Transcript Paper or Project Title ALL AUTHOR NAMES

Using Virtual Links to Discover
Network Topology
Brett Holbert, Thomas F. La Porta
Introduction
• Topology Discovery
-Network topology may only be partially known
-Want to reconstruct unknown areas
• Leverage Previously Diagnosed Link Failures
-Collected failure results over a period of time
-Simultaneously failed paths share components
-Assumes only single failures
• Merge Virtual Links to Obtain Topology Estimate
-Start with worst case of all virtual links separate
-Merge links to refine estimated topology towards real topology
Virtual Links
• Represent Areas of Unknown Network Topology
-Traceroute blocked by some routers
-Results in absence of some path information
-Virtual links cover the unknown area [1]
• Implementation
-Virtual links implemented along source/destination paths
-One real link may be a member of multiple virtual links
-May also include known links
-Assume know number of hops in a virtual link
Virtual Link Examples
Known Links/Routers
Unknown Links/Routers
Virtual Links
Merging
Current Results
• Merge Individual Links in Virtual Links
-Determine which links are actually the same
-Iteratively merge two links together
• Remove Impossible Merging Options
-Merges which would violate path length [2]
-Merges which violate virtual link endpoints
-Miscellaneous additional small restraints
• Metrics for Choosing Links to Merge
-Links with greatest or least number of merging options
-Based on previous work with merging routers [2]
-Links with most simultaneous failures
• Construct Estimated Topology
-Known area remains the same
-Unknown area rebuilt based on merges performed
-Merged links share endpoints
References
[1] Jin, X., Y, W.-P.K., Chan, S.-H.G., Wang, Y., “Network Topology
Inference Based on End-to-End Measurements,” IEEE JSAC, 2006.
[2] Yao, B., Ramesh, V., Chang, F. & Waddington, D., "Topology
Inference in the Presence of Anonymous Routers," INFOCOM
2003. Twenty-Second Annual Joint Conference of the IEEE
Computer and Communications. IEEE Societies , vol.1, 353- 363,
2003.
[3] R. R. Kompella, J. Yates, A. Greenberg, A. C. Snoeren,
“Detection and Localization of Network Blackholes”, IEEE
INFOCOM, 2007.
[4] Tati, S., Rager, S., La Porta, T. & Jun Ko, B., “netCSI: A Generic
Fault Diagnosis Algorithm for Large Scale Failures in Computer
Networks”, Network and Security Research Center, Department of
Computer Science and Engineering, Pennsylvania State
University, University Park, PA, USA, Tech., 2010.
• Simulated Network
-139 routers, 10 sources, 20 destinations, 600-800 links
-Paths exist between all sources and sources/destinations
-5% of non-source/destination routers made unknown
-Resulting network measures averaged over 10 topologies
• Merging Algorithms
-Merge by router with fewest/greatest number of options [2]
-Used as baseline from previous work
-Merge by link with fewest/greatest number of options
-Merge by link with most simultaneous failures, then
fewest/greatest number of options
• Average Network Measures
# of
Nodes
# of
Links
Avg. Node
Degree
Avg. Clustering
Coefficient
Avg. Path
Length
Ground Truth
96.9
182.3
3.543
0.096
4.665
Router Min
110.2
205.8
3.540
0.081
4.406
Router Max
109.1
205.0
3.561
0.085
4.380
Link Min
99.8
185.5
3.503
0.093
4.598
Link Max
101.6
188.6
3.501
0.091
4.598
Fault-Link Min
100.7
186.9
3.499
0.091
4.603
Fault-Link Max
101.7
188.6
3.496
0.091
4.592
Future Work
• Continue Testing with Additional Network Types
-Increase % of unknown routers
-Test on real-world network topologies
• Direct Network Comparison
-Currently evaluating results based on network measures
-Evaluate based on complete topology differences
-MAX COVERAGE [3], netCSI [4], etc.
• Usefulness as Fault Diagnosis Input
-Test estimated topologies as input to fault diagnosis tools
-Failure-topology estimation cycle to refine results over time
Defense Threat Reduction Agency