speedtrap internet scale ipv6 alias resolution
play

Speedtrap: Internet-Scale IPv6 Alias Resolution Matthew Luckie - PowerPoint PPT Presentation

Apr 26, 2023 •334 likes •557 views

Speedtrap: Internet-Scale IPv6 Alias Resolution Matthew Luckie (CAIDA / UC San Diego) Robert Beverly (NPS) Billy Brinkmeyer (NPS) kc claffy (CAIDA / UC San Diego) Overview Alias resolution (IPv4 and IPv6) Speedtrap: IPv6

  1. Speedtrap: Internet-Scale IPv6 Alias Resolution Matthew Luckie (CAIDA / UC San Diego) Robert Beverly (NPS) Billy Brinkmeyer (NPS) kc claffy (CAIDA / UC San Diego)

  2. Overview • Alias resolution (IPv4 and IPv6) • Speedtrap: IPv6 • Implementation and analysis • Validation

  3. Alias Resolution • Router-level maps of the Internet are assembled using a set of hacks • Traceroute returns interface IP addresses • Which IP addresses belong to the same router? – Critical step: transforming an IP-interface graph to a router graph

  4. Prior Work (IPv4) • Analytical: – Graph Analysis (Rocketfuel, APAR, etc) – DNS (Rocketfuel) • Fingerprinting – Common source address (Mercator) – Record Route (Discarte) – Pre-specified timestamps (Sherry IMC 2010) – IP-ID (Ally, Radargun, MIDAR)

  5. IP-ID fingerprinting • Ally (Spring et al., 2002) – Obtain sequence of IP-ID values from A and B which suggest a shared counter and therefore aliases Prober A B Probe A x = I D A , = r c , s p l y e R Probe B 1 x + = I D B , = s r c , p l y e R Probe A + 2 x D = I A , c = s r y , p l R e

  6. IP-ID fingerprinting: MIDAR Monotonic Bounds Test (MBT)

  7. Prior Work (IPv6) • Source routing – Waddington, et al. (2003): Atlas – Qian et al. (2010): Route positional method • RFC 5095 (Dec 2007) deprecates source- routing functionality required – Denial of service through traffic amplification • O(N 2 ) probes, comparisons required

  8. Too Big Trick (TBT) • Induce router to send fragmented packets Prober Interface Echo Request, 1300B, seq 0 0 q e s B , 0 0 3 1 , e s o n p s e R h o c E Packet Too Big, MTU=1280 Echo Request, 1300B, seq 1 0 = f O f x , = D I g a F r 1 , q e s , e n s o p s e R o h c E 2 3 2 1 = f f O , = x D g I a r F , 1 q e s e , s n o p s R e o h c E

  9. TBT Effectiveness • March 2013 Interfaces observed by CAIDA ’ s Archipelago • 52,986 interfaces: – 32.1% sent fragments w/ incrementing IP-ID – 17.9% sent fragments w/ random IP-ID – 30.2% did not respond to echo probes – 19.8% did not send fragments

  10. 80% of samples occupy 0.00002% of the sample space (<1000) (ID is 2 32 bit value) Shared counter otherwise idle

  11. RFC1981 requires a system to cache MTU for at least 5 minutes recommends 10 minutes. 78% send fragments for at least two hours

  12. High-level Algorithm 1. Determine IPID behaviour of interfaces 2. Solicit non-overlapping sequence 3. Distill candidate routers 4. Pair-wise testing

  13. Implementation scamper: 20pps sc_speedtrap ping ping basic driver: ping measurement logic for resolving result techniques aliases ping result … …

  14. Step 2: non-overlapping sequence • Stage 1: solicit fragmented response from all incrementers • Stage 2: probe all interfaces which overlapped in time in stage 1 • Stage 3: solicit fragmented response from all incrementers

  15. Step 2 stage 2: groups

  16. Step 3: distill candidate routers • Infer candidate routers using a transitive closure (TC) of all interface-pairs that may share counter • Try and cause divergence between A, B: – Probe A, B, A – One second apart • TC groups can be probed in parallel

  17. Step 4: pairwise testing • Final pair-wise testing of candidate interfaces. • In our data, 11,083 of 11,086 interfaces returned sequential IDs

  18. Analysis: Packets and Time Step Packets Time 1 IPID behaviour 317,814 5:35:44 2 Non-overlapping sequence 80,017 1:15:31 3 Distill candidate routers 34,659 1:15:43 4 Pair-wise testing 63,765 1:01:12 Total: 496,255 9:08:10 52,969 interfaces 20pps

  19. 17,002 incrementing interfaces 11,181 routers 68%: single interface 21%: two interfaces 11%: > two interfaces Largest: 25 interfaces

  20. Validation • Four sources: – STP-1: RANCID 70 routers – STP-2: DNS 94 (observed) – AP: DNS 267 (observed) – Tier-1: DNS 239 (observed) • Additional networks contacted, but DNS naming schemes were insufficient

  21. Validation Validation name STP-1 STP-2 AP Tier1 Data source RANCID DNS DNS DNS Incrementing IPID 43 40 86 50 Random IPID 43 85 98 No Fragments 11 84 77 No Echo Replies 8 11 Mixed 4 3 Total Routers 70 94 267 239 Interfaces 151/750 85/279 138/1008 79/625 Correct assignments 150/151 85/85 137/138 79/79 451/453 correct assignments. 219 of 11,181 routers (2%)

  22. Future Work • Currently can resolve aliases for 1/3rd of routers – Investigate analytical approach to infer likely aliases • Refine topology mapping process to focus on finding router subnets

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Large Scale IPv6 Alias Resolution Matthew Luckie Overview IP-ID based alias resolution

Large Scale IPv6 Alias Resolution Matthew Luckie Overview IP-ID based alias resolution

Large Scale IPv6 Alias Resolution Matthew Luckie Overview IP-ID based alias resolution techniques IP-ID used in reassembly to identify fragments that belong to same packet. Commonly implemented as a counter in IPv4 (and v6) ally

371 views • 15 slides
UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li ,

UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li ,

UAv6: Alias Resolution in IPv6 Using Unused Addresses Ramakrishna Padmanabhan, Zhihao Li , Dave Levin, and Neil Spring University of Maryland, College Park, MD { ramapad,zhihaoli,dml,nspring } @cs.umd.edu As the IPv6 Internet grows, alias

328 views • 12 slides
Techniques for better alias resolution in Internet topology discovery Santiago Garcia Jimenez

Techniques for better alias resolution in Internet topology discovery Santiago Garcia Jimenez

Techniques for better alias resolution in Internet topology discovery Santiago Garcia Jimenez Eduardo Magaa lizarrondo Daniel Morato Oses Mikel Izal Azkarate Index Introduction Existing techniques for alias resolution New techniques for

848 views • 41 slides
IPv6 Alias Resolution via Induced Fragmentation Billy Brinkmeyer, Robert Beverly, Matthew Luckie

IPv6 Alias Resolution via Induced Fragmentation Billy Brinkmeyer, Robert Beverly, Matthew Luckie

IPv6 Alias Resolution via Induced Fragmentation Billy Brinkmeyer, Robert Beverly, Matthew Luckie , Justin Rohrer Naval Postgraduate School CAIDA {wdbrinkm,rbeverly,jprohrer}@nps.edu mjl@caida.org February 6-8, 2013 ISMA 2013 AIMS-5 -

513 views • 24 slides
IPv6 Alias Resolution via Induced Fragmentation Billy Brinkmeyer, Robert Beverly, Matthew Luckie

IPv6 Alias Resolution via Induced Fragmentation Billy Brinkmeyer, Robert Beverly, Matthew Luckie

IPv6 Alias Resolution via Induced Fragmentation Billy Brinkmeyer, Robert Beverly, Matthew Luckie , Justin Rohrer Naval Postgraduate School CAIDA {wdbrinkm,rbeverly,jprohrer}@nps.edu mjl@caida.org March 18-19, 2013 PAM 2013 - 14th

718 views • 23 slides
IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan,

IPv6 (Internet Protocol version 6) APNIC meeting, 3 September 2002 Internet Initiative Japan, Inc. / KAME Project Keiichi SHIMA &lt;keiichi@iij.ad.jp&gt; Contents Why do we use IPv6? IPv6 Addresses Link-layer address resolution

1.55k views • 116 slides
Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6

Internet Evolution and IPv6 Paul Wilson APNIC 1 Where are IPv6 addresses today? 2 IPv6 Global allocations by RIR APNIC 337 21% RIPENCC 737 45% ARIN 438 LACNIC AFRINIC 27% 87 37 5% 2% Unit: IPv6 pref i x 3 IPv6

603 views • 24 slides
Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com

Introducing IPv6-only in the Internet: Balkanisation or Translation? Alain.Durand@sun.com When will IPv6-only deployment happen? Hypothesis 1 1st node is All IPv4 nodes dual-stack speak also IPv6 IPv4-only IPv4 &amp; IPv6 IPv6-only

675 views • 25 slides
Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski

Department of Veterans Affairs Internet Protocol Version 6 (IPv6): North American IPv6 Summit April 10, 2012 Steven Pirzchalski Director, Enterprise Transport Services VA IPv6 Transition Manager Outreach Chair, Federal IPv6 Task Force Major

382 views • 13 slides
The Internet Protocol (IP) Part 2: IPv6 JeanYves Le Boudec Fall 2009 1 1 Contents 1. IPv6

The Internet Protocol (IP) Part 2: IPv6 JeanYves Le Boudec Fall 2009 1 1 Contents 1. IPv6

COLE POLYTECHNIQUE FDRALE DE LAUSANNE The Internet Protocol (IP) Part 2: IPv6 JeanYves Le Boudec Fall 2009 1 1 Contents 1. IPv6 2. NATs 3. Interworking IPv4 / IPv6 4. Routing Implications 5. Recap Some slides come from:

911 views • 73 slides
Content-Centric Networking at Internet Scale through The Integration of Name Resolution and

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and

Content-Centric Networking at Internet Scale through The Integration of Name Resolution and Routing J. J. Garcia-Luna-Aceves UCSC/Xerox PARC Overview q Routing to names is not better than routing to addresses in a content-centric network q

559 views • 22 slides
1 What Can Alias? (cont) Alias Analysis Arrays Goal: Statically identify aliases do b[c[i 1 ]]

1 What Can Alias? (cont) Alias Analysis Arrays Goal: Statically identify aliases do b[c[i 1 ]]

Alias Analysis Aliasing Last time What is aliasing? Midterm When two expressions denote the same mutable memory location e.g., p = new Object; Today q = p; * p and * q alias Alias analysis (pointer analysis) How do aliases

162 views • 5 slides
IPv6: Where are we in 2017? Based on Internet Society 2017 report

IPv6: Where are we in 2017? Based on Internet Society 2017 report

IPv6: Where are we in 2017? Based on Internet Society 2017 report https://www.internetsociety.org/doc/state-ipv6-deployment-2017 June 6, 2017 History of IPv6 1990: IETF realized that IPv4 address space would run out Took steps to

588 views • 25 slides
1 DUT DNS . FW Dual-Stack WWW Dual-Stack . Internet WLAN . IPv6 DUT 1) Silent drop

1 DUT DNS . FW Dual-Stack WWW Dual-Stack . Internet WLAN . IPv6 DUT 1) Silent drop

1 DUT DNS . FW Dual-Stack WWW Dual-Stack . Internet WLAN . IPv6 DUT 1) Silent drop IPv6 ICMPv6 no route 2) IPv6 ICMPv6 address unreachable 3) 2 Device DNS query IPv6 broken, time until fallback to IPv4 Comments sending

278 views • 6 slides
Resurection of the Internet: IPv6 support in FreeBSD Bkr EMRE emre@enderunix.org EnderUNIX

Resurection of the Internet: IPv6 support in FreeBSD Bkr EMRE emre@enderunix.org EnderUNIX

Resurection of the Internet: IPv6 support in FreeBSD Bkr EMRE emre@enderunix.org EnderUNIX Core Team Member www.enderunix.org/emre Introduction to IPv6 IPv6: New version of Internet Protocol Expanded Addressing Capabilities

419 views • 41 slides
Internet Area IPv6 Multi-Addressing, Locators and Paths Objective To facilitate an Internet

Internet Area IPv6 Multi-Addressing, Locators and Paths Objective To facilitate an Internet

Internet Area IPv6 Multi-Addressing, Locators and Paths Objective To facilitate an Internet Area discussion in the next 45 (or so) minutes on IPv6, Multi- Addressing and Path Maintenance approaches Goals: Raise awareness of the

466 views • 15 slides
Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada

Embark: Securely Outsourcing Middleboxes to the Cloud Chang Lan, Justine Sherry, Raluca Ada Popa, Sylvia Ratnasamy, Zhi Liu UC Berkeley Tsinghua University 1 Background Middleboxes are prevalent and problematic Number of Middleboxes

1.31k views • 44 slides
Multifamily FS S Webinar S eries Webinar #2 Promising Practices for Running an FS S Program

Multifamily FS S Webinar S eries Webinar #2 Promising Practices for Running an FS S Program

Multifamily FS S Webinar S eries Webinar #2 Promising Practices for Running an FS S Program Danielle Garcia, HUD Ann Lentell, Compass Working Capital Jeffrey Lubell, Abt Associates Sherry Riva, Compass Working Capital October 19, 2016

789 views • 30 slides
Fostering Community Engagement: The Boise Experience Supported by the Office of Refugee

Fostering Community Engagement: The Boise Experience Supported by the Office of Refugee

Fostering Community Engagement: The Boise Experience Supported by the Office of Refugee Resettlement (ORR/ACF/DHHS) May 16, 2013 Lear ning Objectives Understand some tangible benefits of broad-based community collaboration Learn

420 views • 39 slides
Different approaches Modesto, Calif.; Wellesley, MA; and Wichita, KS Modesto high school

Different approaches Modesto, Calif.; Wellesley, MA; and Wichita, KS Modesto high school

Different approaches Modesto, Calif.; Wellesley, MA; and Wichita, KS Modesto high school teacher Sherry McIntyre in her classroom Former Modesto schools Superintendent Jim Enochs: Schools could not t make littl ttle saints ts and

600 views • 17 slides
Improve Network Performance Yotam Harchol Research (This work was done while at the Hebrew

Improve Network Performance Yotam Harchol Research (This work was done while at the Hebrew

Reusing Network Services Logic to Improve Network Performance Yotam Harchol Research (This work was done while at the Hebrew University) Joint work with Anat Bremler-Barr and David Hay Appeared in ACM SIGCOMM 2016 THE HEBREW This research

1.14k views • 35 slides
Program Evaluation Sherry Williams &amp; Cathy Rimm Quality Assurance &amp; Research Department

Program Evaluation Sherry Williams &amp; Cathy Rimm Quality Assurance &amp; Research Department

Program Evaluation Sherry Williams &amp; Cathy Rimm Quality Assurance &amp; Research Department Motorcycle Safety Foundation 1 At some point in every program, someone asks: Hows It Going? Does Training Work? 2 Overview What is

680 views • 26 slides
College and Community Collaborations: An Integrated 1st Year Experience Drew Pearl, Nathan

College and Community Collaborations: An Integrated 1st Year Experience Drew Pearl, Nathan

College and Community Collaborations: An Integrated 1st Year Experience Drew Pearl, Nathan Price, Lisa Terrene, and Miguel Vila University of North Georgia Sherry Morris Fannin County Family Connection Warm-Up Your charge: Build a

437 views • 40 slides
Making the Most of a GTM Agenda Day 1 Day 2 Muting &amp; unmuting Project Overview

Making the Most of a GTM Agenda Day 1 Day 2 Muting &amp; unmuting Project Overview

1/5/2016 Next t Ste teps NH H Pre/Post t Training As Assessment Sustainability Training Series 2016 Similar to the need for teachers to gain data on student understanding, we need to determine what impact our training has on your

504 views • 8 slides

More recommend