research-article

Through the wormhole: tracking invisible MPLS tunnels

Authors:
Yves Vanaubel

Université de Liège - Belgium

Université de Liège - Belgium
View Profile

,
Pascal Mérindol

Université de Strasbourg - France

Université de Strasbourg - France
View Profile

,
Jean-Jacques Pansiot

Université de Strasbourg - France

Université de Strasbourg - France
View Profile

,
Benoit Donnet

Université de Liège - Belgium

Université de Liège - Belgium
View Profile

IMC '17: Proceedings of the 2017 Internet Measurement ConferenceNovember 2017Pages 29–42https://doi.org/10.1145/3131365.3131378

Published:01 November 2017Publication History

IMC '17: Proceedings of the 2017 Internet Measurement Conference

Pages 29–42

ABSTRACT

For years, Internet topology research has been conducted through active measurement. For instance, Caida builds router level topologies on top of IP level traces obtained with traceroute. The resulting graphs contain a significant amount of nodes with a very large degree, often exceeding the actual number of interfaces of a router. Although this property may result from inaccurate alias resolution, we believe that opaque MPLS clouds made of invisible tunnels are the main cause. Using Layer-2 technologies such as MPLS, routers can be configured to hide internal IP hops from traceroute. Consequently, an entry point of an MPLS network appears as the neighbor of all exit points and the whole Layer-3 network turns into a dense mesh of high degree nodes.

This paper tackles three problems: the revelation of IP hops hidden by MPLS tunnels, the MPLS deployment underestimation, and the overestimation of high degree nodes. We develop new measurement techniques able to reveal the presence and content of invisible MPLS tunnels. We assess them through emulation and cross-validation and perform a large-scale measurement campaign targeting suspicious networks on which we apply statistical analysis. Finally, based on our dataset, we look at basic graph properties impacted by invisible tunnels.

References

P. Agarwal and B. Akyol. 2003. Time-to-Live (TTL) Processing in Multiprotocol Label Switching (MPLS) Networks. RFC 3443. Internet Engineering Task Force. Google ScholarDigital Library
Z. Al-Qudah, M. Alsarayreh, I. Jomhawy, and M. Rabinovich. 2016. Internet Path Stability: Exploring the Impact of MPLS Deployment. In Proc. IEEE Global Communication Conference (GLOBECOM).Google Scholar
L. Andersson and R. Asati. 2009. Multiprotocol Label Switching (MPLS) Label Stack Entry: EXP Field Renamed to Traffic Class Field. RFC 5462. Internet Engineering Task Force.Google Scholar
L. Andersson, I. Minei, and T. Thomas. 2007. LDP Specification. RFC 5036. Internet Engineering Task Force.Google Scholar
B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Latapy, C. Magnien, and R. Teixeira. 2006. Avoiding Traceroute Anomalies with Paris Traceroute. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
B. Augustin, R. Teixeira, and T. Friedman. 2007. Measuring Load-Balanced Paths in the Internet. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
D. Awduche, L. Berger, D. Gan, T. Li, V. Srinivasan, and G. Swallow. 2001. RSVP-TE: Extensions to RSVP for LSP Tunnels. RFC 3209. Internet Engineering Task Force. Google ScholarDigital Library
D. Aydin. 2014. CISCO vs. Juniper MPLS. (June 2014). See http://monsterdark.com/cisco-vs-juniper-mpls/.Google Scholar
R. Bonica, D. Gan, D. Tappan, and C. Pignataro. 2007. ICMP Extensions for Multiprotocol Label Switching. RFC 4950. Internet Engineering Task Force.Google Scholar
Center for Applied Data Analysis. 2016. The CAIDA UCSD Internet Topology Data Kit. (March 2016). See http://www.caida.org/data/internet-topology-data-kit.Google Scholar
CISCO. {n.d.}. CISCO ASR9922 Router. see https://goo.gl/KYyfbr.Google Scholar
CISCO. {n. d.}. CISCO Line Cards. see https://goo.gl/XqUN3q.Google Scholar
Cisco. 2013. MPLS Label Distribution Protocol Configuration Guide, Cisco IOS Release 15S. Cisco, Chapter MPLS LDP Local Label Allocation Filtering. See https://goo.gl/rF975K.Google Scholar
Cisco. 2017. Segment Routing Configuration Guide, Cisco IOS XE Release 3S. Cisco Press.Google Scholar
kc claffy, Y. Hyun, K. Keys, M. Fomenkov, and D. Krioukov. 2009. Internet Mapping: from Art to Science. In Proc. IEEE Cybersecurity Applications and Technologies Conference for Homeland Security (CATCH). Google ScholarDigital Library
A. Clauset and C. Moore. 2004. Traceroute Sampling Makes Random Graphs Appear to Have Power Law Degree Distributions. cond-mat 0312674. arXiv.Google Scholar
L. De Ghein. 2006. MPLS Fundamental: A Comprehensive Introduction to MPLS (Theory and Practice). CISCO Press. Google ScholarDigital Library
B. Donnet and T. Friedman. 2007. Internet Topology Discovery: a Survey. IEEE Communications Surveys and Tutorials 9, 4 (December 2007), 2--15. Google ScholarDigital Library
B. Donnet, M. Luckie, P. Mérindol, and J.-J. Pansiot. 2012. Revealing MPLS Tunnels Obscured from Traceroute. ACM SIGCOMM Computer Communication Review 42, 2 (April 2012), 87--93. Google ScholarDigital Library
P. Erdøs and A. Rényi. 1960. On the Evolution of Random Graphs. Publ. Math. Inst. Hung. Acad. Sci. 5 (1960), 17--61.Google Scholar
M. Faloutsos, P. Faloutsos, and C. Faloutsos. 1999. On Power-Law Relationships of the Internet Topology. In Proc. ACM SIGCOMM. Google ScholarDigital Library
T. Flach, E. Katz-Bassett, and R. Govindan. 2012. Quantifying Violations of Destination-Based Forwarding on the Internet. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
R. Fontugne, E. Aben, C. Pelsser, and R. Bush. 2017. Pinpointing Delay and Forwarding Anomalies Using Large-Scale Traceroute Measurements. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
G. Geshev. 2015. Warranty Void if Label Removed: Attacking MPLS Networks. In Proc. Zero Nights. see http://2015.zeronights.org/assets/files/02-Geshev.pdf.Google Scholar
J.-L. Guillaume, M. Latapy, and C. Magnien. 2004. Comparison of Failures and Attacks on Random and Scale-Free Networks. In Proc. 8th International Conference on Principles of Distributed Systems (OPODIS). Google ScholarDigital Library
H. Haddadi, G. Iannaccone, A. Moore, R. Mortier, and M. Rio. 2008. Network Topologies: Inference, Modeling and Generation. IEEE Communications Surveys and Tutorials 10, 2 (April 2008), 48--69. Google ScholarDigital Library
Juniper. 2014. Configuring the Prefixes Advertised into LDP from the Routing Table. (December 2014). See https://goo.gl/jwdr4Q.Google Scholar
A. Lakhina, J. Byers, M. Crovella, and P. Xie. 2003. Sampling Biases in IP Topology Measurements. In Proc. IEEE INFOCOM.Google Scholar
M. Luckie. 2010. Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
M. Luckie, A. Dhamdhere, B. Huffaker, D. Clark, and k claffy. 2016. bdrmap: Inference of Borders Between IP Networks. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
P. Mérindol, B. Donnet, O. Bonaventure, and J.-J. Pansiot. 2010. On the Impact of Layer-2 on Node Degree Distribution. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
K. Muthukrishnan and A. Malis. 2000. A Core MPLS IP VPN Architecture. RFC 2917. Internet Engineering Task Force. Google ScholarDigital Library
R. Pastor-Satorras and A. Vespignani. 2004. Evolution and Structure of the Internet: A Statistical Physics Approach. Cambridge University Press. Google ScholarDigital Library
E. Rosen, D. Tappan, G. Fedorkow, Y. Rekhter, D. Farinacci, T. Li, and A. Conta. 2001. MPLS Label Stack Encoding. RFC 3032. Internet Engineering Task Force. Google ScholarDigital Library
E. Rosen, A. Viswanathan, and R. Callon. 2001. Multiprotocol Label Switching Architecture. RFC 3031. Internet Engineering Task Force. Google ScholarDigital Library
J. Sommers, B. Eriksson, and P. Barford. 2011. On the Prevalence and Characteristics of MPLS Deployments in the Open Internet. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
C. Srinivasa, L. P. Bloomberg, A. Viswanathan, and T. Nadeau. 2004. Multiprocol Label Switching (MPLS) Traffic Engineering (TE) Management Information Base (MIB). RFC 3812. Internet Engineering Task Force.Google Scholar
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet. 2015. MPLS Under the Microscope: Revealing Actual Transit Path Diversity. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet. 2016. A Brief History of MPLS Usage in IPv6. In Proc. Passive and Activement Measurement Conference (PAM).Google Scholar
Y. Vanaubel, J.-J. Pansiot, P. Mérindol, and B. Donnet. 2013. Network Fingerprinting: TTL-Based Router Signature. In Proc. ACM Internet Measurement Conference (IMC). Google ScholarDigital Library
N. Wang, K. Ho, G. Pavlou, and M. Howarth. 2008. An Overview of Routing Optimization for Internet Traffic Engineering. IEEE Communications and Surveys Tutorials 10, 1 (April 2008), 36--56. Google ScholarDigital Library
W. Willinger, D. Alderson, and J. C. Doyle. 2009. Mathematics and the Internet: a Source of Enormous Confusion and Great Potential. Notices of the American Mathematical Society 56, 5 (May 2009), 586--599.Google Scholar

Index Terms

Through the wormhole: tracking invisible MPLS tunnels
1. Networks
  1. Network performance evaluation
    1. Network measurement
  2. Network properties
    1. Network structure
      1. Topology analysis and generation

Recommendations

MPLS Under the Microscope: Revealing Actual Transit Path Diversity
IMC '15: Proceedings of the 2015 Internet Measurement Conference

Traffic Engineering (TE) is one of the keys for improving packet forwarding in the Internet. It allows IP network operators to finely tune their forwarding paths according to various customer needs. One of the most popular tool available today for ...
Read More
On the prevalence and characteristics of MPLS deployments in the open internet
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Multi-Protocol Label Switching (MPLS) is a mechanism that enables service providers to specify virtual paths through IP networks. The use of MPLS in the open Internet (i.e., public end-to-end paths) has important implications for users and network ...
Read More
RFC 6791: Stateless Source Address Mapping for ICMPv6 Packets
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
IMC '17: Proceedings of the 2017 Internet Measurement Conference
November 2017
509 pages
ISBN:9781450351188
DOI:10.1145/3131365
General Chairs:
Steve Uhlig
Queen Mary University of London
,
Olaf Maennel
Tallinn University of Technology
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 November 2017
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
MPLS
fingerprinting
internet modeling
network discovery
traceroute
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate277of1,083submissions,26%
Upcoming Conference
IMC '24

Sponsor:

sigcomm

sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 13
  Total Citations
  View Citations
- 144
  Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Through the wormhole: tracking invisible MPLS tunnels

IMC '17: Proceedings of the 2017 Internet Measurement Conference

ABSTRACT

References

Cited By

Index Terms

Recommendations

MPLS Under the Microscope: Revealing Actual Transit Path Diversity

On the prevalence and characteristics of MPLS deployments in the open internet

RFC 6791: Stateless Source Address Mapping for ICMPv6 Packets