1 / 59

Near-Deterministic Inference of AS Relationships

Near-Deterministic Inference of AS Relationships. Udi Weinsberg. A thesis submitted toward the degree of Master of Science in Electrical and Electronic Engineering Under the guidance of Dr. Yuval Shavitt and Eran Shir. Outline. Introduction and Theory Problem and Algorithm

deiter
Download Presentation

Near-Deterministic Inference of AS Relationships

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Near-Deterministic Inference of AS Relationships Udi Weinsberg A thesis submitted toward the degree of Master of Science in Electrical and ElectronicEngineering Under the guidance of Dr. Yuval Shavitt and Eran Shir.

  2. Outline • Introduction and Theory • Problem and Algorithm • Experimental Results • Conclusion

  3. Introduction and Theory

  4. Introduction • Today's Internet consists of thousands of networks administrated by various Autonomous Systems (AS). • Large Provider - AS7018 – AT&T • Small Provider - AS1680 – NetVision • Educational Network – AS378 – ILAN • ASes are assigned with one or more blocks of IP prefixes and communicate routing information to each other using Border Gateway Protocol (BGP).

  5. Type-of-Relationship • ASes use a set of local policies for selecting the best route for each reachable prefix. • These policies are based on the Type-of-Relationship (ToR) that exists between ASes. • ToRs are used to calculate paths between ASes. • ToRs are regarded as proprietary information. • Deducing them is an important yet difficult problem

  6. Type-of-Relationship (2) • Three major commercial relationships between neighboring ASes: • Customer-to-Provider (C2P) • Peer-to-Peer (P2P) • Sibling-to-Sibling (S2S)

  7. Customer-to-Provider (C2P) • Customer AS pays a Provider AS for traffic that is sent between the two. • Provider AS is usually larger than the customer. Provider C2P C2P Customer Customer

  8. Peer-to-Peer (P2P) • Two ASes freely exchange traffic between themselves and their customers. • Do not exchange traffic from or to their providers or other peers. P2P Peer Peer

  9. Sibling-to-Sibling (S2S) • Two ASes administratively belong to the same organization. • Freely exchange traffic between their providers, customers, peers, or other siblings S2S Sibling Sibling

  10. Valley Free Routing • BGP paths must comply with the following Valley-Free hierarchical pattern: • An uphill segment of zero or more c2p or s2s links, • Followed by zero or one p2p links, • Followed by a downhill segment of zero or more p2c or s2s links.

  11. Valley Free Routing (1)

  12. Valley Free Routing (2)

  13. Problem and Algorithm

  14. The Problem • Given the AS graph (ASes as vertices with interconnecting edges), find the type-of-relationship between all adjacent ASes. • Inferring ToR = Classifying edges. Customer Peer Provider ? ? Customer Provider Peer

  15. Related Works • Current relationships inference algorithms use one of two techniques: • Using heuristic assumptions • Comparing AS degree to determine the “larger” AS. • Optimizing some aspects of the ToR assignments • Minimizing number of paths that are not valley-free • Not allowing cycles in the resulting directed AS graph

  16. The Gap • Using heuristic assumptions throughout the relationships inference process causes the erroneousToRs to be spread over all interconnecting ASes links. • Optimization models fail to capture the true Internet hierarchy.

  17. Work Goal • Improve on existing methods by providing a near-deterministic inference algorithm for solving the ToR problem. • We use the Internet Core, a sub-graph that consists of the globally top-level providers of the Internet • Their interconnecting edges are already classified.

  18. Near-Deterministic Inference • Theoretically, given an accurate core with no relationships errors, the algorithm deterministically infers most of the remaining AS relationships using the AS-level paths relative to this core • Without incurring additional inference errors! • In real-world scenarios, where the core and AS-level paths can contain errors, the algorithm introduces minimal inference errors.

  19. Why Near-? • For the remaining set of relationships that cannot be inferred deterministically, a heuristic inference method is deployed. • This group is relatively small, so it is still possible to provide a strict bound on the inference error.

  20. Algorithm - Definitions • Input • S – a set of AS-level routing paths. • G(VG,EG) – the set of vertices that represent all ASes, and the interconnecting edges that need to be classified. • Core(VC,EC) – the vertices and interconnecting edges that represent the core of G, and is assumed to contain all the top-level ASes. • Output • EG – Edges of input graph with votes for ToRs.

  21. Deterministic Algorithm Pre-processing • Prior to starting the relationships inference algorithm, we infer S2S relationships. • We use S2S data collected from CAIDA • Obtained from IRR databases (RIPE, ARIN, APNIC).

  22. Deterministic Algorithm Phase 1 • Assuming that the input core consists of the global top-level ASes. • Use the valley-free model of Internet routing. • All paths that pass through the core are split into three segments: • A segment of zero or more uphill C2P edges towards the core, • At most one P2P edge in the core, • A downhill segment of zero or more P2C edges from the core. Code

  23. Deterministic Algorithm Phase 2 • Paths that do not traverse the core, fail to provide us with a direct method for classification. • There are paths that partly overlap other paths that traverse the core. • For each of the remaining paths: • Edges that precede a C2P edge must reside in an uphill segment, and be of type C2P. • Edges that follow a P2C edge must be in a downhill segment, and be of type P2C. C2P C2P Code

  24. Deterministic Algorithm Voting • The data we use might be noisy and reflect transient routing effects. • Especially when performing relationships inference over a long time frame. • To avoid incorrect inferences resulting from these effects, we use voting technique: • The above methods vote for the ToR of each traversed edge. • Once the algorithm is finished, we count the votes and assign each edge with the type that received a relative votes count that passes a given threshold. Graph Code

  25. Non-Deterministic Algorithm • The deterministic algorithm fails to classify several types of edges. • We use heuristic assumptions to classify these edges.

  26. Non-Deterministic Algorithm Peers • Edges that appear in paths that do not traverse the core, and reside between a c2p edge and a p2c edge. • A c2p or p2c edges should participate in, at least, one path that pass through the core. • The path may have a p2p relationship between its two top-level vertices P2P

  27. Non-Deterministic Algorithm Voting Ties • Edges that have a similar number of votes for two or more types of relationships: • The result of changes in the commercial relationship over the measurements period. • More complex peering agreements that can cause the same edge to behave differently as seen from different view points in the Internet. • Internet Exchange Points. • Compare AS degrees to resolve ambiguities.

  28. Non-Deterministic Algorithm Valleys • Edges might appear in non-valley-free paths. • Result of valid paths that pass a malformed core, • Or invalid paths that pass an accurate core. • These invalid paths occur in only a small fraction of paths • less than 1% on average from the investigated paths per week.

  29. Core Graph Construction • We use three core construction methods, that result in cores that vary in size and density: • Greedy Max Clique • Kmax-Core • CAIDA Peers

  30. Core Graph Construction (1) • Greedy Max Clique • Tauro et at. proposed the Jellyfish model. • The core is a clique of high-degree vertices. • The first vertex in the core is the one with the highest degree. • Sorting vertices in non-increasing degree order. • A vertex is added to the vertex only if it forms a clique with the vertices already in the core. • The resulting core is a clique but not necessarily the maximal clique of the graph.

  31. Core Graph Construction (2) • Kmax-Core (kCore) • Carmi et at. proposed the Medusa model. • Use a k-pruning algorithm to decompose the Internet AS graph and extract a nucleus • The Kmax-Core, which is a very well connected globally distributed subgraph. • This algorithm extracts a core by looking at the entire graph (global approach). • The nucleus plays a critical role in BGP routing, since its vertices lie in a large fraction of the paths that connect different ASes.

  32. Core Graph Construction (3) Taken from http://www.netdimes.org/

  33. Core Graph Construction (4) • CAIDA Peers • Constructed from ASes and edges that exhibit P2P relationship under the inference method of Dimitropoulos et al. • Used the Automated AS ranking provided by CAIDA and constructed a graph that contains all the edges classified as P2P. • Selected the largest connected component that contains some of the largest tier-1 ASes.

  34. Algorithm – Recall in brief • Construct AS-level graph and extract the Core. • Classify all edges in paths relative to the core: • Uphill to the core. • Downhill from the core. • Classify all edges in remaining paths, that now have some classified edges. • Count votes to decide on types. • Classify remaining paths using heuristics: • Single edge between P2C and C2P is probably a P2P • Break voting ties using AS degree.

  35. Experimental Results

  36. Data Sources • Combined data from RouteViews and DIMES • Maximize the size and density of the topology. • RouteViews collects BGP advertisements using several routers. • DIMES performs ~2 million daily active traceroute measurements from hundreds of Agents. • The raw DIMES data was filtered in order to reduce inference mistakes. Filtering

  37. Data Sources Topology On a weekly average, we filtered approximately 5,100 DIMES edges that were measured only once, which is over 15% of the edges measured by DIMES. Around half of these edges appear in RouteViews.

  38. Sensitivity Analysis Core Construction The smallest GMC core results in the lowest deterministic inference percentage while the largest CAIDA Peers core have the highest percentage.

  39. Sensitivity Analysis Core Construction • kCore provides an excellent overall inference percentage. • Over 95% deterministically inferred and around 75% matching CAIDA). • CAIDA Peers core seems to result in the best overall performance • However, almost all 6,000 edges marked as P2P in CAIDA are in connected. • This is very unlikely to be the case, and causes a bias. Comparing Cores

  40. Size Sensitivity Analysis Robustness to Core Size For more than 20 vertices in the core the algorithm classification success and similarity to CAIDA do not significantly change, while the number of deterministically classified edges increases.

  41. Size Sensitivity Analysis Non-Valley-Free paths The increase in the number of deterministically classified edges comes with an increase in the percentage of non-valley-free paths.

  42. Time Sensitivity Analysis Increasing Time Frame Using data from a single week results in over 90% of the edges being classified for all core types.

  43. Time Sensitivity Analysis Matching CAIDA At any time frame, the algorithms agree on over 92% of the edges.

  44. Mistake Sensitivity Analysis Heuristically Classified Edges While the algorithm's performance decreases as we increase the randomness of the core, the overall degradation is not as high as one would expect.

  45. Mistake Sensitivity Analysis Type of Heuristically Classified Edges As more errors are injected, the algorithm needs to use more heuristics.

  46. P2P Analysis Validating the DIMES Promise While on average the p2p relationships comprise 4-5% of the total number of edges, it goes up to around 12% of the edges that appear only in DIMES. Approximately 40% of the p2p edges inferred by our algorithm, do not appear in the RouteViews.

  47. Conclusion

  48. Conclusion (1) • The common weakness of previously proposed AS relationships inference algorithms is their lack of guarantee on inference errors introduced during the process. • This work improves on existing methods by providing a near-deterministic algorithm that, given a classified error-free input core, does not introduce additional inference errors.

  49. Conclusion (2) • The proposed algorithm provides accurate inferences • Robust under changes in the core's size and creation technique. • A core containing as little as 20 almost fully-connected ASes is sufficient for good inference results. • Heuristic methods can still play an important role in inferring the remaining relationships. • Using single week’s data, the algorithm runs for only about 2 hours and yields over 95% deterministically inferred relationships.

  50. Thank You!

More Related