operationalizing yarrp high speed active network topology
play

Operationalizing Yarrp: High-Speed Active Network Topology Mapping - PowerPoint PPT Presentation

Oct 03, 2023 •368 likes •538 views

Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS https://yarrp.nps.tancad.net/ Justin P. Rohrer (jprohrer@nps.edu) Department of Computer Science US Naval Postgraduate School AIMS-KISMET, February 28, 2020 1

  1. Operationalizing Yarrp: High-Speed Active Network Topology Mapping from AWS https://yarrp.nps.tancad.net/ Justin P. Rohrer (jprohrer@nps.edu) Department of Computer Science US Naval Postgraduate School AIMS-KISMET, February 28, 2020 1

  2. alternate title: How we’ve collected hourly Internet topology snapshots for the last 6 months* * Except for the month where AWS shut us down 2

  3. Background 3

  4. Background • Yarrp is a thing: https://www.cmand.org/yarrp/ • Probing rates ~1M PPS • Active Network Topology Mapping: • Send probes into the network from vantage points • Induce routers to send responses • Build a map of how Internet is connected and data forwarded • Goal: create/collect Internet topology “snapshots” • E.g. probe al IPv4 /24s within 5 minutes • Compare snapshots over time • Vantage points supporting Yarrp CPU/BW are hard to find/maintain 4

  5. Major Yarrp Milestones yarrp-0.5: fill mode, multi-instance yarrp-0.2: UDP, ICMP support IMC: IP of Beholder Pub. CAIDA Full Internet scan yarrp-0.6: features IMC: Yarrp Pub. Multipath Yarrp Yarrp on AWS 2020 2016 2017 2018 2019 5

  6. Deploying Yarrp in the cloud 6

  7. Distributed Yarrp (Freyr) • Running Yarrp from multiple locations: • Provides greater discovery • Allows for higher aggregate rates • Needs: • Deploy Yarrp at scale • Provide manageability and elasticity • Provide fault-tolerance and robustness • Plan: • use AWS compute/bandwidth resources at geographically distributed vantage points 7

  8. Challenges • AWS designed to do the same job many times in one place (AZ) • Most services don’t support cross-region operation • Undocumented behavior, easily overwhelmed middleboxes • E.g. security policy allow ICMP from ANY drops 90% of inbound ICMP • All hosts NATed, even when assigned public IPs • PTR record support extremely limited, only for SMTP servers • IPv6 support not on par with IPv4 • No sysadmin to design/operate this • Needs to keep running with only sporadic attention from me • High-bandwidth/CPU instances are expensive • Getting data out of AWS is expensive 8

  9. Yarrp AWS deployment scope • Deployed to vantage points (VPs) in 15 datacenters worldwide • Particular measurements may use subset or all VPs • Targets may be distributed across VPs • Automatic resilience – unresponsive VP targets reassigned to responsive VPs • Targets may be probed in parallel by multiple VPs STK CA IRL OR LDN TYO FRA SEL SFO OH PAR VA MUM SG SYD 9

  10. Yarrp AWS deployment architecture • Includes global (orchestration) infrastructure • Process & distribute targets to regions; Collect & process results • Per-region probing resources are replicated to all data centers 10

  11. Operational Status • Probing Set 1: • A target address in each routed /24 of the IPv4 Internet • Once per hour • Distributed across 15 AWS regions • Probing Set 2: • A target address in each routed /16 of the IPv4 Internet • Once per hour • Redundantly by all AWS regions • Data available on request. Large downloads use “requester pays” model • Currently running continuous production, work proceeds to improve user interface, add IPv6 support, etc. 11

  12. Lessons Learned 12

  13. AWS Policy Interactions • Traceroute is not a violation of the AWS Acceptable Use Policy • But it could still get your account shut down • Abuse reports only go to the root account • The security and abuse team will never interact with users directly • A user must have an AWS account manager to advocate for them • Each region has different limitations • E.g. don’t send packets with TTL=10 in region X 13

  14. Topology Observations • There are 10-12 (region dependent) hops between ec2 and Internet • Mostly in 100.64.0.0/10 shared address space (RFC6598) • Comparing snapshots is hard due to prevalence of load-balancing • Load-balancing analysis using MDA-Yarrp (shameless plug): https://rbeverly.net/research/papers/dminer-nsdi20.html • 65% of paths have load-balancing • Significant load-balancing between ASes • Observed diamonds with 100s of nodes and 1000s of edges • Flows rebalanced periodically (order of hrs) 14

  15. Collaboration Goals • Share the data • AWS S3 requester-pays model • Make Yarrp data queryable • Via AWS Athena (BigTable equivalent) • Support multipath (primitive type can’t be traceroute) • Feedback on usefulness of hourly snapshots • Or, what is the “right” snapshot frequency • Feedback on target set permutation and goals • Reuse for longitudinal analysis • Permutation for coverage 15

  16. End of slides 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The effects of disruption and topology on the computer network packet delivery ukasz

The effects of disruption and topology on the computer network packet delivery ukasz

The effects of disruption and topology on the computer network packet delivery ukasz Makowski Supervisor : Marc X. Makkes Networks Active field of research. Finding the dependencies between : Network noise Topology

383 views • 24 slides
Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active

Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active

Yarrping the Internet Robert Beverly Naval Postgraduate School February 12, 2016 Active Internet Measurements (AIMS) Workshop R. Beverly (NPS) Yarrp AIMS 2016 1 / 17 Motivation Active Topology Probing Years (and years) of prior work on

577 views • 19 slides
1 Ring Topology Ring Topology In a ring network, every device has exactly two neighbours

1 Ring Topology Ring Topology In a ring network, every device has exactly two neighbours

What is a Topology? Network topologies describe the ways in which the elements of a network are mapped. They describe the physical and logical arrangement of the network nodes. The physical topology of a network refers to the

279 views • 4 slides
Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization Robert

Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization Robert

Primitives for Active Internet Topology Mapping: Toward High-Frequency Characterization Robert Beverly, Arthur Berger , Geoffrey Xie Naval Postgraduate School MIT/Akamai November 2, 2010 ACM Internet Measurement Conference R. Beverly,

681 views • 26 slides
Topology monitoring implementation of network management system in TWAREN hybrid network

Topology monitoring implementation of network management system in TWAREN hybrid network

Topology monitoring implementation of network management system in TWAREN hybrid network National Center for High-Performance Computing 1 ABSTRACT TWAREN (TaiWan Advanced Research and Education Network) is a hybrid network composed of

532 views • 16 slides
ANN A Scalable, High Performance Active Network Node Dan Decasper dan@arl.wustl.edu Applied

ANN A Scalable, High Performance Active Network Node Dan Decasper dan@arl.wustl.edu Applied

ANN A Scalable, High Performance Active Network Node Dan Decasper dan@arl.wustl.edu Applied Research Laboratory (ARL), Washington University, St.Louis Computer Engineering and Network Laboratory (TIK), ETH Zurich, Switzerland Active Nets

492 views • 16 slides
High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges &

High Speed Traffic Analysis for High-Speed Traffic Analysis for Security: Challenges & Approaches Security: Challenges & Approaches C-DAC Asia-Pacific Advanced Network 32 nd Meeting, India Habitat Centre, New Delhi APAN 32nd Meeting,

647 views • 28 slides
UKLIGHT: projects at UCL Saleem Bhatti http://www.cs.ucl.ac.uk/staff/S.Bhatti/ 1 Challenges

UKLIGHT: projects at UCL Saleem Bhatti http://www.cs.ucl.ac.uk/staff/S.Bhatti/ 1 Challenges

UKLIGHT: projects at UCL Saleem Bhatti http://www.cs.ucl.ac.uk/staff/S.Bhatti/ 1 Challenges High-speed (multi-Gb/s) operation: network engineering for high-speed QoS at high speed within the core network QoS for individual

493 views • 16 slides
CBCN4103 CBCN4103 A LAN LAN is a high-speed data network that covers a relatively small

CBCN4103 CBCN4103 A LAN LAN is a high-speed data network that covers a relatively small

CBCN4103 CBCN4103 A LAN LAN is a high-speed data network that covers a relatively small geographic area. It typically connects workstations, personal computers, k l printers, servers, and other devices. LANs offer computer users many

742 views • 26 slides
Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting

Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting

Firewall Architectures for High-Speed Networks Errin W. Fulp DOE Network Research PI Meeting September 28, 2005 1 Project Objectives Methods that improve network firewall performance 1. Develop policy optim ization techniques Formal

221 views • 9 slides
ALM API for Topology Management ALM API for Topology Management and Network Layer Transparent

ALM API for Topology Management ALM API for Topology Management and Network Layer Transparent

ALM API for Topology Management ALM API for Topology Management and Network Layer Transparent Multimedia Transport <draft lim irtf sam alm api 00.txt > p 71 ST IETF SAM RG MEETING, PHILADELPHIA. Lim Boon Ping

230 views • 19 slides
WHAT DO WE KNOW ABOUT THE TOPOLOGY? WHAT DO WE KNOW ABOUT THE TOPOLOGY? Number of nodes and

WHAT DO WE KNOW ABOUT THE TOPOLOGY? WHAT DO WE KNOW ABOUT THE TOPOLOGY? Number of nodes and

TxProbe: Discovering Bitcoins Network Topology Using Orphan Transactions Sergi Delgado-Segura , Surya Bakshi, Cristina Prez-Sol, James Litton, Andrew Pachulski, Andrew Miller and Bobby Bhattacharjee sr_gi WHAT DO WE KNOW ABOUT THE TOPOLOGY?

1.84k views • 162 slides
Statewide High Speed Network networkMaryland TM Advisory Group Meeting January 15, 2008

Statewide High Speed Network networkMaryland TM Advisory Group Meeting January 15, 2008

Statewide High Speed Network networkMaryland TM Advisory Group Meeting January 15, 2008 Annapolis, MD Meeting Agenda Welcome & Introductions State of the Network Status of Project Pricing Model Discussion Other Business 2

423 views • 29 slides
Statewide High Speed Network networkMaryland Advisory Group Meeting September 19, 2006

Statewide High Speed Network networkMaryland Advisory Group Meeting September 19, 2006

Statewide High Speed Network networkMaryland Advisory Group Meeting September 19, 2006 Annapolis, Maryland MEETING AGENDA Welcome & Introductions State of the Network Status of Project Other Business 2 Welcome

421 views • 22 slides
Complex network planning methodology and framework Mitcsenkov Attila (BME TMIT, High Speed

Complex network planning methodology and framework Mitcsenkov Attila (BME TMIT, High Speed

Image: Sumitomo Electric Lightwave Computer aided network planning and techno-economic assessment of next generation optical access networks Complex network planning methodology and framework Mitcsenkov Attila (BME TMIT, High Speed Networks

851 views • 51 slides
Statewide High Speed Network networkMaryland Advisory Group Meeting March 21, 2006 Annapolis,

Statewide High Speed Network networkMaryland Advisory Group Meeting March 21, 2006 Annapolis,

Statewide High Speed Network networkMaryland Advisory Group Meeting March 21, 2006 Annapolis, Maryland MEETING AGENDA Welcome & Introductions State of the Network Status of Project Rural Broadband Cooperatives Other

268 views • 25 slides
Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence

Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence

Experiences with practice-focused undergraduate security education Robert L. Fanelli and Terrence J. OConnor Department Electrical Engineering and Computer Science United States Military Academy, West Point, NY, USA 1 USMA EECS

374 views • 20 slides
XSEDE Cybersecurity Program & Information Sharing Overview James Marsteller Agenda XSEDE

XSEDE Cybersecurity Program & Information Sharing Overview James Marsteller Agenda XSEDE

June 22, 2017 XSEDE Cybersecurity Program & Information Sharing Overview James Marsteller Agenda XSEDE Security Team Background Goals/Mission Structure History Policies and Procedures Incident Repose Program Mission

535 views • 20 slides
C.W. Morey School Family Orientation Remote Learning September 2020 2 Lowell Public Schools

C.W. Morey School Family Orientation Remote Learning September 2020 2 Lowell Public Schools

C.W. Morey School Family Orientation Remote Learning September 2020 2 Lowell Public Schools With parent feedback about the emergency closure, we developed this plan to: Rationale Eliminate the need for families to provide

948 views • 15 slides
Just a few things to help guide you to a happy and productive life inside our company... Personal

Just a few things to help guide you to a happy and productive life inside our company... Personal

Just a few things to help guide you to a happy and productive life inside our company... Personal Phones are OUT Company Phones are IN Encode Everything. Sales Orders Original Receipts Provisional Receipts Picking Lists Special Instructions

348 views • 7 slides
Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

1.06k views • 60 slides
Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016

Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016

Getting Started with DUNE's Software and Computing Thomas R. Junk Young Dune September 16, 2016 Web Documentation I set my web browser's home page to the DUNE at Work page: https://web.fnal.gov/collaboration/DUNE/SitePages/home.aspx It is

543 views • 30 slides
Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 15 Access Control Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Authentication vs Authorization Authentication Who goes there? Restrictions on who (or what)

348 views • 21 slides
Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger

Access Control CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Access Control

592 views • 23 slides

More recommend