ISMA 2010 AIMS-2 - Workshop on Active Internet Measurements: Talk Abstracts
Names, Abstracts, and Topic Keywords
|Talk Title: Measuring IPv6 deployment
Talk Abstract: We describe a study in which we test web clients and their DNS resolvers for IPv6 capabilities. DNS is critical Internet infrastructure and in this study we hope to provide more insights in progress in IPv6 deployment and the relationship between DNS clients and resolvers. A pilot measurement shows DNS resolvers are more often IPv6 transport-capable then web clients.
|Jordan Augé and Timur Friedman
|Talk Title: Interconnecting the OneLab measurement infrastructures
Talk Abstract: This talk is an overview of the work being conducted to interconnect measurement systems associated with the OneLab infrastructure. OneLab has two testbeds: PlanetLab Europe, and NITOS. TopHat monitors PlanetLab Europe thanks to its own measurements and through the interconnection with infrastructures like DIMES and ETOMIC; it feeds an experiment management system called MySlice. We also consider the integration with NITOS, which runs OML, the measurement framework of the OMF testbed management framework. The talk covers the present state of the system, discusses what has been integrated, where we are heading, and what some of the open issues are.
|Talk Title: IETF Standards for Geolocation and Emergency Calling
Talk Abstract: An increasing number of Internet applications make use of information about the physical location of their users. For example, enabling emergency calling (e.g., 9-1-1) for Voice over IP requires knowledge of where IP endpoints are located in order to route calls. This talk will provide an overview of current and emergency standards for protocols to support geolocation and emergency calling in the Internet.
|Talk Title: Using Reverse Traceroute to Measure the Internet
Talk Abstract: Traceroute is the most widely used Internet diagnostic tool today. Network operators use it to help identify routing failures, poor performance, and router misconfigurations. Researchers use it to map the Internet, predict performance, geolocate routers, and classify the performance of ISPs. However, traceroute has a fundamental limitation that affects all these applications: it does not provide reverse path information. Although various public traceroute servers across the Internet provide some visibility, no general method exists for determining a reverse path from an arbitrary destination.
In recent work, we address this longstanding limitation by building a reverse traceroute system. Our system provides the same information as traceroute, but for the reverse path, and it works in the same case as traceroute, when the user may lack control of the destination. Our approach employs multiple vantage points to measure a rich set of known paths towards the source, then uses these paths as a basis to allow us to extrapolate to unknown paths. We use a variety of measurement techniques to piece together the path from the destination incrementally until it intersects one of the known paths. In this talk, I provide a status update on our reverse traceroute system. I present examples of using our reverse traceroute system to study previously unmeasurable aspects of the Internet: we uncover more than a thousand peer-to-peer AS links invisible to current topology mapping efforts, and we measure the latency of individual backbone links with average error under a millisecond.
Interested in discussing: validation/ representativeness, probing from end hosts/ massive probing infrastructures, IPv6
|Talk Title: Directed probing for efficient and accurate active measurements
Talk Abstract: The scope and scale of the Internet makes obtaining broadly representative network metrics and characteristics challenging. Researchers must frequently form inferences over limited available data. In the absence of exhaustive probing, active measurement targets are ideally selected at random from the network population. In practice, however, many experiments leverage the Internet's natural structure and hierarchy so that probing is tractable, for instance by probing a target in each /24.
As an initial step toward more intelligent "directed" probing, we perform an empirical analysis on a large traceroute dataset to understand the tradeoff between probing cost and model fidelity. Our hope is to substantiate principled measurement methods that improve both efficiency and model accuracy.
Interested in discussing: longevity of measurements and infrastructure
|Talk Title: Internet-wide systems need Internet-wide measurement platforms
Talk Abstract: The design, implementation and evaluation of large-scale systems relies on global views of network topologies and performance. In this talk, I point out several issues with extending results from limited platforms to Internet wide perspectives. I use this to motivate the need for Internet-wide perspectives of network topologies and performance to inform protocol design and to build systems and services at Internet-scale.
|Talk Title: EdgeScope: Exposing the View of the Edge of the Network
Talk Abstract: In this talk, I describe data that we've been collecting through our Ono and NEWS plugin to the Vuze BitTorrent client -- comprising more than 800,000 client installations. This includes both passively gathered data (including transfer rates and BitTorrent-specific information) and active measurements including DNS lookups, traceroutes and pings. We are making this data available in an anonymized format as part of our EdgeScope project.
Interested in discussing: Measurements to/from the edges of the network
Interested in discussing: Integrating different types of data, e.g., BGP vs traceroute
Interested in discussing: geolocation bake-off
Interested in discussing: measurements of Internet topology, routing and traffic
|Talk Title: Internet Topology Discovery Through mrinfo Probing
Talk Abstract: Active and passive measurements for topology discovery have known an impressive growth during the last decade. While a lot of work has been done regarding inter-domain topology discovery and modeling, only a few papers raise the question of how to extract intra-domain topologies from measurements results.
In this talk, we present mrinfo, a multicast tool that silently discovers all interfaces of a router. Based on the dataset collected with mrinfo, we propose a method to retrieve intra-domain topologies. The main challenge is to assign an AS number to a border router whose IP addresses are not mapped to the same AS. Our algorithm is based on probabilistic and empirical IP allocation rules. The goal of our pool of rules is to converge to a consistent router to AS mapping. We show that our router to AS algorithm is efficient in more than 99% of the cases. Furthermore, with mrinfo, point-to-point links can be distinguished from multiple links attached to a switch, providing an accurate view of the collected topologies. We also discuss how mrinfo dataset might be used in inter-domain topology analysis.
|Talk Title: Characterizing VLAN-induced sharing in a campus network
Talk Abstract: Many enterprise, campus, and data-center networks have complex layer-2 virtual LANs ("VLANs") below the IP layer. The interaction between layer-2 and IP topologies in these VLANs introduces hidden dependencies between IP level network and the physical infrastructure that has implications for network management tasks such as planning for capacity or reliability, and for fault diagnosis. This paper characterizes the extent and effect of these dependencies in a large campus network. We first present the design and implementation of EtherTrace, a tool that we make publicly available, which infers the layer-2 topology using data passively collected from Ethernet switches. Using this tool, we infer the layer-2 topology for a large campus network and compare it with the IP topology. We find that almost 70% of layer-2 edges are shared by 10 or more IP edges, and a single layer-2 edge may be shared by as many as 34 different IP edges. This sharing of layer-2 edges and switches among IP paths commonly results from trunking multiple VLANs to the same access router, or from colocation of academic departments that share layer-2 infrastructure, but have logically separate IP subnet and routers. We examine how this sharing affects the accuracy and specificity of fault diagnosis. For example, applying network tomography to the IP topology to diagnose failures caused by layer-2 devices results in only 54% accuracy, compared to 100% accuracy when our tomography algorithm takes input across layers.
Talk Title: A Model Based Approach for Improving Router Geolocation
Talk Abstract: This talk outlines two novel techniques which can be used in the area of IP geolocation. First we introduce a detailed path-latency model to be able to determine the overall propagation delays along the network paths more accurately. The knowledge of accurate propagation delay values then leads to more precise geographic distance estimation between hosts and measurement nodes. Besides these distance values the evaluation process also takes into account the discovered topology between the measurement points, and end-to-end latency measurements as well. In addition to the application of the detailed path-latency model, we describe a method which utilizes high-precision one-way delay measurements to further increase the accuracy of router geolocation techniques. The precise one-way delay values are used as a 'path-constraint' to limit the overall geographic distance between the measurement nodes. This approach can be used to localize all the network routers along the network path between the measurement nodes, but cannot be applied to end-host localization. The introduced techniques are validated in wide range of experiments performed in the ETOMIC measurement infrastructure and in PlanetLab.
Interested in discussing: geolocation, performance measurements
|Talk Title: CAIDA's Geolocation Tools Comparsion
Talk Abstract: CAIDA's plans to conduct a comparison survey of geolocation tools for determining the location of an Internet Protocol (IP) address (and other identifiers) and to evaluate the accuracy and reliability of such tools. Through this process, we intend to increase situational awareness of Internet topology structure, behavior, and vulnerabilities.
|Talk Title: Accuracy of AS Annotations for Routers
Talk Abstract: To describe, analyze, and model the topological and structural characteristics of the Internet, researchers use Internet maps constructed at the router or autonomous system (AS) level. Although progress has been made on each front individually, a dual graph representing connectivity of routers with AS labels remains an elusive goal. We take steps toward merging the router-level and AS-level views of the Internet, by examining heuristics for router to AS assignment.
Authored by Bradley Huffaker and Amogh Dhamdhere
|Talk Title: Ark update and measurement case study
|Talk Title: Internet-scale Alias Resolution with MIDAR
Authored by Ken Keys, Young Hyun, and Matthew Luckie
Talk Title: AMPATH update
Interested in discussing: measurement methodologies and tools for IRNC links
|Talk Title: DiffProbe: Detecting ISP Service Discrimination
Talk Abstract: We propose an active probing method, called Differential Probing or DiffProbe, to detect whether an access ISP is deploying forwarding mechanisms such as priority scheduling, variations of WFQ, or WRED to discriminate against some of its customer flows. DiffProbe aims to detect if the ISP is doing one or both of delay discrimination and loss discrimination. The basic idea in DiffProbe is to compare the delays and packet losses experienced by two flows: an Application flow A and a Probing flow P. The paper describes the statistical methods that DiffProbe uses, a novel method for distinguishing between Strict Priority and WFQ-variant packet scheduling, simulation and emulation experiments, and a few real-world tests at major access ISPs.
Talk Title: The RIPE NCC Network Measurement Data Repository
Talk Abstract: The talk will describe the RIPE NCC Network Measurement Data Repository. It will cover the motivation, scope and the services offered to the community. (Sneak preview of a PAM paper)
|(if time allows)
> Talk Title: Legal issues in active measurement
|Talk Title: INRDB - the Internet Number Resource Database
Talk Abstract: INRDB is a non-conventional database hosting many different, number resource related data sets. We try to preserve the history of all these data sets, which come from different sources, including the RIPE NCC. Most of these data sources have very different characteristics in terms of availability, access interface, ability to index on more/less specific resources and whether they provide historical data or not. We wanted to achieve high performance, through a unified query interface, and all the above mentioned features for all the data sources, in order to support the RIPE NCC's (and its members') research needs. All in all, the system currently stores and can serve roughly 1 billion (10^9) observations ("blobs") with about 7.5 billion (7.5*10^9) different validity times ("time intervals", when the observations were valid).
|Talk Title: Inference of False Links in Traceroute Graphs
Talk Abstract: Data collected using the traceroute algorithm underpins research into the Internet's router-level topology. Many macroscopic Internet topology discovery projects collect this data, but until 2007 they were susceptible to reporting false links as an artifact of the traceroute algorithm they used. This talk details the impact of tracing straight on the rate of artifact links reported for ICMP-echo and UDP traceroute probe methods.
|Talk Title: iPlane status
|Talk Title: Data sharing formats
Talk Title: Subnet-level Internet mapping
Talk Abstract: In this talk, we will present our ongoing work on subnet-level Internet mapping system that builds more accurate Internet maps from collected path traces. The successfully inferred subnet information helps in (1) improving the quality of the resulting map by annotating it with additional information, i.e., the resulting map includes subnet relations among the existing set of IP addresses, and (2) in increasing the scope of the map by adding new links into the resulting map. The successful inclusion of subnet relations among the routers yield topology maps that are closer, at the network layer, to the sampled segments of the Internet.
|Talk Title: Correlating Spam Activity with IP Address Characteristics
Talk Abstract: It is well known that spam bots mostly utilize compromised machines with certain address characteristics, such as dynamically allocated addresses, machines in specific geographic areas and IP ranges from AS' with more tolerant spam policies. Such machines tend to be less diligently administered and may exhibit less stability, more volatility, and shorter uptimes. However, few studies have attempted to quantify how such spam bot address characteristics compare with non-spamming hosts. Quantifying these characteristics may help provide important information for comprehensive spam mitigation.
We use two large datasets, namely a commercial blacklist and an Internet-wide address visibility study to quantify address characteristics of spam and non-spam networks. We find that spam networks exhibit significantly less availability and uptime, and higher volatility than non-spam networks. In addition, we conduct a collateral damage study of a common practice where an ISP blocks the entire /24 subnet if spammers are detected in that range. We find that such a policy blacklists a significant portion of legitimate mail servers belonging to the same subnet.
Interested in discussing: Best practices in Internet measurements, ethical issues in Internet measurements.
Interested in discussing: presence
Interested in discussing: Internet topology measurements, Internet sampling
|Talk Title: Gulliver Project - DNS active measurement
Talk Abstract: Gulliver Project is a distributed measurement project aiming to observe the global behavior of the Internet from all over the world, especially from developing countries. I will show trends of reachability on DNS anycasting from world wide locations. Also I will show future plans of collaboration with TopHat measurement system about DNS active measurement.
|Talk Title: A Measurement Study of the Origins of End-to-End Delay Variations
Talk Abstract: The end-to-end (e2e) stability of Internet routing has been studied for over a decade, focusing on routes and delays. This paper presents a novel technique for uncovering the origins of delay variations by measuring the overlap between delay distributions of probed routes, and how these are affected by route stability.
Evaluation is performed using two large scale experiments from 2006 and 2009, each measuring between more than 100 broadly distributed vantage points. Our main finding is that in both years, about 70% of the measured source-destination pairs and roughly 95% of the academic pairs, have delay variations mostly within the routes, while only 15-20% of the pairs and less than 5% of the academic pairs witness a clear difference between the delays of different routes.
Joint work with Udi Weinstberg
|Talk Title: Which Factors Affect Access Network Performance?
Talk Abstract: This talk presents an analysis of the performance of residential access networks using over four months of round-trip, download, and upload measurements from more than 7,000 users across four ADSL and cable providers in France. Previous studies have characterized residential access network performance, but this work presents the first study of how access network performance relates to other factors, such as choice of access provider, service-level agreement, and geographic location. We first explore the extent to which user performance matches the capacity advertised by an access provider, and whether the ability to achieve this capacity depends on the user's access network. We then analyze the extent to which various factors influence the performance that users experience. Finally, we explore how different groups of users experience simultaneous performance anomalies and analyze the common characteristics of users that share fate (e.g., whether users that experience simultaneous performance degradation share the same provider, city). Our analysis informs both users and designers of networked services who wish to improve the reliability and performance of access networks through multihoming and may also assist operators with troubleshooting network issues by narrowing down likely causes.
|Mehmet Engin Tozal
|Talk Title: TraceNET: An Internet Topology Data Collector
Talk Abstract: This paper presents a network layer Internet topology collection tool called tracenet. Compared to traceroute, tracenet can collect a more complete topology information on an end-to-end path. That is, while traceroute returns a list of IP addresses each representing a router on a path, tracenet attempts to return all the IP addresses assigned to the interfaces on each visited subnetwork on the path. Consequently, the collected information (1) includes more IP addresses belonging to the traced path; (2) represents ``being on the same LAN'' relationship among the collected IP addresses; and (3) annotates the discovered subnets with their observed subnet masks.
Our experiments on Internet2 and four major ISP networks demonstrate promising results on the utility of tracenet for future topology measurement studies.
|Mehmet Engin Tozal
|Talk Title: PalmTree: An IP Alias Resolution Algorithm with Linear Probing Complexity
Talk Abstract: Internet topology mapping studies utilize large scale topology maps to analyze various characteristics of the Internet. IP alias resolution, the task of mapping IP addresses to their corresponding routers, is an important task in building such topology maps. In this paper, we present a new probe-based IP alias resolution tool called palmtree. Palmtree can be used to complement the existing schemes in improving the overall success of alias resolution process during topology map construction. In addition, palmtree incurs a linear probing overhead to identify IP aliases. The experimental results present quite promising results on the utility of palmtree in obtaining more accurate network topology maps.
|Talk Title: Development of a User-Centered Network Measurement Platform
Interested in discussing: The central issue of this work is to examine approaches for obtaining and better understanding network performance for applications of interest to home and public hotspot users.
|Talk Title: PerfSONAR Overview
Talk Abstract: This talk will give an overview of the perfSONAR measurement framework: what it is, the current state of implementations, and the current state of deployment on R&E networks. In addition, I will touch on how research deployments could add to the set of available data, and how perfSONAR could serve as a platform to test new analysis algorithms. perfSONAR is a way for different networks to share performance data to solve operational problems. It as also a way for application communities (or individual networks) to validate common network paths, and could be used as a ready source of well understood data for network researchers.
Interested in discussing: Are there any features that are needed to be able to share data widely with researchers (identity management, access control, other policy mechanisms); Are there features that might make it easier (or are required) for researchers to use perfSONAR data, or provide data to perfSONAR. (NOTE: I would say this is desirable, rather than "make sure", although the topic of sharing is also independent of perfSONAR and worth discussing (and I believe is already being considered.) .
|Talk Title: Geo-location of PoPs
Talk Abstract: We introduce a novel structural approach to automatically generate large scale PoP level maps using traceroute measurement from multiple locations. The PoPs are first identified based on their structure, and then are assigned a location using collaborated information from several geo-location databases. Using this approach, we could evaluate the accuracy of these databases and suggest means to improve their accuracy.
Interested in discussing: Geolocation tool and services, PoP maps.