Avoiding traceroute anomalies with Paris Traceroute Brice Augustin

Avoiding traceroute anomalies with Paris Traceroute Brice Augustin (Université Pierre et Marie Curie-LIP 6/CNRS) Xavier Cuvellier, Timur Friedman, Renata Teixeira (Université Pierre et Marie Curie-LIP 6/CNRS) Fabien Viger, Benjamin Orgogozo, Matthieu Latapy (Université Denis Diderot-LIAFA/CNRS) Clémence Magnien (Ecole Polytechnique-CREA/CNRS)

Contributions • Identified traceroute deficiencies on load balanced paths Ø Measured paths are inaccurate and incomplete Ø False diamonds, false loops and false cycles • Built a new traceroute: Paris traceroute 2

Traceroute under load balancing Actual topology: Src A C TTL = 2 L B E Dst D TTL = 3 Inferred topology: Src A C False link E L B Missing nodes and links Dst D 3

Anomalies: false diamonds A Actual topology: Src C E L B Dst D Inferred topology: A Src C E L B Dst D 4

Anomalies: false loops and cycles TTL = 3 Actual topology: Src A D L B Dst C TTL = 4 TTL = 2 Inferred topology: Src L D Dst B 5

Anomalies happen even under per-flow load balancing Port 2 A Flow 1 C Port 1 Src TTL = 2 L B Port 3 D E Dst TTL = 1 TTL = 3 • Traceroute uses the destination port as identifier • Per-flow load balancers use the destination port as part of the flow identifier 6

Paris traceroute • Solves the problem with per-flow load balancing § Probes to a destination belong to same flow • How to identify probes? § Use the UDP checksum • Does not address per-packet load balancing Checksum 2 Port 1 Checksum 1 A Port 1 Src TTL = 2 L B TTL = 1 Checksum 3 Port 1 C TTL = 3 E Dst D 7

Measurement infrastructure 5000 reachable destinations Measurements • 1 round takes 100 minutes • 2 months • 1465 rounds Paris traceroute Classic traceroute Paris INTERNET Paris traceroute Source 8

Unusual observations Diamonds Loops Cycles A A A B B C C B C D Ø What portion of these are false, i. e. anomalies? 9

Measurement artifacts are common From our LIP 6 vantage point: • Diamonds appear in 30% of the destinations § Paris traceroute removes 10, 662 from 19, 159 (56%) • Loops appear in 4. 5% of the measured routes § Paris traceroute removes 5, 047 from 5, 795 (87%) • Cycles appear in 0. 25% of the measured routes § Paris traceroute removes 3, 886 from 5, 674 (68%) • Other causes § § Routing changes NAT boxes Buggy routers Per-packet load balancing 10

Conclusion • Classic traceroute leads to anomalies: § False diamonds, false loops and false cycles • Per-flow load balancers cause most of the anomalies • Paris traceroute reports more precise paths 11

More information www. paris-traceroute. net 12

Future Directions • Exhaustive algorithm § Find all paths § Fine characterization of load balancers § Impact on inferred graphs (stats, dynamics) • Broader experiments § More sources and destinations • Path diversity § Optimize Internet connections by selecting the appropriate flow identifier 13

Anomalies: false loops and cycles TTL = 3 A Src D L B C Dst E TTL = 5 TTL = 2 TTL = 4 D Src Dst L B E 14

Anomalies: Loops caused by buggy routers Src A X Rejects the probe with a TTL of 0 and TTL = 1 Forwards the sends it back to probe with TTL the source equal to 0 Src B Dst Forwards the TTL == 12 the probe Rejects probe with TTL -bash$ traceroute Dst traceroute to Dst 1 B 0. 289 ms 2 B 0. 278 ms 3 Dst 0. 578 ms withequal a TTLto of 00 and sends it back to the source B Dst -bash$ traceroute-paris Dst traceroute to Dst 1 B 0. 289 ms !T 0 2 B 0. 278 ms 3 Dst 0. 578 ms 15

Anomalies: Loops caused by NAT boxes Response TTL = 254 IP Identifier = 12375 Src A Response TTL = 252 IP Identifier = 9356 Dst (NAT) Dst B B TTL = 2 TTL = 3 2 Src A C TTL = 3 Response TTL = 253 IP Identifier = 5286 Dst See [ Bellovin 2002 16 ]

An intriguing traceroute output A -bash$ traceroute F traceroute to F, 64 hops max, . . . 1 A 0. 353 ms 0. 358 ms 0. 222 ms 2 B 0. 848 ms C 0. 264 ms B 0. 985 ms 3 D 0. 225 ms E 0. 718 ms D 0. 778 ms 4 F 0. 590 ms 0. 609 ms 0. 750 ms -bash$ B D C ? E F 17

An intriguing traceroute output -bash$ traceroute F traceroute to F, 64 hops max, . . . 1 A 0. 353 ms 0. 358 ms 0. 222 ms 2 B 0. 848 ms C 0. 264 ms B 0. 985 ms 3 D 0. 225 ms E 0. 718 ms D 0. 778 ms 4 F 0. 590 ms 0. 609 ms 0. 750 ms -bash$ traceroute F traceroute to F, 64 hops max, . . . 1 A 0. 253 ms 0. 354 ms 0. 325 ms 2 C 0. 342 ms 0. 364 ms B 0. 825 ms 3 E 0. 216 ms D 0. 614 ms 0. 820 ms 4 F 0. 612 ms 0. 503 ms 0. 728 ms -bash$ A B D C ? E F 18

Anomalies: diamonds A Src E L B A Src C D C E L B Dst D 19

What we expect with per-flow load balancing Flow 1 A Src C E TTL = 2 L B Dst D TTL = 3 A Src E L Dst D 20

How traceroute works Src 0 A 1 TTL = 1 0 B 1 TTL = 2 Dst TTL = 3 Src A 0 B 0 Dst Src A 1 B 1 Dst 21