This document discusses internet mapping and visualization. It describes collecting BGP and traceroute data from multiple vantage points to map IP addresses and autonomous systems (AS). This involves extracting prefix-AS mappings from BGP tables and using traceroute to map IP addresses to ASes. Several projects are examined, including Routeviews which collects BGP routing data and CAIDA which maps the IPv4 address space. Tools for visualization like Mapnet, Otter, and Walrus are also overviewed. Internet mapping provides insights into the internet infrastructure, routing anomalies, and AS relationships.

1. Internet Mapping and Visualization
Project Report in Adv.Data Communication Network
Jinfu Zheng Ling Liu

2. Outline
 Concepts of Internet Mapping
 Overview of BGP and Internet infrastructure
 Main approaches to collect internet mapping data
 Typical projects engaged in Internet Mapping
 Routviews project
 Relationship-based AS ranking
 Visulizing IPv4 internet topology at a
macroscopic scale
 Tools for visualization
 What can we get from Internet mapping?

3. What is Internet mapping?
 Map IP addresses or IP prefixes to
specific AS
 Figure out unique (adjacent) IP link
and AS link
 Infer AS relationships
 Depict critical components of the
Internet infrastructure

4. Internet routing architecture
IP traffic
Berkeley CNN
Level3
Internet
Calren GNN
Inter-domain
routing
Intra-domain
routing

5. What is the purpose of BGP?
 A network architecture is comprised of
multiple domains or ASes
 IGP (e.g. OSPF, IS-IS EIGRP) is run inside
AS
 EGP is used to connect ASes to exchange
network reachability information among
BGP routers (also called BGP speakers)

6. Entries in a BGP table
135.120.0.0/16
12.10.0.1
12.10.0.2
Prefix Next hop AS path
135.120.0.0/16 12.10.0.1 1
EBGP
IBGP
IBGP
IBGP
EBGP
12.10.0.5
12.10.0.6
AS 1 AS 2
AS 3
Prefix Next hop AS path
135.120.0.0/16 12.10.0.5 2 1
Prefix Next hop AS path
135.120.0.0/16 12.10.0.1 1

7. BGP routing process
Apply
input
policy
Routes
received
from peers
Select
best
route
Best
routes
Apply
output
policy
Routes
advertised
to peers
Routing
table
Forwarding
table
BGP is not shortest path routing!

8. Main approaches to do Internet mapping
 Obtaining routing information from inter-domain BGP
routing tables
 by obtaining routing information from inter-domain BGP
routing tables (Passive)
 Probing IP paths information to specified routing
prefixes.
 by probing the forward IP paths from a host to a specified list
of destinations, just like the approach used by Traceroute
(Active).
 Registration services for the administration of IP and
AS numbers
 ARIN provides the WHOIS lookup service
 RIPE Nccq
 Internet Routing Registry: act as a repository of routing
policies and to perform consistency checking on the registered
information.

9. Procedure 1:Extract Prefix-AS
mapping
 Get BGP table dumps by pick
multiple vantage points
 Extract prefix-AS (Originated)
mapping

10. Procedure 2: mapping IP to AS: get
traceroute paths
 Extract prefixes from the BGP table of
one vantage point
 Sample IP addresses per prefix as
candidate
 Get IP paths using effective
traceroute tools.
 Map IP to AS by combining traceroute
paths with Prefix-AS mapping

11. Different tracerout methods
 UDP
 UDP-Paris
 UDP-Paris DNS
 Sending UDP probes, using the reception of an ICMP
port unreachable message to indicate the
destination.
 ICMP
 ICMP-Paris
 An ICMP echo reply packet is received from the
destination in response to an ICMP echo request
packet (no concept of ports)
 TCP port 80
 A TCP packet is received from the destination in
response to a TCP probe

12. Traceroute method evaluation
 Complete IP paths
 Unique IP links
 Unique AS links
ICMP-based traceroute methods tend to successfully reach more
destinations, as well as collect greater number of AS links
UDP –based methods infer the greatest number of IP links, despite
reaching the fewest destinations.
TCP-often cause lots of complains, so it is seldom used.

13. BGP and traceroute data collection
Initial mappings from
origin AS of a large set of BGP tables
Traceroute paths
from multiple locations
•Compare
•Look for known causes of mismatches
(e.g., IXP, sibling ASes)
•Edit IP-to-AS mappings
(a single change explaining a large number of mismatches)
For each location:
Combine all locations:
Local BGP paths Traceroute AS pathsFor each location:
(Ignoring unstable paths)

14. Routeviews project
 Gathers BGP routing perspectives from BGP
routers distributed over more than 60
major ISPs worldwide
 The combined table typically has nearly
120K globally routable prefixes
 The data recorded can be obtained publicly
to study internet mapping and visualization

15. Tools used in Routeviews
 Cisco BRIB
 A script is run every two hours to collect the
BGP RIB and dampened routes.
 BGP beacon
 A BGP beacon is an unused, globally visible
prefix with KNOWN Announced/Withdrawal
schedule. The behaviour of this prefix can then
be analyzed closely.
 A controlled active measurement infrastructure
for continuous BGP monitoring

16. Relationship-based AS Ranking
1. Provide AS ranking based on business
relationship between ASes
2. Build an AS-level graph and annotate
links in the graph with inferred AS
relationships
3. Identify the AS-level hierarchy of
Internet

17. Typical AS relationships
 Provider-customer
 customer pay money for transit
 Peer-peer
 typically exchange respective customers’ traffic
for free
 Sibling-Sibling
 Mutual transit agreement
 Provide connectivity to the rest of the Internet
for each other

18. AS relationships translated into
BGP export rules
 Export to a provider or a peer
(upstream)
 Allowed: its routes and routes of its
customers and siblings
 Disallowed: routes learned from other
providers or peers
 Export to a customer or a sibling
(downstream)
 In reverse, AS level relationship can
be figured out by analyzing the AS
paths in the routing table

19. Visulizing IPv4 internet topology at
a macroscopic scale (CAIDA)
• Goals of the project
 Tracking global IP level connectivity by sending packets from a set
of source monitors to hundreds of thousands of destinations
 Stratifying the current IPv4 address space.
• 5,568,419 IP links (immediately adjacent addresses in a traceroute-link
path)
• 13 monitor vantages (observation points)
• Probing 48,535,339 /24s prefixes
• The project map each IP address to the AS responsible for routing
traffic to it.

20. Tools used by CAIDA (Skitter or Ark)
• Skitter probes with Traceroute based on ICMP echo
requests
• Team probing, divide the work of probing into a
random destination in every routed /24
• Within 48 hours for a team of 13 monitors probing 7
million /24’s prefixes

21. Limitations of the topology data
obtained with the skitter tool
 Depends on whether ICMP echo_reply
can be received to an Echo_request.
 Can not map IP paths behind firewalls
or NAT.
 Some destinations have IP addresses
assigned by DHCP
 The coverage is far from complete.

23. Analysis of the results
 The highly “core-centric” nature of certain
ASes based in North America.
 ISPs in Europe and Asia have many peering
relationships with ISPs in the US.
 Fewer links directly between ISPs in Asia
and Europe
 Both technical (cable and router placement
and management) as well as policy
(business cost models and geopolitical
considerations) factors contribute to
peering arrangements
 UUnet and Level3 are the two biggest ISPs

24. Mapnet
 A tool for visualizing the
infrastructure of multiple international
backbone providers simultaneously.
 Each backbone infrastructure is
divided into a group of nodes and
pipes.
 Drawing these nodes and pipes on
their geographical location

25. Snapshot of Mapnet

26. Otter
 For visualizing arbitrary network data
expressed as a set of nodes, links, or
paths.
 Data independence, can be used to
visualize multicast and unicast topology
dataset, core BGP routing tables,
reachability and delay measurements,
SNMP data, and website directory
structures.

27. Sample of Otter

28. Walrus is a
three
dimensional
visualization
tool

29. What can we get from internet mapping?
 Internet mapping is to depict the internet
infrastructure by probing or analyzing the unique IP
links, AS links, and complete IP paths.
 Provide a way or model of thinking about the BGP
protocols in the Internet
 Identify important routing anomalies
 Lost reachability, persistent flapping, large traffic
shifts
 Aid in the placement of mirror servers

30. Thanks & Questions