cs240-yhe-measurements
Download
Report
Transcript cs240-yhe-measurements
Measuring the Internet:
Featuring Traceroute
Based on slides by
Yihua He (PhD UCR 2007)
Roadmap
Internet route: router and AS level
Review of how traceroute works
Possible ways to do IP->AS
Hands-on experience with BGP tables
What can traceroute tell us besides
reachability?
Internet routes are not symmetric
Autonomous System
Forwarding Path
Example: Pinpoint forwarding loop & responsible
AS
IP traffic
Internet
destination
source
Autonomous System (AS)
Border Gateway Protocol
(BGP)
Signaling path: control traffic
d: path=[A B C]
d: path=[B C]
d: path=[BC]
d: path=[C]
Forwarding path: data traffic
Origin AS
prefix d
BGP path may differ from forwarding AS
path
• Routing loops and deflections
• Route aggregation and filtering
• BGP misconfiguration
Measurements in the Internet
Difficulties in measuring
Measuring tools (traceroute)
Misc issues
5
Measuring and Modeling Is not
Easy
Constantly changing environment
How much data is enough
• Recently: we need to measure more
than 24h!
How frequently should I be
measuring?
Are the measurements
representative?
6
Operation versus
Measurements
Operators do not care about
• Measurements
• Academic Research
Why?
• Takes away resources
• Can create problems
• Complicates their lives
Luckily, there are measurement
centers
• CAIDA, NLANR, routeviews, RIPE
7
Types of Measurement Tools
Application level:
• Install application agents at two
measuring entries
• More control over process
Network level:
• Use the Internet control functionality
(ICMP)
• Trick the network to provide information
8
Ping: the tool
Uses ICMP ECHO_REQUEST datagram to
elicit an ICMP ECHO_RESPONSE from a
host or gateway
Reports
• Round trip time
• Packets loss
Many available options: packet type, size
etc
Limitation: >1sec measurement
frequency
Read manual: man ping
9
Traceroute: the tool
Traceroute measures
• the path and the round trip time
Traceroute: ingenious (ab)use of the
network layer by Van Jacobson
Main ideas:
• send “bad” packets to receive ICMP:
“packet died”
• Recursive probing to identify the path
• Send three packets at a time
Read manual: man traceroute
10
The ingenuity of traceroute
TTL=1
source TTL=2
Time
exceeded
destination
Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message
Send a packet for every hop of the path
Set TTL = 1, packet expires, ICMP returns
Increase TTL by one, and repeat
At the destination, port number is wrong:
return an ICMP packet, port not found
11
Traceroute: Some Limitations
In traceroute, you may be exploring multiple
paths without knowing it
Delays for each part of the path correspond to
different measurements: ie they don’t sum up
12
Identifying The Router Topology
Several efforts rely on traceroute
• Govindan et al INFOCOM 2000
• Cheswick and Burch Internet Mapping
Project
• The Dimes project
Main idea:
• Do thousands of traceroutes
• Collect all adjacent nodes
• Generate a graph
13
Router Graphs: A Complication
Routers have multiple IP addresses
• One for each interface
How do we resolve this?
Only heuristics exist [Govindan]
Heuristic: Send packets to one
interface and hope that they will
respond with the other interface
• Typically, router responds with IP of
interface the packet came on
14
Traceroute options
-a
Turn on AS# lookups for each hop encountered.
-m max_ttl Set the max time-to-live (max number of hops)
-p port Protocol specific. For UDP and TCP, sets the base port
number used in probes (default is 33434).
-S
Print a % of probes not answered for each hop.
Traceroute gives IP-level
forwarding path
Traceroute output: (hop number, IP address, DNS name)
1 169.229.62.1
inr-daedalus-0.CS.Berkeley.EDU
2 169.229.59.225
soda-cr-1-1-soda-br-6-2
3 128.32.255.169
vlan242.inr-202-doecev.Berkeley.EDU
4 128.32.0.249
gigE6-0-0.inr-666-doecev.Berkeley.EDU
5 128.32.0.66
qsv-juniper--ucb-gw.calren2.net
6 209.247.159.109
POS1-0.hsipaccess1.SanJose1.Level3.net
7 *
?
8 64.159.1.46
?
9 209.247.9.170
pos8-0.hsa2.Atlanta2.Level3.net
10 66.185.138.33
pop2-atm-P0-2.atdn.net
11 *
?
12 66.185.136.17
pop1-atl-P4-0.atdn.net
13 64.236.16.52
www4.cnn.com
Traceroute from
Berkeley to
www.cnn.com
(64.236.16.52)
Map Traceroute Hops to ASes
Traceroute output: (hop number, IP)
1 169.229.62.1
AS25
2 169.229.59.225 AS25
Berkeley
3 128.32.255.169 AS25
4 128.32.0.249
AS25
5 128.32.0.66
AS11423 Calren
6 209.247.159.109 AS3356
7 *
AS3356
8 64.159.1.46
AS3356
9 209.247.9.170
AS3356
10 66.185.138.33
AS1668
11 *
AS1668
12 66.185.136.17
AS1668
13 64.236.16.52
AS5662 CNN
Level3
AOL
Need accurate
IP-to-AS mappings
(for network equipment).
Possible Ways to
Get IP-to-AS Mapping(1)
DNS names:
• Inaccurate, and in a lot of times, Wrong!
Anyone, with $5/year, can register a
www.whateveryoulike.com and point it to any IP
address!
• Some of the IPs do not have any DNS name.
Routing address registry (WHOIS)
•
•
•
•
•
That’s what you did in Lab1
More accurate. However…
Voluntary public registry such as whois.radb.net
Prone to human input errors
Incomplete and maybe out-of-date
Mergers, acquisitions, delegation to customers
Possible Ways to
Get IP-to-AS Mapping (2)
Origin AS in BGP paths
•
•
•
•
Prefix=198.133.206.0/24, ASpath=[1239 2914 3130]
Public BGP routing tables such as RouteViews
Almost real time and avoiding most human input errors
It’s approximately 98% accurate,
Multiple Origin ASes (MOAS)
• due to merge in a lot of cases
• E.g., around 2002-2003, 148.231.0.0/16 had two ASes
announced its address block: AS5677 and AS7132. That
was PacBell and SBC
• Now AS5677 does not exist anymore
No mapping
• Some ASes intentionally do not want to advertise the
route/IPs
• Incomplete view
Hands-on Experience with BGP
Routing Tables
Telnet://route-views.routeviews.org
• Show ip bgp summary
Whose BGP feeds do the router take?
• Show ip bgp
Prefix
Origin AS
AS Path
Collected at http://archive.routeviews.org/
Other BGP table collections are:
• http://www.ripe.net/projects/ris/rawdata.html
• http://www.cs.ucr.edu/bgp/
What can traceroute tell us?
Where are those routers?
• from DNS
City name
Airport name
• From roundtrip time
Light travels approximately 2*10^8 meters/sec in
fiber cables
When non-congested, the major delay is propagation
delay
If you see a host with roundtrip time of 10ms, you
know it must be within 600 miles radius.
Theoretically, with multiple vantage point, you can
pinpoint where the routers are.
Internet routes are not symmetric!
Try traceroute from both ends
And we’ll find most routes are not
symmetric!
Why?
• Hot potato routing --- try to use other
guys’ network as much as possible
• Policy routing --- when multihomed
Traceroute from other places
http://www.traceroute.org
•
•
•
•
Remote traceroute servers
Hundreds of them
Limited probe rate
Not always available
http://www.caida.org/tools/measurement/
skitter/
• Dedicated remote traceroute monitors
• Almost unlimited probe rate
• Only a couple of dozens of them
Any questions?