Tools About Anycast Agility Against DDoS in Peering Testbed

anygility/anygility-peering

This page contains tools to build a network playbook using different BGP configurations in Peering testbed. We also include parser tools to parse attack data and the data generated to build the playbook.

anygility - anycast agility tools in Peering

This page contains tools related to our experiments in Peering testbed. The other datasets and tools are available in the following links:

Components

This page contains tools to build a network playbook using different BGP configurations in Peering testbed. We also include parser tools to parse attack data and the data generated to build the playbook.

We provide the following tools to build the network playbook, and parse data.

  • playbook_builder: This program makes different BGP announcements automatically to build the playbook.
  • load_parser: Parses a directory with positive and negative prepending to find the catchment and load distribution.
  • ParsingLoad: Parses a single directory to find catchment and load distribution.
  • TimeBasedPrefixLoad: Parses root traffic to get time based load for each prefix.
  • AnycastSiteLoad: Parses the generated output from TimeBasedPrefixLoad program to get time based anycast site load.
  • getting_hitlist_ips: Parses raw hitlist file to generate responsive IPs.

playbook_builder

This program will automatically announce different routing configurations from the anycast sites, run ping measurements, and capture the packet traces for each site. We provide the script for Peering testbed. But it can be used for other anycast platforms (with a change in the connection setup). This tool requires root access, and access to the peering testbed. This program requires verfploeter/pinger tool to make the ping measurement. This program also requires a recent hitlist that can be requested using the ANT dataset page.

load_parser

This script takes input about the data sources, parses captured pcap traces for different routing options (both positive and negative prepending), and generates catchment distribution. This script goes over different prepending options and parses them. This script utilizes ParsingLoad.jar to complete a measurement with a specific routing configuration. This script requires a hitlist and a load file for the measurement. Users who are not interested with the load distribution, can just use the dummy load file that we provided with the software tool. One needs to use the hitlist that one used for their Verfploeter measurement. We provide such a hitlist in our dataset page. We also include a sample output file named all-2020-02-24-load-2020-02-22.txt.

ParsingLoad

This program takes inputs about a specific routing configuration, parses the pcap files and a load file to generate the catchment and load distribution. This program is dependent on pingextract to translate the pcap files into .dat files.

TimeBasedPrefixLoad

This code takes inputs about the traffic, server IPs, and the generates the load in number of packets and bytes in every 5s. The generated outputs represent time-based load. This tool requires DNS traces files. We provide this dataset in our dataset page. We used traces in message question format. We provide the DNS traces for attack events. We used this tool to convert the attack traces into an intermediate format.

AnycastSiteLoad

This code takes 6 mandatory inputs about anycast and load. It generates the per site load in every 5 seconds. This program is also dependent on the generated dat file by load_parser or ParsingLoad program. This program is also dependent on the outputs generated by TimeBasedPrefixLoad program. This tool currently generates the per site load, and it shows the unknown and multiple catchments in separate columns.

getting_hitlist_ips

This code takes a raw hitlist file and parses it to generate a list of responsive IPs.

Synopsis

playbook_builder [--numbers=NO_OF_SITES] [--sites=SITE_LIST] [--prefix=ANNOUNCED_PREFIX] [--peering=PEERING_DIRECTORY] [--dest=DEST_DIRECTORY] [--pinger=PINGER_DIR] [--source=PINGER_SOURCE_ADDRESS] [options]

load_parser [--numbers=NO_OF_SITES] [--sites=SITE_LIST] [--dir=DATA_DIR_BASE] [--date=EXPERIMENT_DATE] [--load=LOAD_FILE_DIR] [--ldate=LOAD_DATE] [--hitlist=HITLIST_FILE_DIR]

java -jar ParsingLoad.jar [NO_OF_SITES] [SITE_LIST] [DATA_DIR_BASE] [OUTPUT_DIR] [EXPERIMENT_DATE] [LOAD_FILE_DIR] [LOAD_DATE] [HITLIST_DIR]

cat [TIMESTAMP] [SOURCE] [DATA_LENGTH] | java -jar TimeBasedPrefixLoad.java [DESTINATION_DIR] [SERVER_IPs] [START_TIMESTAMP] [END_TIMESTAMP]

java -jar AnycastSiteLoad.java [NO_OF_SITES] [SITE_LIST] [CATCHMENT_DIR] [CATCHMENT_DATE] [LOAD_DIRECTORY] [LOAD_DATE]

bzcat [RAW_HITLIST] ./getting_hitlist_ips [OUTPUT_FILE]

playbook_builder options

--numbers=Number of anycast sites
Input for the number of anycast sites.
--sites=List of sites
List of sites separated by comma.
--prefix=Routing prefix
Prefix that the anycast sites will announce.
--peering=Directory for Peering
The directory for Peering client should be given using this option.
--dest=Destination to keep the captured files
The directory where tcpdump will generate the pcap files.
--pinger=pinger directory
Tells the directory for pinger executable.
--source=source address
Source address that pinger will use to make pings to the hitlist targets.
--help=Prints help information
Shows the options.
--interface=Interface to be used by pinger
Default is the interface for the first site. Using this an operator can select a site to run pinger.
--forward=IP to forward traffic
Must match the interface, default is the address for the first site
--forward=IP list
Hitlist file. Default is ip_list.txt.

load_parser and Parsing_Load options

load_parser [--numbers=NO_OF_SITES] [--sites=SITE_LIST] [--dir=DATA_DIR_BASE] [--date=EXPERIMENT_DATE] [--load=LOAD_FILE_DIR] [--ldate=LOAD_DATE] [``–]

--numbers=NO_OF_SITES
The number of anycast sites.
--sites=SITE_LIST
List of anycast sites separated by comma.
--dir=DATA_DIR_BASE
Data directory where we keep the captured traces.
--date=EXPERIMENT_DATE
Date when we made the measurement with the testbed.
--load=LOAD_FILE_DIR
This file contains per prefix service load for measuring load distribution.
--ldate=LOAD_DATE
The date when we measure the load distribution.
--hitlist=HITLIST
Hitlist file directory, default is ip_list_20191127.txt.

TimeBasedPrefixLoad options

Standard input: TIMESTAMP=TIMESTAMP element of the traffic
We provide message question formatted DNS traffic. We can select only the TIMESTAMP element from the DNS traffic.
Standard input: SOURCE=Source IP element of the traffic
We provide message question formatted DNS traffic. We can select only the SOURCE_IP element from the DNS traffic.
Standard input: DATA_LENGTH=Message length element of the traffic
We provide message question formatted DNS traffic. We can select only the message length element from the DNS traffic.
DESTINATION_DIR=Destination where TimeBasedPrefixLoad writes the output
Directory to keep the output files. In every 5 seconds we generate a single file. Each file contains prefix based load.
SERVER_IPs=Server IPs for the root DNS server
DNS root server IPs given to the program. This is useful to distinguish between incoming and outgoing traffic.
START_TIMESTAMP=TIMESTAMP to start the measurement
From this given timestamp, we start the measurement. This input is optional, default is the timestamp from the first packet.
END_TIMESTAMP=TIMESTAMP to end the measurement
At this given timestamp, we end our measurement. This input is optional, default is 10 mins from the START_TIMESTAMP.

AnycastSiteLoad options

NO_OF_SITES=NO_OF_SITES in the anycast network.
The number of anycast sites.
SITE_LIST=SITE_LIST
List of anycast sites separated by comma.
CATCHMENT_DIR=CATCHMENT_DIR
Data directory where we keep the Verfploeter measurements and parsed output.
CATCHMENT_DATE=EXPERIMENT_DATE
Date when we made the measurement with Verfploeter to find catchment distribution.
LOAD_DIRECTORY=LOAD_FILE_DIR
This file contains per prefix service load in every 5 seconds. TimeBasedPrefixLoad program has already written the intermediate outputs in this directory.
LOAD_DATE=LOAD_DATE
Date when we measured the load.

getting_hitlist_ips options

RAW_HITLIST=RAW_HITLIST_FILE
This raw hitlist can be requested from ANT datasets: https://ant.isi.edu/datasets/index.html. For example, internet_address_hitlist_it88w-20191127 from https://ant.isi.edu/datasets/all.html page.
OUTPUT_FILE=OUTPUT_HITLIST_FILE
Generated output file with only responsive IPS (with score >=0).

Example

The detailed examples can be found in our artifact appendix.

playbook_builder

  1. An operation with 3 sites with 172.20.10.0/24 prefix. ./playbook_builder --numbers=3 --sites=AMS,BOS,CNF --prefix=172.20.10.0/24 --peering=/nfs/peering/ --dest=/nfs/dest/ --pinger=PINGER_DIR --source=184.164.238.3

load_parser

  1. An anycast operator wants to parse the captured traces with positive and negative prepending with 3 sites: ./load_parser --numbers=3 --sites=BOS,SLC,SEA2 --dir=/Path_Prepending_BOS,SLC,SEA2_2020-02-28-HITLIST_20191127/ --date=2020-02-28 --load=/broot/loads/ --ldate=2022-02-06

ParsingLoad

  1. An anycast operator wants to parse 3 sites—BOS,SLC,SEA2 where BOS is prepended by 1. It also uses a load file from /nfs/landerR04/traces/verfploeter/broot_verfploeter/loads/ directory. java -jar ParsingLoad.jar 3 BOS,SLC,SEA2 /Path_Prepending_BOS,SLC,SEA2_2020-02-28-HITLIST_20191127/2020-02-28-BOS,SLC,SEA2-BOS1/ /Path_Prepending_BOS,SLC,SEA2_2020-02-28-HITLIST_20191127/2020-02-28-BOS,SLC,SEA2-BOS1/ 2020-02-28 /broot/loads/ 2022-02-06 ip_list_20191127.txt

TimeBasedPrefixLoad

  1. Finding prefix-based load in every 5 seconds using the standard input from message question DNS traffic. xzcat /B_Root_Anomaly_message_question-20210528/28/20210528-01{0,1,2,3}* | dbcol time srcip msglen | java -jar TimeBasedPrefixLoad.jar /Load_attacks/load-test/ 199.9.14.182,192.228.79.143,2001:500:200::b,2001:500:84::b 1622163610.820339 1622165410.820339

AnycastSiteLoad

  1. Finding prefix-based load for each site in every 5 seconds java -jar AnycastSiteLoad.jar 3 BOS,ATL,MSN /Path_Prepending_BOS,ATL,MSN_2020-05-29-HITLIST_20191127/2020-05-29-BOS,ATL,MSN/ 2020-05-29 /Load_attacks/load-test/ 2021-05-28.

getting_hitlist_ips

  1. Parsing raw file from 20191127 bzcat internet_address_hitlist_it88w-20191127.fsdb.bz2 | ./getting_hitlist_ips ip_list_20191127.txt