Global-Scale Anycast Network Management with Verfploeter

Wouter B. de Vries; Salman Aljammaz; Roland Martijn van Rijswijk - Deij

doi:10.1109/NOMS47738.2020.9110449

Global-Scale Anycast Network Management with Verfploeter

Wouter B. de Vries, Salman Aljammaz, Roland Martijn van Rijswijk - Deij

Design and Analysis of Communication Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

6 Citations (Scopus)

455 Downloads (Pure)

Abstract

Anycast has become a valuable tool for network operators. It plays a vital role in making the DNS root system globally highly available and resilient to stresses from e.g. DDoS attacks. Content delivery networks use it to direct clients to local caches, and to absorb attack traffic. Yet managing an anycast network is far from simple. Earlier work studying a DDoS attack on the DNS root system, for example, shows that even highly distributed anycast networks can be overwhelmed.To manage an anycast service, it is vital to know the catchment of points of presence (PoPs) of the service. In earlier work, we introduced "Verfploeter" a novel active measurement method to determine anycast catchments using ICMP messages. Unlike previously existing approaches, Verfploeter is unbiased, accurate and can be executed directly by the anycast operator without the need for external vantage points. We demonstrated the efficacy of Verfploeter on a testbed and small anycast service.In this paper, we take the next step and deploy Verfploeter on one of the world's largest anycast networks, the Cloudflare CDN with 192 PoPs worldwide. We perform real-world case studies on network planning (what happens when PoPs are switched on or off), troubleshooting (reachability issues of an anycasted prefix) and security (detecting spoofed attack traffic). These case studies show that Verfploeter is highly suitable for such a large-scale operation and gives operators vital insights that allow them to improve network management practices of their anycast service.

Original language	English
Title of host publication	2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020)
Subtitle of host publication	Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020
Place of Publication	Piscataway, NJ
Publisher	IEEE
Number of pages	9
ISBN (Electronic)	978-1-7281-4973-8
ISBN (Print)	978-1-7281-4974-5
DOIs	https://doi.org/10.1109/NOMS47738.2020.9110449
Publication status	Published - Apr 2020
Event	17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020: Management in the Age of Softwarization and Artificial Intelligence - Virtual conference, Budapest, Hungary Duration: 20 Apr 2020 → 24 Apr 2020 Conference number: 17 https://noms2020.ieee-noms.org/ (Conference)

Publication series

Name	IEEE/IFIP Network Operations and Management Symposium (NOMS)
Publisher	IEEE
Volume	2020
ISSN (Print)	1542-1201
ISSN (Electronic)	2374-9709

Conference

Conference	17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020
Abbreviated title	NOMS
Country/Territory	Hungary
City	Budapest
Period	20/04/20 → 24/04/20
Internet address	https://noms2020.ieee-noms.org/ (Conference)

Keywords

Anycast
Routing
Measurements
Active
Monitoring
BGP
Security
Troubleshooting
Network planning

Access to Document

10.1109/NOMS47738.2020.9110449

DeVries2020global-scaleAccepted author version, 2.65 MB

Cite this

de Vries, W. B., Aljammaz, S., & van Rijswijk - Deij, R. M. (2020). Global-Scale Anycast Network Management with Verfploeter. In 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020): Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020 Article 9110449 (IEEE/IFIP Network Operations and Management Symposium (NOMS); Vol. 2020). IEEE. https://doi.org/10.1109/NOMS47738.2020.9110449

de Vries, Wouter B. ; Aljammaz, Salman ; van Rijswijk - Deij, Roland Martijn. / Global-Scale Anycast Network Management with Verfploeter. 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020): Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020. Piscataway, NJ : IEEE, 2020. (IEEE/IFIP Network Operations and Management Symposium (NOMS)).

@inproceedings{1e1e052a93854a2b9c877fd70658a13b,

title = "Global-Scale Anycast Network Management with Verfploeter",

abstract = "Anycast has become a valuable tool for network operators. It plays a vital role in making the DNS root system globally highly available and resilient to stresses from e.g. DDoS attacks. Content delivery networks use it to direct clients to local caches, and to absorb attack traffic. Yet managing an anycast network is far from simple. Earlier work studying a DDoS attack on the DNS root system, for example, shows that even highly distributed anycast networks can be overwhelmed.To manage an anycast service, it is vital to know the catchment of points of presence (PoPs) of the service. In earlier work, we introduced {"}Verfploeter{"} a novel active measurement method to determine anycast catchments using ICMP messages. Unlike previously existing approaches, Verfploeter is unbiased, accurate and can be executed directly by the anycast operator without the need for external vantage points. We demonstrated the efficacy of Verfploeter on a testbed and small anycast service.In this paper, we take the next step and deploy Verfploeter on one of the world's largest anycast networks, the Cloudflare CDN with 192 PoPs worldwide. We perform real-world case studies on network planning (what happens when PoPs are switched on or off), troubleshooting (reachability issues of an anycasted prefix) and security (detecting spoofed attack traffic). These case studies show that Verfploeter is highly suitable for such a large-scale operation and gives operators vital insights that allow them to improve network management practices of their anycast service.",

keywords = "Anycast, Routing, Measurements, Active, Monitoring, BGP, Security, Troubleshooting, Network planning",

author = "{de Vries}, {Wouter B.} and Salman Aljammaz and {van Rijswijk - Deij}, {Roland Martijn}",

note = "Funding Information: Acknowledgments: This work was (partially) funded by Cloudflare, NWO grant #628.001.029, SURFnet Research on Networks and EU H2020 CONCORDIA (#830927). Publisher Copyright: {\textcopyright} 2020 IEEE.; 17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020 : Management in the Age of Softwarization and Artificial Intelligence, NOMS ; Conference date: 20-04-2020 Through 24-04-2020",

year = "2020",

month = apr,

doi = "10.1109/NOMS47738.2020.9110449",

language = "English",

isbn = "978-1-7281-4974-5",

series = "IEEE/IFIP Network Operations and Management Symposium (NOMS)",

publisher = "IEEE",

booktitle = "2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020)",

address = "United States",

url = "https://noms2020.ieee-noms.org/",

}

de Vries, WB, Aljammaz, S & van Rijswijk - Deij, RM 2020, Global-Scale Anycast Network Management with Verfploeter. in 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020): Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020., 9110449, IEEE/IFIP Network Operations and Management Symposium (NOMS), vol. 2020, IEEE, Piscataway, NJ, 17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020, Budapest, Hungary, 20/04/20. https://doi.org/10.1109/NOMS47738.2020.9110449

Global-Scale Anycast Network Management with Verfploeter. / de Vries, Wouter B.; Aljammaz, Salman; van Rijswijk - Deij, Roland Martijn.
2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020): Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020. Piscataway, NJ: IEEE, 2020. 9110449 (IEEE/IFIP Network Operations and Management Symposium (NOMS); Vol. 2020).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Global-Scale Anycast Network Management with Verfploeter

AU - de Vries, Wouter B.

AU - Aljammaz, Salman

AU - van Rijswijk - Deij, Roland Martijn

N1 - Conference code: 17

PY - 2020/4

Y1 - 2020/4

N2 - Anycast has become a valuable tool for network operators. It plays a vital role in making the DNS root system globally highly available and resilient to stresses from e.g. DDoS attacks. Content delivery networks use it to direct clients to local caches, and to absorb attack traffic. Yet managing an anycast network is far from simple. Earlier work studying a DDoS attack on the DNS root system, for example, shows that even highly distributed anycast networks can be overwhelmed.To manage an anycast service, it is vital to know the catchment of points of presence (PoPs) of the service. In earlier work, we introduced "Verfploeter" a novel active measurement method to determine anycast catchments using ICMP messages. Unlike previously existing approaches, Verfploeter is unbiased, accurate and can be executed directly by the anycast operator without the need for external vantage points. We demonstrated the efficacy of Verfploeter on a testbed and small anycast service.In this paper, we take the next step and deploy Verfploeter on one of the world's largest anycast networks, the Cloudflare CDN with 192 PoPs worldwide. We perform real-world case studies on network planning (what happens when PoPs are switched on or off), troubleshooting (reachability issues of an anycasted prefix) and security (detecting spoofed attack traffic). These case studies show that Verfploeter is highly suitable for such a large-scale operation and gives operators vital insights that allow them to improve network management practices of their anycast service.

AB - Anycast has become a valuable tool for network operators. It plays a vital role in making the DNS root system globally highly available and resilient to stresses from e.g. DDoS attacks. Content delivery networks use it to direct clients to local caches, and to absorb attack traffic. Yet managing an anycast network is far from simple. Earlier work studying a DDoS attack on the DNS root system, for example, shows that even highly distributed anycast networks can be overwhelmed.To manage an anycast service, it is vital to know the catchment of points of presence (PoPs) of the service. In earlier work, we introduced "Verfploeter" a novel active measurement method to determine anycast catchments using ICMP messages. Unlike previously existing approaches, Verfploeter is unbiased, accurate and can be executed directly by the anycast operator without the need for external vantage points. We demonstrated the efficacy of Verfploeter on a testbed and small anycast service.In this paper, we take the next step and deploy Verfploeter on one of the world's largest anycast networks, the Cloudflare CDN with 192 PoPs worldwide. We perform real-world case studies on network planning (what happens when PoPs are switched on or off), troubleshooting (reachability issues of an anycasted prefix) and security (detecting spoofed attack traffic). These case studies show that Verfploeter is highly suitable for such a large-scale operation and gives operators vital insights that allow them to improve network management practices of their anycast service.

KW - Anycast

KW - Routing

KW - Measurements

KW - Active

KW - Monitoring

KW - BGP

KW - Security

KW - Troubleshooting

KW - Network planning

U2 - 10.1109/NOMS47738.2020.9110449

DO - 10.1109/NOMS47738.2020.9110449

M3 - Conference contribution

SN - 978-1-7281-4974-5

T3 - IEEE/IFIP Network Operations and Management Symposium (NOMS)

BT - 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020)

PB - IEEE

CY - Piscataway, NJ

T2 - 17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020

Y2 - 20 April 2020 through 24 April 2020

ER -

de Vries WB, Aljammaz S, van Rijswijk - Deij RM. Global-Scale Anycast Network Management with Verfploeter. In 2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020): Management in the Age of Softwarization and Artificial Intelligence, NOMS 2020. Piscataway, NJ: IEEE. 2020. 9110449. (IEEE/IFIP Network Operations and Management Symposium (NOMS)). doi: 10.1109/NOMS47738.2020.9110449

Global-Scale Anycast Network Management with Verfploeter

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this