characterizing ipv4 anycast adoptjon and deployment
play

Characterizing IPv4 Anycast Adoptjon and Deployment Dario Rossi - PowerPoint PPT Presentation

Feb 04, 2023 •239 likes •748 views

Characterizing IPv4 Anycast Adoptjon and Deployment Dario Rossi Professor dario.rossi@telecom-paristech.fr htup://www.enst.fr/~drossi/anycast Joint work with D.Cicalese, J. Auge, D. Joumblatu and T. Friedman Talk Teaser A seminal work [4] at

  1. Characterizing IPv4 Anycast Adoptjon and Deployment Dario Rossi Professor dario.rossi@telecom-paristech.fr htup://www.enst.fr/~drossi/anycast Joint work with D.Cicalese, J. Auge, D. Joumblatu and T. Friedman

  2. Talk Teaser A seminal work [4] at NANOG’59 investjgates who are the IP anycasters. Our focus is instead on where they are Note: everything you see in this talk is available as open source at Note: everything you see in this talk is available as open source at htup://www.telecom-paristech.fr/~drossi/anycast htup://www.telecom-paristech.fr/~drossi/anycast Demo shortlink: goo.gl/Ff8gdQ 12

  3. Outline • Preliminaries – Motjvatjon, defjnitjon & state of the art • Background (wrt the anrp paper) – Recall on Latency-based anycast geolocatjon technique [1] • Foreground (the anrp paper) – IPv4 anycast censuses [2] – Demo, source code, ground truth and more [3] • Ongoing – Study infrastructure evolutjon & usage – Applicatjon to BGP hijack detectjon [1] D. Cicalese et al. A Fistgul of Pings: Accurate and Lightweight Anycast Enumeratjon and Geolocatjon, IEEE INFOCOM, Apr 2015. [2] D. Cicalese et al. Characterizing IPv4 Anycast Adoptjon and Deployment, ACM CoNEXT, Dec 2015. [3] htup://www.telecom-paristech.fr/~drossi/anycast 3

  4. Motjvatjons O(100ms) 400ms delay , 0.7% less searches (=less ads (=less $)) : ms (2sec) reduces by 1.2% (4.8%) O(10ms) 5sec speedup, +25% visit, +12% revenue

  5. Motjvatjons O(10ms) O(10ms)

  6. Applicatjon-layer anycast  How it works  Pros • Ability to specify selectjon criteria • Relies on IP unicast • Fine-grained control over server • Server selectjon via DNS redirectjon, URL rewritjng load • Maintains connectjon affjnity • Fast failover X1  Cons X3 X2 • Ad hoc, per service confjguratjon DNS • Overhead to collect selectjon X1 IP metrics • E.g. List of servers up, latency, load C3 C2 C1 x.com?

  7. IP-layer anycast  How it works  Pros • Natjvely supported by IP • Shared IP address for replicate • Transparent to upper layers servers • Visibility of servers • BGP Prefjx advertjsed from (Global vs Local) multjple points of origin  Cons X X • Lack of fjne-grained control BGP X announces • Destjnatjon determined by IP routjng metrics IP • Prone to prefjx hijacking forwarding C3 • No guarantees of server affjnity C2 C1 (e.g., connectjon-oriented services) Our focus Our focus

  8. Anycast geolocatjon • Problem statement: where are the anycast instances? – E.g., Google 8.8.8.8 or CloudFlare, or EdgeCast or root servers, etc. Commercial databases Distributed measurement Mountain View, CA (IP2Locatjon) Tools using distributed New York, NY (Geobytes) measurement aren’t betuer ! United States (Maxmind) Single (tme varying) answer ? ? Unknown accuracy ? ? ? S U o t U E m o r f s m ! violaton ! 2 t h g i l ????? f o d e e p S 1ms ≈ 100Km ICMP packets are ~3x slower than lightspeed 8

  9. Outline Background Part I: iGreedy Part II: Census Ongoing work Summary Anycast geolocatjon • Problem statement: where are the anycast instances? – E.g., Google 8.8.8.8 or CloudFlare, or EdgeCast or root servers, etc. • Solutjon Distributed measurement – Leverage inconsistency Tools using distributed of latency measurement measurement aren’t betuer ! – This was used in NANOG’59 But they could! to detect who are the anycasters – We raise this to the next level ? ? ? ? ? S and geolocate where they are U o t U E m o r f s m ! violaton ! 2 • Propertjes t h g i l f o d e e p S – Lightweight : few pings – Protocol agnostc : ICMP probes Hey, that Hey, that must be – Accurate against ground truth must be anycast! anycast! – Fast : greedy, but as good as costly optjmum solutjon 9

  10. Outline Background Part I: iGreedy Part II: Census Ongoing work Summary Related work FG FG BG all IPv4 Main difgerentators • Background fjrst lightweight and protocol-agnostjc technique able to detect, enumerate and geolocate anycast instances • Foreground fjrst large-scale (several IPv4 censuses) geolocatjon of anycast instances 10

  11. Outline Background Part I: iGreedy Part II: Census Ongoing work Summary Workfmow iGreedy Census iGreedy PlanetLab and RIPE Atlas Census PlanetLab (+ RIPE Atlas) – Lightweight : O(1) pings per target per – Broad : apply iGreedy to all IPv4 / vantage point 24 for each census – DNS : validate with RIPE Atlas – Costly: 3 Billions RIPE Atlas DNS CHAOS ground truth credits, per census; combine iGreedy PlanetLab and RIPE Atlas (backup – PlanetLab slides) – Detailed: complementary nmap – CDN : ground truth with new protocol- portscan of detected anycast specifjc technique replicas (HTTP headers; see paper) – Protocols: ICMP, DNS/UDP, DNS/TCP, HTTP/TCP, etc. 11

  12. Outline Background Part I: iGreedy Part II: Census Ongoing work Summary iGreedy overview Filter latency Scalability noise Detect Detect Enumerate Enumerate Geolocate Geolocate Speed of light Speed of light Solve MIS Solve MIS Classifjcatjon Classifjcatjon violatjons violatjons Brute force (Optjmum) Brute force (Optjmum) Maximum likelihood Maximum likelihood Greedy (5-approx ) Greedy (5-approx ) pick the largest city pick the largest city Measure Measure Iterate Latency Latency Feedback Planetlab/RIPE Atlas Planetlab/RIPE Atlas Increase recall Lightweight Infrastructure Measure Detect Enumerate Geolocate Iterate 12

  13. iGreedy overview Filter latency Scalability noise Detect Detect Enumerate Enumerate Geolocate Geolocate Speed of light Speed of light Solve MIS Solve MIS Classifjcatjon Classifjcatjon violatjons violatjons Brute force (Optjmum) Brute force (Optjmum) Maximum likelihood Maximum likelihood Greedy (5-approx ) Greedy (5-approx ) pick the largest city pick the largest city Paris-Madrid Measure Measure Iterate 1053Km Latency Latency Feedback Planetlab/RIPE Atlas Planetlab/RIPE Atlas Increase recall Lightweight Infrastructure 1ms ≈ 10% disks Median latency stretch Importance of over speed-of-light Internet side-channel infos 100Km < 1000Km Measure Detect Enumerate Geolocate Iterate 13

  14. iGreedy performance • At a glance Accurate enumeratjon over 75% recall Precise geolocatjon over 75% true positjves Protocol agnostjc DSN and CDN, etc. Lightweight 100x less probes than previous work Fast O(100ms) greedy vs O(1000sec) for brute force Ready Open source code [3] to measure, analyze and map (demo if tjme allows later) Reliable Open dataset [3] along the code, with latency measurement & ground truth 14

  15. Census agenda • Census preliminaries – Confjrms iGreedy works for non-DNS services – Select a probing protocol and rate Backup slides – Optjmize data storage and processing – Infrastructure consideratjon (PlanetLab vs RIPE) – Scale up the iGreedy technique (& be gentle) • Census results – At a glance: Geographic heatmap – Big fjshes: Top-50 deployments – Services: Complementary port-scan – Web interface: What’s available

  16. Anatomy of an IPv4 census Typical workfmow • O(10 7 ) likely alive targets x O(10 2 ) actjve probes with ICMP • O(10 3 ) targets/sensor/second , 1 census = few hours • O(10 7 ) runs of iGreedy later…. • O(10 3 ) targets are anycast – proverbial needle in the IPv4 haystack 1

  17. Anatomy of an IPv4 census Typical workfmow IPv4/32 census by ANT/ISI • O(10 7 ) likely alive targets x O(10 2 ) actjve probes with ICMP • O(10 3 ) targets/sensor/second , 1 census = few hours • O(10 7 ) runs of iGreedy later…. • O(10 3 ) targets are anycast – proverbial needle in the IPv4 haystack 1

  18. Anatomy of an IPv4 census Typical workfmow Administratjvely prohibited /24 are probed only by 1 VP Greylist Avoid overload targets • O(10 7 ) likely alive targets x O(10 2 ) actve probes with ICMP • O(10 3 ) targets/sensor/second , 1 census = few hours • O(10 7 ) runs of iGreedy later…. • O(10 3 ) targets are anycast – proverbial needle in the IPv4 haystack 1

  19. Anatomy of an IPv4 census Typical workfmow Service agnostjc: Higher recall Results match with difgerent protocols • O(10 7 ) likely alive targets x O(10 2 ) actjve probes with ICMP • O(10 3 ) targets/sensor/second , 1 census = few hours • O(10 7 ) runs of iGreedy later…. • O(10 3 ) targets are anycast – proverbial needle in the IPv4 haystack 1

  20. Anatomy of an IPv4 census Typical workfmow Avoid VP overload /fjrewalls • O(10 7 ) likely alive targets x O(10 2 ) actjve probes with ICMP • O(10 3 ) targets/sensor/second , 1 census = few hours • O(10 7 ) runs of iGreedy later…. • O(10 3 ) targets are anycast – proverbial needle in the IPv4 haystack 2

  21. Anatomy of an IPv4 census Typical workfmow VP • Our tool can scan more • Some PlanetLab nodes than 10k hosts/sec/VP are fjrewalled– they • We maximize interarrival drop ICMP reply traffjc tjme between ICMP echo request from difgerent VPs • Experimentally, to the same target no problem • However, ICMP echo replies Avoid VP with 1k req/sec aggregate at the VP, that overload /fjrewalls receives 10k replies/sec • O(10 7 ) likely alive targets x O(10 2 ) actjve probes with ICMP • O(10 3 ) targets/sensor/second , 1 census = few hours • O(10 7 ) runs of iGreedy later…. • O(10 3 ) targets are anycast – proverbial needle in the IPv4 haystack 2

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition

Tunnel Broker Using IPv4 Anycast Xin LIU lx@ns.6test.edu.cn August 2003 Outline Transition from IPv4 to IPv6 Typical Tunnel Broker Tunnel Broker Utilizing IPv4 Anycast From IPv4 to IPv6 IPv6 = Internet Protocol Version 6

722 views • 14 slides
Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA

Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA

Anycast Routing in OLSR MANETs (A sample deployment) Justin Dean 4 th OLSR Interop Ottawa, CA 10/14/08 Anycast definitions Anycast addressing assigning a common IP address to multiple instance of the same service.. 1 Anycast

794 views • 19 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
IPv4 Anycast Routing Reza Jamali Sindad 2018 July In Real World How WebSites act If you try

IPv4 Anycast Routing Reza Jamali Sindad 2018 July In Real World How WebSites act If you try

IPv4 Anycast Routing Reza Jamali Sindad 2018 July In Real World How WebSites act If you try to access sindad.com from US the request will be routed to the Colocrossing data center. If you try to access sindad.com from Asia, again the

578 views • 47 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Tier-1s break Anycast DNS Zhihao Li, Neil Spring D-Root: 199.7.91.13 111 Anycast

Tier-1s break Anycast DNS Zhihao Li, Neil Spring D-Root: 199.7.91.13 111 Anycast

Tier-1s break Anycast DNS Zhihao Li, Neil Spring D-Root: 199.7.91.13 111 Anycast replicas: 19 global (red): advertised without restriction 92 local (black): advertised one hop in BGP Anycast Mental model: Packets sent to

646 views • 29 slides
CHARACTERIZING THE EFFECTS OF RAPID LTE DEPLOYMENT: A DATA-DRIVEN ANALYSIS Kareem Abdullah*, Noha

CHARACTERIZING THE EFFECTS OF RAPID LTE DEPLOYMENT: A DATA-DRIVEN ANALYSIS Kareem Abdullah*, Noha

CHARACTERIZING THE EFFECTS OF RAPID LTE DEPLOYMENT: A DATA-DRIVEN ANALYSIS Kareem Abdullah*, Noha Korany*, Ayman KhalafAllah*, Ahmed Saeed, Ayman Gaber *Alexandria University Georgia Institute of Technology Vodafone, Egypt

534 views • 26 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4 space 4.294.967.296 IP addresses (not all of them are usable) It seems a lot of space, right? But the world population is almost 7 billion

201 views • 16 slides
IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life Cycle Events ARIN Runout RIPE Inter-RIR Transfers /8s come to market IPv6 Adoption 2 Factors Affecting Pricing # OF IP TRANSFERS

223 views • 8 slides
Anycast census and geolocation AIMS: Workshop on Active Internet Measurements 31 March - 2 April

Anycast census and geolocation AIMS: Workshop on Active Internet Measurements 31 March - 2 April

Anycast census and geolocation AIMS: Workshop on Active Internet Measurements 31 March - 2 April 2015 Cicalese Danilo Jordan Auge Diana Joumblatt Dario Rossi Timur Friedman Here is where the anycast instances are Demo: goo.gl/Ff8gdQ 12

338 views • 19 slides
.CL anycast switching experiment Sebastian Castro secastro@caida.org secastro@nic.cl CAIDA

.CL anycast switching experiment Sebastian Castro secastro@caida.org secastro@nic.cl CAIDA

.CL anycast switching experiment Sebastian Castro secastro@caida.org secastro@nic.cl CAIDA NIC Chile 8 th CAIDA/WIDE workshop July, 2007 Introduction The anycast technology has been widely deployed in various DNS services around the

291 views • 17 slides
CloudFlare DNS Anycast Services lafur Gu mundsson | olafur@cloudflare.com Network Over 80

CloudFlare DNS Anycast Services lafur Gu mundsson | olafur@cloudflare.com Network Over 80

CloudFlare DNS Anycast Services lafur Gu mundsson | olafur@cloudflare.com Network Over 80 locations soon All services over Anycast 2 CloudFlare DNS expertise Deliver DNS answers in fast and reliable manner worldwide

545 views • 7 slides
F root anycast: What, why and how Joo Damas ISC Overview What is a root server? What is

F root anycast: What, why and how Joo Damas ISC Overview What is a root server? What is

F root anycast: What, why and how Joo Damas ISC Overview What is a root server? What is F? What is anycast? F root anycast. Why? How does ISC do it? What is f.root-servers.net? One the Internets official DNS root servers

456 views • 24 slides
Falkon: optimal and efficient large scale kernel learning Alessandro Rudi INRIA - Ecole

Falkon: optimal and efficient large scale kernel learning Alessandro Rudi INRIA - Ecole

Falkon: optimal and efficient large scale kernel learning Alessandro Rudi INRIA - Ecole Normale Sup erieure joint work with Luigi Carratino (UniGe), Lorenzo Rosasco (MIT - IIT) July, 6th ISMP 2018 Learning problem The problem P Find

602 views • 20 slides
Distributed optimization over networks: application to multi-building energy management Maria

Distributed optimization over networks: application to multi-building energy management Maria

Distributed optimization over networks: application to multi-building energy management Maria Prandini Politecnico di Milano, Italy maria.prandini@polimi.it Credit Alessandro Falsone Daniele Ioli Simone Garatti Kostas Margellos 1

783 views • 56 slides
ConnectHome Nation Webinar ConnectHome Nation Webinar Digital Inclusion Efforts in Detroit

ConnectHome Nation Webinar ConnectHome Nation Webinar Digital Inclusion Efforts in Detroit

ConnectHome Nation Webinar ConnectHome Nation Webinar Digital Inclusion Efforts in Detroit November 19 th , 2019 1 Agenda Agenda Topic #1 Topic #2 1. Detroit's New Director of Digital Inclusion Q&amp;A Joshua Edmonds, Director of Digital

345 views • 18 slides
Tractable Representations Inference Probabilistic Learning Models Applications Guy Van den

Tractable Representations Inference Probabilistic Learning Models Applications Guy Van den

Tractable Representations Inference Probabilistic Learning Models Applications Guy Van den Broeck University of California, Los Angeles based on joint AAAI-2020 and UAI-2019 tutorials with Antonio Vergari YooJung Choi University of

2.07k views • 177 slides
Main Aspects and Impact of 5G-Phase II Projects Thessaloniki, IEEE 5G-Summit OTE S.A. George

Main Aspects and Impact of 5G-Phase II Projects Thessaloniki, IEEE 5G-Summit OTE S.A. George

Main Aspects and Impact of 5G-Phase II Projects Thessaloniki, IEEE 5G-Summit OTE S.A. George Agapiou IEEE 5G-Summit, Thessaloniki, July 11th 1 Motivation The focus of 5G research so far has been largely on the required advances in

226 views • 10 slides
Entropy of the Internal State of an FCSR in Galois Representation Andrea R ock INRIA Paris -

Entropy of the Internal State of an FCSR in Galois Representation Andrea R ock INRIA Paris -

Entropy of the Internal State of an FCSR in Galois Representation Andrea R ock INRIA Paris - Rocquencourt, France Fast Software Encryption Lausanne, February 12, 2008 Outline FCSR Entropy after one Iteration Final Entropy

467 views • 19 slides
T HE D ATA D ELUGE I NFORMATIONAL B URNOUT OR DECISION MAKING ADAPTATION ? The

T HE D ATA D ELUGE I NFORMATIONAL B URNOUT OR DECISION MAKING ADAPTATION ? The

T HE D ATA D ELUGE I NFORMATIONAL B URNOUT OR DECISION MAKING ADAPTATION ? The &quot;scale approach&quot; as methodological solution &quot;Fashion retail industry Information has gone from scarce to superabundant. That brings huge

1k views • 28 slides
Probing the Higgs Potential with di-Higgs Production Measuring the Tri-Linear Coupling at

Probing the Higgs Potential with di-Higgs Production Measuring the Tri-Linear Coupling at

Probing the Higgs Potential with di-Higgs Production Measuring the Tri-Linear Coupling at Particle Colliders g h t h t g t h Sam Homiller Stony Brook University GRADTALKS May 12, 2017 1 / 25 Sam Homiller Stony Brook

373 views • 25 slides

More recommend