Showing 1–6 of 6 results for author: Durairajan, R

The Multifractal IP Address Structure: Physical Explanation and Implications

Authors: Chris Misa, Ram Durairajan, Arpit Gupta, Reza Rejaie, Walter Willinger

Abstract: The structure of IP addresses observed in Internet traffic plays a critical role for a wide range of networking problems of current interest. For example, modern network telemetry systems that take advantage of existing data plane technologies for line rate traffic monitoring and processing cannot afford to waste precious data plane resources on traffic that comes from "uninteresting" regions of t… ▽ More The structure of IP addresses observed in Internet traffic plays a critical role for a wide range of networking problems of current interest. For example, modern network telemetry systems that take advantage of existing data plane technologies for line rate traffic monitoring and processing cannot afford to waste precious data plane resources on traffic that comes from "uninteresting" regions of the IP address space. However, there is currently no well-established structural model or analysis toolbox that enables a first-principles approach to the specific problem of identifying "uninteresting" regions of the address space or the myriad of other networking problems that prominently feature IP addresses. To address this key missing piece, we present in this paper a first-of-its-kind empirically validated physical explanation for why the observed IP address structure in measured Internet traffic is multifractal in nature. Our root cause analysis overcomes key limitations of mostly forgotten findings from ~20 years ago and demonstrates that the Internet processes and mechanisms responsible for how IP addresses are allocated, assigned, and used in today's Internet are consistent with and well modeled by a class of evocative mathematical models called conservative cascades. We complement this root cause analysis with the development of an improved toolbox that is tailor-made for analyzing finite and discrete sets of IP addresses and includes statistical estimators that engender high confidence in the inferences they produce. We illustrate the use of this toolbox in the context of a novel address structure anomaly detection method we designed and conclude with a discussion of a range of challenging open networking problems that are motivated or inspired by our findings. △ Less

Submitted 2 April, 2025; originally announced April 2025.

Fighting Fire with Light: A Case for Defending DDoS Attacks Using the Optical Layer

Authors: Matthew Hall, Ramakrishnan Durairajan, Vyas Sekar

Abstract: The DDoS attack landscape is growing at an unprecedented pace. Inspired by the recent advances in optical networking, we make a case for optical layer-aware DDoS defense (O-LAD) in this paper. Our approach leverages the optical layer to isolate attack traffic rapidly via dynamic reconfiguration of (backup) wavelengths using ROADMs---bridging the gap between (a) evolution of the DDoS attack landsca… ▽ More The DDoS attack landscape is growing at an unprecedented pace. Inspired by the recent advances in optical networking, we make a case for optical layer-aware DDoS defense (O-LAD) in this paper. Our approach leverages the optical layer to isolate attack traffic rapidly via dynamic reconfiguration of (backup) wavelengths using ROADMs---bridging the gap between (a) evolution of the DDoS attack landscape and (b) innovations in the optical layer (e.g., reconfigurable optics). We show that the physical separation of traffic profiles allows finer-grained handling of suspicious flows and offers better performance for benign traffic in the face of an attack. We present preliminary results modeling throughput and latency for legitimate flows while scaling the strength of attacks. We also identify a number of open problems for the security, optical, and systems communities: modeling diverse DDoS attacks (e.g., fixed vs. variable rate, detectable vs. undetectable), building a full-fledged defense system with optical advancements (e.g., OpenConfig), and optical layer-aware defenses for a broader class of attacks (e.g., network reconnaissance). △ Less

Submitted 23 February, 2020; originally announced February 2020.

Comments: 6 pages, 4 figures

GreyFiber: A System for Providing Flexible Access to Wide-Area Connectivity

Authors: Ramakrishnan Durairajan, Paul Barford, Joel Sommers, Walter Willinger

Abstract: Access to fiber-optic connectivity in the Internet is traditionally offered either via lit circuits or dark fiber. Economic (capex vs. opex) and operational considerations (latency, capacity) dictate the choice between these two offerings, but neither may effectively address the specific needs of modern-day enterprises or service providers over a range of use scenarios. In this paper, we describe… ▽ More Access to fiber-optic connectivity in the Internet is traditionally offered either via lit circuits or dark fiber. Economic (capex vs. opex) and operational considerations (latency, capacity) dictate the choice between these two offerings, but neither may effectively address the specific needs of modern-day enterprises or service providers over a range of use scenarios. In this paper, we describe a new approach for fiber-optic connectivity in the Internet that we call GreyFiber. The core idea of GreyFiber is to offer flexible access to fiber-optic paths between end points (e.g., datacenters or colocation facilities) over a range of timescales. We identify and discuss operational issues and systems challenges that need to be addressed to make GreyFiber a viable and realistic option for offering flexible access to infrastructure (similar to cloud computing). We investigate the efficacy of GreyFiber with a prototype implementation deployed in the GENI and CloudLab testbeds. Our scaling experiments show that 50 circuits can be provisioned within a minute. We also show that backup paths can be provisioned 28 times faster than an OSPF-based solution during failure/maintenance events. Our experiments also examine GreyFiber overhead demands and show that the time spent in circuit creation is dependent on the network infrastructure, indicating avenues for future improvements. △ Less

Submitted 13 July, 2018; originally announced July 2018.

A System for Clock Synchronization in an Internet of Things

Authors: Sathiya Kumaran Mani, Ramakrishnan Durairajan, Paul Barford, Joel Sommers

Abstract: Synchronizing clocks on Internet of Things (IoT) devices is important for applications such as monitoring and real time control. In this paper, we describe a system for clock synchronization in IoT devices that is designed to be scalable, flexibly accommodate diverse hardware, and maintain tight synchronization over a range of operating conditions. We begin by examining clock drift on two standard… ▽ More Synchronizing clocks on Internet of Things (IoT) devices is important for applications such as monitoring and real time control. In this paper, we describe a system for clock synchronization in IoT devices that is designed to be scalable, flexibly accommodate diverse hardware, and maintain tight synchronization over a range of operating conditions. We begin by examining clock drift on two standard IoT prototyping platforms. We observe clock drift on the order of seconds over relatively short time periods, as well as poor clock rate stability, each of which make standard synchronization protocols ineffective. To address this problem, we develop a synchronization system, which includes a lightweight client, a new packet exchange protocol called SPoT and a scalable reference server. We evaluate the efficacy of our system over a range of configurations, operating conditions and target platforms. We find that SPoT performs synchronization 22x and 17x more accurately than MQTT and SNTP, respectively, at high noise levels, and maintains a clock accuracy of within ~15ms at various noise levels. Finally, we report on the scalability of our server implementation through microbenchmark and wide area experiments, which show that our system can scale to support large numbers of clients efficiently. △ Less

Submitted 6 June, 2018; originally announced June 2018.

In the IP of the Beholder: Strategies for Active IPv6 Topology Discovery

Authors: Robert Beverly, Ramakrishnan Durairajan, David Plonka, Justin P. Rohrer

Abstract: Existing methods for active topology discovery within the IPv6 Internet largely mirror those of IPv4. In light of the large and sparsely populated address space, in conjunction with aggressive ICMPv6 rate limiting by routers, this work develops a different approach to Internet-wide IPv6 topology mapping. We adopt randomized probing techniques in order to distribute probing load, minimize the effec… ▽ More Existing methods for active topology discovery within the IPv6 Internet largely mirror those of IPv4. In light of the large and sparsely populated address space, in conjunction with aggressive ICMPv6 rate limiting by routers, this work develops a different approach to Internet-wide IPv6 topology mapping. We adopt randomized probing techniques in order to distribute probing load, minimize the effects of rate limiting, and probe at higher rates. Second, we extensively analyze the efficiency and efficacy of various IPv6 hitlists and target generation methods when used for topology discovery, and synthesize new target lists based on our empirical results to provide both breadth (coverage across networks) and depth (to find potential subnetting). Employing our probing strategy, we discover more than 1.3M IPv6 router interface addresses from a single vantage point. Finally, we share our prober implementation, synthesized target lists, and discovered IPv6 topology results. △ Less

Submitted 9 October, 2018; v1 submitted 29 May, 2018; originally announced May 2018.

TimeWeaver: Opportunistic One Way Delay Measurement via NTP

Authors: Ramakrishnan Durairajan, Sathiya Kumaran Mani, Paul Barford, Rob Nowak, Joel Sommers

Abstract: One-way delay (OWD) between end hosts has important implications for Internet applications, protocols, and measurement-based analyses. We describe a new approach for identifying OWDs via passive measurement of Network Time Protocol (NTP) traffic. NTP traffic offers the opportunity to measure OWDs accurately and continuously from hosts throughout the Internet. Based on detailed examina- tion of NTP… ▽ More One-way delay (OWD) between end hosts has important implications for Internet applications, protocols, and measurement-based analyses. We describe a new approach for identifying OWDs via passive measurement of Network Time Protocol (NTP) traffic. NTP traffic offers the opportunity to measure OWDs accurately and continuously from hosts throughout the Internet. Based on detailed examina- tion of NTP implementations and in-situ behavior, we develop an analysis tool that we call TimeWeaver, which enables assessment of precision and accuracy of OWD measurements from NTP. We apply TimeWeaver to a ~1TB corpus of NTP traffic collected from 19 servers located in the US and report on the characteristics of hosts and their associated OWDs, which we classify in a precision/accuracy hierarchy. To demonstrate the utility of these measurements, we apply iterative hard-threshold singular value decomposition to estimate OWDs between arbitrary hosts from the high- est tier in the hierarchy. We show that this approach results in highly accurate estimates of OWDs, with average error rates on the order of less than 2%. Finally, we outline a number of applications---in particular, IP geolocation, network operations and management---for hosts in lower tiers of the precision hierarchy that can benefit from TimeWeaver, offering directions for future work. △ Less

Submitted 6 January, 2018; originally announced January 2018.

Comments: 14 pages