Measuring the Internet Featuring Traceroute Based on slides
Measuring the Internet: Featuring Traceroute Based on slides by Yihua He (Ph. D UCR 2007)
Roadmap n n n Internet route: router and AS level Review of how traceroute works Possible ways to do IP->AS Hands-on experience with BGP tables What can traceroute tell us besides reachability? Internet routes are not symmetric
Autonomous System Forwarding Path Example: Pinpoint forwarding loop & responsible AS Internet IP traffic AS B AS C destination AS D source. AS A Autonomous System (AS)
![Border Gateway Protocol (BGP) Signaling path: control traffic d: path=[A B C] d: path=[BC]](http://slidetodoc.com/presentation_image_h/93d3f2f2f5dc7bf8f0e72a22407087e5/image-4.jpg "Border Gateway Protocol (BGP) Signaling path: control traffic d: path=[A B C] d: path=[BC]")
Border Gateway Protocol (BGP) Signaling path: control traffic d: path=[A B C] d: path=[BC] d: path=[C] AS A AS B Forwarding path: data traffic Origin AS AS C prefix d BGP path may differ from forwarding AS path • Routing loops and deflections • Route aggregation and filtering • BGP misconfiguration
Measurements in the Internet n n n Difficulties in measuring Measuring tools (traceroute) Misc issues 5
Measuring and Modeling Is not Easy n n Constantly changing environment How much data is enough • Recently: we need to measure more than 24 h! n n How frequently should I be measuring? Are the measurements representative? 6
Operation versus Measurements n Operators do not care about • Measurements • Academic Research n Why? • Takes away resources • Can create problems • Complicates their lives n Luckily, there are measurement centers • CAIDA, NLANR, routeviews, RIPE 7
Types of Measurement Tools n Application level: • Install application agents at two measuring entries • More control over process n Network level: • Use the Internet control functionality (ICMP) • Trick the network to provide information 8
Ping: the tool n n Uses ICMP ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway Reports • Round trip time • Packets loss n n n Many available options: packet type, size etc Limitation: >1 sec measurement frequency Read manual: man ping 9
Traceroute: the tool n Traceroute measures • the path and the round trip time n n Traceroute: ingenious (ab)use of the network layer by Van Jacobson Main ideas: • send “bad” packets to receive ICMP: “packet died” • Recursive probing to identify the path • Send three packets at a time n Read manual: man traceroute 10
The ingenuity of traceroute TTL=1 source TTL=2 Time exceeded destination Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message n n Send a packet for every hop of the path Set TTL = 1, packet expires, ICMP returns Increase TTL by one, and repeat At the destination, port number is wrong: return an ICMP packet, port not found 11
Traceroute: Some Limitations n n In traceroute, you may be exploring multiple paths without knowing it Delays for each part of the path correspond to different measurements: ie they don’t sum up 12
Identifying The Router Topology n Several efforts rely on traceroute • Govindan et al INFOCOM 2000 • Cheswick and Burch Internet Mapping Project • The Dimes project n Main idea: • Do thousands of traceroutes • Collect all adjacent nodes • Generate a graph 13
Router Graphs: A Complication n Routers have multiple IP addresses • One for each interface n n n How do we resolve this? Only heuristics exist [Govindan] Heuristic: Send packets to one interface and hope that they will respond with the other interface • Typically, router responds with IP of interface the packet came on 14
Traceroute options n n -a Turn on AS# lookups for each hop encountered. -m max_ttl Set the max time-to-live (max number of hops) -p port Protocol specific. For UDP and TCP, sets the base port number used in probes (default is 33434). -S Print a % of probes not answered for each hop.
Traceroute gives IP-level forwarding path Traceroute output: (hop number, IP address, DNS name) 1 169. 229. 62. 1 inr-daedalus-0. CS. Berkeley. EDU 2 169. 229. 59. 225 soda-cr-1 -1 -soda-br-6 -2 3 128. 32. 255. 169 vlan 242. inr-202 -doecev. Berkeley. EDU 4 128. 32. 0. 249 gig. E 6 -0 -0. inr-666 -doecev. Berkeley. EDU 5 128. 32. 0. 66 qsv-juniper--ucb-gw. calren 2. net 6 209. 247. 159. 109 POS 1 -0. hsipaccess 1. San. Jose 1. Level 3. net 7 * ? 8 64. 159. 1. 46 ? 9 209. 247. 9. 170 pos 8 -0. hsa 2. Atlanta 2. Level 3. net 10 66. 185. 138. 33 pop 2 -atm-P 0 -2. atdn. net 11 * ? 12 66. 185. 136. 17 pop 1 -atl-P 4 -0. atdn. net 13 64. 236. 16. 52 www 4. cnn. com Traceroute from Berkeley to www. cnn. com (64. 236. 16. 52)
Map Traceroute Hops to ASes Traceroute output: (hop number, IP) 1 169. 229. 62. 1 AS 25 2 169. 229. 59. 225 AS 25 Berkeley 3 128. 32. 255. 169 AS 25 4 128. 32. 0. 249 AS 25 5 128. 32. 0. 66 AS 11423 Calren 6 209. 247. 159. 109 AS 3356 7 * AS 3356 8 64. 159. 1. 46 AS 3356 9 209. 247. 9. 170 AS 3356 10 66. 185. 138. 33 AS 1668 11 * AS 1668 12 66. 185. 136. 17 AS 1668 13 64. 236. 16. 52 AS 5662 CNN Level 3 AOL Need accurate IP-to-AS mappings (for network equipment).
Possible Ways to Get IP-to-AS Mapping(1) n DNS names: • Inaccurate, and in a lot of times, Wrong! n Anyone, with $5/year, can register a www. whateveryoulike. com and point it to any IP address! • Some of the IPs do not have any DNS name. n Routing address registry (WHOIS) • • • That’s what you did in Lab 1 More accurate. However… Voluntary public registry such as whois. radb. net Prone to human input errors Incomplete and maybe out-of-date n Mergers, acquisitions, delegation to customers
Possible Ways to Get IP-to-AS Mapping (2) n Origin AS in BGP paths • • Prefix=198. 133. 206. 0/24, ASpath=[1239 2914 3130] Public BGP routing tables such as Route. Views Almost real time and avoiding most human input errors It’s approximately 98% accurate, n Multiple Origin ASes (MOAS) • due to merge in a lot of cases • E. g. , around 2002 -2003, 148. 231. 0. 0/16 had two ASes announced its address block: AS 5677 and AS 7132. That was Pac. Bell and SBC • Now AS 5677 does not exist anymore n No mapping • Some ASes intentionally do not want to advertise the route/IPs • Incomplete view
Hands-on Experience with BGP Routing Tables n Telnet: //route-views. routeviews. org • Show ip bgp summary n Whose BGP feeds do the router take? • Show ip bgp n n n Prefix Origin AS AS Path Collected at http: //archive. routeviews. org/ Other BGP table collections are: • http: //www. ripe. net/projects/ris/rawdata. html • http: //www. cs. ucr. edu/bgp/
What can traceroute tell us? n Where are those routers? • from DNS n n City name Airport name • From roundtrip time n n Light travels approximately 2*10^8 meters/sec in fiber cables When non-congested, the major delay is propagation delay If you see a host with roundtrip time of 10 ms, you know it must be within 600 miles radius. Theoretically, with multiple vantage point, you can pinpoint where the routers are.
Internet routes are not symmetric! n n n Try traceroute from both ends And we’ll find most routes are not symmetric! Why? • Hot potato routing --- try to use other guys’ network as much as possible • Policy routing --- when multihomed
Traceroute from other places n http: //www. traceroute. org • • n Remote traceroute servers Hundreds of them Limited probe rate Not always available http: //www. caida. org/tools/measurement/ skitter/ • • • Dedicated remote traceroute monitors Almost unlimited probe rate Only a couple of dozens of them
Any questions?
- Slides: 24