This is a collaborative project co-led by Professor Robert Beverly of Naval Postgraduate School's Center for Measurement and Analysis of Network Data. We propose to rigorously investigate, develop, and evaluate Strategies for Large-Scale IPv6 Active Mapping (SLAM), with three inter-related and complementary thrusts: measurement strategies that can amplify our coverage by orders of magnitude; innovations in IPv6-specific algorithms to infer router-level topologies; and analysis and remediation of security and privacy risks that our measurements reveal.
Funding source: NSF CNS-1901517. Period of performance: September 1, 2019 - August 31, 2022.
Network maps - including graphs of routers, links, locations, and other meta-data - are as fundamental and crucial to network operations, engineering, and research as physical road maps are to driving. It is no surprise, then, that the networking community has expended significant effort over the past several decades developing tools and techniques, both active and passive, to gather Internet topologies. Today, several organizations, including our own, collect, infer, and annotate the IPv4 Internet topology - producing network maps that have been instrumental in supporting and advancing science, policy, research, and engineering. Internet topology data has been used in everything from censorship inference to geolocation to content distribution to security. Less attention has been paid to the IPv6 topology. Part of the lack of focus on IPv6 has historically been due to low IPv6 adoption and use rates. However, fundamental differences from IPv4 hinder comprehensive and representative IPv6 topology measurement:
- A massive address space (2128) that is sparsely populated (~249 addresses currently advertised) and cannot be exhaustively scanned. Researchers are only now experimenting with and finding viable methods for selecting measurement targets in IPv6
- Mandated Rate limiting in ICMPv6 imposes a measurement catch-22: probing faster to sample more of the space is apt to induce more rate-limiting, and is thus self-defeating.
- Address agility that accommodates regularly shifting customers across IPv6 prefixes, and widespread use of temporary private addresses which makes many targets ephemeral.
As a result, today's IPv6 topology mapping systems essentially apply existing IPv4 discovery tools and techniques, e.g. continual traceroute-based probing to the base (i.e. ::1) address of every globally advertised IPv6 BGP prefix. This sparse sampling of the large IPv6 address space, where prefixes are often subnetted by regions or customers, yields topology data whose completeness and quality cannot be quantified. Our central motivating observation is that while some IPv4 measurement techniques are directly applicable to characterizing and understanding the IPv6 Internet, many scientific, engineering, and operational planning questions require the design of new measurement strategies, techniques, and tools that explicitly consider the unique properties of the IPv6 protocol, implementations, and operational deployment. We propose to rigorously investigate, develop, and evaluate Strategies for Large-Scale IPv6 Active Mapping (SLAM), with three inter-related and complementary thrusts: measurement strategies that can amplify our coverage by orders of magnitude; innovations in IPv6-specific algorithms to infer router-level topologies; and analysis and remediation of security and privacy risks that our measurements reveal. Our goals are directly responsive to the CNS:Core's solicitation of "comprehensive, pervasive, accurate, and usable measurement capabilities", focused on mapping the IPv6 Internet.
|Task 1: New Measurement Strategies To Meet IPv6-specific Challenges|
|1.1||Develop techniques to improve efficiency and performance in Yarrp||Year 1|
|1.2||Explore techniques and research toward parallelizing and distributing probing in Yarrp:
(a) Deploy Yarrp on CAIDA's ark platform
(b) Validate and run Yarrp in a distributed fashion
|1.3||Experiment with decoupling Yarrp's probing engine from response collection||Year 1|
|1.4||Improve on intelligent target selection||Year 1|
|1.5||Map the IPv6 infrastructure of mobile providers:
(a) identify IPv6 prefixes belonging to mobile providers and delineate between IPv6 prefixes used to number mobile infrastructure versus IPv6 prefixes that are assigned to customers
(b) utilize Yarrp to perform high-speed mapping of identified mobile network
(c) utilize general purpose computers tethered to mobile devices to serve as the source of Yarrp probes originating from the mobile edge
|Task 2: Innovations in IPv6-specific algorithms to infer router-level topologies|
|2.1||Integrate existing and new methods to improve alias resolution completeness and accuracy|
|2.2||Draw inferences from DNS naming convention to support topology mapping|
|2.3||Investigate new methods for finding IPv4/IPv6 siblings|
|2.4||Perform IPv6 topology analysis with collected data sets||Year 2-3|
|2.5||Compare IPv6 topology snapshots||Year 2-3|
|2.6||Compare IPv4/IPv6 topologies||Year 2-3|
|2.7||Deploy IPv6 topology measurement system||Year 3|
|Task 3: Analysis and Remediation of Security and Privacy Risks|
|3.1||Perform longitudinal characterization||Year 2|
|3.2||Perform granular mapping of CPE MAC addresses to hardware||Year 2|
|3.3||Demonstrate the potential to exploit leaked MAC addresses, as well as understand the scope of the security and privacy impacts||Year 2|