Project Octopus: Network Topology Discovery

1
Project Octopus Network Topology Discovery

• Rachit Siamwalla
• Rosen Sharma
• MONET Cornell Department of Computer Science

2
Goals

• To discover the topology of an existing network
  given little or no information.
• This would allow SurReal -- a network simulation
  system -- to simulate the network and gather
  valuable data about bottlenecks.
• This is a small part of an integrated project to
  discover, simulate, visualize and manage complex
  networks.

3
Algorithms

• Currently we have three algorithms that determine
  network topology.
• All of them have the same general strategy
• Come up with a temporary set of hosts in the
  network that may or may not exist
• Go through each host and determine whether they
  really do exist. If they exist
• Add to permanent set.
• Use some heuristics on those hosts to find more
  hosts which are added to the temporary set. Go
  back to step 1.

4
Algorithms
Temporary Set
Heuristic
Permanent Set
5
Algorithm 1
DNS ls
DNS ls is a simple query to a name server that
returns a list of all the hosts it thinks is in a
domain
Ping is when you send a special packet sent to a
machine. If it is alive, it will send a response
ping
Permanent Set
Broadcast ping is a ping packet addressed to an
entire subnetwork. All hosts on that network
should reply to the message
Directed Broadcast Ping
6
Algorithm 1 Analysis

• Strengths
• Relatively weak assumptions
• Weaknesses
• It is quite slow. Subnet guessing for each host
  is quite expensive in time.
• Ping broadcast is not supported in many domains
  (for example, to avoid smurfing)

7
Algorithm 2
netstat
Figures out default router of machine algorithm
is run
Ping hosts and add to permanent set
ping
Permanent Set
SNMP allows us to talk to a machine and ask it
about connected routers and hosts.
SNMP Query
8
Algorithm 2 Analysis

• Strengths
• Returns the most information
• Fast
• Quite simple
• Weaknesses
• Has the strongest assumption of all of the
  algorithms. Many domains restrict access to SNMP
  due to security reasons.

9
Algorithm 3
netstat
Figures out default router of machine algorithm
is run
Ping hosts and add to permanent set
ping
Permanent Set
look at the first few IP addresses in the subnet.
Usually many routers are configured to have the
first few addresses in a subnet.
Random Probe
10
Results

• CUCS network
• Algorithm 1 and 2 worked fine.
• Algorithm 3 did not detect all routers and hosts
  because the probe wasnt perfect.
• Cornell network
• Algorithm 1 worked OK -- it found most of the
  hosts, except subnet guessing failed.
• Algorithm 2, in theory should work, but SNMP
  access was broken on the network.
• Algorithm 3 did not work because some crucial
  routers could not be found and subnet could not
  be guessed.

11
Algorithm 4
DNS ls
Ping hosts and traceroute to to determine subnet.
traceroute
Permanent Set
Traceroute also returns intermediary routers to
check for more hosts.
traceroute
12
Future Work

• We can also remove the DNS ls assumption off
  algorithm 4 by using the Bellcore trick of
  randomly sampling IP addresses in a given range.
  Once we traceroute those random IP addresses, we
  are sure to find most, if not all of the routers
  in the network.
• Eventually all these algorithms will be merged
  into one big hybrid algorithm that can be used in
  any network under any circumstances.