Advanced Unidirectional Route
Assessment (AURA)Universidad de Buenos AiresAv. Paseo Colón 850Buenos AiresC1063ACVArgentine+54 11 5285-0716ihameli@cnet.fi.uba.arhttp://cnet.fi.uba.ar/ignacio.alvarez-hamelin/AT&T Labs200 Laurel Avenue SouthMiddletownNJ07748USA+1 732 420 1571+1 732 368 1192acm@research.att.comTU WienGusshausstrasse 25/E389Vienna1040Austria+43 1 58801 38813+43 1 58801 38898Joachim.Fabini@tuwien.ac.athttp://www.tc.tuwien.ac.at/about-us/staff/joachim-fabini/Cisco Systems, Inc.7200-11 Kit Creek RoadResearch Triangle ParkNC27709USAcpignata@cisco.comDeutsche TelekomHeinrich Hertz Str. 3-7Darmstadt64295Germany+49 6151 5812747Ruediger.Geib@telekom.deThis memo introduces an advanced unidirectional route assessment
(AURA) metric and associated measurement methodology, based on the IP
Performance Metrics (IPPM) Framework RFC 2330. This memo updates RFC
2330 in the areas of path-related terminology and path description,
primarily to include the possibility of parallel subpaths between a
given Source and Destination pair, owing to the presence of multi-path
technologies.The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 when, and only when,
they appear in all capitals, as shown here.The IETF IP Performance Metrics (IPPM) working group first created a
framework for metric development in . This
framework has stood the test of time and enabled development of many
fundamental metrics. It has been updated in the area of metric
composition , and in several areas related to
active stream measurement of modern networks with reactive properties
.The framework motivated the development of
"performance and reliability metrics for paths through the Internet,"
and Section 5 of defines terms that support
description of a path under test. However, metrics for assessment of
path components and related performance aspects had not been attempted
in IPPM when the framework was written.This memo takes-up the route measurement challenge and specifies a
new route metric, two practical frameworks for methods of measurement
(using either active or hybrid active-passive methods ), and round-trip delay and link information discovery
using the results of measurements. All route measurements are limited by
the willingness of hosts along the path to be discovered, to cooperate
with the methods used, or to recognize that the measurement operation is
taking place (such as when tunnels are present).Section 7 of presented a simple example of
a "route" metric along with several other examples. The example is
reproduced below (where the reference is to Section 5 of ):"route: The path, as defined in Section 5, from A to B at a given
time."This example provides a starting point to develop a more complete
definition of route. Areas needing clarification include:In practice, the route will be assessed over a
time interval, because active path detection methods like rely on TTL limits for their operation and cannot
accomplish discovery of all hosts using a single packet.The legacy route definition lacks the option
to cater for packet-dependent routing. In this memo, we assess the
route for a specific packet of Type-P, and reflect this in the
metric definition. The methods of measurement determine the
specific Type-P used.This a reality of Internet paths and
a strength of advanced route assessment methods, so the metric
must acknowledge this possibility. Use of Equal Cost Multi-Path
(ECMP) and Unequal Cost Multi-Path (UCMP) technologies are common
sources of parallel subpaths.May contain hosts that do not
decrement TTL or Hop Limit, but may have two or more exchange
links connecting "discoverable" hosts or routers. Parallel
subpaths contained within clouds cannot be discovered. The
assessment methods only discover hosts or routers on the path that
decrement TTL or Hop Count, or cooperate with interrogation
protocols. The presence of tunnels and nested tunnels further
complicate assessment by hiding hops.Although the
definition was a link-host pair, only hosts are discoverable or
have the capability to cooperate with interrogation protocols
where link information may be exposed.The refined definition of Route metrics begins in the
sections that follow.The purpose of this memo is to add new route metrics and methods of
measurement to the existing set of IPPM metrics.The scope is to define route metrics that can identify the path taken
by a packet or a flow traversing the Internet between two hosts.
Although primarily intended for hosts communicating on the Internet with
IP, the definitions and metrics are constructed to be applicable to
other network domains, if desired. The methods of measurement to assess
the path may not be able to discover all hosts comprising the path, but
such omissions are often deterministic and explainable sources of
error.Also, to specify a framework for active methods of measurement which
use the techniques described in at a minimum, and a
framework for hybrid active-passive methods of measurement, such as the
Hybrid Type I method described in (intended only for single
administrative domains), which do not rely on ICMP and provide a
protocol for explicit interrogation of nodes on a path. Combinations of
active methods and hybrid active-passive methods are also in-scope.Further, this memo provides additional analysis of the round-trip
delay measurements made possible by the methods, in an effort to
discover more details about the path, such as the link technology in
use.This memo updates Section 5 of in the areas
of path-related terminology and path description, primarily to include
the possibility of parallel subpaths between a given Source and
Destination address pair (possibly resulting from Equal Cost Multi-Path
(ECMP) and Unequal Cost Multi-Path (UCMP) technologies).There are several simple non-goals of this memo. There is no attempt
to assess the reverse path from any host on the path to the host
attempting the path measurement. The reverse path contribution to delay
will be that experienced by ICMP packets (in active methods), and may be
different from delays experienced by UDP or TCP packets. Also, the round
trip delay will include an unknown contribution of processing time at
the host that generates the ICMP response. Therefore, the ICMP-based
active methods are not supposed to yield accurate, reproducible
estimations of the round-trip delay that UDP or TCP packets will
experience.This section sets requirements for the following components to
support the Route Metric:The unique address for hosts
communicating within the network domain. For hosts communicating on
the Internet with IP, it is the globally routable IP address(es)
which the host uses when communicating with other hosts under normal
or error conditions. The Host Identity revealed (and its connection
to a Host Name through reverse DNS) determines whether interfaces to
parallel links can be associated with a single host, or appear to
identify unique hosts.Hosts that convey their Host
Identity according to the requirements of their network domain, such
as when error conditions are detected by that host. For hosts
communicating with IP packets, compliance with Section 3.2.2.4 of
when discarding a packet due to TTL or Hop
Limit Exceeded condition, MUST result in sending the corresponding
Time Exceeded message (containing a form of host identity) to the
source. This requirement is also consistent with section 5.3.1 of
for routers.Hosts MUST respond to direct queries
for their host identity as part of a previously agreed and
established interrogation protocol. Hosts SHOULD also provide
information such as arrival/departure interface identification,
arrival timestamp, and any relevant information about the host or
specific link which delivered the query to the host.A Hop MUST contain a Host Identity, and MAY
contain arrival and/or departure interface identification, round
trip delay, and an arrival timestamp.Type-P-Route-Ensemble-Method-Variant, abbreviated as Route
Ensemble.Note that Type-P depends heavily on the chosen method and
variant.This section lists the REQUIRED input factors to specify a Route
metric.Src, the address of a host (such as the globally routable IP
address).Dst, the address of a host (such as the globally routable IP
address).i, the limit on the number of Hops a specific packet may visit
as it traverses from the host at Src to the host at Dst (such as
the TTL or Hop Limit).MaxHops, the maximum value of i used, (i=1,2,3,...MaxHops).T0, a time (start of measurement interval)Tf, a time (end of measurement interval)T, the host time of a packet as measured at MP(Src), meaning
Measurement Point at the Source.Ta, the host time of a reply packet's *arrival* as measured at
MP(Src), assigned to packets that arrive within a "reasonable"
time (see parameter below).Tmax, a maximum waiting time for reply packets to return to the
source, set sufficiently long to disambiguate packets with long
delays from packets that are discarded (lost), such that the
distribution of round-trip delay is not truncated.F, the number of different flows simulated by the method and
variant.flow, the stream of packets with the same n-tuple of designated
header fields that (when held constant) result in identical
treatment in a multi-path decision (such as the decision taken in
load balancing).Type-P, the complete description of the packets for which this
assessment applies (including the flow-defining fields).This section defines the REQUIRED measurement components of the
Route metrics (unless otherwise indicated):M, the total number of packets sent between T0 and Tf.N, the smallest value of i needed for a packet to be received at
Dst (sent between T0 and Tf).Nmax, the largest value of i needed for a packet to be received at
Dst (sent between T0 and Tf). Nmax may be equal to N.Next, define a *singleton* definition for a Hop on the path, with
sufficient indexes to identify all Hops identified in a measurement
interval.A Hop, designated h(i,j), the IP address and/or identity of one of
j Discoverable Hosts (or Cooperating Hosts) that are i hops away from
the host with address = Src during the measurement interval, T0 to Tf.
As defined above, a Hop singleton measurement MUST contain a Host
Identity, hid(i,j), and MAY contain one or more of the following
attributes:a(i,j) Arrival Interface IDd(i,j) Departure Interface IDt(i,j) Arrival Timestamp (where t(i,j) is ideally supplied by
the hop, or approximated from the sending time of the packet that
revealed the hop)Measurements of Round Trip Delay (for each packet that reveals
the same Host Identity and attributes, but not timestamp of
course, see next section)Now that Host Identities and related information can be positioned
according to their distance from the host with address Src in hops, we
introduce two forms of Routes:A Route Ensemble is defined as the combination of all routes
traversed by different flows from the host at Src address to the host
at Dst address. The route traversed by each flow (with addresses Src
and Dst, and other fields which constitute flow criteria) is a member
of the ensemble and called a Member Route.Using h(i,j) and components and parameters, further define:When considering the set of Hops in the context of a single flow, a
Member Route j is an ordered list {h(1,j), ... h(Nj, j)} where h(i-1,
j) and h(i, j) are by 1 hop away from each other and Nj satisfying
h(Nj,j)=Dst is the minimum count of hops needed by the packet on
Member Route j to reach Dst. Member Routes must be unique. The
uniqueness property requires that any two Member routes j and k that
are part of the same Route Ensemble differ either in terms of minimum
hop count Nj and Nk to reach the destination Dst, or, in the case of
identical hop count Nj=Nk, they have at least one distinct hop: h(i,j)
!= h(i, k) for at least one i (i=1..Nj).All the optional information collected to describe a Member Route,
such as the arrival interface, departure interface, and Round Trip
Delay at each Hop, turs each list item into a rich structure. There
may be information on the links between Hops, possibly information on
the routing (arrival int. to departure int.), an estimate of distance
between Hops based on Round Trip Delay measurements and calculations,
and a time stamp indicating when all the additional detail was
valid.The Route Ensemble from Src to Dst, during the measurement interval
T0 to Tf, is the aggregate of all m distinct Member Routes discovered
between the two hosts with Src and Dst addresses. More formally, with
the host having address Src omitted:where the following conditions apply: i <= Nj <= Nmax
(j=1..m)Note that some h(i,j) may be empty (null) in the case that systems
do not reply (not discoverable, or not cooperating).h(i-1,j) and h(i,j) are the Hops on the same Member Route one hop
away from each other.Hop h(i,j) may be identical with h(k,l) for i!=k and j!=l ; which
means there may be portions shared among different Member Routes
(parts of various routes may overlap).RTD(i,j,T) is defined as a singleton of the Round-trip Delay between the host with address =
Src and the host at Hop h(i,j) at time T.RTL(i,j,T) is defined as a singleton of the Round-trip Loss between the host with address = Src
and the host at Hop h(i,j) at time T.Depending on the way that Host Identity is revealed, it may be
difficult to determine parallel subpaths between the same pair of
hosts (i.e. multiple parallel links). It is easier to detect parallel
subpaths involving different hosts.If a pair of discovered hosts identify two different addresses,
then they will appear to be different hosts.If a pair of discovered hosts identify two different IP
addresses, and the IP addresses resolve to the same host name (in
the DNS), then they will appear to be the same hosts.If a discovered host always replies using the same network
address, regardless of the interface a packet arrives on, then
multiple parallel links cannot be detected in that network
domain.If parallel links between routers are aggregated below the IP
layer, In other words, all links share the same pair of IP
addresses, then the existence of these parallel links can't be
detected at IP layer. This applies to other network domains with
layers below them, as well.@@@@ This paragraph on Temporal Composition moved to support a more
complete section on Methodology (section 4).When a route assessment employs IP packets (for example), the
reality of flow assignment to parallel subpaths involves layers above
IP. Thus, the measured Route Ensemble is applicable to IP and higher
layers (as described in the methodology's packet of Type-P and flow
parameters).@@@@ The Temporal Measurement and Route Class C (unrelated to
address classes of the past) is now partly addressed in Section 4.@@@@ now partly addressed, based on feedback at IETF-101:An Information Model and an XML Data Model for Storing Traceroute
Measurements is available in . The measured
information at each hop includes four pieces of information: a
one-dimensional hop index, host symbolic address, host IP address, and
RTD for each response.The description of Hop information that may be collected according
to this memo covers more dimensions, as defined in Section 3.3 above.
For example, the Hop index is two-dimensional to capture the
complexity of a Route Ensemble, and it contains corresponding host
identities at a minimum. The models need to be expanded to include
these features, as well as Arrival Interface ID, Departure Interface
ID, and Arrival Timestamp, when available.@@@@ can we leave updates to RFC 5388 for further work? Or, do we
need to take-on this topic in an Appendix here?There are two classes of methods described in this section, active
methods relying on the reaction to TTL or Hop Limit Exceeded condition
to discover hosts on a path, and Hybrid active-passive methods that
involve direct interrogation of cooperating hosts (usually within a
single domain). Description of these methods follow.@@@@ Editor's Note: We need to incorporate description of Type-P
packets (with the flow parameters) used in each method below (done for
Active).We have chosen to describe the method based on that employed in
current open source tools, thereby providing a practical framework for
further advanced techniques to be included as method variants. This
method is applicable to use across multiple administrative
domains.Paris-traceroute provides some measure of
protection from path variation generated by ECMP load balancing, and
it ensures traceroute packets will follow the same path in 98% of
cases according to . If it is necessary to
find every path possible between two hosts, Paris-traceroute provides
“exhaustive” mode while scamper provides
“tracelb” (stands for traceroute load balance).The Type-P of packets used could be ICMP (as in the original
traceroute), UDP or TCP. The later are used when a particular
characteristic needs to be to verified, such as filtering or traffic
shaping on specific ports (i.e., services).
supports IPv6 traceroute measurements, keeping the FlowLable constant
in all packets.The advanced route assessment methods used in Paris-traceroute
keep the critical fields constant for every packet
to maintain the appearance of the same flow. Since route assessment
can be conducted using TCP, UDP or ICMP packets, this method REQUIRES
the Diffserv field, the protocol number, IP source and destination
addresses, and the port settings for TCP or UDP kept constant. For
ICMP probes, the method additionally REQUIRES keeping the type, code,
and ICMP checksum constant; which occupy the corresponding positions
in the header of an IP packet, e.g., bytes 20 to 23 when the header IP
has no options.Maintaining a constant checksum in ICMP is most challenging because
the ICMP Sequence Number is part of the calculation. The advanced
traceroute method requires calculations using the IP Sequence Number
Field and the Identifier Field, yielding a constant ICMP checksum in
successive packets. For an example of calculations to maintain a
constant checksum, see Appendix A of , where
revision of a timestamp field is complemented by modifying the 2 octet
checksum complement field (these fields take the roles of the ICMP
Sequence Number and Identifier Fields, respectively).For TCP and UDP packets, the checksum must also be kept constant.
Therefore, the first four bytes of UDP (or TCP) data field are
modified to compensate for fields that change from packet to
packet.@@@@ Note: other variants of advanced traceroute are planned be
described.Finally, the return path is also important to check. Taking into
account that it is an ICMP time exceeded (during transit) packet, the
source and destination IP are constant for every reply. Then, we
should consider the fields in the first 32 bits of the protocol on the
top of IP: the type and code of ICMP packet, and its checksum. Again,
to maintain the ICMP checksum constant for the returning packets, we
need to consider the whole ICMP message. It contains the IP header of
the discarded packet plus the first 8 bytes of the IP payload; that is
some of the fields of TCP header, the UDP header plus four data bytes,
the ICMP header plus four bytes. Therefore, for UDP case the data
field is used to maintain the ICMP checksum constant in the returning
packet. For the ICMP case, the identifier and sequence fields of the
sent ICMP probe are manipulated to be constant. The TCP case presents
no problem because its first eight bytes will be the same for every
packet probe.Formally, to maintain the same flow in the measurements to a
certain hop, the Type-P-Route-Ensemble-Method-Variant packets should
be:TCP case: Fields Src, Dst, port-Src, port_Dst, and Diffserv
Field should be the same.UDP case: Fields Src, Dst, port-Src, port-Dst, and Diffserv
Field should be the same, the UDP-checksum should change to
maintain constant the IP checksum of the ICMP time exceeded reply.
Then, the data length should be fixed, and the data field is used
to fixing it (consider that ICMP checksum uses its data field,
which contains the original IP header plus 8 bytes of UDP, where
TTL, IP identification, IP checksum, and UDP checksum
changes).ICMP case: The Data field should compensate variations on TTL,
IP identification, and IP checksum for every packet.Then, the way to identify different hops and attempts of the same
flow is:TCP case: The IP identification field.UDP case: The IP identification field.ICMP case: The IP identification field, and ICMP Sequence
number.The Active Route Assessment Methods described above have the
ability to discover portions of a path where ECMP load balancing is
present, observed as two or more unique Member Routes having one or
more distinct Hops which are part of the Route Ensemble. Likewise,
attempts to deliberately vary the flow characteristics to discover
all Member Routes will reveal portions of the path which are
flow-invariant.Section 9.2 of describes Temporal
Composition of metrics, and introduces the possibility of a
relationship between earlier measurement results and the results for
measurement at the current time (for a given metric). There is value
in establishing a Temporal Composition relationship for Route
Metrics. However, this relationship does not represent a forecast of
future route conditions in any way.For Route Metric measurements, the value of Temporal Composition
is to reduce the measurement iterations required with repeated
measurements. Reduced iterations are possible by inferring that
current measurements using fixed and previously measured flow
characteristics:will have many common hops with previous measurements.will have relatively time-stable results at the ingress and
egress portions of the path when measured from user locations,
as opposed to measurements of backbone networks and across
inter-domain gateways.may have greater potential for time-variation in path
portions where ECMP load balancing is observed (because
increasing or decreasing the pool of links changes the hash
calculations).Optionally, measurement systems may take advantage of the
inferences above when seeking to reduce measurement iterations,
after exhaustive measurements indicate that the time-stable
properties are present. Repetitive Active Route measurement
systems:SHOULD occasionally check path portions which have exhibited
stable results over time, particularly ingress and egress
portions of the path.SHOULD continue testing portions of the path that have
previously exhibited ECMP load balancing.SHALL trigger re-assessment of the complete path and Route
Ensemble, if any change in hops is observed for a specific (and
previously tested) flow.@@@@ Comments on this material are very welcome!There is an opportunity to apply the
notion of equal treatment for a class of packets, "...very useful to
know if a given Internet component treats equally a class C of
different types of packets", as it applies to Route measurements.
Knowledge of "class C" parameters (unrelated to address classes of
the past) on a path potentially reduces the number of flows required
for a given method to assess a Route Ensemble over time.First, recognize that each Member Route of a Route Ensemble will
have a corresponding Routing Class C. Class C can be discovered by
testing with multiple flows, all of which traverse the unique set of
hops that comprise a specific Member Route.Second, recognize that the different Routing Classes depend
primarily on the hash functions used at each instance of ECMP load
balancing on the path.Third, recognize the synergy with Temporal Composition methods
(described above) where evaluation intends to discover time-stable
portions of each Member Route so that more emphasis can be placed on
ECMP portions that also determine Class C.The methods to assess the various Routing Class C characteristics
benefit from the following measurement capabilities:flows designed to determine which n-tuple header fields are
considered by a given hash function and ECMP hop on the path,
and which are not. This operation immediately narrows the search
space, where possible, and partially defines a Routing Class
C.a priori knowledge of the possible types of hash functions in
use also helps to design the flows for testing (major router
vendors publish information about these hash functions, examples
are here
https://www.researchgate.net/publication/281571413_COMPARISON_OF_HASH_STRATEGIES_FOR_FLOW-BASED_LOAD_BALANCING
).ability to direct the emphasis of current measurements on
ECMP portions of the path, based on recent past measurement
results (the Routing Class C of some portions of the path is
essentially "all packets").@@@@ Comments on this material are very welcome! Especially
suggestions for tools that might lend themselves to support these
measurements.There are many examples where passive monitoring of a flow at an
Observation Point within the network can detect unexpected Round
Trip Delay or Delay Variation. But how can the cause of the
anomolous dely be investigated further --from the Observation Point
-- possibly located at an intermediate poin on the path?In this case, knowledge that the flow of interest belongs to a
specific Routing Class C will enable mesurement of the route where
anomolous delay has been observed. Specifically, Round Trip Delay
assessment to each Hop on the path between the Observation Point and
the Destination for the flow of interest may discover high or
variable delay on a specific link and Hop combination.The determination of a Routing Class C which includes the flow of
interest is as described in the section above, aided by computation
of the relevant hash function output as the target.@@@@ Comments on this new material are very welcome!@@@@ This is a topic for investigation at the Hackfest-103
Measurements and Standards table.The Hybrid Type I methods provide an alternative method for Route
Member assessment. As mentioned in the Scope section, provides a possible set of data
fields that would support route identification.In general, nodes in the measured domain would be equipped with
specific abilities:In addition to node identity, nodes may also identify the ingress
and egress interfaces utilized by the tracing packet, the time of day
when the packet was processed, and other generic data (as described in
section 4 of ).In principle, there are advantages if the entity conducting Route
measurements can utilize both forms of advanced methods (active and
hybrid), and combine the results. For example, if there are hosts
involved in the path that qualify as Cooperating Hosts, but not as
Discoverable Hosts, then a more complete view of hops on the path is
possible when a hybrid method (or interrogation protocol) is applied
and the results are combined with the active method results collected
across all other domains.In order to combine the results of active and hybrid/interrogation
methods, the network hosts that are part of a domain supporting an
interrogation protocol have the following attributes:Hosts at the ingress to the domain SHOULD be both Discoverable
and Cooperating, and SHOULD reveal the same Host Identity in
response to both active and hybrid methods.Any Hosts within the domain that are both Discoverable and
Cooperating SHOULD reveal the same Host Identity in response to
both active and hybrid methods.Hosts at the egress to the domain SHOULD be both Discoverable
and Cooperating, and SHOULD reveal the same Host Identity in
response to both active and hybrid methods.When Hosts follow these requirements, it becomes a simple matter to
match single domain measurements with the overlapping results from a
multidomain measurement.In practice, Internet users do not typically have the ability to
utilize the OAM capabilities of networks that their packets traverse,
so the results from a remote domain supporting an interrogation
protocol would not normally be accessible. However, a network operator
could combine interrogation results from their access domain with
other measurements revealing the path outside their domain.The aim of this method is to use packet probes to unveil the paths
between any two end-hosts of the network. Moreover, information derived
from RTD measurements might be meaningful to identify:Intercontinental submarine linksSatellite communicationsCongestionInter-domain pathsThis categorization is widely accepted in the literature and among
operators alike, and it can be trusted with empirical data and several
sources as ground of truth (e.g., ).The first two categories correspond to the physical distance
dependency on Round Trip Delay (RTD) while the last one binds RTD with
queueing delay on routers. Due to the significant contribution of
propagation delay in long distance hops, RTD will be at least 100ms on
transatlantic hops, depending on the geolocation of the vantage points.
Moreover, RTD is typically greater than 480ms when two hops are
connected using geostationary satellite technology (i.e., their orbit is
at 36000km). Detecting congestion with latency implies deeper
mathematical understanding since network traffic load is not stationary.
Nonetheless, as the first approach, a link seems to be congested if
after sending several traceroute probes, it is possible to detect
congestion observing different statistics parameters (e.g., see ).Internet routing is complex because it depends on the policies of
thousands Autonomous Systems (AS). While most of the routers perform
load balancing on flows using Equal Cost Multiple Path (ECMP), a few
still divide the workload through packet-based techniques. The former
scenario is defined according to while the
latter generates a round-robin scheme to deliver every new outgoing
packet. ECMP keeps flow state in the router to ensure every packet of a
flow is delivered by the same path, and this avoids increasing the
packet delay variation and possibly producing overwhelming packet
reordering in TCP flows.Taking into account that Internet protocol was designed under the
“end-to-end” principle, the IP payload and its header do not
provide any information about the routes or path necessary to reach some
destination. For this reason, the well-known tool traceroute was
developed to gather the IP addresses of each hop along a path using the
ICMP protocol . Besides, traceroute adds the
measured RTD from each hop. However, the growing complexity of the
Internet makes it more challenging to develop accurate traceroute
implementation. For instance, the early traceroute tools would be
inaccurate in the current network, mainly because they were not designed
to retain flow state. However, evolved traceroute tools, such as
Paris-traceroute and Scamper
, expect to encounter ECMP and achieve more
accurate results when they do.Paris-traceroute-like tools operate in the following way: every
packet should follow the same path because the sensitive fields of the
header are controlled to appear as the same flow. This means that source
and destination IP addresses, source and destination port numbers are
the same in every packet. Additionally, Differentiated Services Code
Point (DSCP), checksum and ICMP code should remain constant since they
may affect the path selection.Today's traceroute tools can send either UDP, TCP or ICMP packet
probes. Since ICMP header does not include transport layer information,
there are no fields for source and destination port numbers. For this
reason, these tools keep constant ICMP type, code, and checksum fields
to generate a kind of flow. However, the checksum may vary in every
packet, therefore when probes use ICMP packets, ICMP Identifier and
Sequence Number are manipulated to maintain constant checksum in every
packet. On the other hand, when UDP probes are generated, the expected
variation in the checksum of each packet is again compensated by
manipulating the payload.Paris-traceroute allows its users to measure RTD in every hop of the
path for a particular flow. Furthermore, either Paris-traceroute or
Scamper is capable of unveiling the many available paths between a
source and destination (which are visible to this method). This task is
accomplished by repeating complete traceroute measurements with
different flow parameters for each measurement. The Framework for IP
Performance Metrics (IPPM) ( updated by) has the flexibility to require that the
round-trip delay measurement uses packets with
the constraints to assure that all packets in a single measurement
appear as the same flow. This flexibility covers ICMP, UDP, and TCP. The
accompanying methodology of needs to be
expanded to report the sequential hop identifiers along with RTD
measurements, but no new metric definition is needed.Several articles have shown that network traffic presents a
self-similar nature which is
accountable for filling the queues of the routers. Moreover, router
queues are designed to handle traffic bursts, which is one of the most
remarkable features of self-similarity. Naturally, while queue length
increases, the delay to traverse the queue increases as well and leads
to an increase on RTD. Due to traffic bursts generate short-term
overflow on buffers (spiky patterns), every RTD only depicts the
queueing status on the instant when that packet probe was in transit.
For this reason, several RTD measurements during a time window could
begin to describe the random behavior of latency. Loss must also be
accounted for in the methodology.To understand the ongoing process, examining the quartiles provides a
non-parametric way of analysis. Quartiles are defined by five values:
minimum RTD (m), RTD value of the 25% of the Empirical Cumulative
Distribution Function (ECDF) (Q1), the median value (Q2), the RTD value
of the 75% of the ECDF (Q3) and the maximum RTD (M). Congestion can be
inferred when RTD measurements are spread apart, and consequently, the
Inter-Quartile Range (IQR), the distance between Q3 and Q1, increases
its value.This procedure requires to compute quartile values “on the
fly” using the algorithm presented in .This procedure allow us to update the quartiles value whenever a new
measurement arrives, which is radically different from classic methods
of computing quartiles because they need to use the whole dataset to
compute the values. This way of calculus provides savings in memory and
computing time.To sum up, the proposed measurement procedure consists in performing
traceroutes several times to obtain samples of the RTD in every hop from
a path, during a time window (W) and compute the quantiles for every
hop. This could be done for a single path flow or for every detected
path flow.Even though a particular hop may be understood as the amount of hops
away from the source, a more detailed classification could be used. For
example, a possible classification may be identify ICMP Time Exceeded
packets coming from the same routers to those who have the same hop
distance, IP address of the router which is replying and TTL value of
the received ICMP packet.Thus, the proposed methodology is based on this algorithm:In line 9 the advance-traceroute could be either Paris-traceroute or
Scamper, which will use “exhaustive” mode or
“tracelb” option if E is set True, respectively. The
procedure returns a list of tuples (m,Q1,Q2,Q3,M) for each intermediate
hop in the path towards the Dst. Additionally, it could also return path
variations using “alt” variable.Combining the method proposed in and
statistics in , we can measure the
performance of paths interconnecting two endpoints in Internet, and
attempt the categorization of link types and congestion presence based
on RTD.The security considerations that apply to any active measurement of
live paths are relevant here as well. See and
.The active measurement process of "changing several fields to keep
the checksum of different packets identical" does not require special
security considerations because it is part of synthetic traffic
generation, and is designed to have minimal to zero impact on network
processing (to process the packets for ECMP).@@@@ add reference to security considerations from .When considering privacy of those involved in measurement or those
whose traffic is measured, the sensitive information available to
potential observers is greatly reduced when using active techniques
which are within this scope of work. Passive observations of user
traffic for measurement purposes raise many privacy issues. We refer the
reader to the privacy considerations described in the Large Scale
Measurement of Broadband Performance (LMAP) Framework , which covers active and passive techniques.This memo makes no requests of IANA. We thank the good folks at IANA
for having checked this section anyway.The original 3 authors acknowledge Ruediger Geib, for his penetrating
comments on the initial draft, and his initial text for the Appendix on
MPLS. Carlos Pignataro challenged the authors to consider a wider scope,
and applied his substantial expertise with many technologies and their
measurement features in his extensive comments. Frank Brockners also
shared useful comments. We thank them all!A host assessing an MPLS path must be part of the MPLS domain where
the path is implemented. When this condition is met, RFC 8029 provides a
powerful set of mechanisms to detect “correct operation of the
data plane, as well as a mechanism to verify the data plane against the
control plane” .MPLS routing is based on the presence of a Forwarding Equivalence
Class (FEC) Stack in all visited hosts. Selecting one of several Equal
Cost Multi Path (ECMP) is however based on information hidden deeper in
the stack. Early deployments may support a so called “Entropy
label” for this purpose. State of the art deployments base their
choice of an ECMP member based on the IP addresses (see Section 2.4 of
). Both methods allow load sharing information
to be decoupled from routing information. Thus, an MPLS traceroute is
able to check how packets with a contiguous number of ECMP relevant
addresses (and the same destination) are routed by a particular router.
The minimum number of MPLS paths traceable at a router should be 32.
Implementations supporting more paths are available.The MPLS echo request and reply messages offering this feature must
support the Downstream Detailed Mapping TLV (was Downstream Mapping
initially, but the latter has been deprecated). The MPLS echo response
includes the incoming interface where a router received the MPLS Echo
request. The MPLS Echo reply further informs which of the n addresses
relevant for the load sharing decision results in a particular next hop
interface and contains the next hop’s interface address (if
available). This ensures that the next hop will receive a properly coded
MPLS Echo request in the next step route of assessment.RFC to be 8403 (draft-ietf-spring-oam-usecase-10) explains how a
central Path Monitoring System could be used to detect arbitrary MPLS
paths between any routers within a single MPLS domain. The combination
of MPLS forwarding, Segment Routing and MPLS traceroute offers a simple
architecture and a powerful mechanism to detect and validate (segment
routed) MPLS paths.Avoiding traceroute anomalies with Paris tracerouteMeasuring load-balanced paths in the InternetScamper: a scalable and extensible packet prober for active
measurement of the InternetSelf-Similar Network Traffic and Performance Evaluation (1st
ed.)An empirical mixture model for large-scale RTT
measurementsThe P 2 algorithm for dynamic calculation of quantiles and
histograms without storing observationsChallenges in inferring Internet interdomain
congestionbdrmap: Inference of Borders Between IP
Networksbdrmap: Inference of Borders Between IP NetworksIn and out of Cuba: Characterizing Cuba's
connectivity