Internet topology and performance analytics for mapping critical network infrastructure



Similar documents
High-Frequency Active Internet Topology Mapping

Internet Mapping: from Art to Science

The Joint Degree Distribution as a Definitive Metric of the Internet AS-level Topologies

The digital copy of this thesis is protected by the Copyright Act 1994 (New Zealand).

Analyzing and modelling the AS-level Internet topology

Studying Black Holes on the Internet with Hubble

A Study on Traceroute Potentiality in Revealing the Internet AS-level Topology

Recent Results in Network Mapping: Implications on Cybersecurity

Embedded BGP Routing Monitoring. Th. Lévy O. Marcé

Active Measurements: traceroute

Distributed Systems. 23. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2015

On the Impact of Route Monitor Selection

On the Eyeshots of BGP Vantage Points

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Distributed Systems. 25. Content Delivery Networks (CDN) 2014 Paul Krzyzanowski. Rutgers University. Fall 2014

On the Impact of Route Monitor Selection

Efficient Discovery of Load-Balanced Paths. Alistair King

Efficient Doubletree: An Algorithm for Large-Scale Topology Discovery

A Second Look at Detecting Third-Party Addresses in Traceroute Traces with the IP Timestamp Option

Measured Impact of Crooked Traceroute

Outline. EE 122: Interdomain Routing Protocol (BGP) BGP Routing. Internet is more complicated... Ion Stoica TAs: Junda Liu, DK Moon, David Zats

PORTOLAN. Probing the Internet through Smartphone-based Crowdsourcing

A Characterization of IPv6 Network Security Policy

Scalable NetFlow Analysis with Hadoop Yeonhee Lee and Youngseok Lee

Detecting BGP hijacks in 2014

Amogh Dhamdhere. Cooperative Association for Internet Data Analysis 9500 Gilman Dr., Mail Stop 0505 La Jolla, CA

Summary : Mapping Interconnection in the Internet: Colocation, Connectivity and Congestion

State of the Cloud DNS Report

AS Relationships, Customer Cones, and Validation

Collecting the Internet AS-level Topology

State of the Cloud DNS Report

Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization

Collapse by Cascading Failures in Hybrid Attacked Regional Internet

Efficient Doubletree: An Algorithm for Large-Scale Topology Discovery

Yarrp ing the Internet

Some Examples of Network Measurements

Internet Infrastructure Measurement: Challenges and Tools

Public Review for Revealing MPLS Tunnels Obscured from Traceroute. Benoit Donnet, Matthew Luckie, Pascal Mérindol, and Jean-Jacques Pansiot

Discovering High-Impact Routing Events Using Traceroutes

Livermore Computer Network Simulation Program

A Stateless Traceback Technique for Identifying the Origin of Attacks from a Single Packet

C HINA 1 is the country with the largest number of Internet

Week 4 / Paper 1. Open issues in Interdomain Routing: a survey

Towards Autonomic DDoS Mitigation using Software Defined Networking

Measuring the Evolution of Internet Peering Agreements

Efficient Methodical Internet Topology Discovery

AfriNREN Project Literature Review

Layer 1-Informed Internet Topology Measurement

XPROBE-NG. What s new with upcoming version of the tool. Fyodor Yarochkin Armorize Technologies

Topology Discovery at the Router Level: A New Hybrid Tool Targeting ISP Networks

Internet Traffic Trends A View from 67 ISPs

Massive Cloud Auditing using Data Mining on Hadoop

Efficient strategies for active interface-level network topology discovery

Web Caching and CDNs. Aditya Akella

Towards the Science of Network Measurement. Rocky K. C. Chang The Internet Infrastructure and Security Laboratory November 20, 2012

Understanding the topological properties of Internet traffic: a view from the edge

Topology Mapping and Geolocating for China s Internet

A Novel Packet Marketing Method in DDoS Attack Detection

Analysis of Internet Topologies

Networking Research: Trends and Issues

XPROBE. Building Efficient Network Discovery Tools. Fyodor Yarochkin

Challenges in Inferring Internet Interdomain Congestion

Upon completion of this course, you will be able to perform the following tasks:

Leveraging SDN and NFV in the WAN

BREAKING HTTPS WITH BGP HIJACKING. Artyom Gavrichenkov R&D Team Lead, Qrator Labs

Measuring and Characterizing End-to-End Route Dynamics in the Presence of Load Balancing

Evaluation of a Large-Scale Topology Discovery Algorithm

Subnet Level Network Topology Mapping

INTERNET TOPOLOGY DISCOVERY: A SURVEY

DREAMER and GN4-JRA2 on GTS

Situational Awareness Through Network Visualization

perfsonar MDM release Product Brief

The forces behind the changing Internet: IXPs, content delivery, and virtualization

How Akamai Maps the Net:

Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012

Network Resilience. From Concepts to Experimentation. FIRE Research Workshop - May 16 th 2011

Outline. Outline. Outline

The Shape of the Network. The Shape of the Internet. Why study topology? Internet topologies. Early work. More on topologies..

Data Center Content Delivery Network

Limitations of Packet Measurement

Analysis of Internet Topologies: A Historical View

Influence Maps - a novel 2-D visualization of massive geographically distributed data sets Introduction Methodology Location Map.

Active Measurement Data Analysis Techniques

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

SDN and NFV in the WAN

Request Routing, Load-Balancing and Fault- Tolerance Solution - MediaDNS

Networks in the Broad Carnegie Mellon University

NETWORK TOPOLOGIES: INFERENCE, MODELING, AND GENERATION

Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks

Cisco IOS Flexible NetFlow Technology

LOCAL-AREA PATH DIVERSITY IN THE INTERNET

Vytautas Valancius, Nick Feamster, Akihiro Nakao, and Jennifer Rexford

Backbone Modeling for Carrying Local Content and Over-the-Top Traffic

Hypothesis Testing for Network Security

A Measurement of NAT & Firewall Characteristics in Peer to Peer Systems

On Characterizing BGP Routing Table Growth Tian Bu, Lixin Gao, and Don Towsley University of Massachusetts, Amherst, MA 01003

Bloom Filter based Inter-domain Name Resolution: A Feasibility Study

Leveraging Internet Background Radiation for Opportunistic Network Analysis

Traffic & Peering Analysis

Transcription:

CYBER SECURITY DIVISION 2014 R&D SHOWCASE AND TECHNICAL WORKSHOP Internet topology and performance analytics for mapping critical network infrastructure CAIDA/UCSD PI k claffy 16-18 December 2014 1

Team Profile Center for Applied Internet Data Analysis (CAIDA) Founded by PI and Director k claffy Independent analysis and research group 15+ years experience in data collection, curation, and research Known for data collection tools, analysis, and data sharing located at the UC San Diego s Supercomputer Center Key personnel: Bradley Huffaker, Young Hyun, Marina Fomenkov, Josh Polterock, Ken Keys, Matthew Luckie 2

Need: Situational Awareness of Internet Fundamental Global Cybersecurity Challenge The Internet s scope and complexity is growing faster than our capability to understand or measure its structure, dynamics, or vulnerabilities. [46k independent networks: typically commercial, competitive, opaque] 3

Approach: Infrastructure, Data, Analytics 1. Design, implement, validate measurement algorithms Sustainable and scalable system design 2. Deploy and manage measurement infrastructure 106+ Archipelago monitors (38 IPv6, 58 Pi s, 36 RadClock) Continually and comprehensively probe IP address space 3. Apply algorithms and infrastructure to improve integrity and scope of maps Derive router- and AS-level topologies Curated data kits shared with researchers (ITDK) 4. Inform real-world problems with better understanding of the Internet s structure, routing dynamics, performance, and vulnerabilities 4

Approach: Increase Completeness, Accuracy and Richness of Topology Map AS Ranking by Customer Cones (BCP38) Archipelago Router-level map PoP- level map Operator valida0on 5

Approach: Curate Data to Enable Others Synthesize data to curate Internet Topology Data Kit Augment with BGP, DNS lookups, geolocation data, other sources of trace route data Derived: IP paths, AS paths, router aliases Results: relationship-aware AS graph; AS-to- Organization mappings; router graph including geolocation & ownership [Eventually] support interactive use of data kit 6

Approach: ITDK WorkFlow cyberspace is complicated! http://www.caida.org/data/internet-topology-data-kit/ Center for Applied Internet Data Analysis ITDK: Internet Topology Data Kit Process IP traceroute BGP looking servers glass servers BGP BGP looking glass glass servers BGP Collectors CAIDA DDec Internet digital envoy Netacuity MAXMIND GeoLite City DNS DNS servers servers data collectors data servers CAIDA A rchipelago scamper MIDAR data files data processes iffinder geographic IPv4 address geolocation AS level BGP paths geographic IPv4 address geolocation DNS HostDB hostnames IP level Ark traces MIDAR router aliases Iffinder AS relationship complex AS relationship multi-lateral peering AS relationship peering from traceroute AS Relationship conventional Geolocation process DRoP hostname decode AS Assignment process Filter IP Hostnames process kapar process AS relationships conventional peering AS relationships conventional AS relationships complex new AS relationships conventional AS graph AS customer cone ITDK Datasets router geolocation router AS assignment hostnames router graph nodes links 7

Benefits: Enabling Wide Range of Security and Stability Research router topology mapping and validation architecting interdomain atlas of congestion Structure business relationship inference and validation filter policy congruity scalable measurement systems Performance Security mapping of fragility evolution of advanced TCP features understanding TCP s resilience to attacks forged address detection and mitigation

Benefits: Broader Impact www.caida.org macroscopic topology, AS rank Network intelligence: prefix hijacking, outages broader impacts Network intelligence: TreasureMap TR: DNS server placement CCS: routing bottlenecks IMC: mapping google expansion PAM: policy violations IMC: MPLS deployment TR: defend against Tor adversaries IMC: router fingerprinting IMC: ECN readiness PAM: traceroute pitfalls 9

Macroscopic Internet Graph 2014 (v4,6) http://www.caida.org/research/topology/as_core_network/2014/ 10

Competition Related Work In academics, we view as related work rather than competition and try to reduce unnecessary redundancy. RIPE Atlas (http://atlas.ripe.net/) Internet Atlas (http://internetatlas.org/) iplane datasets (http://iplane.cs.washington.edu/data/data.html) DIMES (http://www.netdimes.org/) zmap (https://zmap.io/) Renesys (http://www.renesys.com/) recently acquired by Dyn 11

Current Status: Recent achievements (infrastructure, software/services, data) Deployed 27 Ark nodes (2014) bringing total to 106 Implemented & deployed Dolphin: bulk DNS resolution tool public release of DNS Decoder (DDec) automated hostnamebased geolocation data store and feedback collection service released beta version of interactive intermediate (PoP/citylevel) map validation functionality for testing & feedback (Apr) produced new AS classification derived from: darknet traffic data, AS-relationships, BGP announcements, peeringdb released April 2014 Internet Topology Data Kit (ITDK), with router and BGP-derived AS level topology published AS Core Topology Graph poster for 2014 new interactive data interface (caida.org tab) 12

Current Status: Recent achievements (publications, workshops, predictions) two papers at IMC2014 (&TPRC14): Fine-Grained AS Relationship Inference and Challenges in Inferring Internet Interdomain Congestion ACM SIGCOMM CCR papers on DNS-based router positioning (DRoP), spurious routes in BGP data two papers to appear PAM2015: IPv6 AS Relationships, Clique, and Congruence, Measuring and Characterizing IPv6 Router Availability (collaboration with NPS.edu) invited panel (slides&video online): Internet Architecture Innovation: 2020 and 2030, Duke Law s Center for Innovation Policy Forum Active Internet Measurement Workshop (AIMS2014) Workshop on Internet Economics (WIE2014) New CAIDA program plan 2014-2017 13

Next Steps: CAIDA Interactive http://www.caida.org/interactive/ Interactive views of data that allows users to: Learn from annotated Internet data Provide feedback on analysis & inference methods Execute on-demand measurements Correlate with other data sources Aiming for user-friendly interface to topology data and infrastructure AS Rank as-rank.caida.org DDec ddec.caida.org DatCat www.datcat.org CHARTH USE charthouse.caida.org Vela vela.caida.org 14

Contact Information k claffy kc@caida.org http://www.caida.org/ 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information