Open access
Author
Date
2023Type
- Doctoral Thesis
ETH Bibliography
yes
Altmetrics
Abstract
The Internet has become an inseparable part of our daily life and work activities. Due to its distributed nature, performant packet forwarding along a given Internet path only works if each individual network operates properly. This leads to an inherent challenge for network operators. They must provide high performance and select appropriate paths towards external destinations while limited to internal signals and traffic observations.
This dissertation focuses on one key solution, namely the inference of path properties, which supports network operators in monitoring, debugging, and threat detection tasks. To this end, we present two systems that focus on internal and external path properties, respectively.
First, we present Magnifier, a system that enhances existing sampled monitoring data with packet mirroring to produce validated network ingress and egress observations. One of Magnifier's key insights is to mirror traffic where we do not expect to observe matching packets. This way, we profit from the advantages of mirroring (precise and fast feedback) without the typical drawbacks (significantly increased traffic amounts).
Second, we present Oscilloscope, a system that detects malicious hijacks of network traffic by analyzing changes in locally collected Round-Trip Time signals. Intuitively, a path change leads to an observable difference in a packet’s travel time. Oscilloscope combines hijack-typical patterns with statistical tests to increase its confidence that detected Round-Trip Time changes belong to hijack events.
Both systems use inferred path properties reactively. However, to prevent problems proactively, operators need to adapt their forwarding decisions based on inferred path properties.
Third, we explore how adding simple path properties to the existing path selection process improves routing decisions. For example, we prevent unnecessary packet losses by testing the reachability of a new path before blindly trusting it to carry all matching traffic. We advocate slowing down the traffic shift towards the new path to achieve that. Although that allows for more control, it poses new convergence and communication challenges. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000626365Publication status
publishedExternal links
Search print copy at ETH Library
Publisher
ETH ZurichSubject
COMPUTER NETWORKS; NETWORK MONITORING (COMPUTER SYSTEMS); BGP hijacking; BGP monitoringOrganisational unit
09477 - Vanbever, Laurent / Vanbever, Laurent
More
Show all metadata
ETH Bibliography
yes
Altmetrics