Ramakrishnan Durairajan

Internet atlas: a geographic database of the internet

This paper describes Internet Atlas, a new visualization and analysis portal for diverse Internet measurement data. The starting point for Atlas is a geographically anchored representation of the physical Internet including (i) nodes (e.g., hosting facilities and data centers), (ii) conduits/links that connect these nodes, and (iii) relevant meta data (e.g., source provenance). This physical representation is built by using search to identify primary source data such as maps and other repositories of service provider network information. This data is then carefully entered into the database using a combination of manual and automated processes including consistency checks and methods for geocoding both node and link data. Atlas currently contains over 9.5K PoP locations and nearly 13.5K links for over 270 networks around the world. Customized interfaces were built to import a variety of dynamic (e.g., BGP updates, Twitter feeds and weather updates) and static (e.g., highway, rail and census) data into Atlas, and to layer it on top of the physical representation. The openly available web portal is based on the widely-used ArcGIS geographic information system, which enables visualization and diverse spatial analyses of the data. We describe the details of the portal implementation as well as on-going efforts to expand its capabilities.

InterTubes: A Study of the US Long-haul Fiber-optic Infrastructure

The complexity and enormous costs of installing new long-haul fiber-optic infrastructure has led to a significant amount of infrastructure sharing in previously installed conduits. In this paper, we study the characteristics and implications of infrastructure sharing by analyzing the long-haul fiber-optic network in the US. We start by using fiber maps provided by tier-1 ISPs and major cable providers to construct a map of the long-haul US fiber-optic infrastructure. We also rely on previously under-utilized data sources in the form of public records from federal, state, and municipal agencies to improve the fidelity of our map. We quantify the resulting maps connectivity characteristics and confirm a clear correspondence between long-haul fiber-optic, roadway, and railway infrastructures. Next, we examine the prevalence of high-risk links by mapping end-to-end paths resulting from large-scale traceroute campaigns onto our fiber-optic infrastructure map. We show how both risk and latency (i.e., propagation delay) can be reduced by deploying new links along previously unused transportation corridors and rights-of-way. In particular, focusing on a subset of high-risk links is sufficient to improve the overall robustness of the network to failures. Finally, we discuss the implications of our findings on issues related to performance, net neutrality, and policy decision-making.

RiskRoute: a framework for mitigating network outage threats

A comprehensive understanding of outage threats is critical for robust network design and operation, and evaluating cost trade-offs for recovery planning. In this paper, we describe a study of network infrastructure events due to outage events and a framework for mitigating these risks through backup routing and additional provisioning. We evaluate risk via the concept of bit-risk miles, the geographically-scaled outage risk of traffic in a network. Our focus on bit-risk miles allows for first-of-its-kind analysis of the tradeoffs of shortest path routing and risk-averse routing. We leverage the concept of bit-risk miles to present RiskRoute, a flexible routing framework that allows for backup routes to be configured to respond to both historical and immediately forecasted outage threats. Specifically, RiskRoute is an optimization framework that minimizes bit-risk miles between arbitrary points in a network. RiskRoute also reveals the best locations for provisioning additional network infrastructure in the form of new PoP-to-PoP links for single-network domains, and the best new peering relationships for multi-network domains. To assess and evaluate RiskRoute, we assemble diverse data sets including (i) - detailed topological maps and peering relationships of Internet Service Providers (ISPs) in the US, and (ii) - historical information on different types of natural disasters which threaten physical infrastructure. Our analysis reveals the providers that have the highest risk to disaster-based outage events. We also provide provisioning recommendations for network operators that can in some cases significantly lower bit-risk miles for their infrastructures.

Controller-agnostic SDN Debugging

Complexity in software-defined network (SDN) applications calls for methods and tools that can facilitate comprehensive debugging and analysis. A key challenge in this regard is that SDN configurations interact with network devices that can behave in unexpected ways, depending on factors such as traffic and application mix. In this paper, we describe OFf, a debugging and test environment for SDN developers. OFf is built on top of the fs-sdn simulator, which was developed to offer simple-to-use, accurate and scalable evaluation of OpenFlow-based SDN configurations. OFf offers standard debugging features for controller applications such as stepping, breakpoints, and watch variables. It also offers features that provide visibility into network behavior including packet tracing, packet replay and visualization features, and alerts that are triggered when, e.g., configurations change. OFf is accessed through a text interface and is designed to interoperate with any standard SDN controller platform. We demonstrate the capabilities of OFf through three test scenarios that illustrate its utility and modest performance impact on running applications. Specifically, we show how OFf can be used to analyze and fix bugs in a traffic engineering application, and to detect and repair a security vulnerability due to multiple application interaction and unexpected rule expiration.

Bigfoot: A geo-based visualization methodology for detecting BGP threats

Studies of inter-domain routing in the Internet have highlighted the complex and dynamic nature of connectivity changes that take place daily on a global scale. The ability to assess and identify normal, malicious, irregular and unexpected behaviors in routing update streams is important in daily network and security operations. In this paper we describe Bigfoot, a Border Gateway Protocol (BGP) update visualization system that has been designed to highlight and assess a wide variety of behaviors in update streams. At the core of Bigfoot is the notion of visualizing the announcements of network prefixes via IP geolocation. We investigate different representations of polygons for network footprints and show how straightforward application of IP geolocation can lead to representations that are difficult to interpret. Bigfoot includes techniques to filter, organize, analyze and visualize BGP updates that enable characteristics and behaviors of interest to be identified effectively. To demonstrate Bigfoots capabilities, we consider 1.79B BGP updates collected over a period of one year and identify 139 candidate events in this data. We investigate a subset of these events in detail, along with ground truth from existing literature to show how network footprint visualizations can be used in operational deployments.

MNTP: Enhancing Time Synchronization for Mobile Devices

Clock synchronization between Internet hosts is important in a variety of applications including gaming, finance and measurement. While clock synchronization issues in wireline networks have been well studied, mobile hosts present challenges that have not received as much attention. In this paper, we describe a study of clock synchronization in mobile hosts, which often implement a simplified version of the Network Time Protocol (NTP), known as SNTP, due to resource constraints typical of mobile devices. We begin by reporting an analysis of logs from NTP servers that highlights the significant differences in synchronization behavior of wireline vs. wireless hosts. This analysis motivates a laboratory-based study of the details of clock synchronization on mobile hosts, which reveals the causes and extent to which synchronization can become misaligned. We then describe a new protocol that we call Mobile NTP (MNTP), which is designed to be simple, efficient and easy to deploy. We implement MNTP on a wireless laptop and demonstrate its capability over a range of operating conditions. We find that MNTP maintains clock synchronization to within 25ms of a reference clock, which is over 12 times better than standard SNTP.

Time's Forgotten: Using NTP to understand Internet Latency

The performance of Internet services is intrinsically tied to propagation delays between end points (i.e., network latency). Standard active probe-based or passive host-based methods for measuring end-to-end latency are difficult to deploy at scale and typically offer limited precision and accuracy. In this paper, we investigate a novel but non-obvious source of latency measurement---logs from network time protocol (NTP) servers. Using NTP-derived data for studying latency is compelling due to NTPs pervasive use in the Internet and its inherent focus on accurate end-to-end delay estimation. We consider the efficacy of an NTP-based approach for studying propagation delays by analyzing logs collected from 10 NTP servers distributed across the United States. These logs include over 73M latency measurements to 7.4M worldwide clients (as indicated by unique IP addresses) collected over the period of one day. Our initial analysis of the general characteristics of propagation delays derived from the log data reveals that delay measurements from NTP must be carefully filtered in order to extract accurate results. We develop a filtering process that removes measurements that are likely to be inaccurate. After applying our filter to NTP measurements, we report on the scope and reach for US-based clients and the characteristics of the end-to-end latency for those clients.

OFf: bugspray for openflow

The increasing complexity of software-defined (SDN) applications requires comprehensive methods and tools for debugging and analyzing program and network behavior. A key challenge in SDN application development is that programs can interact with network devices and configurations in unexpected ways, depending on traffic and application mix. In this paper, we describe OFf, a debugging and test environment for SDN program development. OFf leverages the fs-sdn simulator, which was designed to offer simple-to-use, accurate, and scalable evaluation of OpenFlow-based SDN applications. OFf offers a variety of commonly available debugging features such as stepping, breakpoints, watchpoints, and inspection and modification of program state. It also offers SDN-specific capabilities that facilitate network behavior analysis including packet tracing and replay, visualization features, and alerts that are triggered when, for example, configurations change.

pfs: parallelized, flow-based network simulation

Simulation is a compelling option for evaluating Internet protocols, configurations and behaviors. While current simulation tools have been used effectively to consider questions in small-scale networks, they are incapable of evaluating large scale phenomena such as routing configurations, DDoS attacks and data center deployments. In this paper, we describe pfs, a parallelized version of the fs flow-level simulator [1] that offers the opportunity to conduct very large-scale simulations of networks. Our approach to parallelization is based on decomposing simulation configurations both spatially and temporally into independent chunks that can be run simultaneously on massively scalable, parallel processing infrastructures. We demonstrate the capabilities of pfs through a series of experiments that highlight both the speedup that can be achieved as well as the costs that are incurred in terms of the accuracy of the simulation results.

Automatic metadata generation for active measurement

Empirical research in the Internet is fraught with challenges. Among these is the possibility that local environmental conditions (e.g., CPU load or network load) introduce unexpected bias or artifacts in measurements that lead to erroneous conclusions. In this paper, we describe a framework for local environment monitoring that is designed to be used during Internet measurement experiments. The goals of our work are to provide a critical, expanded perspective on measurement results and to improve the opportunity for reproducibility of results. We instantiate our framework in a tool we call SoMeta, which monitors the local environment during active probe-based measurement experiments. We evaluate the runtime costs of SoMeta and conduct a series of experiments in which we intentionally perturb different aspects of the local environment during active probe-based measurements. Our experiments show how simple local monitoring can readily expose conditions that bias active probe-based measurement results. We conclude with a discussion of how our framework can be expanded to provide metadata for a broad range of Internet measurement experiments.