1 / 30

Outline

Outline. State of the Art Measurement Tools Measured Node Properties Measured Link Properties Measured Topology Properties Measured Traffic Properties (Gigascope) Large-scale Measurement Projects RIPE CAIDA PlanetLab. Measured Node Properties. IP aliases [Ally & Mercator]

brittani
Download Presentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Outline • State of the Art Measurement Tools • Measured Node Properties • Measured Link Properties • Measured Topology Properties • Measured Traffic Properties (Gigascope) • Large-scale Measurement Projects • RIPE • CAIDA • PlanetLab

  2. Measured Node Properties • IP aliases [Ally & Mercator] • Single router has only one IP ID counter for multiple interfaces • Geography – location of the host [Geocluster] • Owner – AS [Mao et al] • DNS, BGP & whois • Router role identification [Rocketfuel] • Backbone vs. access routers • Use DNS and topological ordering • Configuration features • nmap

  3. NMap (Network Mapper) • A free open source utility for network exploration or security auditing. • Designed to rapidly scan large networks, although it works fine against single hosts. • Nmap uses raw IP packets to determine • what hosts are available on the network • what services (application name and version) those hosts are offering • what operating systems (and OS versions) they are running • what type of packet filters/firewalls are in use, etc.

  4. Features of Nmap • Flexible: can map out networks filled with IP filters, firewalls, routers, and other obstacles. • Powerful: used to scan huge networks of hundreds of thousands of machines. • Portable: most operating systems are supported, including Linux, Windows, FreeBSD, OpenBSD, Solaris, IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, etc. • Easy: start out as simply as "nmap -v -A targethost". Both traditional command line and graphical (GUI) versions are available • Free: comes with full source code

  5. Execution Sample ramblo:net {52} sudo nmap -sS -O -v coatlicue.colorado.edu Starting nmap V. 2.3BETA6 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/) Host coatlicue.Colorado.EDU (198.11.19.5) appears to be up ... good. Initiating SYN half-open stealth scan against coatlicue.Colorado.EDU (198.11.19.5) Adding TCP port 114 (state Open). Adding TCP port 25 (state Open). Adding TCP port 443 (state Open). Adding TCP port 22 (state Open). Adding TCP port 80 (state Open). The SYN scan took 9 seconds to scan 1489 ports.

  6. Interesting ports on coatlicue.Colorado.EDU (198.11.19.5): Port State Protocol Service 22 open tcp ssh 25 open tcp smtp 80 open tcp http 111 filtered tcp sunrpc 114 open tcp audionews 443 open tcp https 2049 filtered tcp nfs 6000 filtered tcp X11 TCP Sequence Prediction: Class=random positive increments Difficulty=47220 (Worthy challenge) Remote operating system guess: OpenBSD Post 2.4 (November 1998) - 2.5 Nmap run completed -- 1 IP address (1 host up) scanned in 12 seconds ramblo:net {53}

  7. Measure Link Properties • Loss • End-to-end approach: Internet Tomography • Multicast-based • Unicast-based • Router response based approach [Tulip] • Reordering [Tulip] • parallel links • Delay • RTT easy • One-way trip times (OTT) hard • Require clock synchronization between hosts

  8. Measure Link Properties II • Delay variation [cing] • Indication of congestion in the network • Use ICMP timestamps to estimate delay variation of path segments • Capacity • Related metrics: available bandwidth and bottleneck identification • Variable packet size methods (traditional) [pchar, clink] • Tailgating packet pair/train (more efficient) [nettimer]

  9. Measured Topology Properties • Four levels of topologies • IP level [Skitter] • Router level (after alias resolution) [Mercator] • AS level [Router Views, BGP] • POP level (backbone) [Rocketfuel] • Routing policy • IP level [Rocketfuel] • AS level [Gao et al] • Find AS relationship in BGP tables

  10. Seattle POP: point-of-presence DS3 (45 Mbps) OC3 (155 Mbps) OC12 (622 Mbps) OC48 (2.4 Gbps) Tacoma to/from backbone peering New York … …. Stockton Cheyenne Chicago Pennsauken Relay Wash. DC San Jose Roachdale Kansas City … … … Anaheim to/from customers Atlanta Fort Worth Orlando Tier-1 ISP: e.g., Sprint Sprint US backbone network

  11. “Tier-2” ISPs: smaller (often regional) ISPs Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs E.g.: UUNet Europe, Singapore telecom NAP Tier-2 ISPs also peer privately with each other, interconnect at NAP • Tier-2 ISP pays tier-1 ISP for connectivity to rest of Internet • tier-2 ISP is customer of tier-1 provider Tier-2 ISP Tier-2 ISP Tier-2 ISP Tier-2 ISP Tier-2 ISP Internet structure: network of networks Tier 1 ISP Tier 1 ISP Tier 1 ISP

  12. Only measure at links 1 route 1 router 2 route 3 route 2 3 Measured Topology Properties II • Workload: Traffic Matrices [Tomogravity] Want to compute the traffic yjalong route j from measurements on the links, xi Courtesy of Y. Zhang at UT Austin

  13. Only measure at links 1 route 1 router 2 route 3 route 2 3 Measured Topology Properties II Want to compute the traffic yjalong route j from measurements on the links, xi x = AT y Courtesy of Y. Zhang at UT Austin

  14. Internet Measurement Roadmap

  15. Internet Measurement Roadmap II

  16. Gigascope: Motivations • Very high data rates. • Optical links : gigabit/sec and higher (to OC192), Millions of packets/sec. • Goal : Evaluate queries over every bit of every packet. • Problem : Not enough cycles in a second. • - 3 Ghz / 21 Mpacket/sec = 142 cycles / packet • Solution : Push data reduction operators as far down the protocol stack as possible. • Multiple data sources. • SNMP, Netflow, BGP, packet sniffers, router tables, etc. • Many layered protocols: multimedia, VPN, etc. • Overcome a prejudice that database technology is too slow and rigid for network monitoring.

  17. Early Data Reduction in Gigascope • Gigascope was designed to monitor very high speed (optical) links using complex query sets. • Multiple levels of data reduction: • Data reduction in the NIC : depends on NIC capabilities • BPF filters • Approximate filtering (bitmasks) • Data reduction queries (replace the NIC run time system) • Low level queries • Run queries on kernel input buffers • Preliminary filter for the query set • Other possibilities ….

  18. Network Interface card Example: Router Monitoring High Level Queries • Selection/projection/aggregation • Pre-filter Low Level Queries Kernel Libpcap / BPF filters Circular Buffer Router • Approximate filter (selection) • Selection/projection/aggregation queries (replace run time system) Select Stream Network Tap

  19. PROTOCOL GAMEPROTOCOL (UDP) { ullonggp_header gp_header (snap_len 134); boolgp_is_ack_request gp_is_ack_request (snap_len 134); boolgp_is_ack_response gp_is_ack_response (snap_len 134); uintgp_ack_id gp_ack_id (snap_len 134); uintgp_sequence_number gp_sequence_number (snap_len 134); } selecttimestamp, sourceIP, destIP, source_port, dest_port, len, total_length, gp_header from GAMEPROTOCOL wheresample_hash[50, sourceIP, destIP] and protocol=17 and offset=0

  20. Outline • State of the Art Measurement Tools • Measured Node Properties • Measured Link Properties • Measured Topology Properties • Measured Traffic Properties (Gigascope) • Large-scale Measurement Projects • RIPE • CAIDA • PlanetLab

  21. RIPE (European IP Networks)

  22. RIPE Measurement • Growth and Change of the Internet • Interaction of Traffic and Networks • Measure delay, packet loss, path, bandwidth and delay variation • Data available under an acceptable agreement • Routing Information • Collect and store BGP table and make it available • Similar to Routeviews in US

  23. CAIDA • The Cooperative Association for Internet Data Analysis • Nonprofit org in the San Diego Supercomputing Center, part of UCSD • Built a variety of tools • Almost all can be free downloaded online! • Collected and managed large amount of Internet data for analysis

  24. Representative Tools • Iffinder: alias resolution • Skitter: large scale topology discovery • Track Persistent Routing Changes • Visualize Network Connectivity

  25. Representative Tool: GTrace Provides geographic interface to traceroute

  26. Representative Tool: AutoFocus A traffic analysis and visualization tool that describes the traffic mix of a link through textual reports and time series plots.

  27. CAIDA Data Collection • A large variety of data traces • Various sources: OC48 links, regional peering points, campus network, etc. • Various types: packets, topology, AS adjacency, etc. • Anonymized data available online • Network Telescope • Globally announced but unused address space. • A /8 network, almost 1/256 of the entire IPv4 addresses, the largest telescope in the world • Slammer worm has significant traffic reaching telescope • Calculate the rate of scanning worms

  28. Planet Lab • The largest overlay network testbed • Current distribution of 665 nodes over 315 sites

  29. Network measurement Scriptroute, PlanetProbe, I3, etc. Application-level multicast ESM, Scribe, TACT, etc. Distributed Hash Tables Chord, Tapestry, Pastry, Bamboo, etc. Wide-area distributed storage Oceanstore, SFS, CFS, Palimpsest, IBP Resource allocation Sharp, Slices, XenoCorp, Automated contracts Distributed query processing PIER, IrisLog, Sophia, etc. Content Dist. Networks CoDeeN, ESM, UltraPeer emulation, Gnutella mapping Management and Monitoring Ganglia, InfoSpect, Scout Monitor, BGP Sensors, etc. Overlay Networks RON, ROM++, ESM, XBone, ABone, etc. Virtualization and Isolation Xen, Denali, VServers, SILK, Mgmt VMs, etc. Router Design implications NetBind, Scout, NewArch, Icarus, etc. Testbed Federation NetBed, RON, XenoServers Projects on Planet Lab

  30. What PlanetLab is about • Create the open infrastructure for invention of the next generation of wide-area (“planetary scale”) services • The foundation on which the next Internet can emerge • Think beyond TCP/UDP/IP/DNS/BGP/OSPF… • …as to what the net provides • building-blocks upon which services will be based • “the next internet will be created as an overlay on the current one” • A different kind of network testbed • not a collection of pipes and giga-pops • not a distributed supercomputer • geographically distributed network services • alternative network architectures and protocols • Focus and Mobilize the Network / Systems Research Community to define the emerging internet

More Related