Cheleby:
Subnet-level Internet Mapper
ISMA 2010 AIMS-2ISMA 2010 AIMS-2
Workshop on Active Internet Measurements
Talha Oz, Hakan Kardes, Mehmet Gunes
University of Nevada, Reno
02/09/10 • San Diego Supercomputer Center, UCSD, La Jolla, CA
Goal
Build an efficient system that produces a map of
the Internet such that
– Alias IP addresses that belong to the same router,– Alias IP addresses that belong to the same router,
– Star (*) occurrences that stand for the same router,
– IPs that belong to the same subnet are identified.
Subnet-level Internet mapping 2
Outline
• Goal– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing
– Subnet Inference– Subnet Inference
• Distance Preservation
– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Cheleby– Mapping System
– Outer Space 3D Visualization
Subnet-level Internet mapping 3
Anonymous Routers
• Anonymous routers do not respond to traceroute
probes and appear as � in traceroute output– Same router may appear as � in multiple traces.
y: S – L – H – x y: S – � – H – x
y y y
Subnet-level Internet mapping : Anonymous Routers 4
y: S – L – H – x
x: H – L – S – y
y: S – � – H – x
x: H – � – S – y
S
L
H
x
S
L
H
x
S
�1 �2
H
x
Current daily raw topology data sets include
• ~ 20 million path traces with
• ~ 20 million occurrences of �s along with
• ~ 500K public IP addresses
The raw topology data is far from representing the
underlying sampled network topology
Anonymous Router Resolution
U K C N
L H A W
S
d
e
f
Sampled network
Traces
• d - � - L - S - e
• d - � - A - W - � - f
Subnet-level Internet mapping : Anonymous Routers 5
d
e
fS U
L
C
AW
Resulting network
• d - � - A - W - � - f
• e - S - L - � - d
• e - S - U - � - C - � - f
• f - � - C - � - � - d
• f - � - C - � - U - S - e
Previous Approaches
• Basic heuristics
– IP: Combine anonymous nodes between same known nodes [Bilir 05]
• Limited resolution
– NM: Combine all anonymous neighbors of a known node [Jin 06]
• High false positives
zS U CC
Subnet-level Internet mapping : Anonymous Routers 6
U K C N
L H A W
S
x
y
z
Sampled network
x
y
zS U
L
C
AW
After resolutionx
y
zS U
L
C
A
After resolution
WH
x
y
zS U
L
C
A
W
Resulting network
Previous Approaches
• More theoretic approaches
– Graph minimization [Yao 03]
• Combine �s as long as they do not violate two accuracy conditions:
• (1) Trace preservation condition and (2) distance preservation condition
• High complexity O(n5) – n is number of �s
– ISOMAP based dimensionality reduction [Jin 06]
• Build an nxn distance matrix then use ISOMAP to reduce it to a nx5 matrix• Build an nxn distance matrix then use ISOMAP to reduce it to a nx5 matrix
Distance: (1) hop count or (2) link delay
• High complexity O(n3) – n is number of nodes
– Semisupervised Spectral Clustering [Shavitt 08]
• Clustering algorithm based on semi-supervised spectral embedding of all the nodes
followed by clustering of the anonymous nodes in the projected space.
• A node will not be chosen to be an unknown root if it shares two or more
neighbors with an unknown root.
Subnet-level Internet mapping : Anonymous Routers 7
Structural Graph Indexing (SGI)
• Structural Graph Indexing
– A graph data mining technique• Index all pre-defined substructures in a graph data
• Use of SGI for anonymous router resolution
– Apply SGI to collected path traces
– Merge anonymous routers using identified structures
• Trace Preservation Condition
– Don’t merge anonymous routers within the same trace
• Subnet distance as tie-breaker
Subnet-level Internet mapping : Anonymous Routers 8
Common Structures due to ARs
Ax C y2Ax C y2
Parallel �-substring
y1
y3
y1
y3
�
�
�
�
DA wx
C y
�
AxD w
E z�
Ax D w
�
9
DA wx
E z
DA wx
C y
E z
Star
�
�
�
�
CyF v
A
C
x
y
D w
F v
E z
Complete Bipartite
�
�
��
�
�
Cy E z
A
C
x
y
D w
E z
Clique
�
�
��
�
��
Subnet-level Internet mapping : Anonymous Routers
Graph Indexing based Resolution
Indexing Phase
parallel
Resolution Phase
parallel
cliquestar
bipartite
clique
Subnet-level Internet mapping : Anonymous Routers 10
clique
bipartite
star
Outline
• Goal– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing
– Subnet Inference– Subnet Inference
• Distance Preservation
– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Cheleby– Mapping System
– Outer Space 3D Visualization
Subnet-level Internet mapping 11
Subnet Inference
IP1
IP2 IP3
IP1
� Subnet resolution
• Identify IP addresses that are connected over the same medium
Subnet-level Internet mapping : Subnet Inference 12
IP2 IP3
IP2 IP3
(observed topology) (inferred topology) (underlying topology)
C D
A B
C D
A B
� Improve the quality of resulting topology map
C D
A B
C D
A B
Subnet Inference Approach
129.110.1.1
129.110.1.2
129.110.2.0
129.110.2.1
129.110.4.1
129.110.4.83
129.110.4.217
V.P
.
/30
/24
/24
/29
129.110.4.0/24
129.110.12.0/29
129.110.219.0/24
129.110.1.0/30
2
3
3
4
2
1
2
129.110.2.0/30
129.110.4.0/24
129.110.0.0/16
129.110.1.0/31
Subnet-level Internet mapping : Subnet Inference 13
129.110.4.217
129.110.12.1
129.110.12.2
129.110.12.6
129.110.17.1
129.110.17.135
129.110.219.1
/31
/24/28
/29
129.110.6.0/28129.110.17.0/24
129.110.1.0/30
129.110.2.0/312
4
5
5
4
5
3
129.110.12.0/29
129.110.17.0/24
Subnet Inference Approach
� Inferring Subnets
• Cluster IP addresses into maximal subnets up to a given size (e.g. /22)
• Distance analysis on candidate subnets to break them down as necessary
IP1
IP2
IP3
IP4/25
/26
/31
/27IP4
IP5
IP6
IP7
IP8
IP9
• Completeness: Ignore candidate subnets that have less than one quarter of
their IP addresses present
• after additional probing
/25
/29
/30
/27A /27 subnet can have up
to 25 IP addresses./22
Subnet-level Internet mapping : Subnet Inference 14
Inference with Distance Matrix• Obtain distance of each IP from 8 vantage points (VP)
• Only one IP at a subnet might be at a distance ‘hop-1’ per VP
• IPs after per-destination and per-packet load-balancers
– Get minimum hop (seen at any ICMP Paris Traceroute) of an IP per VP
– IP hops after a LB has lower trust– IP hops after a LB has lower trust
• Two rounds of computations
• Compensate for diamond asymmetry if per-destination LB
Subnet-level Internet mapping : Subnet Inference 15
VP: 1 2 3 4 5 … 672
IP1 0 5 4 0 0 … 7
IP2 0 0 3 5 0 … 7
IP3 2 5 0 4 0 … 6
…
Outline
• Goal– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing
– Subnet Inference– Subnet Inference
• Distance Preservation
– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Cheleby– Mapping System
– Outer Space 3D Visualization
Subnet-level Internet mapping 16
IP Alias Resolution
S
UC
N
W
s.2
s.3
u.1
u.3
k.3
u.2k.1 c.4 w.3
c.3
w.1c.2
n.1n.3
w.2
K
c.1
k.2
s.1e f
n.2
17
L A
l.1
l.3
h.1
k.3
h.2
a.3
a.1 a.2l.2
h.3
d
h.4
H
Traces
d - h.4 - l.3 - s.2 - e
d - h.4 - a.3 - w.3 - n.3 - f
e - s.1 - l.1 - h.1 - d
e - s.1 - u.1 - k.1 - c.1 - n.1 - f
f - n.2 - c.2 - k.2 - h.2 - d
f - n.2 - c.2 - k.2 - u.2 - s.3 - e
Subnet-level Internet mapping : IP Aliases
IP Alias Resolution
U K C N
L H A W
S
d
e
fSampled network
s.3
s.1
u.1 k.1 c.1 n.1
18
Sample map
without alias resolution
s.1
s.2
l.3
l.1
u.2 n.2k.2 c.2
w.3
a.3
h.2
h.4
h.1
e
d
f
n.3
Traces
d - h.4 - l.3 - s.2 - e
d - h.4 - a.3 - w.3 - n.3 - f
e - s.1 - l.1 - h.1 - d
e - s.1 - u.1 - k.1 - c.1 - n.1 - f
f - n.2 - c.2 - k.2 - h.2 - d
f - n.2 - c.2 - k.2 - u.2 - s.3 - eSubnet-level Internet mapping : IP Aliases
Previous Approaches
Dest = A
BAB
• Source IP Address Based Method [Pansiot 98]
– Relies on a particular implementation of ICMP error generation.
• IP Identification Based Method (ally) [Spring 03]
– Relies on a particular implementation of IP identifier field,
– Many routers ignore direct probes.
19
Dest = A
Dest = A
Dest = B
A, ID=100
Dest = B
B, ID=99B, ID=103
AB
• DNS Based Method [Spring 04]
– Relies on similarities in the host name structures
sl-bb21-lon-14-0.sprintlink.net
sl-bb21-lon-8-0.sprintlink.net
– Works when a systematic naming is used.
• Record Route Based Method [Sherwood 06]– Depends on router support to IP route record processing
Subnet-level Internet mapping : IP Aliases
Analytical Alias Resolution
UTD
129.110.95.1
129.110.5.1
206.223.141.73
206.223.141.70 198.32.8.33
206.223.141.69
206.223.141.74
no response
no response
Aliases129.110.5.1 - 206.223.141.74
206.223.141.73 - 206.223.141.69
20
MIT
18.7.21.1
18.168.0.27
192.5.89.89
206.223.141.70
192.5.89.10
198.32.8.34
198.32.8.85198.32.8.66
198.32.8.65
198.32.8.84
198.32.8.33
192.5.89.9
192.5.89.90
18.168.0.25
18.7.21.84
206.223.141.73 - 206.223.141.69
206.223.141.70 - 198.32.8.33
…
Subnet-level Internet mapping : IP Aliases
Analytical & Probe-based Alias Resolution
• There is possibility of
– incorrect subnet assumption,
• Two /30 subnets assumed as a /29,
– incorrect alignment of path traces.
• IP4 and IP8 are thought of as aliases.
a sample network
a
c d
b
e f
IP1
IP2
IP9
IP3
IP4
IP8
IP7
• To prevent false positives, some conditions are
defined
– Trace preservation,
– Distance preservation (probing component of APAR),
– Completeness,
– Common neighbor.21Subnet-level Internet mapping : IP Aliases
Outline
• Goal– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing
– Subnet Inference– Subnet Inference
• Distance Preservation
– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Cheleby– Mapping System
– Outer Space 3D Visualization
Subnet-level Internet mapping 22
Cheleby Mapping System
Cheleby
Server
Route
ViewsDNS
server
Subnet-level Internet mapping : Cheleby Mapping System 23
Cheleby
Server
PlanetLab
Node
Region 1 Region 2 Region 3 Region 8
PlanetLab
Node
…
PlanetLab
NodePlanetLab
Node
Outer Space 3D Visualization
work by David Shelley
– Multiple zoom levels
• Autonomous System-level
• Router-level
• Subnet-level
idea
• Subnet-level
Subnet-level Internet mapping : Cheleby Mapping System 24
Questions
Subnet-level Internet mapping 25
