The Ark Platform: Hardware, Software, and Tools
This page describes the underlying hardware (central server and distributed measurement nodes) and the software that make the Ark infrastructure so unique. The combination of the distributed, dedicated measurement nodes, advanced coordination facilities, state-of-the-art measurement tools and execution via either command-line or browser interface.
With support from the Department of Homeland Security (DHS) Science & Technology directorate, the National Science Foundation, and contributions from volunteer organizations around the world, CAIDA has built the Ark platform. Anchored by a central server located at the San Diego Supercomputer Center, the Ark platform consists of dedicated measurement nodes located in over 40 countries. These nodes, composed of both 1u servers running FreeBSD and Raspberry Pis running Raspbian, provide a hardware and software platform that offers network researchers the tools to enable both ad hoc and highly coordinated measurement experiments.
Ark Raspberry Pi-based Network Monitor
Though originally we shipped 1u servers running FreeBSD, we now deploy small, inexpensive network measurement nodes, based on the Raspberry Pi. Although tiny, the Raspberry Pi provides excellent performance with a flexible Linux-powered programmable platform for conducting networking research. Hosting sites can locate these systems in any convenient location, including on someone's desk, and the transition from deploying traditional rack-mounted servers to Raspberry Pi's has allowed us to scale up the Ark infrastructure.
Ark Software and Tools
Marinda Tuple Space
One of the distinguishing features of Ark is its focus on coordination. Coordination, broadly speaking, is concerned with planning, executing, and controlling an ensemble of distributed computations. Coordination is the meta-activity that surrounds a computation.
To facilitate coordination, Ark provides a new implementation, called Marinda, of the well-known tuple-space coordination model first introduced by David Gelernter in his Linda coordination language. A tuple space is a distributed shared memory combined with a small number of easy-to-use operations. The tuple space stores tuples, which are arrays of simple values (strings and numbers). Clients retrieve tuples by pattern matching.
The tuple space is a many-to-many communication and coordination medium. Over this medium, measurement clients can interact in sophisticated ways, such as exchanging state and triggering actions among monitors. The tuple space abstraction leads to a peer-to-peer architecture, in which participants can be both a client and a server seamlessly. For example, it is simple to write a traceroute service that takes requests and sends responses over the tuple space. We can then layer on top of these traceroute services clients that trigger traceroutes when certain conditions are met. By lowering the barrier to writing and deploying services to just a few lines of code, the tuple space abstraction allows a rich ecosystem of measurement services to thrive, in the same way that HTML empowered users by allowing anyone to become a publisher on the Internet.
- stores tuples: arrays of strings, numbers, and sub-arrays
- users retrieve tuples by structural pattern matching (not regex)
- enables communication and coordination
- persistent encrypted TCP connections with transparent reconnects
- decentralized (peer-to-peer) or client-server communication
- supports broadcast, RPC, publish-subscribe, Bag-of-Tasks styles
- exactly-once message delivery
- We perform traceroute measurements using scamper, a powerful and flexible active measurement tool supporting IPv4, IPv6, traceroute, and ping. Scamper supports TCP-, UDP-, and ICMP-based measurements and Paris traceroute variations. Scamper has been in development for several years by Matthew Luckie.
mper probing engine
- based on Matthew Luckie's scamper
- send/receive individual IPv4 ICMP, UDP, TCP packets
- no traceroute or other high-level measurement functions
- new control socket interface providing measurement API
- write measurement scripts in Ruby (e.g., MIDAR)
- Alistair King ported scamper's traceroute code to mper in Ruby
Dolphin: Bulk DNS Resolution Tool
- conducts parallel PTR DNS lookups of IPv4 and IPv6 addresses
- millions of lookups per day from a single host
- retries failed lookups once per day for up to 3 days
- ensures targets only looked up once in any 7 days regardless of TTL
- reduces load on authoritative DNS servers
- built on libunbound (part of Unbound by NLnet Labs)
- a validating, recursive, caching resolver in a library; IPv4/IPv6/DNSSEC
- hackable: single Python source file (845 lines)
- no installation or root privileges required
qr: Bulk DNS Resolution Tool
- similar to Dolphin but more focused
- only DNS lookups; no retries, no suppression of repeated lookups
- supports PTR, SOA, A, AAAA lookups
- uses ldns library for low-level structured access to raw DNS response packets
- response header flags (e.g., AA)
- records in authority and additional sections (e.g., glue, SOA, and DNSSEC records)
- hackable: 513 lines of Python
tod-client: on-demand topology measurements
- scriptable command-line interface for performing IPv4 and IPv6 traceroutes and pings
Vela: web interface to conduct topology measurements
- Vela project
- currently, ping and traceroute (ICMP, TCP, UDP)