skip to main content
research-article
Open Access

vrfinder: Finding Outbound Addresses in Traceroute

Authors Info & Claims
Published:09 June 2020Publication History
Skip Abstract Section

Abstract

Current methods to analyze the Internet's router-level topology with paths collected using traceroute assume that the source address for each router in the path is either an inbound or off-path address on each router. In this work, we show that outbound addresses are common in our Internet-wide traceroute dataset collected by CAIDA's Ark vantage points in January 2020, accounting for 1.7% - 5.8% of the addresses seen at some point before the end of a traceroute. This phenomenon can lead to mistakes in Internet topology analysis, such as inferring router ownership and identifying interdomain links. We hypothesize that the primary contributor to outbound addresses is Layer 3 Virtual Private Networks (L3VPNs), and propose vrfinder, a technique for identifying L3VPN outbound addresses in traceroute collections. We validate vrfinder against ground truth from two large research and education networks, demonstrating high precision (100.0%) and recall (82.1% - 95.3%). We also show the benefit of accounting for L3VPNs in traceroute analysis through extensions to bdrmapIT, increasing the accuracy of its router ownership inferences for L3VPN outbound addresses from 61.5% - 79.4% to 88.9% - 95.5%.

References

  1. [n.d.]. AFRINIC Extended Allocation and Assignment Reports. ftp://ftp.afrinic.net/pub/stats/afrinic.Google ScholarGoogle Scholar
  2. [n.d.]. APNIC Extended Allocation and Assignment Reports. ftp://ftp.apnic.net/pub/stats/apnic.Google ScholarGoogle Scholar
  3. [n.d.]. ARIN Extended Allocation and Assignment Reports. ftp.arin.net/pub/stats/arin.Google ScholarGoogle Scholar
  4. [n.d.]. Border Gateway Protocol (BGP) VPNs. https://www.cisco.com/c/en/us/products/ios-nx-os-software/bordergateway- protocol-bgp-vpns/index.html.Google ScholarGoogle Scholar
  5. [n.d.]. The CAIDA UCSD AS to Organization Mapping Dataset. http://www.caida.org/data/as_organizations.xml.Google ScholarGoogle Scholar
  6. [n.d.]. Internet Exchange Report. https://bgp.he.net/report/exchanges.Google ScholarGoogle Scholar
  7. [n.d.]. LACNIC Extended Allocation and Assignment Reports. ftp.lacnic.net/pub/stats/lacnic.Google ScholarGoogle Scholar
  8. [n.d.]. PCH: Packet Clearing House. https://www.pch.net/resources/Routing_Data/.Google ScholarGoogle Scholar
  9. [n.d.]. PeeringDB. https://peeringdb.com/.Google ScholarGoogle Scholar
  10. [n.d.]. RIPE Extended Allocation and Assignment Reports. ftp://ftp.ripe.net/pub/stats/ripencc.Google ScholarGoogle Scholar
  11. [n.d.]. Routing Information Service (RIS). https://www.ripe.net/analyse/internet-measurements/routing-informationservice- ris.Google ScholarGoogle Scholar
  12. [n.d.]. University of Oregon Route Views Project. http://www.routeviews.org/routeviews/.Google ScholarGoogle Scholar
  13. 2018. Understanding Traceroute Behavior in L3VPN Setup on Junos OS. https://kb.juniper.net/InfoCenter/index? page=content&id=KB33434&cat=MX_SERIES&actp=LIST&showDraft=false.Google ScholarGoogle Scholar
  14. 2019. Types of VPNs. https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-overview.html.Google ScholarGoogle Scholar
  15. 2019. Understanding Carrier-of-Carriers VPNs. https://www.juniper.net/documentation/en_US/junos/topics/concept/ vpn-carrier-of-carriers-vpns.html.Google ScholarGoogle Scholar
  16. 2020. The CAIDA UCSD IXPs Dataset. https://www.caida.org/data/ixps.Google ScholarGoogle Scholar
  17. 2020. Macroscopic Internet Topology Data Kit (ITDK). http://www.caida.org/data/internet-topology-data-kit/.Google ScholarGoogle Scholar
  18. Réka Albert, Hawoong Jeong, and Albert-László Barabási. 2000. Error and Attack Tolerance of Complex Networks. Nature 406 (June 2000).Google ScholarGoogle Scholar
  19. Lisa D Amini, Anees Shaikh, and Henning G Schulzrinne. 2002. Issues with Inferring Internet Topological Attributes. In Internet Performance and Control of Network Systems III.Google ScholarGoogle Scholar
  20. Brice Augustin, Xavier Cuvellier, Benjamin Orgogozo, Fabien Viger, Timur Friedman, Matthieu Latapy, Clémence Magnien, and Renata Teixeira. 2006. Avoiding Traceroute Anomalies with Paris Traceroute. In IMC 2006 -- 6th ACM Internet Measurement Conference.Google ScholarGoogle Scholar
  21. Brice Augustin, Timur Friedman, and Renata Teixeira. 2007. Measuring load-balanced paths in the Internet. In IMC. San Diego, CA, USA, 149--160.Google ScholarGoogle Scholar
  22. Fred Baker. 1995. RFC 1812: Requirements for IP Version 4 Routers. Technical Report. Internet Engineering Task Force.Google ScholarGoogle Scholar
  23. F. Baker and P. Savola. 2004. Ingress Filtering for Multihomed Networks. RFC 3704.Google ScholarGoogle Scholar
  24. Adam Bender, Rob Sherwood, and Neil Spring. 2008. Fixing Ally's Growing Pains with Velocity Modeling. In Proceedings of the 8th ACM SIGCOMM conference on Internet measurement. ACM, 337--342.Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Amogh Dhamdhere, David D. Clark, Alexander Gamero-Garrido, Matthew Luckie, Ricky K. P. Mok, Gautam Akiwate, Kabir Gogia, Vaibhav Bajpai, Alex C. Snoeren, and Kc Claffy. 2018. Inferring Persistent Interdomain Congestion. In SIGCOMM.Google ScholarGoogle Scholar
  26. Benoit Donnet, Matthew Luckie, Pascal Mérindol, and Jean-Jacques Pansiot. 2012. Revealing MPLS Tunnels Obscured from Traceroute. ACM SIGCOMM Computer Communication Review (2012).Google ScholarGoogle Scholar
  27. P. Ferguson and D. Senie. 2000. Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827.Google ScholarGoogle Scholar
  28. Brian J Goodchild, Yi-Ching Chiu, Rob Hansen, Haonan Lu, Matt Calder, Matthew Luckie,Wyatt Lloyd, David Choffnes, and Ethan Katz-Bassett. 2017. The Record Route Option is an Option!. In IMC.Google ScholarGoogle Scholar
  29. Ramesh Govindan and Hongsuda Tangmunarunkit. 2000. Heuristics for Internet Map Discovery. In INFOCOM 2000. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE. Proc. ACM Meas. Anal. Comput. Syst., Vol. 4, No. 2, Article 40. Publication date: June 2020. vrfinder: Finding Outbound Addresses in Traceroute 40:23Google ScholarGoogle Scholar
  30. Mehmet H Gunes and Kamil Sarac. 2006. Analytical IP Alias Resolution. In Communications, 2006. ICC'06. IEEE International Conference on, Vol. 1. IEEE, 459--464.Google ScholarGoogle ScholarCross RefCross Ref
  31. Robert M. Hinden and Stephen E. Deering. 2006. RFC 4291: IP Version 6 Addressing Architecture. Technical Report. IETF.Google ScholarGoogle Scholar
  32. Bradley Huffaker, Amogh Dhamdhere, Marina Fomenkov, et al. 2010. Toward Topology Dualism: Improving the Accuracy of AS Annotations for Routers. In International Conference on Passive and Active Network Measurement. Springer, 101--110.Google ScholarGoogle Scholar
  33. Y. Hyun, A. Broido, and k. claffy. 2003. On Third-party Addresses in Traceroute Paths. In PAM.Google ScholarGoogle Scholar
  34. M. S. Kang, S. B. Lee, and V. D. Gligor. 2013. The Crossfire Attack. In 2013 IEEE Symposium on Security and Privacy.Google ScholarGoogle Scholar
  35. Ethan Katz-Bassett, Harsha V Madhyastha, Vijay Kumar Adhikari, Colin Scott, Justine Sherry, Peter Van Wesep, Thomas E Anderson, and Arvind Krishnamurthy. 2010. Reverse Traceroute. In NSDI, Vol. 10. 219--234.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Ken Keys. [n.d.]. iffinder. https://www.caida.org/tools/measurement/iffinder/.Google ScholarGoogle Scholar
  37. Ken Keys, Young Hyun, Matthew Luckie, and Kim Claffy. 2013. Internet-Scale IPv4 Alias Resolution with MIDAR. IEEE/ACM Transactions on Networking (TON) (2013).Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Miya Kohno, Becca Nitzan, Randy Bush, Yoshinobu Matsuzaki, Lorenzo Colitti, and Thomas Narten. 2011. RFC 6164: Using 127-Bit IPv6 Prefixes on Inter-Router Links. Technical Report. IETF.Google ScholarGoogle Scholar
  39. Qasim Lone, Matthew Luckie, Maciej Korczy'ski, and Michel van Eeten. 2017. Using Loops Observed in Traceroute to Infer the Ability to Spoof. In International Conference on Passive and Active Network Measurement. Springer, 229--241.Google ScholarGoogle ScholarCross RefCross Ref
  40. Matthew Luckie and Robert Beverly. 2017. The Impact of Router Outages on the AS-level Internet. In Proceedings of ACM SIGCOMM.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Matthew Luckie and Kc Claffy. 2014. A Second Look at Detecting Third-Party Addresses in Traceroute Traces with the IP Timestamp Option. In Proceedings of the 15th International Conference on Passive and Active Measurement-Volume 8362.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Matthew Luckie, Amogh Dhamdhere, Bradley Huffaker, David Clark, and kc claffy. 2016. bdrmap: Inference of Borders Between IP Networks. In IMC.Google ScholarGoogle Scholar
  43. Matthew Luckie, Bradley Huffaker, and k claffy. 2019. Learning Regexes to Extract Router Names from Hostnames. In Proceedings of the Internet Measurement Conference. 337--350.Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Matthew Luckie, Bradley Huffaker, Amogh Dhamdhere, Vasileios Giotsas, and kc claffy. 2013. AS Relationships, Customer Cones, and Validation. In Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC).Google ScholarGoogle Scholar
  45. Zhuoqing Morley Mao, Jennifer Rexford, JiaWang, and Randy H Katz. 2003. Towards an Accurate AS-Level Traceroute Tool. In Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications. ACM, 365--378.Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Pietro Marchetta,Walter de Donato, and Antonio Pescapé. 2013. Detecting Third-Party Addresses in Traceroute Traces with IP Timestamp Option. In Proceedings of the 14th international conference on Passive and Active Measurement.Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Alexander Marder. 2020. bdrmapIT GitHub Code Respository. https://github.com/alexmarder/bdrmapit.Google ScholarGoogle Scholar
  48. Alexander Marder. 2020. vrfinder GitHub Code Respository. https://github.com/alexmarder/vrfinder.Google ScholarGoogle Scholar
  49. Alexander Marder, Matthew Luckie, Amogh Dhamdhere, Bradley Huffaker, kc claffy, and Jonathan M. Smith. 2018. Pushing the Boundaries with bdrmapIT: Mapping Router Ownership at Internet Scale. In IMC.Google ScholarGoogle Scholar
  50. Alexander Marder and Jonathan M Smith. 2016. MAP-IT: Multipass Accurate Passive Inferences from Traceroute. In Proceedings of the 2016 Internet Measurement Conference. ACM, 397--411.Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Pascal Mérindol, Benoit Donnet, Jean-Jacques Pansiot, Matthew Luckie, and Young Hyun. 2011. MERLIN: MEasure the Router Level of the INternet. In Proceedings of the 7th Euro-NF Conference on Next Generation Internet (NGI). 1--8.Google ScholarGoogle ScholarCross RefCross Ref
  52. Nagendra Kumar Nainar. 2018. MPLS VPN Traceroute. https://community.cisco.com/t5/routing/mpls-vpn-traceroute/ m-p/3768060.Google ScholarGoogle Scholar
  53. Jean-Jacques Pansiot, Pascal Mérindol, Benoit Donnet, and Olivier Bonaventure. 2010. Extracting Intra-Domain Topology from mrinfo Probing. In PAM. 81--90.Google ScholarGoogle Scholar
  54. Vern Paxson. 1997. End-to-End Internet Packet Dynamics. In ACM SIGCOMM Computer Communication Review, Vol. 27. ACM, 139--152.Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Alvaro Retana, Russ White, Vince Fuller, and Danny McPherson. 2000. RFC 3021: Using 31-Bit Prefixes on IPv4 Point-to-Point Links. Technical Report. IETF.Google ScholarGoogle Scholar
  56. Eric Rosen and Yakov Rekhter. 1999. RFC 2547: BGP/MPLS VPNs. Technical Report. Internet Engineering Task Force.Google ScholarGoogle Scholar
  57. Eric Rosen and Yakov Rekhter. 2006. RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs). Technical Report. IETF.Google ScholarGoogle Scholar
  58. Jan Rüth, Torsten Zimmermann, and Oliver Hohlfeld. 2019. Hidden Treasures--Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane. In International Conference on Passive and Active Network Measurement. Springer, 51--67.Google ScholarGoogle ScholarCross RefCross Ref
  59. Pekka Savola. 2003. RFC 3627: Use of /127 Prefix Length Between Routers Considered Harmful. Technical Report. IETF. Proc. ACM Meas. Anal. Comput. Syst., Vol. 4, No. 2, Article 40. Publication date: June 2020. 40:24 Marder, et al.Google ScholarGoogle Scholar
  60. Justine Sherry, Ethan Katz-Bassett, Mary Pimenova, Harsha V Madhyastha, Thomas Anderson, and Arvind Krishnamurthy. 2010. Resolving IP Aliases with Prespecified Timestamps. In Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, 172--178.Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Rob Sherwood, Adam Bender, and Neil Spring. 2008. DisCarte: A Disjunctive Internet Cartographer. In SIGCOMM. 303--314.Google ScholarGoogle Scholar
  62. Neil Spring, Mira Dontcheva, Maya Rodrig, and David Wetherall. 2004. How to Resolve IP Aliases. Technical Report UW-CSE-TR 04--05--04. University of Washington.Google ScholarGoogle Scholar
  63. Neil Spring, Ratul Mahajan, and David Wetherall. 2002. Measuring ISP topologies with Rocketfuel. In SIGCOMM. 133--145.Google ScholarGoogle Scholar
  64. Richard A Steenbergen. 2009. A Practical Guide to (Correctly) Troubleshooting with Traceroute. NANOG (2009).Google ScholarGoogle Scholar
  65. Ahren Studer and Adrian Perrig. 2009. The Coremelt Attack. In European Symposium on Research in Computer Security.Google ScholarGoogle Scholar
  66. Yves Vanaubel, Pascal Mérindol, Jean-Jacques Pansiot, and Benoit Donnet. 2017. Through the Wormhole: Tracking Invisible MPLS Tunnels. In Proceedings of the 2017 Internet Measurement Conference. ACM, 29--42.Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Jianhong Xia, Lixin Gao, and Teng Fei. 2007. A Measurement Study of Persistent Forwarding Loops on the Internet. Computer Networks 51, 17 (2007), 4780--4796.Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Bahador Yeganeh, Ramakrishnan Durairajan, Reza Rejaie, and Walter Willinger. 2019. How Cloud Traffic Goes Hiding: A Study of Amazon's Peering Fabric. In IMC. Amsterdam, NL, 202--216.Google ScholarGoogle Scholar
  69. Yu Zhang, Ricardo Oliveira, Hongli Zhang, and Lixia Zhang. 2010. Quantifying the Pitfalls of Traceroute in AS Connectivity Inference. In International Conference on Passive and Active Network Measurement.Google ScholarGoogle Scholar
  70. Jan Zorz, Sander Steffan, Primoz Drazumeric, Mark Townsley, Andrew Alston, Gert Doering, Jordi Palet, Jen Linkova, Luis Balbinot, Kevin Meynell, and Lee Howard. 2017. Best Current Operational Practice for Operators: IPv6 Prefix Assignment for End-users -- Persistent vs Non-persistent, and What Size to Choose. Technical Report. RIPE NCC.Google ScholarGoogle Scholar

Index Terms

  1. vrfinder: Finding Outbound Addresses in Traceroute

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image Proceedings of the ACM on Measurement and Analysis of Computing Systems
            Proceedings of the ACM on Measurement and Analysis of Computing Systems  Volume 4, Issue 2
            SIGMETRICS
            June 2020
            623 pages
            EISSN:2476-1249
            DOI:10.1145/3405833
            Issue’s Table of Contents

            Copyright © 2020 ACM

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 9 June 2020
            • Online AM: 7 May 2020
            Published in pomacs Volume 4, Issue 2

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!