Skip to main content

MagicPoint presentation foils

Archived MagicPoint presentation slides, compiled into a single PDF document.

2003_viz_tokyo.pdf (28 slides, 2.0 MB)

Slide text transcript

Slide 1: CAIDA projects related to

CAIDA projects related to
Internet data visualization


// What information consumes is rather obvious: 
it consumes the attention of its recipients. 
Hence a wealth of information creates a poverty of attention, 
and a need to allocate that attention efficiently among the
overabundance of information sources that might consume it. //
-- Nobel laureate Herbert Simon, 1995.


ucsd/sdsc/caida
bradley@caida.org 
http://www.caida.org/publications/presentations/

Slide 2: caida

caida  (cooperative association for internet data analysis)

research programs
active: macroscopic topology project 
passive: (real-time) traffic workload characterization
analysis of DNS root and gTLD server performance
security issues, e.g., DOS measurement/analysis/modeling
routing analysis and modeling
bandwidth estimation methods and tools
Internet Measurement Data Catalogue (IMDC)

other areas
tool development
new network visualization metaphors
empirically guided Internet public policy 
outreach & education

Slide 3: visualization

visualization


 
     Scientific visualization is the process by which 
     some attributes or relationships are highlighted 
     at the expense of others.  

     It is the selection of which attributes or 
     relationships are to be preserved and which are 
     to be hidden or distorted that drive the 
     visualization task.

Slide 4: terminology

terminology

IP - Internet Protocol 
protocol used to connect different IP-based data networks together
IP address is fundamental
this presentation drops the word "address"

AS - Autonomous System 
collection of contiguous IPs which can announce IP prefixes
AS number uniquely identifies an AS (ISPs may have more then one)
this presentation drops the word "number"

BGP - Border Gateway Protocal
primary protocol used by ASes to exchange routes
BGP table is a collection of BGP routes seen at a single router

RTT - Round Trip Time
time to send and receive a response between two IP addresses 

protocol
collection of rules that define a service (HTTP, TCP, etc)
defined by port address

Slide 5: analysis of Domain Name System (DNS)

analysis of Domain Name System (DNS) 

DNS is an indispensable Internet component 
two sets of 13 machines = root & gTLD name servers
CAIDA has done several studies of multiple dimensions of DNS performance 
passive monitoring of performance
active probing of latencies
analysis of root name server logs
the infrastructure is changing now...
use of multicast, anycast

visualization
DNS server root groups
effect of removing a DNS root server
effect of moving a DNS root server

Slide 6: DNS server root groups

DNS server root groups



presentation
roots grouped by "RTT client difference" 
axis
color - average absolute difference between clients' RTT
X - group and root server
Y - root server
highlights
color helps the eye to cluster values into groups

Slide 7: effect of removing a DNS root

effect of removing a DNS root



presentation
number of clients whose delta RTT was greater, when the DNS root was removed, than the RTT on the X-axis
axis
X - delta RTT
Y - number of clients
highlights
which server had the largest number of clients who would be most affected by the server's removal

Slide 8: effect of moving a DNS root

effect of moving a DNS root



presentation
distribution of clients' delta RTT
axis
color - shows the top 90%, 75%, 50%, 25%, and 5% points of the distribution
X - individual DNS root servers
Y - delta RTT
highlights
human eye has difficulty with width differences, color helps make the different areas more visible.

Slide 9: traffic workload characterization

traffic workload characterization 

passive measurements of Internet data streams
develop techniques of high speed traffic sampling
measure busy OC3, OC12 and OC48 backbone links
CAIDA has the only publically available OC48 backbone IP flow data in the world
note: sprintlabs has private oc48 data
study how user activities produce torrents of bytes
testing TCP models in presence of bursty cross traffic
detection of long running streams
tracking Internet usage patterns
IETF WG developing flow measurement standards 
Nevil Brownlee (CAIDA/U.Auckland) and David Plonka (U.Wisc) co-chairs

visualization (next slides)
continent to continent matrix
breakdown by protocol

Slide 10: continent to continent matrix

continent to continent matrix


presentation
traffic aggregated by country of announcing AS's headquarters
axis
color - protocol of traffic
left - source continent (sorted by total bits sent)
right - destination continent (sorted by total bits sent)
z - logarithm of the number of bytes sent
highlights
continents with low and high bit rates
values near front and/or high values are easily seen
effective for general public presentations

Slide 11: continent to continent matrix

continent to continent matrix

Slide 12: traffic breakdown by protocol

traffic breakdown by protocol


presentation: flowscan tool  -- flexibly shows traffic by protocol 
color - protocol of traffic
X - time ; Y - bits seen in given protocol plus the sum of those below in graph
highlights
gives total for subsets of protocols
relative sizes of different protocols

Slide 13: interdomain routing

interdomain routing

routing dynamics analysis
evolution of global routing system
{ AS, prefix, IP address } level granularities
prerequisite to improvement of routing infrastructure 
robustness, performance, integrity
analyzing two-hour snapshots of BGP tables

visualization
geopolitical distribution of Internet resources

Slide 14: geopolitical distribution of Internet resources

geopolitical distribution of Internet resources 


presentation
geographic breakdown of Internet space by headquarters of announcing AS
color - country
CIA Factbook - presented in the online CIA Factbook
BGP table - headquartered in a given country (RouteViews)
highlights 
disparity among Internet assignments across countries

Slide 15: geopolitical distribution of Internet resources

geopolitical distribution of Internet resources 


highlights: disparity among Internet assignments across countries

Slide 16: macroscopic topology project

macroscopic topology project

connectivity analysis
massive macroscopic traceroute data -  largest IP topology data set in world
funding from NSF, DARPA, commercial sources
establishing framework for topology analysis
combinatorial structures (trees, acyclic part, core, giant component)
description by Weibull distributions
mapping IP -> AS -> city, country -> latitude, longitude
BGP routing tables: IP -> prefix -> AS 
whois registry/hostnames: AS, IP -> city,country -> latitude,longitude
note: there is no public trusted source of this data at this time 
               (even CAIDA's has not been funded in 2 years)

visualization 
IP paths: single source, single destination
IP paths: single source, few destinations
AS/country paths: single source, many destinations
IP paths RTT: single source, many destinations
IP topology: many sources and destinations
AS topology: many sources and destinations
geopolitical distribution of Internet resources

Slide 17: IP paths single source, single destination

IP paths single source, single destination




presentation
IP path and intermediate RTT changes over time

axis
X - time in minutes
Y - RTT in milliseconds

highlights
path changes
points of large latency

Slide 18: IP paths: single source, few destinations

IP paths: single source, few destinations




presentation
bidrectional IP path between single source and few destinations
axis
X - AS that announces the IP address
Y - hop count from source
highlights
path symmetry 
shared path from source to multiple destinations

Slide 19: AS paths: single source, many destinations

AS paths: single source, many destinations


presentation
proportion of traces passing through a given AS path from a single source
axis
color - AS of a given hop.
black means the path has ended
grey is multiple tiny paths
X - distance in terms of the number of IP hop count
Y -  number of paths which followed from the previous hop
highlights
key peering points and major providers

Slide 20: country paths: two sources, many destinations

country paths: two sources, many destinations


presentation
proportion of traces passing through a given country path from two sources
axis
color - country of a given hop.
black means the path has ended
grey is multiple tiny paths
X - distance in terms of the number of IP hop count
Y -  number of paths that followed from the previous hop
highlights
key peering points and major providers

Slide 21: IP paths RTT: single source, many destinations

IP paths RTT: single source, many destinations


presentation
shows the maximum latency experienced for destination along a given IP path
axis
color - maximum latency for destinations down stream
X,Y - 3D hyperbolic geometry (fisheye distortions)
highlights
paths for which all downstream destinations had large RTT values.

Slide 22: IP topology: many sources, many destinations

IP topology: many sources, many destinations


presentation (note -- bell labs / lumeta layout algorithm)
IP spanning tree (does not include all links)
axis
color - AS of longest matching prefix
X,Y - set by spring/force layout
highlights
Internet size and major providers

Slide 23: AS topology many sources, many destinations

AS topology many sources, many destinations


presentation
IP forward path -> AS topology 
axis
color,radius - logarithmic of AS outdegree
degree - geographic longitude of AS headquarters
highlights
`large' AS geographic locations and interconnectivity (US remains hub)
2001-2003 (new poster to be released this summer in collaboration w WIDE)

Slide 24: security issues

security issues

global denial of service activity
backscatter methodology (CAIDA invented)
detecting denial-of-service (DOS) activity on the global Internet
monitoring spread of worms in the networks
Nimda, Code Red, Sapphire, ... (to be continued)
first (and remains primary) publically available data quantifying DOS

visualization
number of Code Red infected hosts in 24.0.0.0/8

Slide 25: number of Code Red infected hosts in 24.0.0.0/8

number of Code Red infected hosts in 24.0.0.0/8



presentation
number of infected hosts in BGP prefixes
axis
node - BGP routed prefix, or less specific prefix
link - connects more and less specific prefixes
color - number of infected hosts 
X,Y - 3D hyperbolic geometry (fisheye distortions)
highlights
shows clusters of infected hosts in groups of related prefixes

Slide 26: Number of Code Red infected hosts in 24.0.0.0/8

Number of Code Red infected hosts in 24.0.0.0/8




highlights
shows clusters of infected hosts in groups of related prefixes

Slide 27: summary: visualization efforts at caida

summary: visualization efforts at caida


remark: visualization is a medium, not an end
visualization is tool to increase our ability to think
visualization can help make us smart
it can also make us stupid by misadvised mappings and unworkable user interfaces


CAIDA's focus is on analysis rather than visualization
however, we recognize that the community looks to CAIDA for visualization results
research and operational communities
since we have respected experience with analysis

Slide 28: Bradley Huffaker

Bradley Huffaker 
ucsd/sdsc/caida
bradley@caida.org

http://www.caida.org/publications/presentations/

Related Objects

See https://catalog.caida.org/media/2003_viz_tokyo/ to explore related objects to this document in the CAIDA Resource Catalog.