215 research outputs found
Measured impact of crooked traceroute
Data collected using traceroute-based algorithms underpins research into the Internet’s router-level topology, though it is possible to infer false links from this data. One source of false inference is the combination of per-flow load-balancing, in which more than one path is active from a given source to destination, and classic traceroute, which varies the UDP destination port number or ICMP checksum of successive probe packets, which can cause per-flow load-balancers to treat successive packets as distinct flows and forward them along different paths. Consequently, successive probe packets can solicit responses from unconnected routers, leading to the inference of false links. This paper examines the inaccuracies induced from such false inferences, both on macroscopic and ISP topology mapping. We collected macroscopic topology data to 365k destinations, with techniques that both do and do not try to capture load balancing phenomena.We then use alias resolution techniques to infer if a measurement artifact of classic traceroute induces a false router-level link. This technique detected that 2.71% and 0.76% of the links in our UDP and ICMP graphs were falsely inferred due to the presence of load-balancing. We conclude that most per-flow load-balancing does not induce false links when macroscopic topology is inferred using classic traceroute. The effect of false links on ISP topology mapping is possibly much worse, because the degrees of a tier-1 ISP’s routers derived from classic traceroute were inflated by a median factor of 2.9 as compared to those inferred with Paris traceroute
Defending Tor from Network Adversaries: A Case Study of Network Path Prediction
The Tor anonymity network has been shown vulnerable to traffic analysis
attacks by autonomous systems and Internet exchanges, which can observe
different overlay hops belonging to the same circuit. We aim to determine
whether network path prediction techniques provide an accurate picture of the
threat from such adversaries, and whether they can be used to avoid this
threat. We perform a measurement study by running traceroutes from Tor relays
to destinations around the Internet. We use the data to evaluate the accuracy
of the autonomous systems and Internet exchanges that are predicted to appear
on the path using state-of-the-art path inference techniques; we also consider
the impact that prediction errors have on Tor security, and whether it is
possible to produce a useful overestimate that does not miss important threats.
Finally, we evaluate the possibility of using these predictions to actively
avoid AS and IX adversaries and the challenges this creates for the design of
Tor
SDN as Active Measurement Infrastructure
Active measurements are integral to the operation and management of networks,
and invaluable to supporting empirical network research. Unfortunately, it is
often cost-prohibitive and logistically difficult to widely deploy measurement
nodes, especially in the core. In this work, we consider the feasibility of
tightly integrating measurement within the infrastructure by using Software
Defined Networks (SDNs). We introduce "SDN as Active Measurement
Infrastructure" (SAAMI) to enable measurements to originate from any location
where SDN is deployed, removing the need for dedicated measurement nodes and
increasing vantage point diversity. We implement ping and traceroute using
SAAMI, as well as a proof-of-concept custom measurement protocol to demonstrate
the power and ease of SAAMI's open framework. Via a large-scale measurement
campaign using SDN switches as vantage points, we show that SAAMI is accurate,
scalable, and extensible
Multilevel MDA-Lite Paris Traceroute
Since its introduction in 2006-2007, Paris Traceroute and its Multipath
Detection Algorithm (MDA) have been used to conduct well over a billion IP
level multipath route traces from platforms such as M-Lab. Unfortunately, the
MDA requires a large number of packets in order to trace an entire topology of
load balanced paths between a source and a destination, which makes it
undesirable for platforms that otherwise deploy Paris Traceroute, such as RIPE
Atlas. In this paper we present a major update to the Paris Traceroute tool.
Our contributions are: (1) MDA-Lite, an alternative to the MDA that
significantly cuts overhead while maintaining a low failure probability; (2)
Fakeroute, a simulator that enables validation of a multipath route tracing
tool's adherence to its claimed failure probability bounds; (3) multilevel
multipath route tracing, with, for the first time, a Traceroute tool that
provides a router-level view of multipath routes; and (4) surveys at both the
IP and router levels of multipath routing in the Internet, showing, among other
things, that load balancing topologies have increased in size well beyond what
has been previously reported as recently as 2016. The data and the software
underlying these results are publicly available.Comment: Preprint. To appear in Proc. ACM Internet Measurement Conference 201
Network-provider-independent overlays for resilience and quality of service.
PhDOverlay networks are viewed as one of the solutions addressing the inefficiency and slow
evolution of the Internet and have been the subject of significant research. Most existing
overlays providing resilience and/or Quality of Service (QoS) need cooperation among
different network providers, but an inter-trust issue arises and cannot be easily solved.
In this thesis, we mainly focus on network-provider-independent overlays and investigate
their performance in providing two different types of service. Specifically, this thesis
addresses the following problems:
Provider-independent overlay architecture: A provider-independent overlay
framework named Resilient Overlay for Mission-Critical Applications (ROMCA)
is proposed. We elaborate its structure including component composition and
functions and also provide several operational examples.
Overlay topology construction for providing resilience service: We investigate the topology design problem of provider-independent overlays aiming to provide resilience service. To be more specific, based on the ROMCA framework, we
formulate this problem mathematically and prove its NP-hardness. Three heuristics are proposed and extensive simulations are carried out to verify their effectiveness.
Application mapping with resilience and QoS guarantees: Assuming application mapping is the targeted service for ROMCA, we formulate this problem as
an Integer Linear Program (ILP). Moreover, a simple but effective heuristic is
proposed to address this issue in a time-efficient manner. Simulations with both
synthetic and real networks prove the superiority of both solutions over existing
ones.
Substrate topology information availability and the impact of its accuracy on overlay performance: Based on our survey that summarizes the methodologies available for inferring the selective substrate topology formed among a group
of nodes through active probing, we find that such information is usually inaccurate
and additional mechanisms are needed to secure a better inferred topology. Therefore, we examine the impact of inferred substrate topology accuracy on overlay
performance given only inferred substrate topology information
Available Bandwidth Inference Based On Node-Centric Clusters
End-to-End Available Bandwidth (AB) is a real-time network metric that is useful for a wide range of applications including content distribution networks, multimedia streaming applications and overlay networks. In a large network with several thousand nodes, it is infeasible to perform all-pair bandwidth measurements as AB measurements could induce traffic overhead along the path. Also because of its dynamic nature, the measurements have to be performed frequently thus imposing significant probe traffic overhead on the network. In this paper, we discuss a clustering based distributed algorithm to infer the AB between any pair of nodes in a large network based on measurements performed on a subset of end-to-end paths. The algorithm was validated on Planet-Lab and for some nodes, 80% of the inferences were within 50% of the actual value
Large scale probabilistic available bandwidth estimation
The common utilization-based definition of available bandwidth and many of
the existing tools to estimate it suffer from several important weaknesses: i)
most tools report a point estimate of average available bandwidth over a
measurement interval and do not provide a confidence interval; ii) the commonly
adopted models used to relate the available bandwidth metric to the measured
data are invalid in almost all practical scenarios; iii) existing tools do not
scale well and are not suited to the task of multi-path estimation in
large-scale networks; iv) almost all tools use ad-hoc techniques to address
measurement noise; and v) tools do not provide enough flexibility in terms of
accuracy, overhead, latency and reliability to adapt to the requirements of
various applications. In this paper we propose a new definition for available
bandwidth and a novel framework that addresses these issues. We define
probabilistic available bandwidth (PAB) as the largest input rate at which we
can send a traffic flow along a path while achieving, with specified
probability, an output rate that is almost as large as the input rate. PAB is
expressed directly in terms of the measurable output rate and includes
adjustable parameters that allow the user to adapt to different application
requirements. Our probabilistic framework to estimate network-wide
probabilistic available bandwidth is based on packet trains, Bayesian
inference, factor graphs and active sampling. We deploy our tool on the
PlanetLab network and our results show that we can obtain accurate estimates
with a much smaller measurement overhead compared to existing approaches.Comment: Submitted to Computer Network
- …