Chelebi : Subnet-level Internet Mapper

transcript

Chelebi:Subnet-level Internet Mapper

Mehmet H. GunesUniversity of Nevada, Reno

Build an efficient system that produces a map of the Internet such that

– Alias IP addresses that belong to the same router,

– Star (*) occurrences that stand for the same router,

– IPs that belong to the same subnet are identified.

Subnet-level Internet mapping 2

Outline• Goal

– Subnet-level Internet Mapping• Issues

– Anonymous Routers Resolution• Structural Graph Indexing

– Subnet Inference• Distance Preservation

– Alias IP Addresses Resolution• Ally, Analytical & Probe based (APAR)

• Chelebi– Mapping System– Outer Space 3D Visualization

Anonymous Routers• Anonymous routers do not respond to traceroute

probes and appear as in traceroute output– Same router may appear as in multiple traces.

Subnet-level Internet mapping : Anonymous Routers 4

y: S – L – H – x

x: H – L – S – y

y: S – – H – x

x: H – – S – y

Current daily raw topology data sets include• ~ 20 million path traces with• ~ 20 million occurrences of s along with• ~ 500K public IP addresses

The raw topology data is far from representing the underlying sampled network topology

Anonymous Router Resolution

U K C N

L H A W

Sampled network

Resulting network

Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e

Previous Approaches• Basic heuristics

– IP: Combine anonymous nodes between same known nodes [Bilir 05]• Limited resolution

– NM: Combine all anonymous neighbors of a known node [Jin 06]• High false positives

U K C N

L H A W

Sampled network

After resolutionx

After resolution

Resulting network

Previous Approaches• More theoretic approaches

– Graph minimization [Yao 03]• Combine s as long as they do not violate two accuracy conditions:• (1) Trace preservation condition and (2) distance preservation condition• High complexity O(n5) – n is number of s

– ISOMAP based dimensionality reduction [Jin 06]• Build an nxn distance matrix then use ISOMAP to reduce it to a nx5 matrix

Distance: (1) hop count or (2) link delay• High complexity O(n3) – n is number of nodes

– Semisupervised Spectral Clustering [Shavitt 08]• A node will not be chosen to be an unknown root if it shares two or more neighbors

with an unknown root. • Nodes that share two or more neighbors are usually very close to each other, and it

is difficult to distinguish between them even manually. • After splitting them into unknowns, these nodes will have at least one common

unknown node. – This makes the task of cleanly separating the unknowns impossible

Subnet-level Internet mapping : Anonymous Routers

Structural Graph Indexing (SGI)• Structural Graph Indexing

– A graph data mining technique• Index all pre-defined substructures in a graph data

• Use of SGI for anonymous router resolution– Apply SGI to collected path traces– Merge anonymous routers using identified

structures• Trace Preservation Condition

– Don’t merge anonymous routers within the same trace• Subnet distance as tie-breaker

Common Structures due to ARs

Ax C y2Ax C y2

Parallel -substring

Complete Bipartite

Clique

Subnet-level Internet mapping : Anonymous Routers

Graph Indexing based Resolution

Indexing Phase

parallel

bipartite

clique Subnet-level Internet mapping : Anonymous Routers 10

Resolution Phase

parallel

clique

bipartite

Outline• Goal

Subnet Inference

Subnet-level Internet mapping : Subnet Inference 12

IP2 IP3

(observed topology) (inferred topology) (underlying topology)

Subnet resolution• Identify IP addresses that are connected over the same medium

Improve the quality of resulting topology map

Subnet Inference Approach

129.110.1.1

129.110.1.2

129.110.2.0

129.110.2.1

129.110.4.1

129.110.4.83

129.110.4.217

129.110.12.1

129.110.12.2

129.110.12.6

129.110.17.1

129.110.17.135

129.110.219.1

/24/28

129.110.4.0/24

129.110.6.0/28129.110.17.0/24

129.110.12.0/29

129.110.219.0/24

129.110.1.0/30

129.110.2.0/31

129.110.2.0/30

129.110.4.0/24

129.110.12.0/29

129.110.17.0/24

129.110.0.0/16129.110.1.0/31

Subnet Inference Approach Inferring Subnets

• Cluster IP addresses into maximal subnets up to a given size (e.g. /22)• Distance analysis on candidate subnets to break them down as necessary

IP1IP2IP3IP4IP5IP6IP7IP8IP9

• Completeness: Ignore candidate subnets that have less than one quarter of their IP addresses present • after additional probing

/27A /27 subnet can have up to 25 IP addresses./22

Inference with Distance Matrix• Obtain distance of each IP from 8 vantage points (VP)

• Only one IP at a subnet might be at a distance ‘hop-1’ per VP

• IPs after per-destination and per-packet load-balancers– Get minimum hop (seen at any ICMP Paris Traceroute) of an IP per VP– IP hops after a LB has lower trust

• Two rounds of computations• Compensate for diamond asymmetry if per-destination LB

VP: 1 2 3 4 5 … 672IP1 0 5 4 0 0 … 7IP2 0 0 3 5 0 … 7IP3 2 5 0 4 0 … 6…

Outline• Goal

IP Alias Resolution

u.2k.1 c.4

a.1 a.2

w.3c.3

w.1c.2

n.1n.3

s.1e f

Traces d - h.4 - l.3 - s.2 - e d - h.4 - a.3 - w.3 - n.3 - f e - s.1 - l.1 - h.1 - d e - s.1 - u.1 - k.1 - c.1 - n.1 - f f - n.2 - c.2 - k.2 - h.2 - d f - n.2 - c.2 - k.2 - u.2 - s.3 - e

Subnet-level Internet mapping : IP Aliases

IP Alias Resolution

U K C N

L H A W

fSampled network

Sample map without alias resolution

k.1 c.1 n.1

n.2k.2 c.2

w.3a.3

Traces d - h.4 - l.3 - s.2 - e d - h.4 - a.3 - w.3 - n.3 - f e - s.1 - l.1 - h.1 - d e - s.1 - u.1 - k.1 - c.1 - n.1 - f f - n.2 - c.2 - k.2 - h.2 - d f - n.2 - c.2 - k.2 - u.2 - s.3 - eSubnet-level Internet mapping : IP Aliases

Previous Approaches

Dest = A

Dest = B

A, ID=100

Dest = BB, ID=99B, ID=103

• Source IP Address Based Method [Pansiot 98]– Relies on a particular implementation of ICMP error generation.

• IP Identification Based Method (ally) [Spring 03]– Relies on a particular implementation of IP identifier field,– Many routers ignore direct probes.

• DNS Based Method [Spring 04]– Relies on similarities in the host name structures

sl-bb21-lon-14-0.sprintlink.net sl-bb21-lon-8-0.sprintlink.net

– Works when a systematic naming is used.

• Record Route Based Method [Sherwood 06]– Depends on router support to IP route record processing

Analytical Alias Resolution

18.7.21.1

18.168.0.27

129.110.95.1129.110.5.1

206.223.141.73

192.5.89.89

206.223.141.70

192.5.89.10

198.32.8.34

198.32.8.85198.32.8.66198.32.8.65

198.32.8.84

198.32.8.33

192.5.89.9

206.223.141.69

192.5.89.90

206.223.141.74

18.168.0.25

no response

18.7.21.84

no response

Aliases 129.110.5.1 - 206.223.141.74206.223.141.73 - 206.223.141.69 206.223.141.70 - 198.32.8.33

Analytical & Probe-based Alias Resolution

• There is possibility of– incorrect subnet assumption,

• Two /30 subnets assumed as a /29,– incorrect alignment of path traces.

• IP4 and IP8 are thought of as aliases.

• To prevent false positives, some conditions are defined– Trace preservation,– Distance preservation (probing component of APAR),– Completeness,– Common neighbor.

a sample network

Outline• Goal

Chelebi Mapping System

Subnet-level Internet mapping : Chelebi Mapping System 23

Chelebi Server

Route Views

AS IP query

IP range

DNS server

DNS queryDNS names

PlanetLab Node

Paris ICMP trace

Path Traces

Region 1 Region 2 Region 3 Region 8

PlanetLab Node

Paris ICMP tracePath Traces

PlanetLab Node

Outer Space 3D Visualization– Multiple zoom levels

• Autonomous System-level• Router-level• Subnet-level

Subnet-level Internet mapping : Chelebi Mapping System 25

Questions

Chelebi : Subnet-level Internet Mapper

Documents