Understanding and diagnosing routing dynamics in global internet

  • Authors:
  • Lixia Zhang;Mohit Vijay Lad

  • Affiliations:
  • University of California, Los Angeles;University of California, Los Angeles

  • Venue:
  • Understanding and diagnosing routing dynamics in global internet
  • Year:
  • 2007

Quantified Score

Hi-index 0.00

Visualization

Abstract

The global routing system is a critical component in the Internet infrastructure. It delivers data to over 210,000 destination networks throughout the Internet. Large scale events such as fiber cuts, power failures, or major changes in network connectivity often lead to large scale routing changes, which in turn can cause widespread disruption in data delivery service. Hence it is critically important to be able to detect all significant routing changes and to identify the origins of these changes. Prior works focused on examining the route changes to individual destinations in an attempt to understand the behavior of the global routing system. Unfortunately the Internet's distributed nature and its sheer size makes such approaches infeasible and ineffective. In this work, we develop a new concept in measuring routing distribution and dynamics. Instead of measuring changes to individual routes, we measure the total number of routes carried over each link, dubbed link weight. By examining the changes to link weight, dubbed rank-change, we easily capture the aggregate route changes. We use link-weights and rank-changes to visually capture large-scale routing events from hundreds of megabytes of routing data collected from operational routers. In addition to enable visual analysis of routing problems, the link weight metric also forms the basis for automated inference to locate the origins of routing changes. We correlate link weight changes across adjacent links and across observations from different vantage points to construct an s-t graph, called a fault graph, which contains a virtual source and sink node. The min-cut that disconnect the source and the sink by cutting the least number of edges is the most likely solution where the problem originated. Our evaluations show that this min-cut heuristic can identify the problem edges with a high accuracy. Another problem facing the Internet today is prefix hijacking where a destination wrongly announces an IP address space it does not own causing routers to send traffic to itself instead of the genuine destination. Prefix hijacking is a major threat to Internet security and detecting a hijack early is important to reduce damage done. To this end we designed a lightweight and easily deployable hijack alert system. We also carried out a systematic evaluation of how impact of a hijack varies based on location of attacker and target and found out that the tier-1 ISPs having the highest degree are much more vulnerable than some of their multi-homed customers. In summary, our definitions of link weight and rank-change contribute a new abstraction to measure Internet routing distribution and dynamics. This new abstraction not only enables a comprehensive visualization of the global routing system and automatic diagnosis, but also opens up new venues for more advanced routing dynamics modeling and analysis. Our work on prefix hijack presents a quick and easy to deploy first step of detection of attacks and also offers new insights into who is more vulnerable against hijacks in the Internet.