Measuring an IP Network In Situ

Abstract

The Internet, and Internet Protocol (IP) networking in general, have become vital to the scientific community and the global economy. This growth has increased the importance of measuring and monitoring the Internet to ensure that it runs smoothly and to aid in the design of future protocols and networks. To simplify network growth, IP networking is designed to be decentralized. This means that each router and each network needs and has only limited information about the Internet. One disadvantage of this design is that measurement systems are required to determine the behavior of the Internet as a whole. This thesis explores ways in which one can measure five different aspects of the Internet. The first aspect considered is the Internet's topology, or the interconnectivity of the Internet. This is one of the basic questions about the Internet: What hosts are on the Internet and how are they connected? The second aspect is routing: What are the routing decisions made by routers for a particular destination? The third aspect is locating the source of a denial-of-service (DoS) attack. DoS attacks are problematic to locate because their source is not listed in the packets. Thus, special techniques are required. The fourth aspect is link delays. This includes both a general system to determine link delays from end-to-end measurements and a specific system to perform end-to-end measurements from a single measurement host. The fifth aspect is the behavior of filtering on the network. Starting about 15 years ago, to increase security, corporations started placing filtering devices (i.e., "firewalls") between their corporate networks and the rest of the Internet. For each aspect, a measurement system is described and analyzed, and results from the Internet are presented.

Document Details

Document Type

Technical Report

Publication Date

May 06, 2005

Accession Number

ADA456886

Entities

Tags