Global-Scale Anycast Network Management with Verfploeter

Anycast has become a valuable tool for network operators. It plays a vital role in making the DNS root system globally highly available and resilient to stresses from e.g. DDoS attacks. Content delivery networks use it to direct clients to local caches, and to absorb attack traffic. Yet managing an anycast network is far from simple. Earlier work studying a DDoS attack on the DNS root system, for example, shows that even highly distributed anycast networks can be overwhelmed.To manage an anycast service, it is vital to know the catchment of points of presence (PoPs) of the service. In earlier work, we introduced "Verfploeter" a novel active measurement method to determine anycast catchments using ICMP messages. Unlike previously existing approaches, Verfploeter is unbiased, accurate and can be executed directly by the anycast operator without the need for external vantage points. We demonstrated the efficacy of Verfploeter on a testbed and small anycast service.In this paper, we take the next step and deploy Verfploeter on one of the world’s largest anycast networks, the Cloudflare CDN with 192 PoPs worldwide. We perform real-world case studies on network planning (what happens when PoPs are switched on or off), troubleshooting (reachability issues of an anycasted prefix) and security (detecting spoofed attack traffic). These case studies show that Verfploeter is highly suitable for such a large-scale operation and gives operators vital insights that allow them to improve network management practices of their anycast service.

[1]  Vern Paxson,et al.  Target generation for internet-wide IPv6 scanning , 2017, Internet Measurement Conference.

[2]  Brendan Burns,et al.  Kubernetes: Up and Running: Dive into the Future of Infrastructure , 2017 .

[3]  Georg Carle,et al.  Scanning the IPv6 Internet: Towards a Comprehensive Hitlist , 2016, TMA.

[4]  kc claffy,et al.  Initial longitudinal analysis of IP source spoofing capability on the Internet , 2013 .

[5]  Ratul Mahajan,et al.  Analyzing the Performance of an Anycast CDN , 2015, Internet Measurement Conference.

[6]  Paul Emmerich,et al.  Carrier-Grade Anomaly Detection Using Time-to-Live Header Information , 2016, ArXiv.

[7]  John S. Heidemann,et al.  Anycast Latency: How Many Sites Are Enough? , 2017, PAM.

[8]  Ramesh Govindan,et al.  Evaluating anycast in the domain name system , 2013, 2013 Proceedings IEEE INFOCOM.

[9]  Renata Teixeira,et al.  Dynamics of hot-potato routing in IP networks , 2004, SIGMETRICS '04/Performance '04.

[10]  John S. Heidemann,et al.  Selecting representative IP addresses for internet topology studies , 2010, IMC '10.

[11]  H. V. Jagadish,et al.  Analysis of the Hilbert Curve for Representing Two-Dimensional Space , 1997, Inf. Process. Lett..

[12]  Stephen McQuistin,et al.  Taming Anycast in the Wild Internet , 2019, Internet Measurement Conference.

[13]  Georg Carle,et al.  Clusters in the Expanse: Understanding and Unbiasing IPv6 Hitlists , 2018, Internet Measurement Conference.

[14]  Giovane C. M. Moura,et al.  Anycast vs. DDoS: Evaluating the November 2015 Root DNS Event , 2016, Internet Measurement Conference.

[15]  Robert Beverly,et al.  The spoofer project: inferring the extent of source address filtering on the internet , 2005 .

[16]  Aiko Pras,et al.  Broad and load-aware anycast mapping with verfploeter , 2017, Internet Measurement Conference.

[17]  Dario Rossi,et al.  Characterizing IPv4 anycast adoption and deployment , 2015, CoNEXT.

[18]  Jie Liu,et al.  FastRoute: A Scalable Load-Aware Anycast Routing Architecture for Modern CDNs , 2015, NSDI.

[19]  Michelle Cotton,et al.  IANA IPv4 Special Purpose Address Registry , 2010, RFC.

[20]  Bobby Bhattacharjee,et al.  Internet anycast: performance, problems, & potential , 2018, SIGCOMM.

[21]  Ítalo S. Cunha,et al.  Investigating Interdomain Routing Policies in the Wild , 2015, Internet Measurement Conference.

[22]  Oguz Yilmaz,et al.  A classification approach for adaptive mitigation of SYN flood attacks: Preventing performance loss due to SYN flood attacks , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.