internet measurement tutorial yuval shavitt school of electrical engineering shavitt
Post on 20-Dec-2015
220 views
TRANSCRIPT
![Page 1: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/1.jpg)
Internet Measurement Tutorial
Yuval Shavitt
School of Electrical Engineering
http://www.eng.tau.ac.il/~shavitt
![Page 2: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/2.jpg)
Motivation
• Wide area networks are too complex to grasp– Many protocols at various levels interact and
effect behavior
• Many applications have performance requirements– End-to-end delay and loss, reliability
![Page 3: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/3.jpg)
Motivation (2)
• Its an interesting complex system– Has emergent characteristics like many living
systems:• Biological systems
• Social networks
![Page 4: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/4.jpg)
TCP/IP Protocols
TELNET FTP SMTP DNS
TCP UDP
IP
LAN wireless WAN
Application
Transport
Network
Physical+Data link
![Page 5: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/5.jpg)
Internet Measurement Challenges
![Page 6: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/6.jpg)
Internet Measurement Challenges (1)
• Network size:– 100,000,000s hosts, 1,000,000s routers, ~30,000 ASes
• Network Complexity– Interaction between components, protocols,
applications, users
• All change over time– New applications are added
– New protocol versions (TCP)
– New router design (AQM)
![Page 7: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/7.jpg)
Internet Measurement Challenges (2)
• Not engineered for measurement:– Initial design had no measurement thinking– Distributed management
• Tendency not to share data
• Blocking measurement attempts (“don’t ping my network”)
– NATs, Firewalls, …
![Page 8: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/8.jpg)
Success Stories
“On the self-similar nature of Ethernet traffic”W. E. Leland, M. S. Taqqu, W. Willinger, and D. V. Wilson IEEE/ACM Transactions on Networking, February 1994.• Thorough analysis of Bellcore LAN traces established
self-similar properties of packet arrival process.“On power-law relationships of the internet topology”M. Faloutsos, P. Faloutsos, and C. Faloutsos, ACM SIGCOMM 1999, Aug./Sept. 1999.• Analysis of the RouteViews BGP database establish the
power-law characteristics of the Internet topology.
k
Pr(k)
<k>
0 2 4 6 8 10 120
2
4
6
8
10
12
14
log(degree)
log
(Pr(
de
gre
e))
DIMES+BGP (Feb 05)
![Page 9: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/9.jpg)
Why do we measure the Internet?
• Already mentioned:– Because it is there!– Operational reasons
• We cannot improve the Internet if we don’t understand it– We cannot understand it if we don’t measure– We cannot build effective models or simulators
if we don’t measure
![Page 10: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/10.jpg)
Long term objectives
• Monitor the Internet at real time
• Manage the Internet– Monitor and react before things go bad
![Page 11: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/11.jpg)
What can we measure in the Internet?
• Structure– Topology (router/network) connectivity, link
capacities, link loss, available bandwidth, routing• Traffic
– End-to-end performance, packet arrival process (congestion built-up)
• Users and applications– WWW, peer-to-peer, streaming
• Malicious behavior– Attack patterns, port scans
![Page 12: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/12.jpg)
Where can we measure the Internet?
How to chose representative measurement points?
Example: traffic samples– LAN traffic vs. WAN traffic, – Inside an ISP vs. between continents– Country biases– Commercial location vs. educational– More locations is better
![Page 13: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/13.jpg)
How can we measure the Internet?
• Active measurements– Probes: Traceroute, ping, packet trains– Application simulation
• Passive measurement– Logs (WWW)– Monitors, sniffers
![Page 14: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/14.jpg)
Measurement resources on the WWW
CAIDA:
www.caida.org/tools/taxonomy
SLAC: www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
![Page 15: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/15.jpg)
When should we measure the Internet?
• Diurnal and weekly traffic cycles• Time scales depend on “what” and “how”• Passive measurement are typically continuous
– Can generate huge data sets– Log access problems– Privacy concerns
• Active measurements are typically discrete– Important characteristics can be missed– Probes can be filtered and/or detected
![Page 16: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/16.jpg)
Who is measuring the Internet?
• Businesses do a great deal of measurement– Mostly do not share with the research community– examples:
• Akamai: http delay from server side• HP (Mercury): http delay from client side • Google: everything
• Academia and Research institutes– Publish papers, but data may not be always available
• Internet Statistics and Metrics Analysis (ISMA)– CAIDA attempt to create a global meta-data database
![Page 17: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/17.jpg)
Publishing Internet Measurement Studies
• All major networking conferences & journals accept measurement papers– ACM SIGCOMM, IEEE INFOCOM, ACM
SIGMETRICS
• Dedicated meetings:– ACM Internet Measurement Conf. (IMC, IMW)– Passive & Active Measurements Conf. (PAM)– TridentCom
![Page 18: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/18.jpg)
Active Measurement Techniques
![Page 19: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/19.jpg)
Active Probes
• Active probes send stimulus (packets) into the network and then measure the response– Done on network, transport and application layers
• Active probes are useful to measure various things:– Delay, delay jitter, and loss
– Topology and routing behavior
– Capacity, bandwidth, and throughput
![Page 20: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/20.jpg)
Simple delay/loss probing with ping
C:\>ping www.fer.hr
Pinging www.fer.hr [161.53.72.111] with 32 bytes of data:
Reply from 161.53.72.111: bytes=32 time=113ms TTL=49Reply from 161.53.72.111: bytes=32 time=111ms TTL=49Reply from 161.53.72.111: bytes=32 time=113ms TTL=49Reply from 161.53.72.111: bytes=32 time=118ms TTL=49
Ping statistics for 161.53.72.111: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 111ms, Maximum = 118ms, Average = 113ms
![Page 21: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/21.jpg)
ICMP
ICMP is the IP error diagnosis protocol.
IP header
TypeCode
Checksum
Sequence number
Any ICMP data
![Page 22: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/22.jpg)
ICMP Message Types
Type No.Meaning
0Echo reply
3Destination unreachable
4Source quench
5Redirect
8Echo
9Router advertisement
10Router solicitation
11Time exceeded
12Parameter problem
13Timestamp
14Timestamp reply
15Information requeste
16Information reply
PING
![Page 23: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/23.jpg)
Application layer “ping”
• One can generate application layer messages to test application reaction time
• Most common:– TCP SYN message to port 80
![Page 24: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/24.jpg)
traceroute
• Useful to learn the route characteristics between two hosts.
• Sends a series of probes to successive nodes along a route to an intended destination and records the source address and time delay of the message returned by each.
• Based on ICMP “TTL expired” message
![Page 25: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/25.jpg)
IP datagram format
ver length
32 bits
data (variable length,typically a TCP
or UDP segment)
16-bit identifier
Internet checksum
time tolive
32 bit source IP address
IP protocol versionnumber
header length (bytes)
max numberremaining hops
(decremented at each router)
forfragmentation/reassembly
total datagramlength (bytes)
upper layer protocolto deliver payload to
head.len
type ofservice
“type” of data flgsfragment
offsetupper layer
32 bit destination IP address
Options (if any) E.g. timestamp,record routetaken, pecifylist of routers to visit.
![Page 26: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/26.jpg)
ICMP Message Types
Type No.Meaning
0Echo reply
3Destination unreachable
4Source quench
5Redirect
8Echo
9Router advertisement
10Router solicitation
11Time exceeded
12Parameter problem
13Timestamp
14Timestamp reply
15Information requeste
16Information reply
traceroute
Type Code description3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown
![Page 27: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/27.jpg)
traceroute
Regular UDP packets• successive TTLs
ICMP “TTL expired” message
ICMP “port unreachable” message
timeA B C D E
![Page 28: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/28.jpg)
traceroute versions
• UNIX: – default send UDP packets
• Start at port 33435, and increment port per packet!
– traceroute –l sends ICMP “ECHO request”– tcptraceroute uses TCP SYN messages
• If port is close gets RST reply• If port is open gets SYN ACK and reply with RST• Best to overcome firewalls
• Windows– ICMP “ECHO request”
![Page 29: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/29.jpg)
C:\>tracert www.fer.hr
Tracing route to www.fer.hr [161.53.72.111]over a maximum of 30 hops:
1< 1 ms <1 ms <1 ms 192.168.200.254 2 19 ms 20 ms 19 ms vxr.tau.ac.il [132.66.8.10]
3 17 ms 22 ms 20 ms c6509.tau.ac.il [132.66.8.20] 4 21 ms 19 ms 19 ms tel-aviv.tau.ac.il [132.66.4.1]
5 19 ms 23 ms 18 ms gp1-tau-fe.ilan.net.il [128.139.191.70] 6 20 ms 20 ms 20 ms iucc.il1.il.geant.net [62.40.103.69]
7 69 ms 69 ms 69 ms il.it1.it.geant.net [62.40.96.154] 8 82 ms 82 ms 82 ms it.ch1.ch.geant.net [62.40.96.33]
9 101 ms 98 ms 98 ms ch.at1.at.geant.net [62.40.96.1] 10 105 ms 105 ms 105 ms at.hu1.hu.geant.net [62.40.96.178] 11 117 ms 112 ms 113 ms hu.hr1.hr.geant.net [62.40.96.145]
12 113 ms 115 ms 115 ms carnet-gw.hr1.hr.geant.net [62.40.103.218] 13 120 ms 122 ms 123 ms 193.198.228.6
14 114 ms 112 ms 119 ms 193.198.229.10 15 120 ms 119 ms 119 ms 161.53.16.14
16 114 ms 114 ms 113 ms duality.cc.fer.hr [161.53.72.111]
Trace complete.
![Page 30: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/30.jpg)
C:\>tracert www.colbud.hu
Tracing route to www.colbud.hu [81.182.250.153]over a maximum of 30 hops:
1< 1 ms <1 ms <1 ms 192.168.200.254 2 19 ms 21 ms 18 ms vxr.tau.ac.il [132.66.8.10]
3 20 ms 21 ms 21 ms c6509.tau.ac.il [132.66.8.20] 4 21 ms 20 ms 19 ms tel-aviv.tau.ac.il [132.66.4.1]
5 20 ms 22 ms 19 ms gp1-tau-fe.ilan.net.il [128.139.191.70] 6 26 ms 22 ms 21 ms iucc.il1.il.geant.net [62.40.103.69]
7 91 ms 92 ms 92 ms il.nl1.nl.geant.net [62.40.96.117] 8 97 ms 97 ms 97 ms nl.de1.de.geant.net [62.40.96.101]
9 95 ms 96 ms 93 ms ffm-b2-pos2-3.telia.net [213.248.77.89] 10 96 ms 96 ms 150 ms ffm-bb2-pos2-3-0.telia.net [213.248.64.177]
11 110 ms 112 ms 114 ms bpt-b1-pos2-0.telia.net [213.248.64.26] 12 * * * Request timed out.
13 112 ms 110 ms 111 ms 10ge-0-0.core0-ip2.net.telekom.hu [145.236.85.2] 14 112 ms 114 ms 110 ms tenge1-2.core0.adatpark.hu [145.236.89.10]
15 114 ms 112 ms 114 ms fixip-lns2.adatpark.hu [195.228.253.58] 16 120 ms 122 ms 124 ms 153-250-182-81.adsl-fixip.axelero.hu [81.182.250.153]
Trace complete.
![Page 31: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/31.jpg)
Probing for link characteristics
• Packet dispersion techniques can be used to infer characteristics of each link along an Internet path.– Bandwidth, queuing delays, propagation delay– Cross traffic may cause problem
• Many tools are available:– bprobe [CC97], clink [D99], nettimer [LB99],
pathchar [J97], pchar [M00], pathrate [DRM01]
![Page 32: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/32.jpg)
Capacity
• Maximum IP layer throughput that a flow can get, without any cross traffic
source sink
link 1link 2
link 3
• Ci = capacity of link i
• Path capacity C=mini{Ci}
![Page 33: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/33.jpg)
Available Bandwidth
• Maximum IP layer throughput that a flow can get, given (stationary) cross traffic
source sink
link 1link 2
link 3
• ui = utilization of link i
• Path available bandwidth A=mini{Ci(1- ui)}
![Page 34: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/34.jpg)
Packet Pair Dispersion
• Packet transmission time: τ=L/C• Send two packets back-to-back• Measure dispersion at the reciever• Estimate C as L/
• But cross-traffic ‘noise’ can effect .
L/CL/CL/3C
C 3C
![Page 35: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/35.jpg)
Pathchar
• Developed by Van Jacobson to: “allows any user to find the bandwidth, delay, average queue and loss rate of every hop between any source & destination on the Internet”
• Measure the path hop by hop– Default: 32 probes per hop
![Page 36: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/36.jpg)
![Page 37: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/37.jpg)
![Page 38: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/38.jpg)
![Page 39: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/39.jpg)
![Page 40: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/40.jpg)
Self-Loading Periodic Streams (SLoPS) [Jain Dovrolis 02]
• SND sends a periodic UDP packet stream at rate R.• R=L/T, L=packet size, T=period, K=number of packets• Measure one way delay (OWD): Dk=tarrive-tsend
• OWD variation: Dk=Dk+1-Dk (independent of clock
offset)• With stationarity & fluid model for the cross traffic, and
FIFO queues:
A Rif 0
if 0 ARD k
![Page 41: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/41.jpg)
Illustration of SLoPS
Periodic Stream: K packets, size L bytes, rate R = L/T
![Page 42: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/42.jpg)
Trends in Real Data
U. Oregon to U. Delaware (12 hops)
A=74Mbps (MRTG), K=100, T=100S, L=1200B
R= 96Mbps and 37Mbps
![Page 43: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/43.jpg)
When RA
![Page 44: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/44.jpg)
Passive Measurement Techniques
![Page 45: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/45.jpg)
Passive packet measurement
• Capture packets as they pass by– Packet capture applications (tcpdump) on hosts use packet
capture filter• Requires access to the wire
– Promiscuous mode or mirror ports to see other traffic
– Hardware-bases solutions• Endace, Inc.’s DAG cards OC12/48/192 (0.622/2.5/10Gbps)�• Programmable NIC cards (<$100)
• Issues:– Timestamps– Data volumes– Privacy
![Page 46: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/46.jpg)
tcpdump
• Can capture entire packet or n first bytes
• Timestamps each packet
• Can filter based on any combination of header field
12:40:18.501228 IP bakara.eng.tau.ac.il.23 > amirotem-pc.eng.tau.ac.il.2260: P 1:3(2) ack 1 win 8760 (DF)12:40:18.692431 IP amirotem-pc.eng.tau.ac.il.2260 > bakara.eng.tau.ac.il.23: . ack 3 win 64162 (DF)
12:40:18.692775 IP bakara.eng.tau.ac.il.23 > amirotem-pc.eng.tau.ac.il.2260: P 3:10(7) ack 1 win 8760 (DF)
12:40:18.893601 IP amirotem-pc.eng.tau.ac.il.2260 > bakara.eng.tau.ac.il.23: . ack 10 win 64155 (DF)
![Page 47: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/47.jpg)
Full Packet Capture
12:22:42.401784 IP (tos 0x0, ttl 128, id 37074, len 41) AMIROTEM.dummy.net.3214 > bakara.eng.tau.ac.il.23: P [tcp sum ok] 3535692137:3535692138(1) ack 1410929928 win 16196 (DF)
0x0000 4500 0029 90d2 4000 8006 2d02 c0a8 c803 E..)[email protected] 8442 300c 0c8e 0017 d2be 6169 5419 1508 .B0.......aiT...0x0020 5018 3f44 1d9e 0000 6c P.?D....l12:22:42.426889 IP (tos 0x0, ttl 252, id 33630, len 41) bakara.eng.tau.ac.il.23 >
AMIROTEM.dummy.net.3214: P [tcp sum ok] 1:2(1) ack 1 win 9324 (DF)0x0000 4500 0029 835e 4000 fc06 be75 8442 300c E..).^@....u.B0.0x0010 c0a8 c803 0017 0c8e 5419 1508 d2be 616a ........T.....aj0x0020 5018 246c 3875 0000 6c88 8888 8888 P.$l8u..l.....12:22:42.600874 IP (tos 0x0, ttl 128, id 37075, len 41) AMIROTEM.dummy.net.3214 >
bakara.eng.tau.ac.il.23: P [tcp sum ok] 1:2(1) ack 2 win 16195 (DF)0x0000 4500 0029 90d3 4000 8006 2d01 c0a8 c803 E..)[email protected] 8442 300c 0c8e 0017 d2be 616a 5419 1509 .B0.......ajT...0x0020 5018 3f43 169d 0000 73 P.?C....s12:22:42.617003 IP (tos 0x0, ttl 252, id 33631, len 41) bakara.eng.tau.ac.il.23 >
AMIROTEM.dummy.net.3214: P [tcp sum ok] 2:3(1) ack 2 win 9324 (DF)0x0000 4500 0029 835f 4000 fc06 be74 8442 300c E..)[email protected] c0a8 c803 0017 0c8e 5419 1509 d2be 616b ........T.....ak0x0020 5018 246c 3173 0000 7388 8888 8888 P.$l1s..s.....
![Page 48: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/48.jpg)
Passive IP flow measurement
• An IP flow is defined by the five-tuple:– src addr, src port, dst addr, dst port, protocol
• Cisco’s NetFlow– Part of the IOS – Provide template based flow records
• Many tools can manipulate NetFlow data
![Page 49: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/49.jpg)
FlowScan [Plonka00]
• Combines flow collection engine, database, visualization tool
• Provides a near real-time visualization of network traffic
• Breaks down traffic into well known service or application
![Page 50: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/50.jpg)
Analysis of Flows
• Examining flows of packets one can determine OOO packets:– Losses
– Reorders
– TCP state machine
– Retransmissions
– Duplicates
• Analysis can be done on 1- or 2-directional flows
![Page 51: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/51.jpg)
Local ISP
Diagnostic node
Internet
![Page 52: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/52.jpg)
Unidirectional Flows
• Evaluates TCP seq. # and IP-ID patterns– Assumption: the sender’s IP ID forms a monotonic increasing sequence
Brosh&Shavitt, Infocom’05
![Page 53: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/53.jpg)
HTTP Logs
• Have data about the client IP, transaction time, command (GET/POST), return code, bytes transferred, referrer, metadata (browser
type, OS, languages, etc.)
• Tools are available to analyze HTTP logs– Webalizer
![Page 54: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/54.jpg)
24.77.192.99 - - [15/May/2005:23:54:59 +0300] "GET /science_down.gif HTTP/1.1" 200 1138 "http://www.netdimes.org/science.html" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3"68.231.117.28 - - [15/May/2005:23:52:05 +0300] "GET /ipmap.png HTTP/1.1" 200 4874697 "http://slashdot.org/" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /home_up.gif HTTP/1.1" 200 1096 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /AboutUs_up.gif HTTP/1.1" 200 1169 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"24.77.192.99 - - [15/May/2005:23:55:00 +0300] "GET /Install_down.gif HTTP/1.1" 200 1219 "http://www.netdimes.org/science.html" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.7) Gecko/20050414 Firefox/1.0.3"69.141.103.137 - - [15/May/2005:23:54:50 +0300] "POST /DIMES/server HTTP/1.1" 200 3 "-" "Java/1.4.1_03"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /news_up.gif HTTP/1.1" 200 1086 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /community_up.gif HTTP/1.1" 200 1199 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /datastat_up.gif HTTP/1.1" 200 1233 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /science_up.gif HTTP/1.1" 200 1126 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"71.106.2.53 - - [15/May/2005:23:55:00 +0300] "GET /favicon.ico HTTP/1.1" 200 5694 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"62.179.197.156 - - [15/May/2005:23:54:02 +0300] "GET /ipmap.png HTTP/1.1" 200 4874697 "http://slashdot.org/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /Install_up.gif HTTP/1.1" 200 1219 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"24.236.177.187 - - [15/May/2005:23:55:00 +0300] "GET /EVERGROW40.gif HTTP/1.1" 200 4089 "http://www.netdimes.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"195.252.52.155 - - [15/May/2005:23:55:00 +0300] "GET /science_down.gif HTTP/1.1" 200 1138 "http://www.netdimes.org/science.html" "Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.6) Gecko/20050318 Firefox/1.0.2"
HTTP Log Example
![Page 55: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/55.jpg)
[root@jupiter httpd]# grep "GET / " access_log |tail -1068.54.223.47 - - [19/May/2005:12:36:20 +0300] "GET / HTTP/1.1" 200 14067 "-" "Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"132.76.80.118 - - [19/May/2005:12:49:44 +0300] "GET / HTTP/1.1" 304 -
"http://www.eng.tau.ac.il/~shavitt/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
24.169.148.213 - - [19/May/2005:13:06:58 +0300] "GET / HTTP/1.1" 200 14067 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
84.170.181.64 - - [19/May/2005:13:07:14 +0300] "GET / HTTP/1.1" 200 14067 "http://www.google.de/search?hl=de&q=dimes&meta=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
130.240.136.220 - - [19/May/2005:13:07:25 +0300] "GET / HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
81.72.13.30 - - [19/May/2005:13:11:00 +0300] "GET / HTTP/1.1" 200 14067 "http://www.miranet.it/php/Articolo.php?id=708" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
194.78.199.123 - - [19/May/2005:13:13:44 +0300] "GET / HTTP/1.1" 200 14067 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)"
82.152.182.12 - - [19/May/2005:13:23:10 +0300] "GET / HTTP/1.1" 200 14067 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
80.119.126.44 - - [19/May/2005:13:38:08 +0300] "GET / HTTP/1.1" 200 14067 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
80.250.186.101 - - [19/May/2005:13:46:14 +0300] "GET / HTTP/1.1" 200 14067 "http://distributed.ru/forum/?a=topic&topic=583" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"
![Page 56: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/56.jpg)
Example of Log Analysis
June 5th, 2005
![Page 57: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/57.jpg)
Webalizeraccess analysis
![Page 58: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/58.jpg)
MultiQ
• Analyzing incoming packet streams
• Gaps between packets are used to calculate bottleneck link speeds
• Multiple bottlenecks can be inferred
M&M, MIT
![Page 59: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/59.jpg)
How does it work?
• 50% of traffic is comprised of 1500B packets
• Behavior at the second bottleneck:
Keep b.n. gap
Gap shifts reveal2nd bottleneck
“white noise”
Effect on dist.:
![Page 60: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/60.jpg)
Three bottlenecks with one strike
![Page 61: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/61.jpg)
Topology Discovery
![Page 62: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/62.jpg)
C:\>tracert www.fer.hr
Tracing route to www.fer.hr [161.53.72.111]over a maximum of 30 hops:
1< 1 ms <1 ms <1 ms 192.168.200.254 2 19 ms 20 ms 19 ms vxr.tau.ac.il [132.66.8.10]
3 17 ms 22 ms 20 ms c6509.tau.ac.il [132.66.8.20] 4 21 ms 19 ms 19 ms tel-aviv.tau.ac.il [132.66.4.1]
5 19 ms 23 ms 18 ms gp1-tau-fe.ilan.net.il [128.139.191.70] 6 20 ms 20 ms 20 ms iucc.il1.il.geant.net [62.40.103.69]
7 69 ms 69 ms 69 ms il.it1.it.geant.net [62.40.96.154] 8 82 ms 82 ms 82 ms it.ch1.ch.geant.net [62.40.96.33]
9 101 ms 98 ms 98 ms ch.at1.at.geant.net [62.40.96.1] 10 105 ms 105 ms 105 ms at.hu1.hu.geant.net [62.40.96.178] 11 117 ms 112 ms 113 ms hu.hr1.hr.geant.net [62.40.96.145]
12 113 ms 115 ms 115 ms carnet-gw.hr1.hr.geant.net [62.40.103.218] 13 120 ms 122 ms 123 ms 193.198.228.6
14 114 ms 112 ms 119 ms 193.198.229.10 15 120 ms 119 ms 119 ms 161.53.16.14
16 114 ms 114 ms 113 ms duality.cc.fer.hr [161.53.72.111]
Trace complete.
private network
Tel Aviv Uni.
ILAN
DANTE
HR-ZZ
CARnet
AS378
AS20965GEANT
MACHBA
CARnet
AS2108
378 20965 2108
from IP to AS routes
![Page 63: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/63.jpg)
How to map IP to AS?
• BGP announcements• Use public databases:
– Internet Routing Registry (IRR), http://www.irr.net
– whois servers
• Commercial databases– MaxMind, etc.
• Problem: incomplete and out-of-date• Due to acquisitions, mergers, break-ups of institutions
![Page 64: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/64.jpg)
A
What is the AS level traceroute?
CBA-B-C
A CBC-B-A
Are A and C neighbor ASes?
What AS does the middle router belong to, B or C?
![Page 65: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/65.jpg)
The Internet Structure
routers
![Page 66: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/66.jpg)
The Internet Structure
The AS graph
![Page 67: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/67.jpg)
The Internet Structure
The AS graph The PoP level graph
![Page 68: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/68.jpg)
Delay Measurements
![Page 69: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/69.jpg)
C:\>tracert www.fer.hr
Tracing route to www.fer.hr [161.53.72.111]over a maximum of 30 hops:
1< 1 ms <1 ms <1 ms 192.168.200.254 2 19 ms 20 ms 19 ms vxr.tau.ac.il [132.66.8.10]
3 17 ms 22 ms 20 ms c6509.tau.ac.il [132.66.8.20] 4 21 ms 19 ms 19 ms tel-aviv.tau.ac.il [132.66.4.1]
5 19 ms 23 ms 18 ms gp1-tau-fe.ilan.net.il [128.139.191.70] 6 20 ms 20 ms 20 ms iucc.il1.il.geant.net [62.40.103.69]
7 69 ms 69 ms 69 ms il.it1.it.geant.net [62.40.96.154] 8 82 ms 82 ms 82 ms it.ch1.ch.geant.net [62.40.96.33]
9 101 ms 98 ms 98 ms ch.at1.at.geant.net [62.40.96.1] 10 105 ms 105 ms 105 ms at.hu1.hu.geant.net [62.40.96.178] 11 117 ms 112 ms 113 ms hu.hr1.hr.geant.net [62.40.96.145]
12 113 ms 115 ms 115 ms carnet-gw.hr1.hr.geant.net [62.40.103.218] 13 120 ms 122 ms 123 ms 193.198.228.6
14 114 ms 112 ms 119 ms 193.198.229.10 15 120 ms 119 ms 119 ms 161.53.16.14
16 114 ms 114 ms 113 ms duality.cc.fer.hr [161.53.72.111]
Trace complete.
Minimum delay of a link
Linkdelay19-22-12491316771727-6
Min.01917191820698298105112113120112119113
Negative delays
![Page 70: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/70.jpg)
-150 -100 -50 0 50 100 150 200 2500
500
1000
1500
2000
2500
3000
3500
4000
4500
5000Link Delay Measurements Histogram
Link delay [ms]
Dis
trib
ution o
f th
e d
ela
y
am
ong 1
ms b
ins
A delay of a link inside TAU
negative delay
![Page 71: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/71.jpg)
-300 -200 -100 0 100 200 30010
3
104
105
106
107
108
109
1010
AutoCorrelation lag
Histogram AutoCorrelation
autocorr of new histogram
autocorr of "sampled" histogram
Auto-Correlation Histogram
Why periodic?
![Page 72: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/72.jpg)
int gettimeofday(struct timeval* tv, struct timezone *tz){
if(!tv) return -1; struct _timeb timebuffer; _ftime(&timebuffer);
tv-<tv_sec = timebuffer.time; tv-<tv_usec = timebuffer.millitm * 1000 + 500; return 0;
}
Maybe something wrong with the code?
millisecond accuracy
translate to seconds
![Page 73: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/73.jpg)
New vs. Old timing routines
-100 -80 -60 -40 -20 0 20 40 60 80 1000
0.5
1
1.5
2
2.5x 10
4 Link delay measurements histogram
Delay [ms]
-100 -80 -60 -40 -20 0 20 40 60 80 1000
1000
2000
3000
4000
5000
6000
Delay [ms]
Old Version
New Version
![Page 74: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/74.jpg)
-300 -200 -100 0 100 200 30010
3
104
105
106
107
108
109
1010
AutoCorrelation lag
Histogram AutoCorrelation
autocorr of new histogram
autocorr of "sampled" histogram
Auto-Correlation Histogram
Why periodic?
![Page 75: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/75.jpg)
How to define distance between ASes?
Maybe the same as between nodes?• The distance between two ASes will be the distance
between the two border routers connecting them
20ms 17ms 26ms 40ms 35ms 89ms 79ms 91ms
AS 378 AS 1248 AS 701
14ms ?
![Page 76: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/76.jpg)
C:\>tracert www.fer.hr
Tracing route to www.fer.hr [161.53.72.111]over a maximum of 30 hops:
1< 1 ms <1 ms <1 ms 192.168.200.254 2 19 ms 20 ms 19 ms vxr.tau.ac.il [132.66.8.10]
3 17 ms 22 ms 20 ms c6509.tau.ac.il [132.66.8.20] 4 21 ms 19 ms 19 ms tel-aviv.tau.ac.il [132.66.4.1]
5 19 ms 23 ms 18 ms gp1-tau-fe.ilan.net.il [128.139.191.70] 6 20 ms 20 ms 20 ms iucc.il1.il.geant.net [62.40.103.69]
7 69 ms 69 ms 69 ms il.it1.it.geant.net [62.40.96.154] 8 82 ms 82 ms 82 ms it.ch1.ch.geant.net [62.40.96.33]
9 101 ms 98 ms 98 ms ch.at1.at.geant.net [62.40.96.1] 10 105 ms 105 ms 105 ms at.hu1.hu.geant.net [62.40.96.178] 11 117 ms 112 ms 113 ms hu.hr1.hr.geant.net [62.40.96.145]
12 113 ms 115 ms 115 ms carnet-gw.hr1.hr.geant.net [62.40.103.218] 13 120 ms 122 ms 123 ms 193.198.228.6
14 114 ms 112 ms 119 ms 193.198.229.10 15 120 ms 119 ms 119 ms 161.53.16.14
16 114 ms 114 ms 113 ms duality.cc.fer.hr [161.53.72.111]
Trace complete.
private network
Tel Aviv Uni.
ILAN
DANTE
HR-ZZ
CARnet
AS378
AS20965GEANT
MACHBA
CARnet
AS2108
378 20965 2108
from IP to AS routes
2ms
![Page 77: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/77.jpg)
![Page 78: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/78.jpg)
DIMES AS distance definition (1)
• Define the following distances:– MaxAS(n) – the maximum delay to a node in AS n.– MinAS(n) – the minimum delay to a node in AS n.
• For AS edge (src,dest) define the distances:MinASEdge(src,dest) = MinAS(dest)-MaxAS(src) MaxASEdge(src,dest) = MaxAS(dest)-MaxAS(src) – All distances are positive.
• Define: ASDiameter(n) = MaxAS(n)– MinAS(n)
![Page 79: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/79.jpg)
DIMES AS distance definition (2)
20ms 17ms 26ms 40ms 35ms 89ms 79ms 91ms
MinASEdge(378,1248) = 9ms
MaxASEdge(378,1248) = 63ms
MinASEdge(1248,701) = 1ms (non negative.)
MaxASEdge(1248,701) = 56ms
AS 378 AS 1248 AS 701
![Page 80: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/80.jpg)
DIMES AS Diameter definition
20ms 17ms 26ms 40ms 35ms 89ms 79ms 91ms
AS 378 AS 1248 AS 701
diameter = 9ms diameter = 54ms diameter = 12ms
![Page 81: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/81.jpg)
Measurement Projects
![Page 82: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/82.jpg)
ETOMIC(Evergrow Traffic Observatory Measurement InfrastruCture)
http://www.etomic.org
• Active precise one-way delay measurement.• Specialized hardware.• With packet train techniques one can
– Estimate available bandwidth
– Bottleneck capacity
– Perform network tomography
• 18 boxes were deployed in Europe.• More have been deployed this year
![Page 83: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/83.jpg)
ETOMIC Deployment
![Page 84: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/84.jpg)
Hardware Structure
• A PC with a – DAG card
• high precision sampling hardware
• high precision packet train generation
– GPS connection• For synchronized timing
![Page 85: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/85.jpg)
The GPS module
• Garmin 35HVS GPS reciever
• 1 s PPS signal• RS 232 – RS 422
converter – max 100m cable
GPS
RS232-<422RS232-<422
RS422-<232RS422-<232
Serial portSerial port
DAG PPSDAG PPS
PCPC
![Page 86: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/86.jpg)
The Endace DAG 3.6GE card
• PCI bus – 32 bit 33 Mhz
• Single port full packet capture at 10/100/1000 Mbit/s
• Precise timestamping
• Burst of patterned traffic generator – sending special packets at 10/100/1000 Mbit/s
![Page 87: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/87.jpg)
ATOMIC -> ANME
![Page 88: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/88.jpg)
Skitterhttp://www.caida.org/tools/measurement/skitter
• Primarily intended to be used to measure forward IP paths (each ‘hop’) from a source to many destinations.
• traceroute based• Based on FreeBSD box with kernel
modification for timestamp accuracy.• Deployment: 20-30 skitter hosts, worldwide
(Half in the USA).
![Page 89: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/89.jpg)
Skitter Goals
• Measure Forward IP Pathsskitter records each hop from a source to many destinations. by incrementing the "time to live" (TTL) of each IP packet header and recording replies from each router (or hop) leading to the destination host.
• Measure Round Trip Timeskitter collects round trip time (RTT) along with path (hop) data. skitter uses ICMP echo requests as probes to a list of IP destinations.
• Track Persistent Routing Changesskitter data can provide indications of low-frequency persistent routing changes. Correlations between RTT and time of day may reveal a change in either forward or reverse path routing.
• Visualize Network ConnectivityBy probing the paths to many destinations IP addresses spread throughout the IPv4 address space, skitter data can be used to visualize the directed graph from a source to much of the Internet.
![Page 90: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/90.jpg)
Skitter Visualization
![Page 91: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/91.jpg)
2003:
12,517 node
35,334 edges
![Page 92: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/92.jpg)
RTT and loss plot
![Page 93: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/93.jpg)
Archipelago (Ark)
• 43 monitors– 3 commercial
• IPv4 & IPv6
![Page 94: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/94.jpg)
• 25th, 50th, and 75th percentiles
![Page 95: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/95.jpg)
RouteViewshttp://www.routeviews.org
• Peers with ~70 ASes (mostly backbones) to collect their BGP paths
• The largest and most reliable source of AS level routing and interconnectivity.
![Page 96: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/96.jpg)
Animating BGP Routing
![Page 97: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/97.jpg)
BGP Routing Table Growth
![Page 98: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/98.jpg)
NLANRhttp://www.nlanr.net
• The National Laboratory for Applied Network Research (NLANR)
• Lots of measurement data• Active Measurement Project (AMP)
– ~150 universities with high performance connection measure to each other.
• Passive Measurement and Analysis (PMA)– Header taken daily from OC3 - OC48 speed links.
![Page 99: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/99.jpg)
Ono
• A plugin for the Vuze (Azureus) BitTorrent Client
• 3.5M measurements a day
• Over 3000 ASes a year– Few hundreds of measurement per client– Measure only to other clients
![Page 100: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/100.jpg)
iPlane An Information Plane for Distributed Services
• Performs traceroutes from PlanetLab nodes and traceroute servers to construct a router interface-level Internet map.
• Clustering interfaces into PoPs– Based on TTL response time
• Latency prediction
![Page 101: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/101.jpg)
PlanetLab
• 1080 nodes over 496 (academic) sites
• Bare bone machines. Load your own tool.
• Host various measurement projects:– DIMES – iPlane– ScriptRoute: (flexible scripts)
![Page 102: Internet Measurement Tutorial Yuval Shavitt School of Electrical Engineering shavitt](https://reader036.vdocument.in/reader036/viewer/2022062320/56649d435503460f94a1fc3e/html5/thumbnails/102.jpg)
Scamper
A tool for network measurement
• IPv4 & IPv6
• Parallel measurements
• Measurement rate control
• Measurement type: UDP, ICMP, TCP, UDP-paris, and ICMP-paris. – By default, UDP is used.