IPD: Detecting Traffic Ingress Points at ISPs

Detecting where traffic enters a network can enhance network operation, but poses a complex measurement problem that requires analyzing a continuous traffic stream from all border routers—an infeasible task for most ISPs in the absence of a scalable inference approach. To enable ISPs to perform Ingress Point Detection (IPD), we propose an efficient approach that accurately identifies traffic ingress points in ISPs of any size using flow-level traffic traces. IPD identifies the specific router and interface through which a particular segment of the Internet address space enters a network. IPD splits the address space into fine-grained ranges to identify the specific router and interface through which segments of the address space enter the network.We have deployed IPD for six years at a major tier-1 ISP with an international network that handles multi-digit Tbit/s traffic levels, and our experience shows that IPD can accurately identify ingress points and scale to high traffic loads on a single commodity server. IPD enabled the ISP to improve network operations by identifying performance issues and realizing advanced traffic engineering practices.