more oil changes! equivalent to that of a 68 MPG gasoline-burning car (if one existed!).
    [Show full text]
  • 1) Data Storage Types 2) Variable Naming 3) Labels and Notes Written
    Stata Community Resource Contents: 1) Data storage types 2) Variable naming 3) Labels and Notes Written on 1/27/2019 (examples shown running version 15). Data storage types: Numeric Unlike some other statistical packages (e.g., SPSS or SAS) Stata stores data as different “types.” Each data storage type has a different level of accuracy and therefore different memory storage requirements. For example, if we have a dataset loaded already, and want to examine our storage types: . describe Here we can see that the storage type is listed as “byte.” Byte indicates that the variable is stored as an integer between -127 and 100. The default data storage type for Stata is “float.” By inquiring with Stata using the help command, we see that the float variable type is much larger relative to byte: . help datatypes Also note that byte, int, and long storage types can only hold integers, whereas float and double are floating point data storage types. 1 Another difference between the various numerical data storage types is in their levels of precision. For example, float variable type data will be stored with a 7-digit level of accuracy. This means that Stata will not round a number stored as a float type, as long as the number is 7 total digits or fewer. If precision is needed past the 7- digit limit, however, the “double” storage type should be used. One potential complication of storing a >7 digit variable as a “float” or smaller is that Stata may round down the integer without advertising that it is doing so.
    [Show full text]
  • HP Openvms Volume Shadowing in Action
    I302 OpenVMS Volume Shadowing Performance Keith Parris, HP Shadowing Performance • Shadowing is primarily an availability tool, but: − Shadowing can often improve performance (e.g. reads), however: − Shadowing can often decrease performance (e.g. writes, and during merges and copies) Shadow Copy/Merge Performance: Why Does It Matter? • Excessive shadow-copy time increases Mean Time To Repair (MTTR) after a disk failure, or a site outage in a disaster-tolerant cluster • Shadow Full Merges can have a significant adverse effect on application performance • Shadow Full Copies or Full Merges can generate a high data rate (e.g. on inter-site links for Disaster Tolerant clusters) − Acceptable shadow full-copy times and link costs are often the major factors in selecting inter-site link(s) for multi-site disaster-tolerant clusters Shadowset State Hierarchy • Mini-Merge state • Copy state −Mini-Copy state Transient states −Full Copy state • Full Merge state • Steady state Copy and Merge • How a Copy or Merge gets started: − A $MOUNT command triggers a Copy This implies a Copy is a Scheduled operation − Departure of a system from the cluster while it has a shadowset mounted triggers a Merge This implies a Merge is an Unscheduled operation I/O Algorithms Used by Shadowing • Variations: − Reads vs. Writes − Steady-State vs. Copy vs. Merge • And for Copies and Merges, − Full- or Mini- operation − Copy or Merge Thread I/Os − Application I/Os: Ahead of or Behind the Copy/Merge “Fence” Application Read during Steady-State • Read from any Application
    [Show full text]
  • The CONVERT Command
    The CONVERT command Use the CONVERT command with the SQL Backup -SQL parameter to convert SQL Backup backup files (.sqb) to Microsoft Tape Format (MTF) files (.bak) using the command line or extended stored procedure. You can use the native SQL Server RESTORE command to restore MTF files. Alternatively, you can use the SQL Backup File Converter (either from the command line, or using the GUI application). This application can also convert SQL Backup v7 or v6 files to SQL Backup v5 files; both file types have extension .sqb. See SQL Backup File Converter for more information. If you convert a backup file that was created with multiple threads (THREADCOUNT > 1), an individual .bak file is created for each thread. For example, if backup file BackUpA.sqb was created using three threads, the following files are created when you convert the backup: BackUpA_01.bak BackUpA_02.bak BackUpA_03.bak You can then restore the MTF (.bak) format backups as a group of backup files. When using the extended stored procedure the parameter or set of parameters (such as -SQL) must be delimited by single quotes. Therefore, wherever a single quote is used for the arguments below, for the extended stored procedure you must use two single quotes so that SQL Server does not interpret it as a string delimiter. See Using the extended stored procedure for more information. Syntax CONVERT { 'p_hysical_backup_device_name' } ] TO { 'physical_file_name' } [ WITH [ [ , ] MAXDATABLOCK = { 65536 | 131072 | ... | 2097152 } ] [ [ , ] PASSWORD = { 'password' } ] [ [ , ] SINGLERESULTSET ] ] Arguments MAXDATABLOCK Specifies the maximum size of data blocks to be used when SQL Backup stores backup data. Valid values are integers in multiples of 65536, up to a maximum value of 2097152.
    [Show full text]
  • Preparing Data for Analysis in Stata Before You Can Analyse Your Data, You Need to Get Your Data Into an Appropriate Format, to Enable Stata to Work for You
    SIDM2 – Preparing data for analysis Preparing Data for Analysis in Stata Before you can analyse your data, you need to get your data into an appropriate format, to enable Stata to work for you. To avoid rubbish results, you need to check your data is sensible and free of nonsense values. Recap on preceding workshop, SIDM1 It is essential to create and save a do file of commands, otherwise you will lose your work. Attention needs to be paid to the presence of missing data, which are treated as infinitely large positive values by Stata. You learnt to run commands from this do file as you go along. You also learn how to open and save datasets, log files and graphs. You learn to distinguish between different types of data. You learnt to use variable labels for a fuller description of what they are, and value labels to define categories (when coded numerically, so we know what the numbers represent). You learn basic graph and tables commands, how to create new variables and amend their values, use of if statement. Learning objectives of this Session, SIDM2 This describes how to read in data Stata in the first place. There is a recap on different types of data, and rationale on need to change some variables between formats before analysis can begin, in many cases. This gives example code, and exercises (with solutions available) for you to see how these commands are used in practice. Learning objectives of further workshops, SIDM3 and SIDM4. Merging datasets in many different ways, reshaping datasets, looping in Stata, and extracting saved results into files.
    [Show full text]
  • Traceroute and BGP AS Path Incongruities
    Traceroute and BGP AS Path Incongruities Young Hyun, Andre Broido, kc claffy CAIDA, San Diego Supercomputer Center University of California, San Diego youngh, broido, kc ¡ @caida.org Internetworking 2003, San Jose, June 2003 Background Motivation Methodology data collection initial processing Analysis exchange point ASes ASes under common ownership remaining causes Conclusions Background AS-level Internet topology is very useful . – for studying growth, performance, resiliency, convergence times – for designing routing protocols complete, up-to-date topology not available – only two practical sources of partial topology: ¡ BGP tables (e.g., at RouteViews and RIPE) ¡ AS paths derived from traceroute paths most analysis/modeling of Internet topology based on BGP AS paths Motivation Are Internet topologies based on BGP AS paths valid? answer by comparing two topology sources: BGP tables and traceroute paths simplistically: BGP AS path = specified (by policy) traceroute AS path = actual (by per-hop forwarding decisions) expect specified and actual paths to agree, but they differ in practice want to know the extent and causes of incongruities Methodology 1. collect data at three sites worldwide BGP table from router near the host performing traceroutes 2. convert traceroute IP paths to AS paths 3. match up traceroute AS paths with BGP AS paths 4. compare pairs of AS paths Source of traceroute paths CAIDA’s skitter monitors – around two dozen deployed worldwide – TTL-based like traceroute but using ICMP ECHO REQUEST – probe predetermined set of
    [Show full text]