82 research outputs found
SDN as Active Measurement Infrastructure
Active measurements are integral to the operation and management of networks,
and invaluable to supporting empirical network research. Unfortunately, it is
often cost-prohibitive and logistically difficult to widely deploy measurement
nodes, especially in the core. In this work, we consider the feasibility of
tightly integrating measurement within the infrastructure by using Software
Defined Networks (SDNs). We introduce "SDN as Active Measurement
Infrastructure" (SAAMI) to enable measurements to originate from any location
where SDN is deployed, removing the need for dedicated measurement nodes and
increasing vantage point diversity. We implement ping and traceroute using
SAAMI, as well as a proof-of-concept custom measurement protocol to demonstrate
the power and ease of SAAMI's open framework. Via a large-scale measurement
campaign using SDN switches as vantage points, we show that SAAMI is accurate,
scalable, and extensible
BGP-Multipath Routing in the Internet
BGP-Multipath, or BGP-M, is a routing technique for balancing traffic load in the Internet. It enables a Border Gateway Protocol (BGP) border router to install multiple ‘equally-good’ paths to a destination prefix. While other multipath routing techniques are deployed at internal routers, BGP-M is deployed at border routers where traffic is shared on multiple border links between Autonomous Systems (ASes). Although there are a considerable number of research efforts on multipath routing, there is so far no dedicated measurement or study on BGP-M in the literature. This thesis presents the first systematic study on BGP-M. I proposed a novel approach to inferring the deployment of BGP-M by querying Looking Glass (LG) servers. I conducted a detailed investigation on the deployment of BGP-M in the Internet. I also analysed BGP-M’s routing properties based on traceroute measurements using RIPE Atlas probes. My research has revealed that BGP-M has already been used in the Internet. In particular, Hurricane Electric (AS6939), a Tier-1 network operator, has deployed BGP-M at border routers across its global network to hundreds of its neighbour ASes on both IPv4 and IPv6 Internet. My research has provided the state-of-the-art knowledge and insights in the deployment, configuration and operation of BGP-M. The data, methods and analysis introduced in this thesis can be immensely valuable to researchers, network operators and regulators who are interested in improving the performance and security of Internet routing. This work has raised awareness of BGP-M and may promote more deployment of BGP-M in future because BGP-M not only provides all benefits of multipath routing but also has distinct advantages in terms of flexibility, compatibility and transparency
vrfinder: Finding outbound addresses in traceroute
Current methods to analyze the Internet's router-level topology with paths collected using traceroute assume that the source address for each router in the path is either an inbound or off-path address on each router. In this work, we show that outbound addresses are common in our Internet-wide traceroute dataset collected by CAIDA's Ark vantage points in January 2020, accounting for 1.7% - 5.8% of the addresses seen at some point before the end of a traceroute. This phenomenon can lead to mistakes in Internet topology analysis, such as inferring router ownership and identifying interdomain links. We hypothesize that the primary contributor to outbound addresses is Layer 3 Virtual Private Networks (L3VPNs), and propose vrfinder, a technique for identifying L3VPN outbound addresses in traceroute collections. We validate vrfinder against ground truth from two large research and education networks, demonstrating high precision (100.0%) and recall (82.1% - 95.3%). We also show the benefit of accounting for L3VPNs in traceroute analysis through extensions to bdrmapIT, increasing the accuracy of its router ownership inferences for L3VPN outbound addresses from 61.5% - 79.4% to 88.9% - 95.5%
AS-level topology collection through looking glass servers
While accurate and complete modeling of the Internet topol-ogy at the Autonomous System (AS) level is critical for future protocol design, performance evaluation, simulation and analysis, still it remains a challenge to construct its ac-curate representation. In this paper, we collect BGP route announcements of ASes from Looking glass (LG) servers. By querying LG servers, we build an AS topology estimate of around 116 K AS links, from which we discover 11 K new AS links and 686 new ASes. We conclude that collecting BGP traces from LG servers can help enhance the current view of the AS topology from the BGP collector projects (e.g., RouteViews)
Optimizing the delivery of multimedia over mobile networks
Mención Internacional en el título de doctorThe consumption of multimedia content is moving from a residential environment to mobile
phones. Mobile data traffic, driven mostly by video demand, is increasing rapidly and wireless
spectrum is becoming a more and more scarce resource. This makes it highly important to operate
mobile networks efficiently. To tackle this, recent developments in anticipatory networking
schemes make it possible to to predict the future capacity of mobile devices and optimize the
allocation of the limited wireless resources. Further, optimizing Quality of Experience—smooth,
quick, and high quality playback—is more difficult in the mobile setting, due to the highly dynamic
nature of wireless links. A key requirement for achieving, both anticipatory networking
schemes and QoE optimization, is estimating the available bandwidth of mobile devices. Ideally,
this should be done quickly and with low overhead.
In summary, we propose a series of improvements to the delivery of multimedia over mobile
networks. We do so, be identifying inefficiencies in the interconnection of mobile operators with
the servers hosting content, propose an algorithm to opportunistically create frequent capacity estimations
suitable for use in resource optimization solutions and finally propose another algorithm
able to estimate the bandwidth class of a device based on minimal traffic in order to identify the
ideal streaming quality its connection may support before commencing playback.
The main body of this thesis proposes two lightweight algorithms designed to provide bandwidth
estimations under the high constraints of the mobile environment, such as and most notably
the usually very limited traffic quota. To do so, we begin with providing a thorough overview
of the communication path between a content server and a mobile device. We continue with
analysing how accurate smartphone measurements can be and also go in depth identifying the
various artifacts adding noise to the fidelity of on device measurements. Then, we first propose
a novel lightweight measurement technique that can be used as a basis for advanced resource
optimization algorithms to be run on mobile phones. Our main idea leverages an original packet
dispersion based technique to estimate per user capacity. This allows passive measurements by
just sampling the existing mobile traffic. Our technique is able to efficiently filter outliers introduced
by mobile network schedulers and phone hardware. In order to asses and verify our
measurement technique, we apply it to a diverse dataset generated by both extensive simulations
and a week-long measurement campaign spanning two cities in two countries, different radio
technologies, and covering all times of the day. The results demonstrate that our technique is effective even if it is provided only with a small fraction of the exchanged packets of a flow. The
only requirement for the input data is that it should consist of a few consecutive packets that are
gathered periodically. This makes the measurement algorithm a good candidate for inclusion in
OS libraries to allow for advanced resource optimization and application-level traffic scheduling,
based on current and predicted future user capacity.
We proceed with another algorithm that takes advantage of the traffic generated by short-lived
TCP connections, which form the majority of the mobile connections, to passively estimate the
currently available bandwidth class. Our algorithm is able to extract useful information even if the
TCP connection never exits the slow start phase. To the best of our knowledge, no other solution
can operate with such constrained input. Our estimation method is able to achieve good precision
despite artifacts introduced by the slow start behavior of TCP, mobile scheduler and phone hardware.
We evaluate our solution against traces collected in 4 European countries. Furthermore, the
small footprint of our algorithm allows its deployment on resource limited devices.
Finally, in an attempt to face the rapid traffic increase, mobile application developers outsource
their cloud infrastructure deployment and content delivery to cloud computing services
and content delivery networks. Studying how these services, which we collectively denote Cloud
Service Providers (CSPs), perform over Mobile Network Operators (MNOs) is crucial to understanding
some of the performance limitations of today’s mobile apps. To that end, we perform
the first empirical study of the complex dynamics between applications, MNOs and CSPs. First,
we use real mobile app traffic traces that we gathered through a global crowdsourcing campaign
to identify the most prevalent CSPs supporting today’s mobile Internet. Then, we investigate how
well these services interconnect with major European MNOs at a topological level, and measure
their performance over European MNO networks through a month-long measurement campaign
on the MONROE mobile broadband testbed. We discover that the top 6 most prevalent CSPs
are used by 85% of apps, and observe significant differences in their performance across different
MNOs due to the nature of their services, peering relationships with MNOs, and deployment
strategies. We also find that CSP performance in MNOs is affected by inflated path length, roaming,
and presence of middleboxes, but not influenced by the choice of DNS resolver. We also
observe that the choice of operator’s Point of Presence (PoP) may inflate by at least 20% the
delay towards popular websites.This work has been supported by IMDEA Networks Institute.Programa Oficial de Doctorado en Ingeniería TelemáticaPresidente: Ahmed Elmokashfi.- Secretario: Rubén Cuevas Rumín.- Vocal: Paolo Din
Testing the performance of a commercial active network measurement platform
Diplomityössä testataan ja mitataan yhden kaupallisen aktiivimittausalustan suorituskyky ja tarkkuus. Myös alustan kyky havaita tiettyjä tapahtumia tietoverkoissa testataan. Testeissä on mukana kaksi erityyppistä alustaan kuuluvaa mittalaitetta: alhaisen suorituskyvyn Brix 100 Verifier ja tehokkaampi Brix 1000 Verifier. Testauksen tuloksena voidaan sanoa, että molemmat mittalaitetyypit soveltuvat hyvin kiertoaikaviiveen mittaamiseen. Yhdensuuntaisen viiveen mittaukseen Brix 100 ei sovellu etenkään mitattaessa alhaisia viivetasoja (∼1ms). Ulkoista synkronisointilähdettä, kuten GPS-kelloa, käytettäessä Brix 1000 -mittalaitetta voidaan käyttää myös yhdensuuntaisen viiveen mittaamiseen.
Mittausalusta havaitsee verkossa tapahtuvat kuormitustilanteet ja reititinviat, mutta se ei kykene havaitsemaan lyhyitä alle sekunnin mittaisia katkoja.
Työn teoriaosassa esitellään joitain tunnettuja aktiivimittausmekasimeja ja -metodeja sekä pureudutaan aktiivimittauksiin ja niiden ongelmakohtiin yleisellä tasolla. Lisäksi työssä esitellään tunnettuja akateemisia aktiivimittaukseen liittyviä projekteja.In this thesis, a commercial active network measurement platform is tested for performance and accuracy. The platform is also tested for ability to detect certain events in networks. Two types of measurement probes are tested: the low performance Brix 100 Verifier and the high performance Brix 1000 Verifier. It is found that both platform's measurement probe types are accurate when measuring round-trip delay, but do not perform nearly as well when measuring one-way delay. External synchronization, such as GPS, helps the Brix 1000 Verifier to reach sub-millisecond measurement accuracy. As Brix 100 Verifiers do not support external synchronization, their accuracy is suitable only for measuring one-way delays larger than a few milliseconds.
The platform is able to detect sudden high load levels and router failures in a network, but fails to detect short (sub-second) link breaks.
In the theory part of this thesis, some well known active measurement methods and mechanisms are presented. Also, challenges related to active measurement are discussed and some of the recent major academic active measurement projects are introduced
Informing protocol design through crowdsourcing measurements
Mención Internacional en el título de doctorMiddleboxes, such as proxies, firewalls and NATs play an important role in the modern Internet
ecosystem. On one hand, they perform advanced functions, e.g. traffic shaping, security or enhancing application
performance. On the other hand, they turn the Internet into a hostile ecosystem for innovation,
as they limit the deviation from deployed protocols. It is therefore essential, when designing a new protocol,
to first understand its interaction with the elements of the path. The emerging area of crowdsourcing
solutions can help to shed light on this issue. Such approach allows us to reach large and different sets of
users and also different types of devices and networks to perform Internet measurements. In this thesis,
we show how to make informed protocol design choices by expanding the traditional crowdsourcing focus
from the human element and using crowdsourcing large scale measurement platforms.
We consider specific use cases, namely the case of pervasive encryption in the modern Internet, TCP
Fast Open and ECN++. We consider such use cases to advance the global understanding on whether wide
adoption of encryption is possible in today’s Internet or the adoption of encryption is necessary to guarantee
the proper functioning of HTTP/2. We target ECN and particularly ECN++, given its succession of
deployment problems. We then measured ECN deployment over mobile as well as fixed networks. In the
process, we discovered some bad news for the base ECN protocol—more than half the mobile carriers we
tested wipe the ECN field at the first upstream hop. This thesis also reports the good news that, wherever
ECN gets through, we found no deployment problems for the ECN++ enhancement. The thesis includes
the results of other more in-depth tests to check whether servers that claim to support ECN, actually respond
correctly to explicit congestion feedback, including some surprising congestion behaviour unrelated
to ECN.
This thesis also explores the possible causes that ossify the modern Internet and make difficult the
advancement of the innovation. Network Address Translators (NATs) are a commonplace in the Internet
nowadays. It is fair to say that most of the residential and mobile users are connected to the Internet
through one or more NATs. As any other technology, NAT presents upsides and downsides. Probably the
most acknowledged downside of the NAT technology is that it introduces additional difficulties for some
applications such as peer-to-peer applications, gaming and others to function properly. This is partially
due to the nature of the NAT technology but also due to the diversity of behaviors of the different NAT implementations
deployed in the Internet. Understanding the properties of the currently deployed NAT base
provides useful input for application and protocol developers regarding what to expect when deploying
new application in the Internet. We develop NATwatcher, a tool to test NAT boxes using a crowdsourcingbased
measurement methodology.
We also perform large scale active measurement campaigns to detect CGNs in fixed broadband networks
using NAT Revelio, a tool we have developed and validated. Revelio enables us to actively determine from within residential networks the type of upstream network address translation, namely NAT
at the home gateway (customer-grade NAT) or NAT in the ISP (Carrier Grade NAT). We deploy Revelio
in the FCC Measuring Broadband America testbed operated by SamKnows and also in the RIPE Atlas
testbed.
A part of this thesis focuses on characterizing CGNs in Mobile Network Operators (MNOs). We develop
a measuring tool, called CGNWatcher that executes a number of active tests to fully characterize CGN
deployments in MNOs. The CGNWatcher tool systematically tests more than 30 behavioural requirements
of NATs defined by the Internet Engineering Task Force (IETF) and also multiple CGN behavioural metrics.
We deploy CGNWatcher in MONROE and performed large measurement campaigns to characterize the
real CGN deployments of the MNOs serving the MONROE nodes.
We perform a large measurement campaign using the tools described above, recruiting over 6,000 users,
from 65 different countries and over 280 ISPs. We validate our results with the ISPs at the IP level and,
reported to the ground truth we collected. To the best of our knowledge, this represents the largest active
measurement study of (confirmed) NAT or CGN deployments at the IP level in fixed and mobile networks
to date.
As part of the thesis, we characterize roaming across Europe. The goal of the experiment was to try to
understand if the MNO changes CGN while roaming, for this reason, we run a series of measurements that
enable us to identify the roaming setup, infer the network configuration for the 16 MNOs that we measure
and quantify the end-user performance for the roaming configurations which we detect. We build a unique
roaming measurement platform deployed in six countries across Europe. Using this platform, we measure
different aspects of international roaming in 3G and 4G networks, including mobile network configuration,
performance characteristics, and content discrimination. We find that operators adopt common approaches
to implementing roaming, resulting in additional latency penalties of 60 ms or more, depending on geographical
distance. Considering content accessibility, roaming poses additional constraints that leads to
only minimal deviations when accessing content in the original country. However, geographical restrictions
in the visited country make the picture more complicated and less intuitive.
Results included in this thesis would provide useful input for application, protocol designers, ISPs and
researchers that aim to make their applications and protocols to work across the modern Internet.Programa de Doctorado en Ingeniería Telemática por la Universidad Carlos III de MadridPresidente: Gonzalo Camarillo González.- Secretario: María Carmen Guerrero López.- Vocal: Andrés García Saavedr
Mitigating Stealthy Link Flooding DDoS Attacks Using SDN-Based Moving Target Defense
With the increasing diversity and complication of Distributed Denial-of-Service (DDoS) attacks, it has become extremely challenging to design a fully protected network. For instance, recently, a new type of attack called Stealthy Link Flooding Attack (SLFA) has been shown to cause critical network disconnection problems, where the attacker targets the communication links in the surrounding area of a server. The existing defense mechanisms for this type of attack are based on the detection of some unusual traffic patterns; however, this might be too late as some severe damage might already be done. These mechanisms also do not consider countermeasures during the reconnaissance phase of these attacks. Over the last few years, moving target defense (MTD) has received increasing attention from the research community. The idea is based on frequently changing the network configurations to make it much more difficult for the attackers to attack the network.
In this dissertation, we investigate several novel frameworks based on MTD to defend against contemporary DDoS attacks. Specifically, we first introduce MTD against the data phase of SLFA, where the bots are sending data packets to target links. In this framework, we mitigate the traffic if the bandwidth of communication links exceeds the given threshold, and experimentally show that our method significantly alleviates the congestion. As a second work, we propose a framework that considers the reconnaissance phase of SLFA, where the attacker strives to discover critical communication links. We create virtual networks to deceive the attacker and provide forensic features. In our third work, we consider the legitimate network reconnaissance requests while keeping the attacker confused. To this end, we integrate cloud technologies as overlay networks to our system. We demonstrate that the developed mechanism preserves the security of the network information with negligible delays. Finally, we address the problem of identifying and potentially engaging with the attacker. We model the interaction between attackers and defenders into a game and derive a defense mechanism based on the equilibria of the game. We show that game-based mechanisms could provide similar protection against SLFAs like the extensive periodic MTD solution with significantly reduced overhead.
The frameworks in this dissertation were verified with extensive experiments as well as with the theoretical analysis. The research in this dissertation has yielded several novel defense mechanisms that provide comprehensive protection against SLFA. Besides, we have shown that they can be integrated conveniently and efficiently to the current network infrastructure
인터넷 AS-Level 토폴로지: 발견과 분석
학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2014. 8. Taekyoung Kwon.The Autonomous System (AS) level topology of the Internet is critical for future protocol design, performance evaluation, simulation and analysis. Despite significant research efforts over the past decade, the AS-level topology of the Internet is far from complete. Worse, recent studies highlight that the incompleteness problem is much larger than previously believed. In this thesis, we highlight the importance of two under utilized AS-level topology data sources: Looking glass (LG) servers and Internet Routing Registries (IRR).
By querying Looking glass (LG) servers, we build an AS topology estimate of around 143 K AS links from 245 LG servers across 110 countries. We find 20 K new AS links in the AS topology from the LG servers. We observe 620 neighboring ASes of the LG servers that are not sharing their BGP traces with any of RouteViews [49], RIPE-RIS [65], and PCH [66]. We discover 686 new ASes in the AS topology from the LG servers that are hidden from other AS topologies. Overall, we conclude that collecting BGP traces from the LG servers help increase the narrow view of BGP observed from current BGP collectors [38]. However, the AS topology view from the LG servers suffers from limited vantage points of the LG servers and BGP export policies employed by the neighboring ASes of LG servers.
Understanding the benefits and limitations of LG servers, we explore Internet Routing Registries (IRR), which are a set of databases used by ASes to register their inter-domain routing policies. More specifically, we first present a methodology to extract AS-level topology (e.g., bilateral and multilateral peering links) from the IRR. We extract 610 K AS links from the IRR dataset of Nov. 1st, 201368% of which can be matched in BGP, traceroute, and in the cliques of Internet eXchange points (IXPs). We find active usage of the IRR by member ASes of IXPs, which results in inferring peering matrices of many large and small IXPs. Finally, we present a methodology to infer business relationships between ASes using routing polices stored in the IRR. We show that the overall accuracy of our algorithm is comparable (97% for p2c, 95% for p2p links) to the existing algorithms, which infer AS relationships using BGP AS paths. We conclude that the IRR is a strong complementary source for better understandings of the structure, performance, dynamics, and evolution of the Internet since it is actively used by a large number of operational ASes in the Internet.Abstract i
Contents iii
List of Figures v
List of Tables vii
Chapter 1 Introduction 1
Chapter 2 Background 6
2.1 Inter-domainRouting ........................ 6
2.2 ImportanceofResearchonAStopology . . . . . . . . . . . . . . 8
2.3 LookingGlassServers ........................ 13
2.4 InternetRoutingRegistries ..................... 15
2.5 RelatedWork............................. 17
Chapter 3 METHODOLOGY 20
3.1 ASTopologyderivedfromLGservers ............... 20
3.2 ExploringIRRforAS-levelTopology................ 22
3.2.1 IXPs(IPPrefixes,ASNs,andMembers) . . . . . . . . . . 22
3.2.2 Route Servers (ASNs and AS-Set Objects) . . . . . 23
3.2.3 PreprocessingIRRdata ................... 23
3.2.4 Extracting AS Links and Policies from IRR . . . . . . . . 27
3.3 ASRelationshipInference ...................... 30
Chapter 4 Datasets 32
4.1 ASTopologies............................. 32
4.2 ASRelationshipDatasets ...................... 34
Chapter 5 Analysis 36
5.1 ComparisonofBGPfeeders..................... 36
5.2 RegistrationofRoutingPoliciesintheIRR . . . . . . . . . . . . 39
5.2.1 Policiesinaut-numObjects................. 39
5.2.2 Number of Local Preference (LocalPref) Values in the IRR
5.3 AnalysisonAS-levelTopology ................... 43
5.3.1 Overlapping and Missing IRR-based AS Links . . . . . . 43
5.3.2 BGP-based AS Links vs. IRR-based AS Links . . . . . . . 48
5.3.3 ASDegreeDistribution ................... 50
Chapter 6 AS Relationship Inference 53
6.1 EvaluationResults .......................... 53
Chapter 7 Summary & Future Work 55
요약 65
Acknowledgements 67Docto
- …