Network Diagnostic and Discovery with Traceroute - PowerPoint PPT Presentation

About This Presentation
Title:

Network Diagnostic and Discovery with Traceroute

Description:

Traceroute from Berkeley to www.cnn.com (64.236.16.52) inr-daedalus-0.CS.Berkeley.EDU ... www4.cnn.com. Map Traceroute Hops to ASes. 1 169.229.62.1. 2 169.229. ... – PowerPoint PPT presentation

Number of Views:70
Avg rating:3.0/5.0
Slides: 15
Provided by: yihu5
Learn more at: http://www.cs.ucr.edu
Category:

less

Transcript and Presenter's Notes

Title: Network Diagnostic and Discovery with Traceroute


1
Network Diagnostic and Discovery with Traceroute
  • Prepared and presented by
  • PhD candidate,Yihua He

2
Roadmap
  • Identifying the AS PATH
  • Which AS a packet goes through
  • Review of how traceroute works
  • Possible ways to do IP-gtAS
  • Hands-on experience with BGP tables
  • What can traceroute tell us besides reachability?
  • Internet routes are not symmetric

3
Autonomous System Forwarding Path
  • Example Pinpoint forwarding loop responsible AS

Internet
IP traffic
destination
source
4
Border Gateway Protocol (BGP)
Signaling path control traffic
Origin AS
d pathA B C
d pathB C
prefix d
  • BGP path may differ from forwarding AS path
  • Routing loops and deflections
  • Route aggregation and filtering
  • BGP misconfiguration

5
Traceroute Measuring the Forwarding Path
  • Time-To-Live field in IP packet header
  • Source sends a packet with a TTL of n
  • Each router along the path decrements the TTL
  • TTL exceeded sent when TTL reaches 0
  • Traceroute tool exploits this TTL behavior

destination
source
Send packets with TTL1, 2, 3, and record
source of time exceeded message
6
Traceroute gives IP-level forwarding path
Traceroute output (hop number, IP address, DNS
name)
1 169.229.62.1 2 169.229.59.225 3
128.32.255.169 4 128.32.0.249 5 128.32.0.66
6 209.247.159.109 7 8 64.159.1.46 9
209.247.9.170 10 66.185.138.33 11 12
66.185.136.17 13 64.236.16.52
inr-daedalus-0.CS.Berkeley.EDU soda-cr-1-1-soda-br
-6-2 vlan242.inr-202-doecev.Berkeley.EDU gigE6-0-
0.inr-666-doecev.Berkeley.EDU qsv-juniper--ucb-gw.
calren2.net POS1-0.hsipaccess1.SanJose1.Level3.net
? ? pos8-0.hsa2.Atlanta2.Level3.net pop2-atm-P0-2
.atdn.net ? pop1-atl-P4-0.atdn.net www4.cnn.com
Traceroute from Berkeley to www.cnn.com
(64.236.16.52)
7
Map Traceroute Hops to ASes
Traceroute output (hop number, IP)
1 169.229.62.1 2 169.229.59.225 3
128.32.255.169 4 128.32.0.249 5 128.32.0.66
6 209.247.159.109 7 8 64.159.1.46 9
209.247.9.170 10 66.185.138.33 11 12
66.185.136.17 13 64.236.16.52
Need accurate IP-to-AS mappings (for network
equipment).
8
Possible Ways to Get IP-to-AS Mapping(1)
  • DNS names
  • Inaccurate, and in a lot of times, Wrong!
  • Anyone, with 5/year, can register a
    www.whateveryoulike.com and point it to any IP
    address!
  • Some of the IPs do not have any DNS name.
  • Routing address registry (WHOIS)
  • Thats what you did in Lab1
  • More accurate. However
  • Voluntary public registry such as whois.radb.net
  • Prone to human input errors
  • Incomplete and maybe out-of-date
  • Mergers, acquisitions, delegation to customers

9
Possible Ways to Get IP-to-AS Mapping (2)
  • Origin AS in BGP paths
  • Prefix198.133.206.0/24, ASpath1239 2914 3130
  • Public BGP routing tables such as RouteViews
  • Almost real time and avoiding most human input
    errors
  • Its approximately 98 accurate,
  • Multiple Origin ASes (MOAS)
  • due to merge in a lot of cases
  • E.g., around 2002-2003, 148.231.0.0/16 had two
    ASes announced its address block AS5677 and
    AS7132. That was PacBell and SBC
  • Now AS5677 does not exist anymore
  • No mapping
  • Some ASes intentionally do not want to advertise
    the route/IPs
  • Incomplete view

10
Hands-on Experience with BGP Routing Tables
  • Telnet//route-views.routeviews.org
  • Show ip bgp summary
  • Whose BGP feeds do the router take?
  • Show ip bgp
  • Prefix
  • Origin AS
  • AS Path
  • Collected at http//archive.routeviews.org/
  • Other BGP table collections are
  • http//www.ripe.net/projects/ris/rawdata.html
  • http//www.cs.ucr.edu/bgp/

11
What can traceroute tell us?
  • Where are those routers?
  • from DNS
  • City name
  • Airport name
  • From roundtrip time
  • Light travels approximately 2108 meters/sec in
    fiber cables
  • When non-congested, the major delay is
    propagation delay
  • If you see a host with roundtrip time of 10ms,
    you know it must be within 600 miles radius.
  • Theoretically, with multiple vantage point, you
    can pinpoint where the routers are.

12
Internet routes are not symmetric!
  • Try traceroute from both ends
  • And well find most routes are not symmetric!
  • Why?
  • Hot potato routing --- try to use other guys
    network as much as possible
  • Policy routing --- when multihomed

13
Traceroute from other places
  • http//www.traceroute.org
  • Remote traceroute servers
  • Hundreds of them
  • Limited probe rate
  • Not always available
  • http//www.caida.org/tools/measurement/skitter/
  • Dedicated remote traceroute monitors
  • Almost unlimited probe rate
  • Only a couple of dozens of them

14
Any questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Network Diagnostic and Discovery with Traceroute" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!