Collecting Information to Visualize Network Status

Download Report

Transcript Collecting Information to Visualize Network Status

14th JSPS/NRF Core University Program Seminar on Next Generation Internet
i-Path :
Network Transparency Project
Shigeki Goto*
Akihiro Shimoda*, Ichiro Murase*
Dai Mochinaga**, and Katsushi Kobayashi***
* Waseda University
** Mitsubishi Research Institute Inc., *** National Institute of Advanced Science and Technology (AIST)
1
Agenda
1. Introduction
– Background and Motivation
– Applications
2. Overview of i-Path
– Data Collection
– New Software
3. More Applications
4. Conclusion
Acknowledgement
2
The Goal of i-Path project
 Accessible Information between the hosts
 Observing the information disclosure policy of
all stakeholders along the path
3
Introduction
Background
Growing demand for backbone bandwidth
Network performance fluctuation (e.g. throughput)
Routers keep rich information
•Routing table, Link utilization
•Temperature, Location, Contact point, Supply voltage etc.
Not easy to collect right information and
to utilize information along the path
• Because of …
– Observe the information disclosure policy
– Status of network depends on variety of factors
4
Introduction
Motivation
• Disclosing information leads to improved
End-to-End visibility
• End-to-End visibility provides benefit to
end hosts and operators
– Monitoring network status
– Reporting events and troubleshooting
– Reduction in operational cost
• Providing transparency of underlying networks
5
Introduction
Applications
Enhanced Congestion Control
Best peer selection in
P2P communication applications
Adjust optimal bit rate in VoD
Dynamic network configuration
(e.g. according to Time zones)
Selection of the appropriate path
(e.g. Not violating policies related to content
management)
6
Overview
Data Collection
• Explicit Network Information Collection Along a Path
• SIRENS *(Simple Internet Resource Notification Scheme)
– Based on the cross layer approach



Bottleneck bandwidth
Interface queue capacity
Corruption losses etc.
– Scalable network information measurement
* K. Nakauchi and K. Kobayashi. An explicit router feedback framework for high
bandwidth-delay product networks. Computer Networks, 51(7):1833–1846, 2007.
7
Overview
Structure of shim-header
Inserted between the network and transport headers
8
Overview
Information Disclosure
• Prohibit to access some Information on routers
• Unwilling to disclose inside network status
– Security
– Cost
• Each ISP has a disclosure policy
• End hosts have their disclosure policy
Negotiation: requests and responses
OK to Disclose?
OK to Disclose?
OK to Disclose?
9
Observing Information Disclosure Policies
Selective requests and responses
 Policy:
Alice & Bob allow to disclose
beyond 3rd hop router.
 Implementation:
• Alice does not send req. for her
neighbor & the next neighbor
routers, i.e.,1st & 2nd hops.
• Bob does not send back res.
same as Alice, i.e., 6th & 7th hops.
 Results:
• Alice obtains 3-5 hops data.
• Bob obtains 3-7 hops data
10
New Software Tools
(a)
Send a SIRENS
request packet
TCP Data
TCP Data
TCP Data
TCP Data
(b)
Receive the request
packet and reply
Sender
(c)
Receive the reply
packet and
make xml files
i-Path Router
TCP Data
Developed
software
Receiver
TCP Data
xml
11
Snapshot of the Visualization Tool
• Dark colored (Blue) routers
– Data Collection: Enabled
• Gray colored routers
– Data Collection: Not enabled or Not Exist
12
More applications
Network Threat Detection
S.Nogami, A.Shimoda and S.Goto, Detection of DDoS attacks by i-Path flow
analysis, (in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010.
DDoS Packets
destination: TARGET
Source IP Address: Spoofed IP Address
TARGET
IP address : X.X.X.X
Internet
Attackers
Back Scatter Packets
destination: Spoofed IP Address
Source: TARGET
extraneous hosts/servers
13
More applications
NAT traversal
Different kind of NATs:
full cone, restricted cone, port restricted cone, symmetric
K.Tobe, A.Shimoda and S.Goto, NAT traversal with transparent routers,
(in Japanese, to appear) 72nd National Convention of IPSJ, Mar. 2010
symmetric NAT
14
Current Status and Future Plans
• i-Path project wiki
http://i-path.goto.info.waseda.ac.jp/trac/i-Path/
• Dai Mochinaga, Katsushi Kobayashi, Shigeki
Goto, Akihiro Shimoda, and Ichiro Murase,
Collecting Information to Visualize Network Status,
28th APAN Network Research Workshop,
pp.1—4, 2009.
• Network application utilizing collected information
• Demonstration on R&D testbed: JGN in Japan
• Demonstration at SC09, Portland, OR, Nov. 2009
15
Conclusion
• We proposed new method disclosing
network information
• i-Path
– Offering end-to-end visibility, transparency
– Observing privacy protection
– Respecting disclosure policy
16
Acknowledgement
This project is supported by
National Institute of Information and
Communications Technology (NICT),
Japan.
17