A First Characterization of Anycast Traffic from Passive Traces

Abstract—IP anycast routes packets to the topologically nearest server according to BGP proximity. In the last years, new players have started adopting this technology to serve web content via Anycast-enabled CDNs (A-CDN). To the best of our knowledge, in the literature, there are studies that focus on a specific A-CDN deployment, but little is known about the users and the services that A-CDNs are serving in the Internet at large. This prompted us to perform a passive characterization study, bringing out the principal A-CDN actors in our monitored setup, the services they offer, their penetration, etc. Results show a very heterogeneous picture, with A-CDN empowered services that are very popular (e.g., Twitter or Bing), serve a lot of different contents (e.g., Wordpress or adult content), and even include audio/video streaming (e.g., Soundcloud, or Vine). Our measurements show that the A-CDN technology is quite mature and popular, with more than 50% of web users that access content served by a A-CDN during peak time

Latency-Based Anycast Geolocation: Algorithms, Software, and Datasets

International audienceUse of IP-layer anycast has increased in the last few years beyond the DNS realm. Yet, existing measurement techniques to identify and enumerate anycast replicas exploit specifics of the DNS protocol, which limits their applicability to this particular service. With this paper, we not only propose and thoroughly validate a protocol-agnostic technique for anycast replicas discovery and geolocation, but also provide the community with open source software and datasets to replicate our experimental results, as well as facilitating the development of new techniques such as ours. In particular, our proposed method achieves thorough enumer-ation and city-level geolocalization of anycast instances from a set of known vantage points. The algorithm features an iterative workflow, pipelining enumeration (an optimization problem using latency as input) and geolocalization (a classification problem using side channel information such as city population) of anycast replicas. Results of a thorough validation campaign show our algorithm to be robust to measurement noise, and very lightweight as it requires only a handful of latency measurements

Anycast de nos jours

The work of this thesis originates from the investigative curiosity of discovering IP anycast. Once relegated to root and top-level Domain Name System (DNS) servers, anycast is now commonly used by Content Delivery Networks (CDN) and other key Internet players. In this thesis, we aim to raise awareness about IP anycast by building a comprehensive picture of it. First, we focus on the identification of a protocol-agnostic and lightweight technique used for the discovery and geolocation of anycast replicas. Other measurement techniques exist. However, they exploit specifics of the DNS protocol, which limits their applicability to this particular service. We also provide the community with open-source software and datasets. This methodology enables the next step of our research: unveiling all the companies that currently use anycast. We carry on multiple IPv4 anycast censuses from a distributed platform. These censuses find that many major Internet companies utilize anycast. In addition to identifying the companies, updated information on anycast IPs and their geolocation can serve for many other purposes. Hence, the decision was made to put a system in place, which is capable of performing monthly IPv4 censuses and analyzing the results of one-year measurements. Finally to complete the picture, we investigate the users and services that anycast CDNs are serving at large on the Internet. We perform a passive characterization focusing on the services they offer, their penetration, etc. Our findings reveal that more than 50\% of web users access content served by anycast CDNs. A broad range of Transmission Control Protocol (TCP) services are offered over anycast.Les motivations des recherches réalisées dans cette thèse viennent de la curiosité de découvrir IP anycast. Cette technique est couramment utilisée pour partager la quantité d’information d'une variété de services globaux. Dans cette thèse, nous visons à sensibiliser la communauté de l'utilisation d'IP anycast. Tout d'abord, nous nous concentrons sur l'identification d'une technique, qui ne dépend pas d'un protocole spécifique, utilisé pour la découverte et la géolocalisation des répliques anycast. D'autres techniques existent déjà, mais ils exploitent les spécificités du protocole DNS, ce qui limite leur applicabilité à ce service. Nous fournissons également à la communauté des logiciels open-source avec des jeu de données. Cette méthodologie nous a permis de mettre en oeuvre la prochaine étape de notre recherche: dévoiler toutes les entreprises qui utilisent actuellement anycast pour leurs services. Nous effectuons plusieurs IPv4 census d'anycast, en utilisant des mesures de latence à partir d'une plateforme distribuée. Ces census révèlent finalement que de nombreuses grandes entreprises d'Internet utilisent anycast. Nous avons donc décidé de mettre en place un système capable d'effectuer des census IPv4 mensuels et d'analyser les résultats. Enfin, pour compléter l'étude, nous analysons les CDN anycast. Nous effectuons une caractérisation passive en mettant l'accent sur les services qu'ils offrent et leur pénétration etc. Nos résultats révèlent que normalment plus de 50\% des internautes accèdent au contenu servi par les CDN anycast. Une large gamme de services TCP (Transmission Control Protocol) est offerte sur anycast. Celle-ci peut inclure des services d'audio, de streaming vidéo ou des HTTP & HTTPS, ces derniers étant les plus populaires

Anycast nowadays

Les motivations des recherches réalisées dans cette thèse viennent de la curiosité de découvrir IP anycast. Cette technique est couramment utilisée pour partager la quantité d’information d'une variété de services globaux. Dans cette thèse, nous visons à sensibiliser la communauté de l'utilisation d'IP anycast. Tout d'abord, nous nous concentrons sur l'identification d'une technique, qui ne dépend pas d'un protocole spécifique, utilisé pour la découverte et la géolocalisation des répliques anycast. D'autres techniques existent déjà, mais ils exploitent les spécificités du protocole DNS, ce qui limite leur applicabilité à ce service. Nous fournissons également à la communauté des logiciels open-source avec des jeu de données. Cette méthodologie nous a permis de mettre en oeuvre la prochaine étape de notre recherche: dévoiler toutes les entreprises qui utilisent actuellement anycast pour leurs services. Nous effectuons plusieurs IPv4 census d'anycast, en utilisant des mesures de latence à partir d'une plateforme distribuée. Ces census révèlent finalement que de nombreuses grandes entreprises d'Internet utilisent anycast. Nous avons donc décidé de mettre en place un système capable d'effectuer des census IPv4 mensuels et d'analyser les résultats. Enfin, pour compléter l'étude, nous analysons les CDN anycast. Nous effectuons une caractérisation passive en mettant l'accent sur les services qu'ils offrent et leur pénétration etc. Nos résultats révèlent que normalment plus de 50\% des internautes accèdent au contenu servi par les CDN anycast. Une large gamme de services TCP (Transmission Control Protocol) est offerte sur anycast. Celle-ci peut inclure des services d'audio, de streaming vidéo ou des HTTP & HTTPS, ces derniers étant les plus populaires.The work of this thesis originates from the investigative curiosity of discovering IP anycast. Once relegated to root and top-level Domain Name System (DNS) servers, anycast is now commonly used by Content Delivery Networks (CDN) and other key Internet players. In this thesis, we aim to raise awareness about IP anycast by building a comprehensive picture of it. First, we focus on the identification of a protocol-agnostic and lightweight technique used for the discovery and geolocation of anycast replicas. Other measurement techniques exist. However, they exploit specifics of the DNS protocol, which limits their applicability to this particular service. We also provide the community with open-source software and datasets. This methodology enables the next step of our research: unveiling all the companies that currently use anycast. We carry on multiple IPv4 anycast censuses from a distributed platform. These censuses find that many major Internet companies utilize anycast. In addition to identifying the companies, updated information on anycast IPs and their geolocation can serve for many other purposes. Hence, the decision was made to put a system in place, which is capable of performing monthly IPv4 censuses and analyzing the results of one-year measurements. Finally to complete the picture, we investigate the users and services that anycast CDNs are serving at large on the Internet. We perform a passive characterization focusing on the services they offer, their penetration, etc. Our findings reveal that more than 50\% of web users access content served by anycast CDNs. A broad range of Transmission Control Protocol (TCP) services are offered over anycast

A closer look at IP-ID behavior in the Wild

International audienceOriginally used to assist network-layer fragmentation and reassembly, the IP identification field (IP-ID) has been used and abused for a range of tasks, from counting hosts behind NAT, to detect router aliases and, lately, to assist detection of censorship in the Internet at large. These inferences have been possible since, in the past, the IP- ID was mostly implemented as a simple packet counter: however, this behavior has been discouraged for security reasons and other policies, such as random values, have been suggested. In this study, we propose a framework to classify the different IP-ID behaviors using active probing from a single host. Despite being only minimally intrusive, our technique is significantly accurate (99% true positive classification) robust against packet losses (up to 20%) and lightweight (few packets suffices to discriminate all IP-ID behaviors). We then apply our technique to an Internet-wide census, where we actively probe one alive target per each routable /24 subnet: we find that that the majority of hosts adopts a constant IP-IDs (39%) or local counter (34%), that the fraction of global counters (18%) significantly diminished, that a non marginal number of hosts have an odd behavior (7%) and that random IP-IDs are still an exception (2%)

A First Characterization of Anycast Traffic from Passive Traces .

IP anycast routes packets to the topologically nearestserver according to BGP proximity. In the last years, new playershave started adopting this technology to serve web content viaAnycast-enabled CDNs (A-CDN). To the best of our knowledge,in the literature, there are studies that focus on a specific A-CDNdeployment, but little is known about the users and the servicesthat A-CDNs are serving in the Internet at large.This prompted us to perform a passive characterization study,bringing out the principal A-CDN actors in our monitored setup,the services they offer, their penetration, etc. Results show avery heterogeneous picture, with A-CDN empowered servicesthat are very popular (e.g., Twitter or Bing), serve a lot ofdifferent contents (e.g., Wordpress or adult content), and eveninclude audio/video streaming (e.g., Soundcloud, or Vine). Ourmeasurements show that the A-CDN technology is quite matureand popular, with more than 50% of web users that accesscontent served by a A-CDN during peak tim

Characterizing IPv4 Anycast Adoption and Deployment

This paper provides a comprehensive picture of IP-layer anycast adoption in the current Internet. We carry on multiple IPv4 anycast censuses, relying on latency measurement from PlanetLab. Next, we leverage our novel technique for anycast detection, enumeration, and geolocation~\cite{infocom15} to quantify anycast adoption in the Internet. Our technique is scalable and, unlike previous efforts that are bound to exploiting DNS, is protocol-agnostic. Our results show that major Internet companies (including tier-1 ISPs, over-the-top operators, Cloud providers and equipment vendors) use anycast: we find that a broad range of TCP services are offered over anycast, the most popular of which include HTTP and HTTPS by anycast CDNs that serve websites from the top-100k Alexa list. Additionally, we complement our characterization of IPv4 anycast with a description of the challenges we faced to collect and analyze large-scale delay measurements, and the lessons learned

Anycast census and geolocation

Anycast census and geolocation</p