Abstract
Current methods to analyze the Internet's router-level topology with paths collected using traceroute assume that the source address for each router in the path is either an inbound or off-path address on each router. In this work, we show that outbound addresses are common in our Internet-wide traceroute dataset collected by CAIDA's Ark vantage points in January 2020, accounting for 1.7% - 5.8% of the addresses seen at some point before the end of a traceroute. This phenomenon can lead to mistakes in Internet topology analysis, such as inferring router ownership and identifying interdomain links. We hypothesize that the primary contributor to outbound addresses is Layer 3 Virtual Private Networks (L3VPNs), and propose vrfinder, a technique for identifying L3VPN outbound addresses in traceroute collections. We validate vrfinder against ground truth from two large research and education networks, demonstrating high precision (100.0%) and recall (82.1% - 95.3%). We also show the benefit of accounting for L3VPNs in traceroute analysis through extensions to bdrmapIT, increasing the accuracy of its router ownership inferences for L3VPN outbound addresses from 61.5% - 79.4% to 88.9% - 95.5%.
- [n.d.]. AFRINIC Extended Allocation and Assignment Reports. ftp://ftp.afrinic.net/pub/stats/afrinic.Google Scholar
- [n.d.]. APNIC Extended Allocation and Assignment Reports. ftp://ftp.apnic.net/pub/stats/apnic.Google Scholar
- [n.d.]. ARIN Extended Allocation and Assignment Reports. ftp.arin.net/pub/stats/arin.Google Scholar
- [n.d.]. Border Gateway Protocol (BGP) VPNs. https://www.cisco.com/c/en/us/products/ios-nx-os-software/bordergateway- protocol-bgp-vpns/index.html.Google Scholar
- [n.d.]. The CAIDA UCSD AS to Organization Mapping Dataset. http://www.caida.org/data/as_organizations.xml.Google Scholar
- [n.d.]. Internet Exchange Report. https://bgp.he.net/report/exchanges.Google Scholar
- [n.d.]. LACNIC Extended Allocation and Assignment Reports. ftp.lacnic.net/pub/stats/lacnic.Google Scholar
- [n.d.]. PCH: Packet Clearing House. https://www.pch.net/resources/Routing_Data/.Google Scholar
- [n.d.]. PeeringDB. https://peeringdb.com/.Google Scholar
- [n.d.]. RIPE Extended Allocation and Assignment Reports. ftp://ftp.ripe.net/pub/stats/ripencc.Google Scholar
- [n.d.]. Routing Information Service (RIS). https://www.ripe.net/analyse/internet-measurements/routing-informationservice- ris.Google Scholar
- [n.d.]. University of Oregon Route Views Project. http://www.routeviews.org/routeviews/.Google Scholar
- 2018. Understanding Traceroute Behavior in L3VPN Setup on Junos OS. https://kb.juniper.net/InfoCenter/index? page=content&id=KB33434&cat=MX_SERIES&actp=LIST&showDraft=false.Google Scholar
- 2019. Types of VPNs. https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-overview.html.Google Scholar
- 2019. Understanding Carrier-of-Carriers VPNs. https://www.juniper.net/documentation/en_US/junos/topics/concept/ vpn-carrier-of-carriers-vpns.html.Google Scholar
- 2020. The CAIDA UCSD IXPs Dataset. https://www.caida.org/data/ixps.Google Scholar
- 2020. Macroscopic Internet Topology Data Kit (ITDK). http://www.caida.org/data/internet-topology-data-kit/.Google Scholar
- Réka Albert, Hawoong Jeong, and Albert-László Barabási. 2000. Error and Attack Tolerance of Complex Networks. Nature 406 (June 2000).Google Scholar
- Lisa D Amini, Anees Shaikh, and Henning G Schulzrinne. 2002. Issues with Inferring Internet Topological Attributes. In Internet Performance and Control of Network Systems III.Google Scholar
- Brice Augustin, Xavier Cuvellier, Benjamin Orgogozo, Fabien Viger, Timur Friedman, Matthieu Latapy, Clémence Magnien, and Renata Teixeira. 2006. Avoiding Traceroute Anomalies with Paris Traceroute. In IMC 2006 -- 6th ACM Internet Measurement Conference.Google Scholar
- Brice Augustin, Timur Friedman, and Renata Teixeira. 2007. Measuring load-balanced paths in the Internet. In IMC. San Diego, CA, USA, 149--160.Google Scholar
- Fred Baker. 1995. RFC 1812: Requirements for IP Version 4 Routers. Technical Report. Internet Engineering Task Force.Google Scholar
- F. Baker and P. Savola. 2004. Ingress Filtering for Multihomed Networks. RFC 3704.Google Scholar
- Adam Bender, Rob Sherwood, and Neil Spring. 2008. Fixing Ally's Growing Pains with Velocity Modeling. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 337--342.Google Scholar
Digital Library
- Amogh Dhamdhere, David D. Clark, Alexander Gamero-Garrido, Matthew Luckie, Ricky K. P. Mok, Gautam Akiwate, Kabir Gogia, Vaibhav Bajpai, Alex C. Snoeren, and Kc Claffy. 2018. Inferring Persistent Interdomain Congestion. In SIGCOMM.Google Scholar
- Benoit Donnet, Matthew Luckie, Pascal Mérindol, and Jean-Jacques Pansiot. 2012. Revealing MPLS Tunnels Obscured from Traceroute. ACM SIGCOMM Computer Communication Review (2012).Google Scholar
- P. Ferguson and D. Senie. 2000. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827.Google Scholar
- Brian J Goodchild, Yi-Ching Chiu, Rob Hansen, Haonan Lu, Matt Calder, Matthew Luckie,Wyatt Lloyd, David Choffnes, and Ethan Katz-Bassett. 2017. The Record Route Option is an Option!. In IMC.Google Scholar
- Ramesh Govindan and Hongsuda Tangmunarunkit. 2000. Heuristics for Internet Map Discovery. In INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE. Proc. ACM Meas. Anal. Comput. Syst., Vol. 4, No. 2, Article 40. Publication date: June 2020. vrfinder: Finding Outbound Addresses in Traceroute 40:23Google Scholar
- Mehmet H Gunes and Kamil Sarac. 2006. Analytical IP Alias Resolution. In Communications, 2006. ICC'06. IEEE International Conference on, Vol. 1. IEEE, 459--464.Google Scholar
Cross Ref
- Robert M. Hinden and Stephen E. Deering. 2006. RFC 4291: IP Version 6 Addressing Architecture. Technical Report. IETF.Google Scholar
- Bradley Huffaker, Amogh Dhamdhere, Marina Fomenkov, et al. 2010. Toward Topology Dualism: Improving the Accuracy of AS Annotations for Routers. In International Conference on Passive and Active Network Measurement. Springer, 101--110.Google Scholar
- Y. Hyun, A. Broido, and k. claffy. 2003. On Third-party Addresses in Traceroute Paths. In PAM.Google Scholar
- M. S. Kang, S. B. Lee, and V. D. Gligor. 2013. The Crossfire Attack. In 2013 IEEE Symposium on Security and Privacy.Google Scholar
- Ethan Katz-Bassett, Harsha V Madhyastha, Vijay Kumar Adhikari, Colin Scott, Justine Sherry, Peter Van Wesep, Thomas E Anderson, and Arvind Krishnamurthy. 2010. Reverse Traceroute. In NSDI, Vol. 10. 219--234.Google Scholar
Digital Library
- Ken Keys. [n.d.]. iffinder. https://www.caida.org/tools/measurement/iffinder/.Google Scholar
- Ken Keys, Young Hyun, Matthew Luckie, and Kim Claffy. 2013. Internet-Scale IPv4 Alias Resolution with MIDAR. IEEE/ACM Transactions on Networking (TON) (2013).Google Scholar
Digital Library
- Miya Kohno, Becca Nitzan, Randy Bush, Yoshinobu Matsuzaki, Lorenzo Colitti, and Thomas Narten. 2011. RFC 6164: Using 127-Bit IPv6 Prefixes on Inter-Router Links. Technical Report. IETF.Google Scholar
- Qasim Lone, Matthew Luckie, Maciej Korczy'ski, and Michel van Eeten. 2017. Using Loops Observed in Traceroute to Infer the Ability to Spoof. In International Conference on Passive and Active Network Measurement. Springer, 229--241.Google Scholar
Cross Ref
- Matthew Luckie and Robert Beverly. 2017. The Impact of Router Outages on the AS-level Internet. In Proceedings of ACM SIGCOMM.Google Scholar
Digital Library
- Matthew Luckie and Kc Claffy. 2014. A Second Look at Detecting Third-Party Addresses in Traceroute Traces with the IP Timestamp Option. In Proceedings of the 15th International Conference on Passive and Active Measurement-Volume 8362.Google Scholar
Digital Library
- Matthew Luckie, Amogh Dhamdhere, Bradley Huffaker, David Clark, and kc claffy. 2016. bdrmap: Inference of Borders Between IP Networks. In IMC.Google Scholar
- Matthew Luckie, Bradley Huffaker, and k claffy. 2019. Learning Regexes to Extract Router Names from Hostnames. In Proceedings of the Internet Measurement Conference. 337--350.Google Scholar
Digital Library
- Matthew Luckie, Bradley Huffaker, Amogh Dhamdhere, Vasileios Giotsas, and kc claffy. 2013. AS Relationships, Customer Cones, and Validation. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC).Google Scholar
- Zhuoqing Morley Mao, Jennifer Rexford, JiaWang, and Randy H Katz. 2003. Towards an Accurate AS-Level Traceroute Tool. In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications. ACM, 365--378.Google Scholar
Digital Library
- Pietro Marchetta,Walter de Donato, and Antonio Pescapé. 2013. Detecting Third-Party Addresses in Traceroute Traces with IP Timestamp Option. In Proceedings of the 14th international conference on Passive and Active Measurement.Google Scholar
Digital Library
- Alexander Marder. 2020. bdrmapIT GitHub Code Respository. https://github.com/alexmarder/bdrmapit.Google Scholar
- Alexander Marder. 2020. vrfinder GitHub Code Respository. https://github.com/alexmarder/vrfinder.Google Scholar
- Alexander Marder, Matthew Luckie, Amogh Dhamdhere, Bradley Huffaker, kc claffy, and Jonathan M. Smith. 2018. Pushing the Boundaries with bdrmapIT: Mapping Router Ownership at Internet Scale. In IMC.Google Scholar
- Alexander Marder and Jonathan M Smith. 2016. MAP-IT: Multipass Accurate Passive Inferences from Traceroute. In Proceedings of the 2016 Internet Measurement Conference. ACM, 397--411.Google Scholar
Digital Library
- Pascal Mérindol, Benoit Donnet, Jean-Jacques Pansiot, Matthew Luckie, and Young Hyun. 2011. MERLIN: MEasure the Router Level of the INternet. In Proceedings of the 7th Euro-NF Conference on Next Generation Internet (NGI). 1--8.Google Scholar
Cross Ref
- Nagendra Kumar Nainar. 2018. MPLS VPN Traceroute. https://community.cisco.com/t5/routing/mpls-vpn-traceroute/ m-p/3768060.Google Scholar
- Jean-Jacques Pansiot, Pascal Mérindol, Benoit Donnet, and Olivier Bonaventure. 2010. Extracting Intra-Domain Topology from mrinfo Probing. In PAM. 81--90.Google Scholar
- Vern Paxson. 1997. End-to-End Internet Packet Dynamics. In ACM SIGCOMM Computer Communication Review, Vol. 27. ACM, 139--152.Google Scholar
Digital Library
- Alvaro Retana, Russ White, Vince Fuller, and Danny McPherson. 2000. RFC 3021: Using 31-Bit Prefixes on IPv4 Point-to-Point Links. Technical Report. IETF.Google Scholar
- Eric Rosen and Yakov Rekhter. 1999. RFC 2547: BGP/MPLS VPNs. Technical Report. Internet Engineering Task Force.Google Scholar
- Eric Rosen and Yakov Rekhter. 2006. RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs). Technical Report. IETF.Google Scholar
- Jan Rüth, Torsten Zimmermann, and Oliver Hohlfeld. 2019. Hidden Treasures--Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane. In International Conference on Passive and Active Network Measurement. Springer, 51--67.Google Scholar
Cross Ref
- Pekka Savola. 2003. RFC 3627: Use of /127 Prefix Length Between Routers Considered Harmful. Technical Report. IETF. Proc. ACM Meas. Anal. Comput. Syst., Vol. 4, No. 2, Article 40. Publication date: June 2020. 40:24 Marder, et al.Google Scholar
- Justine Sherry, Ethan Katz-Bassett, Mary Pimenova, Harsha V Madhyastha, Thomas Anderson, and Arvind Krishnamurthy. 2010. Resolving IP Aliases with Prespecified Timestamps. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, 172--178.Google Scholar
Digital Library
- Rob Sherwood, Adam Bender, and Neil Spring. 2008. DisCarte: A Disjunctive Internet Cartographer. In SIGCOMM. 303--314.Google Scholar
- Neil Spring, Mira Dontcheva, Maya Rodrig, and David Wetherall. 2004. How to Resolve IP Aliases. Technical Report UW-CSE-TR 04--05--04. University of Washington.Google Scholar
- Neil Spring, Ratul Mahajan, and David Wetherall. 2002. Measuring ISP topologies with Rocketfuel. In SIGCOMM. 133--145.Google Scholar
- Richard A Steenbergen. 2009. A Practical Guide to (Correctly) Troubleshooting with Traceroute. NANOG (2009).Google Scholar
- Ahren Studer and Adrian Perrig. 2009. The Coremelt Attack. In European Symposium on Research in Computer Security.Google Scholar
- Yves Vanaubel, Pascal Mérindol, Jean-Jacques Pansiot, and Benoit Donnet. 2017. Through the Wormhole: Tracking Invisible MPLS Tunnels. In Proceedings of the 2017 Internet Measurement Conference. ACM, 29--42.Google Scholar
Digital Library
- Jianhong Xia, Lixin Gao, and Teng Fei. 2007. A Measurement Study of Persistent Forwarding Loops on the Internet. Computer Networks 51, 17 (2007), 4780--4796.Google Scholar
Digital Library
- Bahador Yeganeh, Ramakrishnan Durairajan, Reza Rejaie, and Walter Willinger. 2019. How Cloud Traffic Goes Hiding: A Study of Amazon's Peering Fabric. In IMC. Amsterdam, NL, 202--216.Google Scholar
- Yu Zhang, Ricardo Oliveira, Hongli Zhang, and Lixia Zhang. 2010. Quantifying the Pitfalls of Traceroute in AS Connectivity Inference. In International Conference on Passive and Active Network Measurement.Google Scholar
- Jan Zorz, Sander Steffan, Primoz Drazumeric, Mark Townsley, Andrew Alston, Gert Doering, Jordi Palet, Jen Linkova, Luis Balbinot, Kevin Meynell, and Lee Howard. 2017. Best Current Operational Practice for Operators: IPv6 Prefix Assignment for End-users -- Persistent vs Non-persistent, and What Size to Choose. Technical Report. RIPE NCC.Google Scholar
Index Terms
vrfinder: Finding Outbound Addresses in Traceroute
Recommendations
vrfinder: Finding Outbound Addresses in Traceroute
SIGMETRICS '20: Abstracts of the 2020 SIGMETRICS/Performance Joint International Conference on Measurement and Modeling of Computer SystemsCurrent methods to analyze the Internet's router-level topology with paths collected using traceroute assume that the source address for each router in the path is either an inbound or off-path address on each router. In this work, we show that outbound ...
vrfinder: Finding Outbound Addresses in Traceroute
Current methods to analyze the Internet's router-level topology with paths collected using traceroute assume that the source address for each router in the path is either an inbound or off-path address on each router. In this work, we show that outbound ...






Comments