Locating hosts by TULIP (Trilateration Utility for Locating IP hosts) - PowerPoint PPT Presentation

Loading...

PPT – Locating hosts by TULIP (Trilateration Utility for Locating IP hosts) PowerPoint presentation | free to download - id: d61c2-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Locating hosts by TULIP (Trilateration Utility for Locating IP hosts)

Description:

We also wanted to verify the locations of the hosts in the PingER database. Uses of Locating Hosts. Choose content to send (e.g. language, local store) ... – PowerPoint PPT presentation

Number of Views:742
Avg rating:3.0/5.0
Slides: 18
Provided by: new7151
Learn more at: http://www.internet2.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Locating hosts by TULIP (Trilateration Utility for Locating IP hosts)


1
Locating hosts by TULIP (Trilateration Utility
for Locating IP hosts)
  • Prepared by Les CottrellSLAC,
  • Faran JavedNIIT, Shahryar KhanNIIT,Umar KalimNIIT
  • Internet2 fall members meeting San Diego, October
    2007

http//www.slac.stanford.edu/grp/scs/net/talk07/i2
mmfall07.ppt
2
Purpose
  • Geo locate a host given its name or address
  • Uses ping (RTT) measurements from landmarks
  • landmarks at known locations worldwide
  • RTT roughly proportional to distance in many
    cases
  • Distance (km) alpha RTT (ms)
  • Velocity light in fibre 0.6c or 1ms for 100km.
  • Use min RTT to reduce effect of queueing
  • Using distance from RTT, triangulate to get
    lat/long

3
Goals
  • Platform agnostic (Java Perl (CGI))
  • Open, non-proprietary (cf. Traceware, Edgescape)
  • Minimize security concerns
  • Include developing regions
  • Sustainable robust service
  • Minimize manual effort (keep databases current)
  • Provide an API to enable other applications
  • We also wanted to verify the locations of the
    hosts in the PingER database.

4
Uses of Locating Hosts
  • Choose content to send (e.g. language, local
    store)
  • Security pin-point suspicious hosts
  • Where to get replicated service (e.g. Grid)
  • Information for maps (e.g. visualroute)
  • Efficiency of routing
  • For Digital Divide world-wide collaborations

5
How to get the location
  • Database (e.g. DNS, whois, Geo IP tools)
  • Hard to keep up, may require subscription, maybe
    inaccurate, out-of-date or incomplete
  • Traceroute and heuristics on names (Visual
    traceroute)
  • RTTs (e.g. Octant from Cornell, Constraint based
    Geolocation from Belgium/Boston U)
  • Neither are active any more (student projects
    pointing the way?)
  • They are complementary
  • Each has own strengths and weaknesses
  • Could/should be used together to validate each
    other and make corrections.

6
Simple Methodology (1)
Client
Client loads (Java Webstart), runs Java applet
gets target from user
Client requests Reflector to get pings to target
Reflector requests Landmarks to ping target,
Landmarks
Ping target
Reflector
(web server running CGI script)
Target
7
Simple Methodology (2)
Client
Client analyses data,
visualizes and provides to user
Reflector send RTTs back to Client
Landmarks send results back to Reflector
Landmarks
Ping target
Reflector
(web server running CGI script)
Target
8
Landmarks
  • Want good geographical coverage for world.
  • Need to be reliable, answer
  • No connection, timeouts, 100loss (24 excellent
    PlanetLabs)
  • Respond quickly
  • Not satellite connection
  • Not a proxy

SLAC/PingER reverse traceroute servers 60, but
more diverse, see www.slac.stanford.edu/comp/net/
wan-mon/traceroute-srv.html
PlanetLab 150 landmarks Mainly in N. America
and Europe
9
Security (lots of concerns)
  • Can be used for DoS attacks against a target
  • Looks like a potential scan of the target vs many
    hosts
  • Target ICMP replies to a large number of hosts
  • CGI scripts (Perl) needs to be well vetted for
    holes
  • Ability to discover then blackhole abusers
  • Only one TULIP client per host
  • Landmarks and reflector both limit the number of
    running requests
  • Centralized logging of all requests and results,
    plus analysis
  • Look for anomalies
  • Also discovers what landmarks are failing, who is
    requesting
  • Possible privacy problems if locate a persons
    host accurately (could add fuzz)

10
Problems
  • Geostationary satellite connections
  • 24Kmiles gt RTT gt370ms, heavily used in C. Asia
    and Africa
  • IP name refers to multiple hosts (e.g. Google,
    Akamai, root name servers) in many locations
  • Hosts move, have proxies etc.
  • Indirect routing so RTT ! distance
  • E. Asia vs. Australia seen from US
  • Security concerns
  • Duration for measurements (50 seconds to
    complete, results start arriving earlier)
  • Optimizing of parallel requests from reflector,
    timeouts, tiering, remove poor landmarks
  • Optimizing alpha in distance (km) alpha RTT
    (ms).
  • Optimizing the choice of tier 0 landmarks,
    reliable at edges, want very few, yet few false
    positives or mistakes
  • N. America SLAC/CA, BNL/NY, AMPATH/FL,
    TRIUMF/CA(Vancouver), Winnipeg/CA, Houston, Saint
    Louis, Chicago
  • Europe CERN/CH, ICTP/IT, DL/UK

11
Demo of early version
  • www.slac.stanford.edu/comp/net/wan-mon/tulip
  • 2 sets of landmarks PlanetLabs SLAC/PingER
    type
  • Enter host name or address Locate Site
  • Raw results in Ping Results window
  • Visualize results in map

12
Evaluation of early version
  • Use 600 PingER hosts with known lat/long
  • Hosts in over 130 countries
  • Also validates PingER data

Need landmarks close to targets
  • 50 accurate to within 200 km, 70 within 1000km
  • Ouch, not very successful, worse with RTT

13
Improvements
  • Add more landmarks for better coverage PlanetLab
    more SLAC landmark deployment
  • (especially in developing world)
  • Understand outliers, correct PingER dB

Outliers Multi-homed, e.g. yahoo, root servers,
Move e.g. supercomp Not at site of ASN e.g.
134.79 SLAC host in Arizona Indirect routing
SFO-LA-SEA-VIC
Alpha 48.54 RTT/Dist (km/ms)
14
Look at Alpha
  • Set alpha to right value to get correct distance
    from RTT and look at distributions
  • Done for major US to N. America major Europe to
    Europe sites

15
In progress
  • Have stable version 1
  • www.slac.stanford.edu/comp/net/wan-mon/tulip/
  • Adding
  • More landmark, filter out non-working instances
  • Integrate PlanetLabs other landmark databases
  • Improved map visualization and zoom
  • Optimizing timing parameters (parallel streams,
    timeouts, landmark choices, alpha )
  • Faster landmark response
  • GeoIP Tool estimates
  • http//www.geoiptool.com/
  • Tiering
  • Redo evaluation, compare with other methods

16
Tiering
  • Want to reduce the traffic hitting a target
  • First find region target is in (tier 0 search)
  • Use few best landmarks in region
  • Highly responsive, at edges of region
  • Determine most likely region (N. America, Europe,
    the rest)
  • Then if client wants more detail use all
    landmarks in region to pin-point target
  • Take 1/10 time for tier 0s vs all for N. America

17
More information/Questions
  • Acknowledgements
  • PlanetLab, SLAC reverse tracroute servers hosted
    in Africa, E. Asia, Latin America, Middle East,
    Russia, S. Asia
  • TULIP Home Page
  • http//www.slac.stanford.edu/comp/net/wan-mon/tuli
    p/
  • PingER (driving reason for tool)
  • www-iepm.slac.stanford.edu/pinger,
  • TULIP 1st Prize at All Asia Softec 2007
  • http//www.niit.edu.pk/press/pages/releases/tulip.
    php
About PowerShow.com