In the first months of 2011, Internet communications were disrupted in several North African countries in response to civilian protests and threats of civil war. In this paper we analyze episodes of these disruptions in two countries: Egypt and Libya. Our analysis relies on multiple sources of large-scale data already available to academic researchers: BGP interdomain routing control plane data; unsolicited data plane traffic to unassigned address space; active macroscopic traceroute measurements; RIR delegation files; and MaxMind's geolocation database. We used the latter two data sets to determine which IP address ranges were allocated to entities within each country, and then mapped these IP addresses of interest to BGP-announced address ranges (prefixes) and origin ASes using publicly available BGP data repositories in the U.S. and Europe. We then analyzed observable activity related to these sets of prefixes and ASes throughout the censorship episodes. Using both control plane and data plane data sets in combination allowed us to narrow down which forms of Internet access disruption were implemented in a given region over time. Among other insights, we detected what we believe were Libya's attempts to test firewall-based blocking before they executed more aggressive BGP-based disconnection. Our methodology could be used, and automated, to detect outages or similar macroscopically disruptive events in other geographic or topological regions.
Understanding data plane health is essential to improving Internet reliability and usability. For instance, detecting disruptions in peer and provider networks can identify repairable connectivity problems. Currently this task is time consuming as it involves a fair amount of manual observation, as an operator has poor visibility beyond their network's border. In this paper we leverage existing public RIPE Atlas measurement data to monitor and analyze network conditions; creating no new measurements. We demonstrate a set of complementary methods to detect network disruptions using traceroute measurements, and to report problems in near real time. A novel method of detecting changes in delay is used to identify congested links, and a packet forwarding model is employed to predict traffic paths and to identify faulty routers and links in cases of packet loss. In addition, aggregating results from each method allows us to easily monitor a network and correlate related reports of significant network disruptions, reducing uninteresting alarms. Our contributions consist of a statistical approach to providing robust estimation of Internet delays and the study of hundreds of thousands link delays. We present three cases demonstrating that the proposed methods detect real disruptions and provide valuable insights, as well as surprising findings, on the location and impact of the identified events. arXiv:1605.04784v2 [cs.NI] 15 May 2017 (4,307 IPv6 probes) connected within the eight studied months.As our study relies solely on traceroute results the scope and terminology of this paper are constrained to the IP layer. That is, a link refers to a pair of IP addresses rather than a physical cable.Consequently, the proposed methods suffer from common limitations faced by traceroute data [29,40,28]. Traceroute visibility is limited to the IP space, hence, changes at lower layers that are not visible at the IP layer can be misinterpreted. For example, the RIPE Atlas data reports MPLS information if routers support RFC4950. But for routers not supporting RFC4950, the reconfiguration of an MPLS tunnel is not visible with traceroutes while being likely to impact observed delays. The RTT values reported by traceroute include both network delays and routers' slow path delay [28]. Therefore, the delay changes found using traceroute data are not to be taken as actual delay increases experienced by TCP/UDP traffic, though they are good for detecting network damage. CHALLENGES AND RELATED WORKMonitoring network performance with traceroute raises three key challenges. In this section, we present these challenges, discuss how they were tackled in previous (a) Round-trip to router B (blue) and C (red).(b) Difference of the two round-trips (∆ P BC ).
Peering infrastructures, namely, colocation facilities and Internet exchange points, are located in every major city, have hundreds of network members, and support hundreds of thousands of interconnections around the globe. These infrastructures are well provisioned and managed, but outages have to be expected, e.g., due to power failures, human errors, attacks, and natural disasters. However, little is known about the frequency and impact of outages at these critical infrastructures with high peering concentration.In this paper, we develop a novel and lightweight methodology for detecting peering infrastructure outages. Our methodology relies on the observation that BGP communities, announced with routing updates, are an excellent and yet unexplored source of information allowing us to pinpoint outage locations with high accuracy. We build and operate a system that can locate the epicenter of infrastructure outages at the level of a building and track the reaction of networks in near real-time. Our analysis unveils four times as many outages as compared to those publicly reported over the past five years. Moreover, we show that such outages have significant impact on remote networks and peering infrastructures. Our study provides a unique view of the Internet's behavior under stress that often goes unreported.
Despite extensive studies on the Internet topology, little is still known about the AS level topology of the African Internet, especially when it comes to its IXP substrate. The main reason for this is the lack of vantage points that are needed to obtain the proper information. From 2013 to 2016, we enhanced the RIPE Atlas measurement infrastructure in the region to shed light on both IPv4 and IPv6 topologies interconnecting local ISPs. We increased the number of vantage points in Africa by 278.3% and carried out measurements between them at random periods. To infer results that depict the behavior of ISPs in the region, we propose reproducible traceroute data analysis techniques suitable for the treatment of any set of similar measurements. We first reveal a large variety of ISP transit habits and their dependence on socio-economic factors. We then compare QoS within African countries, European countries, and the US to find that West African networks in particular need to promote investments in fiber networks and to implement traffic engineering techniques. Our results indicate the remaining dominance of ISPs based outside Africa for the provision of intra-continental paths, but also shed light on traffic localization efforts. We map, in our traceroute data, 62.2% of the IXPs in Africa and infer their respective peers. Finally, we highlight the launch of new IXPs and quantify their impacts on end-to-end connectivity. The study clearly demonstrates that to better assess interdomain routing in a continent, it is necessary to perform measurements from a diversified range of vantage points.
Applications often use IP addresses as end host identifiers based on the assumption that IP addresses do not change frequently, even when dynamically assigned. The validity of this assumption depends upon the duration of time that an IP address continues to be assigned to the same end host, and this duration in turn, depends upon the various causes that can induce the currently assigned IP address to change. In this work, we identify different causes that can lead to an address change and analyze their effect in ISPs around the world using data gathered from 3,038 RIPE Atlas probes hosted across 929 ASes and 156 countries across all 12 months of 2015. Our observations reveal information about ISP practices, outages, and dynamic address prefixes. For example, we found 20 ISPs around the world that periodically reassign addresses after a fixed period, typically a multiple of 24 hours. We also found that address changes are correlated with network and power outages occurring at customer premises equipment (CPE) devices. Furthermore, almost half of the address changes we observed on the same CPE were to an entirely different BGP-routed prefix.
Network operators use the Border Gateway Protocol (BGP) to control the global visibility of their networks. When withdrawing an IP prefix from the Internet, an origin network sends BGP withdraw messages, which are expected to propagate to all BGP routers that hold an entry for that IP prefix in their routing table. Yet network operators occasionally report issues where routers maintain routes to IP prefixes withdrawn by their origin network. We refer to this problem as BGP zombies and characterize their appearance using RIS BGP beacons, a set of prefixes withdrawn every four hours.Across the 27 monitored beacon prefixes, we observe usually more than one zombie outbreak per day. But their presence is highly volatile, on average a monitored peer misses 1.8% withdraws for an IPv4 beacon (2.7% for IPv6). We also discovered that BGP zombies can propagate to other ASes, for example, zombies in a transit network are inevitably affecting its customer networks. We employ a graph-based semi-supervised machine learning technique to estimate the scope of zombies propagation, and found that most of the observed zombie outbreaks are small (i.e. on average 10% of monitored ASes for IPv4 and 17% for IPv6). We also report some large zombie outbreaks with almost all monitored ASes affected.
Inter-domain routing is a crucial part of the Internet designed for arbitrary policies, economical models, and topologies. This versatility translates into a substantially complex system that is hard to comprehend. Monitoring the inter-domain routing infrastructure is however essential for understanding the current state of the Internet and improving it. In this paper we design a methodology to answer two simple questions: Which are the common transit networks used to reach a certain AS? How much does this AS depends on these transit networks?To answer these questions we digest AS paths advertised with the Border Gateway Protocol (BGP) into AS graphs and measure node centrality, that is the likelihood of an AS to lie on paths between two other ASes. Our proposal relies solely on the AS hegemony metric, a new way to quantify node centrality while taking into account the bias towards the partial view offered by BGP. Our analysis using 14 years of BGP data refines our knowledge on Internet flattening but also exhibits the consolidated position of tier-1 networks in today's IPv4 and IPv6 Internet. We also study the connectivity to two content providers (Google and Akamai) and investigate the AS dependency of networks hosting DNS root servers. These case studies emphasize the benefits of the proposed method to assist ISPs in planning and assessing infrastructure deployment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.