measuring the internet: featuring traceroute
DESCRIPTION
Measuring the Internet: Featuring Traceroute. Based on slides by Yihua He (PhD UCR 2007). Roadmap. Internet route: router and AS level Review of how traceroute works Possible ways to do IP->AS Hands-on experience with BGP tables What can traceroute tell us besides reachability? - PowerPoint PPT PresentationTRANSCRIPT
Measuring the Internet:Measuring the Internet:Featuring TracerouteFeaturing Traceroute
Based on slides byBased on slides by
Yihua He (PhD UCR 2007)Yihua He (PhD UCR 2007)
RoadmapRoadmap
Internet route: router and AS levelInternet route: router and AS level Review of how traceroute worksReview of how traceroute works Possible ways to do IP->ASPossible ways to do IP->AS Hands-on experience with BGP tablesHands-on experience with BGP tables What can traceroute tell us besides What can traceroute tell us besides
reachability?reachability? Internet routes are not symmetricInternet routes are not symmetric
AS A
AS BAS C
AS DAutonomous System (AS)
Autonomous System Autonomous System Forwarding PathForwarding Path
Example: Pinpoint forwarding loop & responsible ASExample: Pinpoint forwarding loop & responsible AS
IP trafficInternet
sourcedestination
Border Gateway Protocol Border Gateway Protocol (BGP)(BGP)
BGP path may differ from forwarding AS BGP path may differ from forwarding AS pathpath• Routing loops and deflectionsRouting loops and deflections• Route aggregation and filteringRoute aggregation and filtering• BGP misconfigurationBGP misconfiguration
AS A AS B AS C
prefix d
Signaling path: control traffic
d: path=[C]
Forwarding path: data traffic
d: path=[BC]Origin ASd: path=[B C]d: path=[A B C]
55
Measurements in the InternetMeasurements in the Internet
Difficulties in measuringDifficulties in measuring Measuring tools (traceroute)Measuring tools (traceroute) Misc issuesMisc issues
66
Measuring and Modeling Is not Measuring and Modeling Is not EasyEasy
Constantly changing environmentConstantly changing environment How much data is enoughHow much data is enough
• Recently: we need to measure more Recently: we need to measure more than 24h!than 24h!
How frequently should I be How frequently should I be measuring?measuring?
Are the measurements Are the measurements representative?representative?
77
Operation versus Operation versus MeasurementsMeasurements
Operators do not care about Operators do not care about • MeasurementsMeasurements• Academic ResearchAcademic Research
Why?Why?• Takes away resourcesTakes away resources• Can create problemsCan create problems• Complicates their livesComplicates their lives
Luckily, there are measurement Luckily, there are measurement centerscenters• CAIDA, NLANR, routeviews, RIPECAIDA, NLANR, routeviews, RIPE
88
Types of Measurement ToolsTypes of Measurement Tools
Application level:Application level:• Install application agents at two Install application agents at two
measuring entriesmeasuring entries• More control over processMore control over process
Network level: Network level: • Use the Internet control functionality Use the Internet control functionality
(ICMP)(ICMP)• Trick the network to provide informationTrick the network to provide information
99
Ping: the toolPing: the tool
Uses ICMP ECHO_REQUEST datagram to Uses ICMP ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a elicit an ICMP ECHO_RESPONSE from a host or gatewayhost or gateway
ReportsReports• Round trip timeRound trip time• Packets lossPackets loss
Many available options: packet type, size Many available options: packet type, size etcetc
Limitation: >1sec measurement Limitation: >1sec measurement frequencyfrequency
Read manual: man pingRead manual: man ping
Traceroute: the toolTraceroute: the tool
Traceroute measures Traceroute measures • the path and the round trip timethe path and the round trip time
Traceroute: ingenious (ab)use of the Traceroute: ingenious (ab)use of the network layer by Van Jacobsonnetwork layer by Van Jacobson
Main ideas: Main ideas: • send “bad” packets to receive ICMP: send “bad” packets to receive ICMP:
“packet died”“packet died”• Recursive probing to identify the pathRecursive probing to identify the path• Send three packets at a timeSend three packets at a time
Read manual: man tracerouteRead manual: man traceroute1010
1111
The ingenuity of tracerouteThe ingenuity of traceroute
Send a packet for every hop of the pathSend a packet for every hop of the path Set TTL = 1, packet expires, ICMP returnsSet TTL = 1, packet expires, ICMP returns Increase TTL by one, and repeatIncrease TTL by one, and repeat At the destination, port number is wrong: At the destination, port number is wrong:
return an ICMP packet, port not foundreturn an ICMP packet, port not found
source destination
TTL=1
Time exceeded
TTL=2
Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message
1212
Traceroute: Some LimitationsTraceroute: Some Limitations
In traceroute, you may be exploring multiple In traceroute, you may be exploring multiple paths without knowing itpaths without knowing it
Delays for each part of the path correspond to Delays for each part of the path correspond to different measurements: ie they don’t sum updifferent measurements: ie they don’t sum up
1313
Identifying The Router TopologyIdentifying The Router Topology
Several efforts rely on tracerouteSeveral efforts rely on traceroute• Govindan et al INFOCOM 2000Govindan et al INFOCOM 2000• Cheswick and Burch Internet Mapping Cheswick and Burch Internet Mapping
ProjectProject• The Dimes projectThe Dimes project
Main idea:Main idea:• Do thousands of traceroutesDo thousands of traceroutes• Collect all adjacent nodes Collect all adjacent nodes • Generate a graphGenerate a graph
1414
Router Graphs: A ComplicationRouter Graphs: A Complication
Routers have multiple IP addressesRouters have multiple IP addresses• One for each interfaceOne for each interface
How do we resolve this?How do we resolve this? Only heuristics exist [Govindan]Only heuristics exist [Govindan] Heuristic: Send packets to one Heuristic: Send packets to one
interface and hope that they will interface and hope that they will respond with the other interfacerespond with the other interface• Typically, router responds with IP of Typically, router responds with IP of
interface the packet came oninterface the packet came on
Traceroute optionsTraceroute options -a Turn on AS# lookups for each hop encountered.-a Turn on AS# lookups for each hop encountered. -m max_ttl Set the max time-to-live (max number of hops)-m max_ttl Set the max time-to-live (max number of hops) -p port Protocol specific. For UDP and TCP, sets the base port -p port Protocol specific. For UDP and TCP, sets the base port
number used in probes (default is 33434).number used in probes (default is 33434). -S Print a % of probes not answered for each hop.-S Print a % of probes not answered for each hop.
TracerouteTraceroute gives IP-level gives IP-level forwarding pathforwarding path
1 169.229.62.1
2 169.229.59.225
3 128.32.255.169
4 128.32.0.249
5 128.32.0.66
6 209.247.159.109
7 *
8 64.159.1.46
9 209.247.9.170
10 66.185.138.33
11 *
12 66.185.136.17
13 64.236.16.52
Traceroute output: (hop number, IP address, DNS name)
Traceroute from Berkeley to www.cnn.com (64.236.16.52)
inr-daedalus-0.CS.Berkeley.EDU
soda-cr-1-1-soda-br-6-2
vlan242.inr-202-doecev.Berkeley.EDU
gigE6-0-0.inr-666-doecev.Berkeley.EDU
qsv-juniper--ucb-gw.calren2.net
POS1-0.hsipaccess1.SanJose1.Level3.net
?
?
pos8-0.hsa2.Atlanta2.Level3.net
pop2-atm-P0-2.atdn.net
?
pop1-atl-P4-0.atdn.net
www4.cnn.com
Map Traceroute Hops to ASesMap Traceroute Hops to ASes
1 169.229.62.1
2 169.229.59.225
3 128.32.255.169
4 128.32.0.249
5 128.32.0.66
6 209.247.159.109
7 *
8 64.159.1.46
9 209.247.9.170
10 66.185.138.33
11 *
12 66.185.136.17
13 64.236.16.52
Traceroute output: (hop number, IP)AS25
AS25
AS25
AS25
AS11423
AS3356
AS3356
AS3356
AS3356
AS1668
AS1668
AS1668
AS5662
Berkeley
CNN
Calren
Level3
AOL
Need accurate IP-to-AS mappings(for network equipment).
Possible Ways to Possible Ways to Get IP-to-AS Mapping(1)Get IP-to-AS Mapping(1)
DNS names: DNS names: • Inaccurate, and in a lot of times, Wrong!Inaccurate, and in a lot of times, Wrong!
Anyone, with $5/year, can register a www.whateveryoulike.com Anyone, with $5/year, can register a www.whateveryoulike.com and point it to any IP address!and point it to any IP address!
• Some of the IPs do not have any DNS name.Some of the IPs do not have any DNS name. Routing address registry (WHOIS)Routing address registry (WHOIS)
• That’s what you did in Lab1That’s what you did in Lab1• More accurate. However…More accurate. However…• Voluntary public registry such as Voluntary public registry such as whois.radb.netwhois.radb.net• Prone to human input errorsProne to human input errors• Incomplete and maybe out-of-dateIncomplete and maybe out-of-date
Mergers, acquisitions, delegation to customersMergers, acquisitions, delegation to customers
Possible Ways to Possible Ways to Get IP-to-AS Mapping (2)Get IP-to-AS Mapping (2)
Origin ASOrigin AS in BGP paths in BGP paths• Prefix=198.133.206.0/24, ASpath=[1239 2914 Prefix=198.133.206.0/24, ASpath=[1239 2914 31303130]]• Public BGP routing tables such as RouteViewsPublic BGP routing tables such as RouteViews• Almost real time and avoiding most human input errorsAlmost real time and avoiding most human input errors• It’s approximately 98% accurate, It’s approximately 98% accurate,
Multiple Origin ASes (MOAS) Multiple Origin ASes (MOAS) • due to merge in a lot of casesdue to merge in a lot of cases• E.g., around 2002-2003, 148.231.0.0/16 had two ASes E.g., around 2002-2003, 148.231.0.0/16 had two ASes
announced its address block: AS5677 and AS7132. That announced its address block: AS5677 and AS7132. That was PacBell and SBC was PacBell and SBC
• Now AS5677 does not exist anymoreNow AS5677 does not exist anymore No mappingNo mapping
• Some ASes intentionally do not want to advertise the Some ASes intentionally do not want to advertise the route/IPsroute/IPs
• Incomplete viewIncomplete view
Hands-on Experience with BGP Hands-on Experience with BGP Routing TablesRouting Tables
Telnet://route-views.routeviews.orgTelnet://route-views.routeviews.org• Show ip bgp summaryShow ip bgp summary
Whose BGP feeds do the router take?Whose BGP feeds do the router take?
• Show ip bgpShow ip bgp PrefixPrefix Origin ASOrigin AS AS PathAS Path
Collected at http://archive.routeviews.org/Collected at http://archive.routeviews.org/ Other BGP table collections are:Other BGP table collections are:
• http://www.ripe.net/projects/ris/rawdata.htmlhttp://www.ripe.net/projects/ris/rawdata.html• http://www.cs.ucr.edu/bgp/http://www.cs.ucr.edu/bgp/
What can traceroute tell us?What can traceroute tell us?
Where are those routers?Where are those routers?• from DNSfrom DNS
City nameCity name Airport nameAirport name
• From roundtrip timeFrom roundtrip time Light travels approximately 2*10^8 meters/sec in Light travels approximately 2*10^8 meters/sec in
fiber cablesfiber cables When non-congested, the major delay is propagation When non-congested, the major delay is propagation
delaydelay If you see a host with roundtrip time of 10ms, you If you see a host with roundtrip time of 10ms, you
know it must be within 600 miles radius.know it must be within 600 miles radius. Theoretically, with multiple vantage point, you can Theoretically, with multiple vantage point, you can
pinpoint where the routers are.pinpoint where the routers are.
Internet routes are not symmetric!Internet routes are not symmetric!
Try traceroute from both endsTry traceroute from both ends And we’ll find most routes are not And we’ll find most routes are not
symmetric!symmetric! Why? Why?
• Hot potato routing --- try to use other Hot potato routing --- try to use other guys’ network as much as possibleguys’ network as much as possible
• Policy routing --- when multihomedPolicy routing --- when multihomed
Traceroute from other placesTraceroute from other places
http://www.traceroute.orghttp://www.traceroute.org• Remote traceroute serversRemote traceroute servers• Hundreds of themHundreds of them• Limited probe rateLimited probe rate• Not always availableNot always available
http://www.caida.org/tools/measurement/http://www.caida.org/tools/measurement/skitter/skitter/• Dedicated remote traceroute monitorsDedicated remote traceroute monitors• Almost unlimited probe rateAlmost unlimited probe rate• Only a couple of dozens of themOnly a couple of dozens of them
Any questions?Any questions?