140 likes | 148 Views
Learn about traceroute, how it works, and its possible applications, including identifying AS paths, pinpointing forwarding loops, and uncovering routing issues. Gain hands-on experience with BGP routing tables and explore ways to obtain accurate IP-to-AS mappings. Discover the power of traceroute in analyzing internet routes and uncovering network issues.
E N D
Network Diagnostic and Discovery with Traceroute Prepared and presented by PhD candidate,Yihua He
Roadmap • Identifying the AS PATH • Which AS a packet goes through • Review of how traceroute works • Possible ways to do IP->AS • Hands-on experience with BGP tables • What can traceroute tell us besides reachability? • Internet routes are not symmetric
AS B AS C AS A AS D Autonomous System (AS) Autonomous System Forwarding Path Example: Pinpoint forwarding loop & responsible AS Internet IP traffic destination source
d: path=[BC] d: path=[C] AS C AS A AS B Forwarding path: data traffic Border Gateway Protocol (BGP) BGP path may differ from forwarding AS path • Routing loops and deflections • Route aggregation and filtering • BGP misconfiguration Signaling path: control traffic Origin AS d: path=[A B C] d: path=[B C] prefix d
Time exceeded TTL=1 TTL=2 Traceroute: Measuring the Forwarding Path • Time-To-Live field in IP packet header • Source sends a packet with a TTL of n • Each router along the path decrements the TTL • “TTL exceeded” sent when TTL reaches 0 • Traceroute tool exploits this TTL behavior destination source Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message
Traceroute gives IP-level forwarding path Traceroute output: (hop number, IP address, DNS name) 1 169.229.62.1 2 169.229.59.225 3 128.32.255.169 4 128.32.0.249 5 128.32.0.66 6 209.247.159.109 7 * 8 64.159.1.46 9 209.247.9.170 10 66.185.138.33 11 * 12 66.185.136.17 13 64.236.16.52 inr-daedalus-0.CS.Berkeley.EDU soda-cr-1-1-soda-br-6-2 vlan242.inr-202-doecev.Berkeley.EDU gigE6-0-0.inr-666-doecev.Berkeley.EDU qsv-juniper--ucb-gw.calren2.net POS1-0.hsipaccess1.SanJose1.Level3.net ? ? pos8-0.hsa2.Atlanta2.Level3.net pop2-atm-P0-2.atdn.net ? pop1-atl-P4-0.atdn.net www4.cnn.com Traceroute from Berkeley to www.cnn.com (64.236.16.52)
AS25 AS25 AS25 AS25 AS11423 AS3356 AS3356 AS3356 AS3356 AS1668 AS1668 AS1668 AS5662 Berkeley Calren Level3 AOL CNN Map Traceroute Hops to ASes Traceroute output: (hop number, IP) 1 169.229.62.1 2 169.229.59.225 3 128.32.255.169 4 128.32.0.249 5 128.32.0.66 6 209.247.159.109 7 * 8 64.159.1.46 9 209.247.9.170 10 66.185.138.33 11 * 12 66.185.136.17 13 64.236.16.52 Need accurate IP-to-AS mappings (for network equipment).
Possible Ways to Get IP-to-AS Mapping(1) • DNS names: • Inaccurate, and in a lot of times, Wrong! • Anyone, with $5/year, can register a www.whateveryoulike.com and point it to any IP address! • Some of the IPs do not have any DNS name. • Routing address registry (WHOIS) • That’s what you did in Lab1 • More accurate. However… • Voluntary public registry such as whois.radb.net • Prone to human input errors • Incomplete and maybe out-of-date • Mergers, acquisitions, delegation to customers
Possible Ways to Get IP-to-AS Mapping (2) • Origin AS in BGP paths • Prefix=198.133.206.0/24, ASpath=[1239 2914 3130] • Public BGP routing tables such as RouteViews • Almost real time and avoiding most human input errors • It’s approximately 98% accurate, • Multiple Origin ASes (MOAS) • due to merge in a lot of cases • E.g., around 2002-2003, 148.231.0.0/16 had two ASes announced its address block: AS5677 and AS7132. That was PacBell and SBC • Now AS5677 does not exist anymore • No mapping • Some ASes intentionally do not want to advertise the route/IPs • Incomplete view
Hands-on Experience with BGP Routing Tables • Telnet://route-views.routeviews.org • Show ip bgp summary • Whose BGP feeds do the router take? • Show ip bgp • Prefix • Origin AS • AS Path • Collected at http://archive.routeviews.org/ • Other BGP table collections are: • http://www.ripe.net/projects/ris/rawdata.html • http://www.cs.ucr.edu/bgp/
What can traceroute tell us? • Where are those routers? • from DNS • City name • Airport name • From roundtrip time • Light travels approximately 2*10^8 meters/sec in fiber cables • When non-congested, the major delay is propagation delay • If you see a host with roundtrip time of 10ms, you know it must be within 600 miles radius. • Theoretically, with multiple vantage point, you can pinpoint where the routers are.
Internet routes are not symmetric! • Try traceroute from both ends • And we’ll find most routes are not symmetric! • Why? • Hot potato routing --- try to use other guys’ network as much as possible • Policy routing --- when multihomed
Traceroute from other places • http://www.traceroute.org • Remote traceroute servers • Hundreds of them • Limited probe rate • Not always available • http://www.caida.org/tools/measurement/skitter/ • Dedicated remote traceroute monitors • Almost unlimited probe rate • Only a couple of dozens of them