Level of Participation - Billed: $ 9,437

Level of Participation - Unbilled: $ 2,915,521

Project URL: https://www.caida.org/funding/nms/

Overall Objective: The Network Modeling and Simulation research project is a follow-on effort to the NGI project predicated on the belief that the development of scalable solutions for future Internet work requires improvements in our understanding of the behavior and trends associated with the existing Internet.

CAIDA plans to develop new measurement and monitoring tools, to expand the scope and breadth of existing monitoring measurement initiatives, and to create techniques for correlation of these data sets. CAIDA’s NMS project is divided into four tasks. Detailed plans may be found in the proposal at https://www.caida.org/funding/nms/proposal.xml.

NMS Task 1, Monitoring

Objective:

Develop and evolve measurement and monitoring tools. Expand the scope and breadth of existing monitoring measurement initiatives. Create techniques for correlation of these data sets.

Approach:

CAIDA is gathering indicators of path-specific network performance, e.g., round-trip latency and loss, on the global infrastructure by using skitter active measurement probes (https://www.caida.org/tools/measurement/skitter/). This active monitoring project is supported by DARPA under Cooperative Agreement N66001-98-2-8922. Twenty-two monitors are currently deployed, including four at DNS root-server locations, with destination lists targeting several different investigations. Additional monitors will be deployed during 2001. Various research groups throughout the U.S. and abroad are using data from this effort. Data from nine of these monitors formed the basis of an Asia-Pacific traffic study currently presented at INET'2000 (see https://www.caida.org/publications/papers/2000/asia_paper/). These data can assist in developing topologies, performance and route stability scenarios. DARPA's support for skitter continues through July 2001.

Workload data (passively monitored) is available using tools such as OCxmon/ CoralReef (see https://www.caida.org/tools/measurement/coralreef/) and NeTraMet (see https://www.caida.org/tools/measurement/netramet/). CAIDA plans to develop additional workload data sets and correlate them with topology, performance, and routing information as part of this task. Support for CoralReef was provided through September 2000 by NSF and through July 2001 by DARPA. CAIDA will continue to enhance CoralReef under this project in order to maintain its usefulness for measurements involving changes in network transport and applications protocols as well as detection of denial-of-service attacks. In particular, the new "backscatter analysis" technique for estimating denial-of-service attack activity in the Internet will be added to passive measurement tools.

Several BGP4 route mirror sites are available for analysis of routing data. The foremost among these is the industry-supported University of Oregon's RouteViews project (see http://www.routeviews.org). CAIDA plans to correlate these routing data (archived at http://moat.nlanr.net/Routing/rawdata/) with other data sets, as well as to expand monitoring of routers co-located with skitter and OCxmon/CoralReef monitors (for correlation with active and passive data sets). File formats for various data sets will be published on the web.

Multicast traffic represents an important emerging subset of the global Internet infrastructure. The Internet's multicast routing architecture is currently evolving from the original DVMRP tunneled infrastructure to the more recent, vendor-recommended, inter-domain multiprotocol MBGP (with PIM-SM+MSDP to build multicast distribution trees). Although mapping and monitoring the DVMRP infrastructure was challenging enough, with diagnostic tools only casually supported by the research and vendor community, the transition to MBGP/PIM/MSDP has made the situation worse, namely: there are very few data collection and analysis efforts for MBGP routing information bases, and there is currently no mechanism to determine the MSDP topology or reasonably estimate the amount of control traffic this portion of the system is generating.

The Mantra tool (see https://www.caida.org/tools/measurement/mantra/) collects router-based data (e.g., from tables and SNMP MIBs) associated with various aspects of multicast routing. This includes information on routing, such as the usage and characteristics associated with MBGP routes, characteristics of DVMRP routes, traffic flow statistics, AS-specific topology information, and data on the extent to which GLOP Addressing (233/8 Space) and Multicast Source Discovery Protocol (MSDP) are used throughout the Internet (see Figures 1-3).

Mantra's early development was led by a UCSB graduate student, Prashant Rajvaidya, with support provided by the NSF Internet Atlas project, see https://www.caida.org/projects/internetatlas/. Continued development and enhancement of Mantra's monitoring and related multicast tools (described below) will require external support from this project. In particular, CAIDA desires to expand the web page functionality, incorporate additional sites into monitoring database, improve the storage formats for data sets, develop baselines models of what ideal operating statistics should look like for individual sites.

Recent Accomplishments:

A new technique, called "backscatter analysis", was used to estimate worldwide denial-of-service activity. This approach was used on three weeklong datasets to assess the number, duration and focus of attacks and to characterize their behavior. David Moore of CAIDA and Geoffrey M. Voelker and Stefan Savage of the UCSD Department of Computer Science and Engineering discuss results of this analysis technique in a paper. The paper entitled "Inferring Internet Denial-of-Service Activity" (https://www.caida.org/publications/papers/2001/BackScatter/) will appear in the Usenix Security Symposium during August 13-17, 2001 in Washington, D.C.

Current Plan:

Based on NMS community feedback, CAIDA will deploy CoralReef and/or NeTraMet passive monitors at strategic high-speed Internet locations, will enhance these tools to aid in the detection and characterization of denial-of-service (DoS) attacks, and will perform experiments to identify optimal data collection strategies. Workload characterization results and estimates of worldwide DoS activity will also be posted to a web page accessible by the NMS and research communities.

Task 2, Archiving and Serving Data Sets to the Community

Objective:

Determine whether details about underlying networks, such as data on the topology and performance associated with specific workloads or events, can provide valuable insights to the development of data flow information for simulators. Work with the network modeling and simulation community to identify what formats of data sets are most useful to them.

Approach:

CAIDA believes that details about underlying networks, such as data on the topology and performance associated with specific workloads or events, can provide valuable insights to the development of data flow information for simulators. NMS project collaborators will be consulted to determine the best methodology for monitoring NMS efforts.

Recent Accomplishments:

CAIDA has participated with NMS partners in ongoing preparations for the NMS Demo scheduled to occur this fall. CAIDA's CoralReef passive monitor will be included in the simulation configuration.

CAIDA has posted a variety of resources of interest to NMS project collaborators on its website at https://www.caida.org/funding/nms/.

Current Plan:

CAIDA will support and assist NMS participants by analyzing traffic traces collected using CoralReef and/or NeTraMet during the scheduled NMS Demo. CAIDA will pursue interaction with NMS PIs, support small workshops, and input research questions and results to the darpa-nms-data@caida.org mailing list.

Task 3, Interactive Visualization and Navigation Tools

Objective:

Develop mechanisms to manipulate, analyze, navigate, and compare large inter-domain routing tables, and compare them not only to one another but also to topology maps derived from active probe measurements. Develop an intuitive and efficient graphical interface to a routing table to facilitate the ability to identify incongruities quickly.

Approach:

CAIDA will refine several visualization tools slanted to facilitate network and traffic engineering analyses to meet NMS goals:

• walrus visualizes large directed graphs, on the order of millions of nodes
• otter visualizes any network data that can be expressed as a set of nodes

Recent Accomplishments:

Some walrus development was done on the NGI co-operative agreement and will continue under the NMS grant beginning third quarter 2001.

The PlotPath layout algorithm has been added to otter, enabling the visualization of the relationships between multiple paths to the same Internet destination. Previously, latitude and longitude data was used to orient and group network nodes together. However, geographic location could not be maintained while simultaneously avoiding link overlap and unwarranted complexity. Also, geographic distance is not a key factor in determining many network parameters such as latency, network load, and percent utilization. The new layout algorithm instead plots the 'hop depth' for a set of nodes on the Y axis while presenting the Autonomous System (AS) to which that node belongs on the X axis. Hop depth has shown somewhat of a correlation to latency and also makes connectivity within the path visually obvious. The X-axis consists of columns, each representing a single AS. Therefore, transitions along a path between ASes are also easy to see. Several examples of graphs using this new layout algorithm can be found at https://www.caida.org/tools/visualization/otter/otter_plots/.

Current Plan:

CAIDA plans to integrate otter’s and PlotPath’s functionality into the libsea library to better facilitate intercommunication between different CAIDA visualization tools. We will also use the walrus hyperbolic viewer to gain insights while exploring existing skitter and other topology data sets. Planned walrus enhancements include addition of a powerful and flexible non-linear mechanism for meaningfully mapping color to different nodes and links within the hyperbolic representation.

NMS Task 4, Developing Model of Internet Core

Objective:

Develop mechanisms to analyze a topological model of the `Internet core', including techniques to identify infrastructural vulnerabilities created by dependencies on critical components, e.g., the relative importance of specific public exchange points and private peering points to reachability of select groups of ASes and networks.

Approach:

To our knowledge, CAIDA is undertaking the most comprehensive Internet public topology analysis effort in the world. Further analysis of multiple data sets will augment CAIDA's current techniques to identify and visualize critical components of the Internet's core and the relative importance of specific public exchange points and private peering points to reachability of select groups of ASes and networks. A model of the Internet core can provide framework for parameterizing routing policy relationships among ISPs in the Internet today. CAIDA seeks a model with just enough flexibility to express actual routing policies as implemented by ISPs in the Internet, and without unnecessary components. Understanding routing policy is key to understanding the structure of the Internet, as routing policy is the vehicle that supports the economic model of the modern commercial Internet.

Recent Accomplishments:

CAIDA's methodology for visualizing core AS connectivity in the global Internet has resulted in several images, see https://www.caida.org/research/topology/as_core_network/. An interactive poster detailing this methodology has been accepted for presentation at the IEEE Visualization (InfoVis) conference to be held October 21-26 in San Diego. The methodology combines path data acquired from active skitter probes with core routing table data. A stipping process is used to distill node and path data, which is displayed on a polar plot where angular position corresponds to longitude and better connected nodes are displayed closer to the center.

"Distance Metrics in the Internet" by Bradley Huffaker, Daniel J. Plummer, David Moore and k claffy has been accepted for presentation at the ACM USENIX LISA conference. This paper presents and compares four existing metrics for computing distance: round trip time (RTT); geographical distance; autonomous system (AS) path length; and IP path length. Previously measured RTT successfully selects the server with the lower RTT in 90% of our trials. Great circle geographic distance provides the second best method (75% successful selections) for 66% of our monitors. IP path length yields about 60% success, while the AS path length metric is no better than chance.

Several efforts to acquire realistic topology models for NMS have been pursued. Analysis of our topology data casts some doubt on the legitimacy of using routing table data to represent global connectivity. In particular, even the largest set of publicly available core routing tables (50 tables currently available at http://www.routeviews.org) captures only a very small fraction of actual connectivity. CAIDA compares active probe and router table data in coverage, and establishes a framework for empirically-based IP topology analysis in"Internet Topology: Connectivity of IP Graphs" by Andre Broido and kc claffy. This paper will be presented at the ACM SIGCOMM Internet Measurement Workshop.

Another CAIDA study "Complexity of Global Routing Policies" by Andre Broido and kc claffy was also accepted at the ACM SIGCOMM Internet Measurement Workshop. This study included comprehensive analysis of the best publicly available global inter-domain routing data, and evaluates a number of new routing complexity measures. Sensitive to engineering resource limitations of router memory and CPU cycles, this study focused on techniques to estimate redundancy of the merged tables, in particular how many entries are essential for complete and correct routing. The notion of policy atoms is also introduced as part of this new calculus for routing table analysis.

In addition, three papers were accepted for presentation at the ACM USENIX LISA conference 2001.

1. "Macroscopic Internet Topology and Performance Measurements from the DNS root name servers" by Marina Fomenkov, kc claffy, Bradley Huffaker and David Moore.
2. "The Architecture of the CoralReef Internet Traffic Monitoring Software Suite" by Ken Keys, David Moore, Ryan Koga, Edouard Lagache, Michael Tesch, and k claffy
3. "DNS Root/gTLD Server Measurements" by Nevil Brownlee, kc claffy, and Evi Nemeth

Current Plan:

CAIDA will continue to refine and evolve methodologies for generating realistic topologies for NMS. CAIDA will also complete work on the three papers accepted for presentation at USENIX LISA 2001.

Technology Transition:

Industry also has great interest in skitter and routing data. CAIDA is working with both academic and industrial R&D groups to provide access to tools and data.

Products of these efforts will directly benefit Defense Department agencies through their use in developing and evaluating new Internet protocols (e.g., protocols that are more resilient, secure, and scalable) and enhanced network planning, management, and control capabilities.