inproceedings
2024
ACM Special Interest Group on Data Communication
·
SIGCOMM
Abstract
Detecting where traffic enters a network can enhance network operation, but poses a complex measurement problem that requires analyzing a continuous traffic stream from all border routers—an infeasible task for most ISPs in the absence of a scalable inference approach. To enable ISPs to perform Ingress Point Detection (IPD), we propose an efficient approach that accurately identifies traffic ingress points in ISPs of any size using flow-level traffic traces. IPD identifies the specific router and interface through which a particular segment of the Internet address space enters a network. IPD splits the address space into fine-grained ranges to identify the specific router and interface through which segments of the address space enter the network.We have deployed IPD for six years at a major tier-1 ISP with an international network that handles multi-digit Tbit/s traffic levels, and our experience shows that IPD can accurately identify ingress points and scale to high traffic loads on a single commodity server. IPD enabled the ISP to improve network operations by identifying performance issues and realizing advanced traffic engineering practices.
Authors
Notes
Related · Ingmar at RIPE
Topics
Network Traffic Analysis
Traffic Ingress Point Detection
Computational Social Science
Internet Service Provider (ISP) Traffic Engineering
Flow-Level Traffic Measurement
Big Data in Network Operations