Sha** the Internet: 10 Years of IXP Growth
Authors:
Timm Böttger,
Gianni Antichi,
Eder L. Fernandes,
Roberto di Lallo,
Marc Bruyere,
Steve Uhlig,
Gareth Tyson,
Ignacio Castro
Abstract:
Over the past decade, IXPs have been playing a key role in enabling interdomain connectivity. Their traffic volumes have grown dramatically and their physical presence has spread throughout the world. While the relevance of IXPs is undeniable, their long-term contribution to the sha** of the current Internet is not fully understood yet.
In this paper, we look into the impact on Internet routes…
▽ More
Over the past decade, IXPs have been playing a key role in enabling interdomain connectivity. Their traffic volumes have grown dramatically and their physical presence has spread throughout the world. While the relevance of IXPs is undeniable, their long-term contribution to the sha** of the current Internet is not fully understood yet.
In this paper, we look into the impact on Internet routes of the intense IXP growth over the last decade. We observe that while in general IXPs only have a small effect in path shortening, very large networks do enjoy a clear IXP-enabled path reduction. We also observe a diversion of the routes, away from the central Tier-1 ASes supported by IXPs. Interestingly, we also find that whereas IXP membership has grown, large and central ASes have steadily moved away from public IXP peerings, whereas smaller ones have embraced them. Despite all this changes, we find though that a clear hierarchy remains, with a small group of highly central networks
△ Less
Submitted 8 July, 2019; v1 submitted 25 October, 2018;
originally announced October 2018.
Leveraging SDN to Monitor Critical Infrastricture Networks in a Smarter Way
Authors:
Roberto di Lallo,
Federico Griscioli,
Gabriele Lospoto,
Habib Mostafaei,
Maurizio Pizzonia,
Massimo Rimondini
Abstract:
In critical infrastructures, communication networks are used to exchange vital data among elements of Industrial Control Systems (ICSes). Due to the criticality of such systems and the increase of the cybersecurity risks in these contexts, best practices recommend the adoption of Intrusion Detection Systems (IDSes) as monitoring facilities. The choice of the positions of IDSes is crucial to monito…
▽ More
In critical infrastructures, communication networks are used to exchange vital data among elements of Industrial Control Systems (ICSes). Due to the criticality of such systems and the increase of the cybersecurity risks in these contexts, best practices recommend the adoption of Intrusion Detection Systems (IDSes) as monitoring facilities. The choice of the positions of IDSes is crucial to monitor as many streams of data traffic as possible. This is especially true for the traffic patterns of ICS networks, mostly confined in many subnetworks, which are geographically distributed and largely autonomous. We introduce a methodology and a software architecture that allow an ICS operator to use the spare bandwidth that might be available in over-provisioned networks to forward replicas of traffic streams towards a single IDS placed at an arbitrary location. We leverage certain characteristics of ICS networks, like stability of topology and bandwidth needs predictability, and make use of the Software-Defined Networking (SDN) paradigm. We fulfill strict requirements about packet loss, for both functional and security aspects. Finally, we evaluate our approach on network topologies derived from real networks.
△ Less
Submitted 16 January, 2017;
originally announced January 2017.