Randy's Work Blog

Andreas Reuter, Randy Bush, Italo Cunha, Ethan Katz-Bassett, Thomas C. Schmidt, Matthias Wählisch; Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering; Applied Networking Research Workshop; Montréal July 2018

A proposal to improve routing security—Route Origin Authorization (ROA)—has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist?

Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Instead, we devise a verifiable methodology of controlled experiments for measuring ROV. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with presenting three AS that do implement ROV as confirmed by the operators.

Andreas Reuter, Randy Bush, Italo Cunha, Ethan Katz-Bassett, Thomas C. Schmidt, Matthias Wählisch; Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering; CCR July 2018

A proposal to improve routing security—Route Origin Authorization (ROA)—has been standardized. A ROA specifies which network is allowed to announce a set of Internet destinations. While some networks now specify ROAs, little is known about whether other networks check routes they receive against these ROAs, a process known as Route Origin Validation (ROV). Which networks blindly accept invalid routes? Which reject them outright? Which de-preference them if alternatives exist?

Recent analysis attempts to use uncontrolled experiments to characterize ROV adoption by comparing valid routes and invalid routes. However, we argue that gaining a solid understanding of ROV adoption is impossible using currently available data sets and techniques. Instead, we devise a verifiable methodology of controlled experiments for measuring ROV. Our measurements suggest that, although some ISPs are not observed using invalid routes in uncontrolled experiments, they are actually using different routes for (non-security) traffic engineering purposes, without performing ROV. We conclude with presenting three AS that do implement ROV as confirmed by the operators.

George Michaelson, Matthew Roughan, Jonathan Tuke, Matt P. Wand, and Randy Bush; Rasch analysis of HTTPS reachability; IFIP Networking 2018 Zurich, Switzerland, May 14-16, 2018

The use of HTTPS as the only means to connect to web servers is increasing. It is being pushed from both sides: from the bottom up by client distributions and plugins, and from the top down by organisations such as Google. However, there are potential technical hurdles that might lock some clients out of the modern web. This paper seeks to measure and precisely quantify those hurdles in the wild. More than three million measurements provide statistically significant evidence of degradation. We show this through statistical techniques, in particular Rasch analysis, which also shows that various factors influence the problem ranging from the client’s browser, to their locale.

Romain Fontugne, Emile Aben, Cristel Pelsser, Randy
Bush; Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements; IMC 2017

Understanding data plane health is essential to improving Internet reliability and usability. For instance, detecting disruptions in distant networks can identify repairable connectivity problems. Currently this task is difficult and time consuming as operators have poor visibility beyond their network’s border. In this paper we leverage the diversity of RIPE Atlas traceroute measurements to solve the classic problem of monitoring in-network delays and get credible delay change estimations to monitor network conditions in the wild. We demonstrate a set of complementary methods to detect network disruptions and report them in near real time. The first method detects delay changes for intermediate links in traceroutes. Second, a packet forwarding model predicts traffic paths and identifies faulty routers and links in cases of packet loss. In addition, we define an alarm score that aggregates changes into a single value per AS in order to easily monitor its sanity, reducing the effect of uninteresting alarms. Using only existing public data we monitor hundreds of thousands of link delays while adding no burden to the network. We present three cases demonstrating that the proposed methods detects real disruptions and provides valuable insights, as well as surprising findings on the location and impact of the identified events.

Thomas Holterbach, Emile Aben, Cristel Pelsser, Randy Bush, & Laurent Vanbever; Measurement Vantage Point Selection Using A Similarity Metric; Applied Networking Research Workshop (ANRW 2017)

In a measurement platform with a wide selection of vantage points, it can be challenging to select the most appropriate points to source measurements from. One example of such platform is RIPE Atlas [2] which currently hosts over 9600 active vantage points, which can be selected based on categories, such as origin AS or country. When setting up a measurement, users are limited in how many vantage points they can use. This is not only due to limitations that the mea- surement platform imposes, but collecting data from a large number of vantage points would mean a large volume to analyse and store. It therefore makes sense to optimize for a minimal set of vantage points with a maximum chance of observing the phenomenon in which the user is interested.

Network operators may need to debug a network service with only limited information about the problem (“Our network is slow for users in France!”). A diversity metric would allow selection of the most dissimilar vantage points, in an attempt to explore the network phenomenon from as diverse angles as possible. If one nds an interesting network phenomenon, one could use the similarity metric to advantage by selecting the most similar vantage points to the one exhibiting the phenomenon, in an attempt to validate the phenomenon from multiple vantage points.

We propose a novel means of selecting vantage points, which is not based on categorical properties (such as origin AS, or geo- graphic location), but rather on the topological (dis)similarity be- tween vantage points. We describe a similarity metric across RIPE Atlas probes, and show how this performs better for the purpose of topology discovery than the default probe selection mechanism built into RIPE Atlas.

Anant Shah, Romain Fontugne, Emile Aben, Cristel Pelsser, and Randy Bush; Disco: Fast, Good, and Cheap Outage Detection TMA 2017

Outage detection has been studied from different angles, such as active probing, analysis of background radiations, or control plane information. We approach outage detection from a new perspective. Disco is a detection technique that uses existing long-running TCP connections to identify bursts of disconnections. The benefits are considerable as we can monitor, without adding a single packet to the traffic, Internet-wide swaths of infrastructure that were not monitored previously because they are, for example, not responsive to ICMP probes or behind NATs. With Disco we analyze state changes on connections between RIPE Atlas probes and the RIPE Atlas infrastructure. This data, that is originally logged to monitor probe availability, has a small footprint and is available as a publicly accessible live stream, which makes light-weight near real-time outage detec- tion possible. Probes perform planned traceroute measurements regardless of their connectivity to the RIPE Atlas infrastructure. This gives us a no cost advantage of viewing the outage inside out as the probes experienced it, characterizing the outage after the fact. Thus, we present an outage detection system able to run in near real-time (fast), with a precision of 95% (good), and without generating any new measurement traffic (cheap). We studied historical probe disconnections from 2011 to 2016 and report on the 443 most prominent outages. To validate our results we inspected traceroute results from affected probes and compared our detection to that of Trinocular.

A Multi-perspective Analysis of Carrier-Grade NAT Deployment
Philipp Richter, Florian Wohlfart, Narseo Vallina-Rodriguez, Mark Allman, Randy Bush, Anja Feldmann, Christian Kreibich, Nicholas Weaver, Vern Paxson
IMC 2016

Awarded ANRP Prize 2017

What do parrots and BGP routers have in common?
David Hauweele, Bruno Quoitin, Cristel Pelsser, Randy Bush
Computer Communication Review, July 2016
[ CCR’s first all-online-only issue ]

The Border Gateway Protocol propagates routing informa- tion accross the Internet in an incremental manner. It only advertises to its peers changes in routing. However, as early as 1998, observations have been made of BGP announcing the same route multiple times, causing router CPU load, memory usage and convergence time higher than expected.

In this paper, by performing controlled experiments, we pinpoint multiple causes of duplicates, ranging from the lack of full RIB-Outs to the discrete processing of update mes- sages. To mitigate these duplicates, we insert a cache at the output of the routers. We test it on public BGP traces and discuss the relation of the cache performance with the existence of bursts of updates in the trace.

The Origin of BGP Duplicates
D. Hauweele, B. Quoitin, C. Pelsser, R. Bush
CoRes 2016

The Border Gateway Protocol propagates routing information accross the Internet in an incremental manner. It only advertises to its peers changes in routing. However, as early as 1998, observations have been made of BGP announcing the same route multiple times, causing router CPU load, memory usage and convergence time higher than expected. In this paper, by performing controlled experiments, we pinpoint multiple causes of duplicates, ranging from the lack of full RIB-Outs to the discrete processing of update messages.

Thomas Holterbach, Cristel Pelsser, Randy Bush, Laurent Vanbever; Quantifying Interference between Measurements on the RIPE Atlas Platform, 2015 ACM Internet Measurement Conference.

Public measurement platforms composed of low-end hardware devices such as RIPE Atlas have gained significant traction in the research community. Such platforms are indeed particularly interesting as they provide Internet-wide measurement capabilities together with an ever growing set of measurement tools. To be scalable though, they allow for concurrent measurements between users. This paper answers a fundamental question for any platform user: Do measurements launched by others impact my results? If so, what can I do about it?

We measured the impact of multiple users running experiments in parallel on the RIPE Atlas platform. We found that overlapping measurements do interfere with each other in at least two ways. First, we show that measurements performed from and towards the platform can significantly in- crease timings reported by the probe. We found that increasing hardware CPU greatly helped in limiting interference on the measured timings. Second, we show that measurement campaigns can end up completely out-of-synch (by up to one hour), due to concurrent loads. In contrast to precision, we found that better hardware does not help.