1 / 25

Chelebi : Subnet-level Internet Mapper

Chelebi : Subnet-level Internet Mapper. Mehmet H. Gunes University of Nevada, Reno. Goal. Build an efficient system that produces a map of the Internet such that Alias IP addresses that belong to the same router, Star (*) occurrences that stand for the same router,

romney
Download Presentation

Chelebi : Subnet-level Internet Mapper

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chelebi:Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno

  2. Goal Build an efficient system that produces a map of the Internet such that • Alias IP addresses that belong to the same router, • Star (*) occurrences that stand for the same router, • IPs that belong to the same subnet are identified. Subnet-level Internet mapping

  3. Outline • Goal • Subnet-level Internet Mapping • Issues • Anonymous Routers Resolution • Structural Graph Indexing • Subnet Inference • Distance Preservation • Alias IP Addresses Resolution • Ally, Analytical & Probe based (APAR) • Chelebi • Mapping System • Outer Space 3D Visualization Subnet-level Internet mapping

  4. y y S S L 1 2 H H x x Anonymous Routers • Anonymous routers do not respond to traceroute probes and appear as  in traceroute output • Same router may appear as  in multiple traces. y y: S – L – H – x y: S –  – H – x Current daily raw topology data sets include • ~ 20 million path traces with • ~ 20 million occurrences of s along with • ~ 500K public IP addresses The raw topology data is far from representing the underlying sampled network topology S L H x: H – L – S – y x: H –  – S – y x Subnet-level Internet mapping : Anonymous Routers

  5. Anonymous Router Resolution S U K C N f L H A W e Traces • d -  - L - S - e • d -  - A - W -  - f • e - S - L -  - d • e - S - U -  - C -  - f • f -  - C -  -  - d • f -  - C -  - U - S - e d Sampled network C U S f L W A e d Resulting network Subnet-level Internet mapping : Anonymous Routers

  6. U K N S C z y W H A L x Sampled network C z U S W y L A Resulting network x C C U z U S z S L W L H y y W A A After resolution After resolution x x Previous Approaches • Basic heuristics • IP: Combine anonymous nodes between same known nodes [Bilir 05] • Limited resolution • NM: Combine all anonymous neighbors of a known node [Jin 06] • High false positives Subnet-level Internet mapping : Anonymous Routers

  7. Previous Approaches • More theoretic approaches • Graph minimization [Yao 03] • Combine s as long as they do not violate two accuracy conditions: • (1) Trace preservation condition and (2) distance preservation condition • High complexity O(n5) – n is number of s • ISOMAP based dimensionality reduction [Jin 06] • Build an nxn distance matrix then use ISOMAP to reduce it to a nx5 matrixDistance: (1) hop count or (2) link delay • High complexity O(n3) – n is number of nodes • Semisupervised Spectral Clustering [Shavitt 08] • A node will not be chosen to be an unknown root if it shares two or more neighbors with an unknown root.  • Nodes that share two or more neighbors are usually very close to each other, and it is difficult to distinguish between them even manually. • After splitting them into unknowns, these nodes will have at least one common unknown node. • This makes the task of cleanly separating the unknowns impossible Subnet-level Internet mapping : Anonymous Routers

  8. Structural Graph Indexing (SGI) • Structural Graph Indexing • A graph data mining technique • Index all pre-defined substructures in a graph data • Use of SGI for anonymous router resolution • Apply SGI to collected path traces • Merge anonymous routers using identified structures • Trace Preservation Condition • Don’t merge anonymous routerswithin the same trace • Subnet distance as tie-breaker Subnet-level Internet mapping : Anonymous Routers

  9. Common Structures due to ARs  y1 y1   A C x y2  y3 y3 Parallel -substring A C x y2 D w A A D x x w A D x w  E  z  C y C y C y F v Clique Complete Bipartite Star A D x w A D x w  C D E w  y z C E y z A x   E z E z      E  z     C y  F v Subnet-level Internet mapping : Anonymous Routers

  10. Graph Indexing based Resolution Resolution Phase parallel clique bipartite star Indexing Phase parallel star bipartite clique Subnet-level Internet mapping : Anonymous Routers

  11. Outline • Goal • Subnet-level Internet Mapping • Issues • Anonymous Routers Resolution • Structural Graph Indexing • Subnet Inference • Distance Preservation • Alias IP Addresses Resolution • Ally, Analytical & Probe based (APAR) • Chelebi • Mapping System • Outer Space 3D Visualization Subnet-level Internet mapping

  12. Subnet Inference • Subnet resolution • Identify IP addresses that are connected over the same medium • Improve the quality of resulting topology map A B C D IP1 IP1 IP2 IP3 IP2 IP3 A B C D A B A B C D C D (underlying topology) (observed topology) (inferred topology) Subnet-level Internet mapping : Subnet Inference

  13. Subnet Inference Approach 129.110.0.0/16 129.110.1.1 129.110.1.2 129.110.2.0 129.110.2.1 129.110.4.1 129.110.4.83 129.110.4.217 129.110.12.1 129.110.12.2 129.110.12.6 129.110.17.1 129.110.17.135 129.110.219.1 2 3 3 4 2 1 2 4 5 5 4 5 3 V.P. 129.110.1.0/31 129.110.219.0/24 /24 129.110.2.0/30 129.110.4.0/24 /24 129.110.12.0/29 129.110.4.0/24 /30 129.110.1.0/30 /29 129.110.2.0/31 /31 129.110.12.0/29 129.110.6.0/28 129.110.17.0/24 129.110.17.0/24 /28 /24 Subnet-level Internet mapping : Subnet Inference

  14. Subnet Inference Approach • Inferring Subnets • Cluster IP addresses into maximal subnets up to a given size (e.g. /22) • Distance analysis on candidate subnets to break them down as necessary IP1 IP2 IP3 IP4 IP5 IP6 IP7 IP8 IP9 • Completeness: Ignore candidate subnets that have less than one quarter of their IP addresses present • after additional probing /31 /26 /27 /25 A /27 subnet can have up to 25 IP addresses. /22 /30 /29 Subnet-level Internet mapping : Subnet Inference

  15. Inference with Distance Matrix • Obtain distance of each IP from 8 vantage points (VP) • Only one IP at a subnet might be at a distance ‘hop-1’ per VP • IPs after per-destination and per-packet load-balancers • Get minimum hop (seen at any ICMP Paris Traceroute) of an IP per VP • IP hops after a LB has lower trust • Two rounds of computations • Compensate for diamond asymmetry if per-destination LB Subnet-level Internet mapping : Subnet Inference

  16. Outline • Goal • Subnet-level Internet Mapping • Issues • Anonymous Routers Resolution • Structural Graph Indexing • Subnet Inference • Distance Preservation • Alias IP Addresses Resolution • Ally, Analytical & Probe based (APAR) • Chelebi • Mapping System • Outer Space 3D Visualization Subnet-level Internet mapping

  17. IP Alias Resolution s.1 f e S s.3 n.2 s.2 n.1 N n.3 c.2 u.1 w.1 w.2 c.1 W C c.3 u.2 w.3 U k.1 c.4 k.2 K u.3 k.3 l.1 a.1 l.2 a.2 L A l.3 a.3 Traces d - h.4 - l.3 - s.2 - e d - h.4 - a.3 - w.3 - n.3 - f e - s.1 - l.1 - h.1 - d e - s.1 - u.1 - k.1 - c.1 - n.1 - f f - n.2 - c.2 - k.2 - h.2 - d f - n.2 - c.2 - k.2 - u.2 - s.3 - e h.2 H h.3 h.1 h.4 d Subnet-level Internet mapping : IP Aliases

  18. IP Alias Resolution S U K C N f Sampled network L H A W e d s.3 u.1 c.1 n.1 k.1 s.1 f e c.2 k.2 u.2 n.2 s.2 n.3 w.3 l.1 a.3 Traces d - h.4 - l.3 - s.2 - e d - h.4 - a.3 - w.3 - n.3 - f e - s.1 - l.1 - h.1 - d e - s.1 - u.1 - k.1 - c.1 - n.1 - f f - n.2 - c.2 - k.2 - h.2 - d f - n.2 - c.2 - k.2 - u.2 - s.3 - e h.2 l.3 h.1 Sample map without alias resolution h.4 d Subnet-level Internet mapping : IP Aliases

  19. Previous Approaches • Source IP Address Based Method [Pansiot 98] • Relies on a particular implementation of ICMP error generation. • IP Identification Based Method (ally) [Spring 03] • Relies on a particular implementation of IP identifier field, • Many routers ignore direct probes. • DNS Based Method [Spring 04] • Relies on similarities in the host name structures sl-bb21-lon-14-0.sprintlink.net sl-bb21-lon-8-0.sprintlink.net • Works when a systematic naming is used. • Record Route Based Method [Sherwood 06] • Depends on router support to IP route record processing B Dest = A A A B B A, ID=100 Dest = A Dest = B B, ID=99 B, ID=103 Dest = B Subnet-level Internet mapping : IP Aliases

  20. Analytical Alias Resolution no response UTD 129.110.95.1 no response 129.110.5.1 206.223.141.74 206.223.141.73 206.223.141.69 Aliases 129.110.5.1 - 206.223.141.74 206.223.141.73 - 206.223.141.69 206.223.141.70 - 198.32.8.33 … 206.223.141.70 198.32.8.33 198.32.8.34 198.32.8.65 198.32.8.66 198.32.8.85 198.32.8.84 192.5.89.10 192.5.89.89 192.5.89.9 192.5.89.90 18.168.0.27 18.7.21.1 18.168.0.25 MIT 18.7.21.84 Subnet-level Internet mapping : IP Aliases

  21. c d a b e f a sample network Analytical & Probe-based Alias Resolution • There is possibility of • incorrect subnet assumption, • Two /30 subnets assumed as a /29, • incorrect alignment of path traces. • IP4 and IP8 are thought of as aliases. • To prevent false positives, some conditions are defined • Trace preservation, • Distance preservation (probing component of APAR), • Completeness, • Common neighbor. IP4 IP7 IP1 IP3 IP2 IP8 IP9 Subnet-level Internet mapping : IP Aliases

  22. Outline • Goal • Subnet-level Internet Mapping • Issues • Anonymous Routers Resolution • Structural Graph Indexing • Subnet Inference • Distance Preservation • Alias IP Addresses Resolution • Ally, Analytical & Probe based (APAR) • Chelebi • Mapping System • Outer Space 3D Visualization Subnet-level Internet mapping

  23. Chelebi Mapping System Route Views DNS server AS IP query DNS query IP range DNS names Chelebi Server Paris ICMP trace Paris ICMP trace Path Traces Path Traces PlanetLab Node PlanetLab Node PlanetLab Node PlanetLab Node Region 1 Region 2 Region 3 … Region 8 Subnet-level Internet mapping : Chelebi Mapping System

  24. Outer Space 3D Visualization idea • Multiple zoom levels • Autonomous System-level • Router-level • Subnet-level Subnet-level Internet mapping : Chelebi Mapping System

  25. Questions Subnet-level Internet mapping

More Related