chelebi: subnet-level internet mapper mehmet h. gunes university of nevada, reno
TRANSCRIPT
![Page 1: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/1.jpg)
Chelebi:Subnet-level Internet Mapper
Mehmet H. GunesUniversity of Nevada, Reno
![Page 2: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/2.jpg)
Goal
Build an efficient system that produces a map of the Internet such that
– Alias IP addresses that belong to the same router,
– Star (*) occurrences that stand for the same router,
– IPs that belong to the same subnet are identified.
Subnet-level Internet mapping 2
![Page 3: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/3.jpg)
Outline• Goal
– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing– Subnet Inference
• Distance Preservation– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 3
![Page 4: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/4.jpg)
Anonymous Routers• Anonymous routers do not respond to traceroute
probes and appear as in traceroute output– Same router may appear as in multiple traces.
Subnet-level Internet mapping : Anonymous Routers 4
y: S – L – H – x
x: H – L – S – y
y: S – – H – x
x: H – – S – y
S
L
H
y
x
S
L
H
y
x
y
S
1 2
H
x
Current daily raw topology data sets include• ~ 20 million path traces with• ~ 20 million occurrences of s along with• ~ 500K public IP addresses
The raw topology data is far from representing the underlying sampled network topology
![Page 5: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/5.jpg)
Anonymous Router Resolution
Subnet-level Internet mapping : Anonymous Routers 5
U K C N
L H A W
S
d
e
f
Sampled network
d
e
fS U
L
C
AW
Resulting network
Traces• d - - L - S - e• d - - A - W - - f• e - S - L - - d• e - S - U - - C - - f• f - - C - - - d• f - - C - - U - S - e
![Page 6: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/6.jpg)
Previous Approaches• Basic heuristics
– IP: Combine anonymous nodes between same known nodes [Bilir 05]• Limited resolution
– NM: Combine all anonymous neighbors of a known node [Jin 06]• High false positives
Subnet-level Internet mapping : Anonymous Routers 6
U K C N
L H A W
S
xy
z
Sampled network
x
y
zS U
L
C
A W
After resolutionx
y
zS U
L
C
A
After resolution
WH
x
y
zS U
L
C
A
W
Resulting network
![Page 7: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/7.jpg)
7
Previous Approaches• More theoretic approaches
– Graph minimization [Yao 03]• Combine s as long as they do not violate two accuracy conditions:• (1) Trace preservation condition and (2) distance preservation condition• High complexity O(n5) – n is number of s
– ISOMAP based dimensionality reduction [Jin 06]• Build an nxn distance matrix then use ISOMAP to reduce it to a nx5 matrix
Distance: (1) hop count or (2) link delay• High complexity O(n3) – n is number of nodes
– Semisupervised Spectral Clustering [Shavitt 08]• A node will not be chosen to be an unknown root if it shares two or more neighbors
with an unknown root. • Nodes that share two or more neighbors are usually very close to each other, and it
is difficult to distinguish between them even manually. • After splitting them into unknowns, these nodes will have at least one common
unknown node. – This makes the task of cleanly separating the unknowns impossible
Subnet-level Internet mapping : Anonymous Routers
![Page 8: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/8.jpg)
Structural Graph Indexing (SGI)
• Structural Graph Indexing– A graph data mining technique
• Index all pre-defined substructures in a graph data
• Use of SGI for anonymous router resolution– Apply SGI to collected path traces– Merge anonymous routers using identified
structures• Trace Preservation Condition
– Don’t merge anonymous routers within the same trace
• Subnet distance as tie-breakerSubnet-level Internet mapping : Anonymous Routers 8
![Page 9: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/9.jpg)
9
Common Structures due to ARs
Ax C y2Ax C y2
Parallel -substring
y1
y3
y1
y3
DA wx
C y
E z
DA wx
C y
E z
Star
A
C
x
y
D w
F v
E z
A
C
x
y
D w
F v
E z
Complete Bipartite
A
C
x
y
D w
E z
A
C
x
y
D w
E z
Clique
Subnet-level Internet mapping : Anonymous Routers
![Page 10: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/10.jpg)
Graph Indexing based Resolution
Indexing Phase
parallel
star
bipartite
clique Subnet-level Internet mapping : Anonymous Routers 10
Resolution Phase
parallel
clique
bipartite
star
![Page 11: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/11.jpg)
Outline• Goal
– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing– Subnet Inference
• Distance Preservation– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 11
![Page 12: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/12.jpg)
Subnet Inference
Subnet-level Internet mapping : Subnet Inference 12
IP2 IP3
IP1
IP2 IP3
IP1
(observed topology) (inferred topology) (underlying topology)
C D
A B
C D
A B
Subnet resolution• Identify IP addresses that are connected over the same medium
Improve the quality of resulting topology map
C D
A B
C D
A B
![Page 13: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/13.jpg)
Subnet Inference Approach
Subnet-level Internet mapping : Subnet Inference 13
129.110.1.1
129.110.1.2
129.110.2.0
129.110.2.1
129.110.4.1
129.110.4.83
129.110.4.217
129.110.12.1
129.110.12.2
129.110.12.6
129.110.17.1
129.110.17.135
129.110.219.1
V.P.
/30
/31
/24
/24
/24/28
/29
129.110.4.0/24
129.110.6.0/28129.110.17.0/24
129.110.12.0/29
129.110.219.0/24
129.110.1.0/30
129.110.2.0/31
2
3
3
4
2
1
2
4
5
5
4
5
3
129.110.2.0/30
129.110.4.0/24
129.110.12.0/29
129.110.17.0/24
129.110.0.0/16
129.110.1.0/31
![Page 14: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/14.jpg)
Subnet Inference Approach Inferring Subnets
• Cluster IP addresses into maximal subnets up to a given size (e.g. /22)• Distance analysis on candidate subnets to break them down as necessary
IP1
IP2
IP3
IP4
IP5
IP6
IP7
IP8
IP9• Completeness: Ignore candidate subnets that have less than one quarter of
their IP addresses present • after additional probing
/25
/29
/26
/30
/31
/27A /27 subnet can have up to 25 IP addresses./22
Subnet-level Internet mapping : Subnet Inference 14
![Page 15: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/15.jpg)
Inference with Distance Matrix• Obtain distance of each IP from 8 vantage points (VP)
• Only one IP at a subnet might be at a distance ‘hop-1’ per VP
• IPs after per-destination and per-packet load-balancers– Get minimum hop (seen at any ICMP Paris Traceroute) of an IP per VP– IP hops after a LB has lower trust
• Two rounds of computations• Compensate for diamond asymmetry if per-destination LB
Subnet-level Internet mapping : Subnet Inference 15
VP: 1 2 3 4 5 … 672IP1 0 5 4 0 0 … 7IP2 0 0 3 5 0 … 7IP3 2 5 0 4 0 … 6…
![Page 16: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/16.jpg)
Outline• Goal
– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing– Subnet Inference
• Distance Preservation– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 16
![Page 17: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/17.jpg)
IP Alias Resolution
17
S
L
UC
N
W
A
s.2
l.1
s.3
u.1
l.3
u.3
h.1
k.3
h.2
a.3
u.2k.1 c.4
a.1 a.2
w.3c.3
w.1c.2
n.1n.3
w.2
l.2
K
c.1
k.2
h.3
d
h.4
s.1e f
n.2
H
Traces d - h.4 - l.3 - s.2 - e
d - h.4 - a.3 - w.3 - n.3 - f
e - s.1 - l.1 - h.1 - d
e - s.1 - u.1 - k.1 - c.1 - n.1 - f
f - n.2 - c.2 - k.2 - h.2 - d
f - n.2 - c.2 - k.2 - u.2 - s.3 - e
Subnet-level Internet mapping : IP Aliases
![Page 18: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/18.jpg)
IP Alias Resolution
18
U K C N
L H A W
S
d
e
fSampled network
Sample map without alias resolution
s.3
s.1
s.2
l.3
l.1
u.1
u.2
k.1 c.1 n.1
n.2k.2 c.2
w.3
a.3
h.2
h.4
h.1
e
d
f
n.3
Traces
d - h.4 - l.3 - s.2 - e
d - h.4 - a.3 - w.3 - n.3 - f
e - s.1 - l.1 - h.1 - d
e - s.1 - u.1 - k.1 - c.1 - n.1 - f
f - n.2 - c.2 - k.2 - h.2 - d
f - n.2 - c.2 - k.2 - u.2 - s.3 - eSubnet-level Internet mapping : IP Aliases
![Page 19: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/19.jpg)
19
Previous Approaches
Dest = A
B
Dest = A
Dest = B
A, ID=100
Dest = B
B, ID=99B, ID=103
AB
AB
• Source IP Address Based Method [Pansiot 98]– Relies on a particular implementation of ICMP error generation.
• IP Identification Based Method (ally) [Spring 03]– Relies on a particular implementation of IP identifier field,– Many routers ignore direct probes.
• DNS Based Method [Spring 04]– Relies on similarities in the host name structures
sl-bb21-lon-14-0.sprintlink.net sl-bb21-lon-8-0.sprintlink.net
– Works when a systematic naming is used.
• Record Route Based Method [Sherwood 06]– Depends on router support to IP route record processing
Subnet-level Internet mapping : IP Aliases
![Page 20: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/20.jpg)
Analytical Alias Resolution
20
MIT
UTD
18.7.21.1
18.168.0.27
129.110.95.1
129.110.5.1
206.223.141.73
192.5.89.89
206.223.141.70
192.5.89.10
198.32.8.34
198.32.8.85198.32.8.66
198.32.8.65
198.32.8.84
198.32.8.33
192.5.89.9
206.223.141.69
192.5.89.90
206.223.141.74
18.168.0.25
no response
18.7.21.84
no response
Aliases 129.110.5.1 - 206.223.141.74
206.223.141.73 - 206.223.141.69
206.223.141.70 - 198.32.8.33
…
Subnet-level Internet mapping : IP Aliases
![Page 21: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/21.jpg)
Analytical & Probe-based Alias Resolution
• There is possibility of– incorrect subnet assumption,
• Two /30 subnets assumed as a /29,
– incorrect alignment of path traces.• IP4 and IP8 are thought of as aliases.
• To prevent false positives, some conditions are defined– Trace preservation,– Distance preservation (probing component of APAR),– Completeness,– Common neighbor.
21
a sample network
a
c d
b
e f
IP1
IP2
IP9
IP3
IP4
IP8
IP7
Subnet-level Internet mapping : IP Aliases
![Page 22: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/22.jpg)
Outline• Goal
– Subnet-level Internet Mapping
• Issues– Anonymous Routers Resolution
• Structural Graph Indexing– Subnet Inference
• Distance Preservation– Alias IP Addresses Resolution
• Ally, Analytical & Probe based (APAR)
• Chelebi– Mapping System– Outer Space 3D Visualization
Subnet-level Internet mapping 22
![Page 23: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/23.jpg)
Chelebi Mapping System
Subnet-level Internet mapping : Chelebi Mapping System 23
Chelebi Server
Route Views
AS IP query
IP range
DNS server
DNS query
DNS names
PlanetLab Node
Paris ICMP trace
Path Traces
Region 1 Region 2 Region 3 Region 8
PlanetLab Node
Paris ICMP tracePath Traces
…
PlanetLab Node
PlanetLab Node
![Page 24: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/24.jpg)
Outer Space 3D Visualization– Multiple zoom levels
• Autonomous System-level• Router-level• Subnet-level
Subnet-level Internet mapping : Chelebi Mapping System 25
idea
![Page 25: Chelebi: Subnet-level Internet Mapper Mehmet H. Gunes University of Nevada, Reno](https://reader038.vdocuments.site/reader038/viewer/2022110102/56649f165503460f94c2bcc2/html5/thumbnails/25.jpg)
Questions
Subnet-level Internet mapping 26