Estimation of Critical Components of Internet Infrastructure

Electronic communications and Internet plays a significant role in the current public life. Beside energy, transport, water supply and other sectors, Internet is considered to be an especially important infrastructure. Currently, more and more users, service providers and public institutions rely on security of Internet network. Network accessibility can indeed determine the parameters of quality service supply. A failure in network supply due to e.g. cyber attacks, results in service unavailability. As a result, the studies on the reliability and safety of Internet network infrastructure operation, and their continuity remain topical. The article [1] analyses regional Internet network as an integrated system formed of stochastically connected subnets, and suggests methods for analyzing the topology of such system. The article further analyses one of the fundamental characteristics of a network – Internet network connectivity – on the basis of network topology analysis. The methods suggested in the article are aimed at identifying the critical elements of network infrastructure. Eventually, constant monitoring of such elements would allow real-time assessment of network status.


Introduction
Electronic communications and Internet plays a significant role in the current public life.Beside energy, transport, water supply and other sectors, Internet is considered to be an especially important infrastructure.Currently, more and more users, service providers and public institutions rely on security of Internet network.
Network accessibility can indeed determine the parameters of quality service supply.A failure in network supply due to e.g.cyber attacks, results in service unavailability.As a result, the studies on the reliability and safety of Internet network infrastructure operation, and their continuity remain topical.
The article [1] analyses regional Internet network as an integrated system formed of stochastically connected subnets, and suggests methods for analyzing the topology of such system.The article further analyses one of the fundamental characteristics of a network -Internet network connectivity -on the basis of network topology analysis.The methods suggested in the article are aimed at identifying the critical elements of network infrastructure.Eventually, constant monitoring of such elements would allow real-time assessment of network status.

Problem identification
Cyber attacks have been classified by different impact aspects and some of them have a direct effect on the stability and reliability of Internet network.The number of such attacks on the Internet is increasing, which results in an increased effect on the normal network operation.The network has to process the flows generated by the attacks; and very often such attacks are targeted at the elements of network infrastructure [2].Normally, as a response to such attacks, an incident management model (a.k.a.detect-clean-recover) -Computer Emergency Response Team (CERT) -is used [3].The nature of such model operation is exceptionally reactive, i.e. an action is generated upon the fact of an attack.CERT has a shortterm effect, i.e. dealing with a specific attack, and responding to the outcomes [4,11].Due to anonymity on the Internet, the identification of the source of an attack is not always possible using CERT, therefore, attacks from the same source may recur.Therefore, we presume a need for new proactive (preventive) measures to be employed directing them rather towards protection than towards defense as in the case of using CERT.
Another very important aspect is telecommunication.Internet Service Providers (ISP) forms their network infrastructures individually according to their business objectives, network expansion possibilities and user needs.Each ISP has its own routers and inter-network formation policy.Every ISP monitors its network perimeter, and controls the network security as well as its operation reliability.Connections to other networks are also arranged under the initiative of the very ISP using Border Gateway Protocol (BGP) for compiling Autonomous System (AS) routing tables.Such inter-network connections form a hierarchical structure of the Internet network [5].The general reliability of stochastically formed Internet network segment depends on various factors, including the reliability and topology of separate AS elements.
This article is aimed at shaping the methodology for analyzing the Internet network infrastructure identifying the critical elements of the infrastructure the disturbances of which are influencing functionality of the entire network operation.

Methodology and Criteria
When analyzing the Internet network, a graph theory is usually applied [6].Works [7,8] demonstrates the adoption of graph theory for networks traffic analysis and traffic engineering while practice for Internet interconnections assessments is still lacking.
A segment of Internet network is represented by a graph G net , at the vertexes of which are Autonomous Systems (AS).A stationary network status is represented by a connected graph.Such graph contains at least one route between the i th AS and any other AS belonging to G net .The article published [1] presents the topology and the respective graph of the Lithuanian National Internet Network infrastructure.
The following elements of graph are of especially high importance: critical node -V c and critical link -E c .
The descriptions of these critical elements vary among authors.
By the strict rules node is critical if its removal will disconnect the graph into two components.Extended characterisation of critical node presented in paper [9] as a node V c whose failure or malicious behaviour disconnects or significantly degrades the performance of the network.
The vague dual definition of node criticality aggravates the identification of critical nodes.In reality, the variations defined as "disconnecting or significantly degrading the performance" are identified using different methods.Therefore the following definitions are used in this article: critical node and Ș-critical node.
A node shall be considered to be critical when its elimination or disturbance dissolves the original graph into two or more disconnected graph.
Ș-node shall be considered to be critical when its elimination significantly degrades the network performance for the majority of users (ȘA).
The nodes defined as matching the first description are applied the formal method of removing graph vertices.In case the elimination of i th AS creates separate subgraphs having no interconnection, such AS is considered to be V c .
On the purposes of this article and specifying the definition of Ș-critical node, the criticality of a node shall be assessed in relation to the number of users A i connected to the i th AS.The criticality index of a node Ș is a relative value where A i is the number of users of the i th AS; ȈA j is the total number of Internet users in the network.For convenience, the expression of Ș-critical node shall be divided into two categories: Ș i 0.1 and Ș i < 0.1.Respectively, the criticality Ș i 0.1 shall be considered to be the highest in the general network infrastructure.
The definitions of a Critical link E c also vary.One of the definitions is as follows: "a link AB is critical if both endpoints A and B are critical nodes".Broader E c description is the link connecting two critical nodes so that, when this link is eliminated from the graph, the graph becomes disconnected [9].
When identifying E c , G net is considered to be formed of all the ISPs operating on the Internet network corresponding to the node vertices.It is important to note the links the eliminations of which would disconnect small ISP (having no AS) from the National Internet network.
By analogy with the concepts of a critical node used in this article, the following definitions are used: critical link and N-critical link.
A link shall be considered to be critical when its elimination or disturbance forms several subgraphs having no interconnection (edges).
N-critical link shall be considered to be critical when its elimination or disturbance significantly degrades network connectivity.
Identification of E c according to the first definition is performed by the analogous V c principle -method of removing graph edges.In case the elimination of n th creates separate subgraphs having no interconnection, such line is considered to be E c .The graph in question corresponds to the regional Internet network with N int connections [1].N int are the links connecting the AS of the regional network with the AS of the International Internet network provider.In such case, applying the method of removing, N int shall correspond to E c .Specifying the concept of N-critical link, we suggest linking it with the interconnection bandwidth ǻ.The maximum installed bandwidth ǻ max of the link belonging to the i th AS shall be assessed in relation to the total bandwidth ȈBw of connections managed by i th AS.This relation is expressed by the capacity coefficient where ǻ max is installed connections capacity of the i th AS, Gb/s; ȈBw is the overall bandwidth of the i th AS for all connections of this particular AS, Gb/s.The estimation of Ș AS shows the criticality of the link for the i th AS connectivity compared to other links of i th AS.N-critical link shall be divided into two categories: Ș AS 0.9 and Ș AS < 0.9.Respectively, the criticality Ș AS 0.9 (criticality) of the lines shall be considered to be the highest for the total connectivity of i th AS.Essentially, the presence of the above-mentioned condition shows disproportionate distribution of i th AS resources.
Analyzing N-critical links (E cN ), their traffic (bandwidth) intensity is also important to consider.The relation of the data flow ǻ traffic (Gb/s) of the n th link (n = 1, 2, ..., E cN ) and ǻ max shows the line traffic expressed by the traffic coefficient Ȝ n , Ȝ n = ǻ traffic /ǻ max .It is a dynamic parameter different from the above-mentioned parameters which are more or less static.ǻ traffic is one of the most significant network parameters often monitored by ISP.
In a real network, given the normal status, connection links are not overloaded and usually have some reserves.However, subject to data flows generated due to user activeness or cyber attacks, traffic intensity may exceed the installed bandwidth.When Ȝ n 0.8, it alerts the critical level of resources used of the link, the critical bandwidth limit reached by more than one line may signal a cyber attack, which in turn may result in significant degradation of the whole network connectivity.

Application
The above-described metrics were applied to identify the critical nodes and lines of the Lithuanian national Internet network [1].
Having completed the experiment using the method of removing the vertices, 4 critical nodes were identified (V c ), whereas the number of Ș -critical nodes satisfying the condition Ș i 0.1 was 3. Increasing the Ș i (presented at table 1) will result in to the increase of number of V c respectively.It should be noted that one of that 3 nodes coincides with the respective critical node.
The identification of critical lines (E c ) in the graph representing the Lithuanian Internet network was slightly more complicated since E c search must take place among several hundreds of connection lines.Using the method of line removal, 26 critical lines were identified.7he search of N-critical lines (E cN ) was performed for every ISP separately.Only 2 ISP (independent from E c ), including E cN were identified as satisfying the condition Ș AS 0.9.Decreasing the level of Ș AS will result the increase of number identified E cN .

Monitoring
We suggest monitoring the above-mentioned V c and E c in order to identify the failures of the critical elements of the network or critical levels of link traffic resources.Monitoring is very important for timely identification of the failures of the critical elements since the loss of such elements affects the whole network performance.For the troubleshooting, we shall use detectors in the subgraph G c consisting of vertices and edges E c .These detectors perform network monitoring through constant intercommunication.
The simple way to perform monitoring would be routine checks carried on network switching nodes (V c ).Those could be simple ping, tracepath, pathping or traceroute commands, which would continuously (for instance, at 1-5 minutes intervals) check the response from all the critical nodes and the process itself would be automated and screened on the network topology map.The positive characteristic of such a method is its independence, since there would be no need for agreements with router administrators regarding placement of sensors.However, the method itself lacks flexibility.In addition, some ISP prohibits reception of the said commands in their networks.
Our approach is to use for monitoring purposes the Simple Network Management Protocol (SNMP).SNMP is an application layer protocol that facilitates the exchange of management information between network devices.It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite.SNMP enables network administrators to manage network performance, find and solve network problems.As most ISPs use SNMP as de facto standard for network supervision, idea is to monitor some parts of national network identified as critical nodes of network infrastructure.
To get information about critical nodes functionality, dedicated cyclical algorithm invented and presented at Fig. 1.
Generally, monitoring needs to follow several major steps: 1. Send request using SNMP protocol to V c (SNMP Agent).
2. Get response to monitoring system (SNMP Manager) using SNMP protocol from V c (SNMP Agent).3. Calculate and store that data using scripts or tools in central monitoring server with database.We suggest selecting the Ethernet Statistics Group MIB necessary for Ȝ n evaluation at SNMP Agent [10] where ¨in -the difference between two poll cycles of collecting the SNMP ifInOctets objects, which represents the count of inbound octets of traffic in bytes [10]; ¨outthe difference between two poll cycles of collecting the SNMP ifOutOctets objects, which represents the count of outbound octets of traffic in bytes [10]; ǻ max -the speed of the interface, as reported in snmpifSpeed object in bits/s [10]; ¨t -time period.Time period ¨t = 60 s.Implementation of the structural algorithm presented in Fig. 1  return.SNMP agents can be software-configured so that alarm messages are sent to the monitoring system not only in the case of total failure of the line (Fig. 1) but also when the critical limit of line traffic is reached, i.e. when Ȝ n 0.8.Thus the monitoring is performed even more expeditiously.

Conclusions
The assessment of an infrastructure of a network consisting of a large number of stochastically connected subnets (e.g.Internet) in an aspect of reliability is a difficult task due to network complexity.The metrics compiled during the study allows identifying the critical elements of such network: critical and Ș-critical nodes and critical as well as N-critical links.The analysis of these elements simplifies the above-mentioned task.
Having applied the above-described metrics to the Lithuanian Internet Network infrastructure, 4 critical nodes (V c ) were identified, whereas the number of Ș-critical nodes satisfying the condition Ș i 0.1 was 3. Also, 26 critical links and 2 ISPs, including N-critical links satisfying the condition Ș AS 0.9, were identified.Thus we can make a conclusion that the majority of subnets in the infrastructure of the national internet network distribute their resources proportionally.In this way the risk of being dependant on the reliability of N-critical links' operation is reduced.
We have proved that monitoring of critical network elements is possible on the basis of SNMP protocol using detectors in the critical network nodes and a monitoring system.Since SNMP is commonly used among ISP, there is no need to install a new system; an additional software installation is enough.The algorithm of network monitoring and its realization code were composed.All this allows for a real-time centralized monitoring of network status, analysis of network operation failures, etc.We suggest implementing such model, e.g. at the institutions managing electronic communication.

Table 1 .
Critical elements calculation results.
. To calculate Ȝ n for fullíduplex connections, we propose formula taking the largest of the in and out traffic values