CAIDA Resource Catalog

October 27th, 2020 by Bradley Huffaker

One of CAIDA’s primary missions has been to improve our understanding of the Internet infrastructure, through data-driven science. To this end, CAIDA has collected and maintains one of the largest collections of Internet-related data sets in the world, and developed tools and services to curate and process that data. Along with this success has come the challenge of helping new students and researchers to find and use that rich archive of resources.

As part of our NSF-funded DIBBS project, CAIDA has developed a rich context resource catalog, served at catalog.caida.org. The goal of the catalog is to help both newcomers and experienced users with data discovery, and reducing the time between finding the data and extracting knowledge and insights from it.

In addition to linking datasets to related papers and presentations, the catalog will also link to code snippets, user-provided notes, and recipes for performing commons analytical tasks with the data.

The catalog can be found at: https://catalog.caida.org

Please explore and provide feedback!

Spoofer Surpasses One Million Sessions and Publishes Final Report

October 13th, 2020 by Josh Polterock

On October 10, 2020 the Spoofer system logged its 1,000,000th measurement session. Finishing its 7th year under CAIDA stewardship, the project recently published its final report documenting the improvements to the software and hardware infrastructure made possible by support from the two-year DHS award “ASPIRE – Augment Spoofer Project to Improve Remediation Efforts” co-led by Matthew Luckie of the University of Waikato’s faculty of Computing and Mathematical Sciences. The report describes (1) updates to the open source client-server source address validation (SAV) testing system (developed under DHS S&T contract D15PC00188) to expand visibility of networks behind Network Address Translation devices (NATs); (2) expanded notifications and reporting through our operator-focused private reporting engine and public regionally-focused notifications to operational mailing lists; (3) several publications documenting analysis of the effectiveness of different approaches to stimulating remediation activities [1, 2, 3]. These tasks achieved testing and evaluation of work developed under the previous contract, and analysis of options for technology transition to a broader cross-section of security research, operations, risk management, and public policy stakeholders. The resulting technologies and data improved the U.S. government’s ability to identify, monitor, and mitigate the infrastructure vulnerability that serves as the primary vector of massive DDoS attacks on the Internet.

Excerpted from the ASPIRE final report:

Of the 587 remediation events we inferred between May 2016 and August 2019, 25.2% occurred in the U.S., and 23.5% occurred in Brazil. Figure 8 shows that nearly 90% of the remediation events in Brazil occurred after we began sending monthly emails to the Brazilian operator email list (GTER). We calculate the remediation rate by dividing the number of ASes for which we inferred a remediation event by the total number of ASes that sent a spoofed packet during the same interval. For the year prior to commencing the GTER emails to Brazilian network operators, 14 of 67 ASes (21%) remediated; in the year after, 52 of 168 ASes (31%) remediated. This improvement is supported by NIC.br’s “Program for a Safer Internet” [37], which offers training courses and lectures to support network operators to deploy security best practices in Brazil. The rate of remediation in the U.S. is lower; prior to sending the NANOG emails to U.S. network operators, 21 of 132 (16%) of ASes remediated; in the year after, 35 of 147 (24%) of ASes remediated. While the rate of remediation is lower in the U.S. than Brazil, the relative improvement in both is equivalent –≈50%. Note that remediation in Brazil has slowed since the outbreak of Covid-19 in Brazil.

Figure 8: Remediation in the U.S. and Brazil.

We hope you will take the time to read the full final report, download the client software and test your network to help us better understand the state of IP spoofing.

References:

1. M. Luckie, R. Beverly, R. Koga, K. Keys, J. Kroll, and k. claffy, “Network Hygiene, Incentives, and Regulation: Deployment of Source Address Validation in the Internet”, in ACM Computer and Communications Security (CCS), Nov 2019.

2. L. Müller, M. Luckie, B. Huffaker, k. claffy, and M. Barcellos, “Challenges in Inferring Spoofed Traffic at IXPs”, in ACM SIGCOMM Conference on emerging Networking EXperiments and Technologies (CoNEXT), Dec 2019.

3. L. Müller, M. Luckie, B. Huffaker, k. claffy, and M. Barcellos, “Spoofed traffic inference at IXPs: Challenges, methods and analysis”, Computer Networks, vol. 182, Aug 2020.

IPv4 History Visualization

August 6th, 2020 by Nicole Lee

This visualization shows how the growing demand for those addresses transformed the governance model from a handful of scientists and engineers managing these addresses to the multi-stakeholder governance model we have today. IPv4 (the fourth version of the Internet Protocol) is the governing standard of today’s Internet. Similar to any other network, unique identifiers play an integral role in Internet routing. We group IP address blocks based on the organization that regulates its allocation as recorded in IANA’s IPv4 address space file and the RFC.

Please view the visualization at: https://www.caida.org/publications/visualizations/ipv4-history/

Screenshots of the visualization

 

 

 

 

 

This was created with the support of the National Science Foundation (NSF). For any questions or comments on this project, please contact info@caida.org.

CAIDA’s Annual Report for 2019

July 6th, 2020 by kc

The CAIDA annual report summarizes CAIDA’s activities for 2019, in the areas of research, infrastructure, data collection and analysis. Our research projects span Internet mapping, performance measurement, security, economics, and policy. Our infrastructure, software development, and data sharing activities support measurement-based internet research, both at CAIDA and around the world, with focus on the health and integrity of the global Internet ecosystem. The executive summary is excerpted below:
Read the rest of this entry »

AS Rank v2.1 Released (RESTFUL/Historical/Cone)

May 13th, 2020 by Bradley Huffaker
ASRankv2.1

(GraphQL/RESTFUL)

Responding to feedback from our user community, CAIDA has released version 2.1 of the AS Rank API. This update helps to reduce some of the complexity of the full-featured GraphQL interface through a simplified RESTful API.

AS Rank API version 2.1 adds support for historical queries as well as support for AS Customer Cones, defined as the set of ASes an AS can reach using customer links. You can learn more about AS relationships, customer cones, and how CAIDA sources the data at https://asrank.caida.org/about.

You can find the documentation for AS Rank API version 2.1 here https://api.asrank.caida.org/v2/restful/docs.

You can find documentation detailing how to make use of historical data and customer cones here https://api.asrank.caida.org/v2/docs.

CAIDA Team

Effects of submarine cables deployment on Internet routing: CAIDA wins Best Paper at PAM 2020!

April 21st, 2020 by Roderick Fanou

Congratulations to Roderick Fanou, Bradley Huffaker, Ricky Mok, and kc claffy, for being awarded Best Paper at the Passive and Active Network Measurement Conference PAM 2020!

The abstract from the paper, “Unintended Consequences: Effects of submarine cables deployment on Internet routing“:

We use traceroute and BGP data from globally distributed Internet measurement infrastructures to study the impact of a noteworthy submarine cable launch connecting Africa to South America. We leverage archived data from RIPE Atlas and CAIDA Ark platforms, as well as custom measurements from strategic vantage points, to quantify the differences in end-to-end latency and path lengths before and after deployment of this new South-Atlantic cable. We find that ASes operating in South America significantly benefit from this new cable, with reduced latency to all measured African countries. More surprising is that end-to-end latency to/from some regions of the world, including intra-African paths towards Angola, increased after switching to the cable. We track these unintended consequences to suboptimally circuitous IP paths that traveled from Africa to Europe, possibly North America, and South America before traveling back to Africa over the cable. Although some suboptimalities are expected given the lack of peering among neighboring ASes in the developing world, we found two other causes: (i) problematic intra-domain routing within a single Angolese network, and (ii) suboptimal routing/traffic engineering by its BGP neighbors. After notifying the operating AS of our results, we found that most of these suboptimalities were subsequently resolved. We designed our method to generalize to the study of other cable deployments or outages and share our code to promote reproducibility and extension of our work

The study presents a reproducible method to investigate the impact of a cable deployment on the macroscopic Internet topology and end-to-end performance. We then applied our methodology to the case of SACS (South-Atlantic Cable System), the first South-Atlantic cable from South America to Africa, using historical traceroutes from both Archipelago (Ark) and RIPE Atlas measurement platforms, BGP data, etc.

Boxplots of minimum RTTs from Ark and Atlas Vantage Points to the common IP hops closest to the destination IPs. Sets BEFORE and AFTER correspond to periods pre and post-SACS deployment. We present ∆RTT (AFTER minus BEFORE) per sub-figure. RTT changes are similar across measurement platforms. Paths from South America experienced a median RTT decrease of 38%, those from Oceania-Australia a smaller decrease of 8%, while those from Africa and North America, roughly 3%. Conversely, paths from Europe and Asia that crossed SACS after its deployment experienced an average RTT increase of 40% and 9%, respectively.

As shown in the above figure, our findings included:

  • the median RTT decrease from Africa to Brazil was roughly a third of that from South America to Angola
  • surprising performance degradations to/from some regions worldwide, e.g., Asia and Europe.

We also offered suggestions for how to avoid suboptimal routing that gives rise to such performance degradations post-activation of cables in the future. They could:

  • Inform their BGP neighbours to allow time for changes
  • Ensure optimal iBGP configs post-activation
  • Use measurements platforms to verify path optimality

To enable reproducibility of this work, we made our tools and publicly accessible on GitHub.

Read the full paper on the CAIDA website or watch the PAM presentation video on YouTube.

AS Rank v2 (GraphQL)

August 30th, 2019 by Bradley Huffaker
ASRankv2(GraphQL)

The new AS Rank APIv2 is ready for use. This new version reflects a move from a RESTful (v1) API to a GraphQL (v2) API. This will allow clients to create queries that specify which values they require and contain multiple resources. GraphQL, as a strongly-typed language, allows clients to know what data is available, in what format, and verify responses.

The User Interface (UI) can be found at http://asrank.caida.org. The Application Programming Interface (APIv2) serves at https://api.asrank.caida.org/v2/graphql and GraphiQL interface can be found at https://api.asrank.caida.org/docs.

We will be operating AS Rank APIv1 (http://as-rank.caida.org/api/v1) until March 1st, 2020, but it will no longer be updated. Current users should migrate to the v2 API before this date. Contact asrank-info@caida.org for migration assistance.

For those unfamiliar with GraphQL, it is a bit of a paradigm shift from the use of a RESTful API, in that GraphQL requires the client to specify precisely which values it needs. In the following example, the client wants to know an ASN’s transit degree. With a normal RESTful API, the client must retrieve the full record and extract the information it wants. A GraphQL API client must specify that it wants the ASN’s transit degree.

GraphQL RESTFUL
# request ASN 3356's degree
query={
   asn(asn:"3356") {
      asnDegree {
         transit
      }
   }
}
        
data={
   "asn": {
      "asnDegree": {
         "transit": 5255
    }
}
# request ASN 3356's record
/asns/3356?populate=1
                
data={
“clique”: “true”,
“source”: “ARIN”,
“org”: {
“name”: “Level 3 Parent, LLC”,
“id”: “LPL-141-ARIN”
},
“cone”: {
“prefixes”: 516117,
“addresses”: 1293145968,
“asns”: 36019
},
“latitude”: “36.0978209554736”,
“rank”: “1”,
“country”: “US”,
“name”: “LEVEL3”,
“country_name”: “United States”,
“degree”: {
“peers”: 95,
“globals”: 5178,
“siblings”: 9,
“customers”: 5083,
“transits”: 5177
},
“longitude”: “-91.335620170744”,
“id”: “3356”
}

GraphQL supports mixed record queries. The same query can include different record types, and can specify bindings (“joins”) between those resources. This approach reduces the number of API queries needed to retrieve related resources.

GraphQL
mixed types mixed and joined types
# request ASN 3356's asnName and 
# organization LPL-141-ARIN's rank.

query={
   asn(asn:"3356") {
      asnName
      organization {
        orgId
      }
   }
   organization(orgId:"LPL-141-ARIN") {
      rank
   }
}
        
# request ASN 3356's asnName and 
# it's organization's rank.

query={
   asn(asn:"3356") {
      asnName
      organization {
         rank
      }
   }
}
        
data={
    "asn": {
      "asnName": "LEVEL3"
      "organization": {
         "orgId": "LPL-141-ARIN" 
      }
    },
    "organization": {
      "rank": 1,
    }
}
        
data={
    "asn": {
      "asnName": "LEVEL3",
      "organization": {
        "rank": 1
      }
    }
  }
}
        
RESTFUL
two separate queries
# request ASN 3356's record
/asns/3356?populate=1
                 
data={
  "name": "LEVEL3",
  "org": {
    "id": "LPL-141-ARIN",
    "name": "Level 3 Parent, LLC"
  },
  "clique": "true",
  "source": "ARIN",
  "cone": {
     ...                
# request Org LPL-141-ARIN’s record
/orgs/LPL-141-ARIN?populate=1
data={
    "name": "Level 3 Parent, LLC",
    "rank": "1",
    "degree": {
      "asn": {
        "transit": 6999,
        "global": 7024
      },
      "org": {
        ....
                    

CAIDA PhD student receives Microsoft Dissertation Grant for “Inferring Country-Level Transit Influence of Autonomous Systems”

August 7th, 2019 by Alberto Dainotti

CAIDA intern Alex Gamero-Garrido, a PhD student in Computer Science and Engineering at UC San Diego, was selected as one of eleven recipients of the 2019 Microsoft Research Dissertation Grants. Each dissertation grant provides funding to doctoral students at North American universities who are underrepresented in the field of computing. This is the third year Microsoft Research has offered these research grants. Microsoft Research scientists with expertise in the students’ topic areas reviewed the more than 200 proposals submitted and identified students pursuing technically excellent and societally impactful research.

Alex Gamero-Garrido’s dissertation, “Inferring Country-Level Transit Influence of Autonomous Systems” may be of interest to networking and cybersecurity researchers, policy makers and operators:

Our work explores the country-level influence exerted by transit providers, a set of networking organizations that often have less direct contact with users, but who are nonetheless responsible for delivering an important fraction of transnational traffic into and out of many countries, and who may have the capability to observe, manipulate, or disrupt some of that traffic. For instance, an accidental misconfiguration or a state-ordered disconnection implemented by one of these operators may render popular services delivered on the Internet (such as email or social media) unreachable in entire regions. These concerns are not abstract, as previous instances of state-ordered disconnections have propagated to other countries and temporarily disabled some of the world’s most popular services there. By studying the ways in which these operators (Autonomous Systems) connect to one another and to the rest of the Internet, we aim to highlight each country’s relative risk exposure.

Congratulations, Alex G!

Originally announced on the Microsoft Research Blog.

Benin: Social media blocking and Internet blackout amid 2019 elections

May 8th, 2019 by Roderick Fanou

In late April 2019, social media was reportedly blocked and access to the Internet was shutdown in Benin during its 2019 parliamentary elections.

In this report, the Open Observatory of Network Interference (OONI) and the Center for Applied Internet Data Analysis (CAIDA) teams share OONI, IODA, and RIPE Atlas network measurement data that corroborate and provide insight into these recent censorship events in Benin.
Read the rest of this entry »

CAIDA’s Annual Report for 2018

May 7th, 2019 by kc

The CAIDA annual report summarizes CAIDA’s activities for 2018, in the areas of research, infrastructure, data collection and analysis. Our research projects span Internet topology, routing, security, economics, future Internet architectures, and policy. Our infrastructure, software development, and data sharing activities support measurement-based internet research, both at CAIDA and around the world, with focus on the health and integrity of the global Internet ecosystem. The executive summary is excerpted below:
Read the rest of this entry »