References of "Vanaubel, Yves"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailTNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Vanaubel, Yves ULiege; Luttringer, Jean-Romain; Mérindol, Pascal et al

in Network Traffic Measurement and Analysis (TMA) Conference 2019 (2019, June)

Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute ... [more ▼]

Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute. However, this probing tool comes with several limits. In particular, some MPLS clouds might obfuscate collected traces. Thus, the resulting Internet maps, the inferred properties, and the graph models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing, or at least detect, all MPLS tunnels along a path. First, along with traceroute and ping probes, TNTlooks for hints indicating the presence of hidden tunnels. Those hints are peculiar patterns in the resulting output, e.g., significant TTL shifts or duplicate IP addresses. Second, if those hints trigger alarms, TNT launches additional dedicated probing for possibly revealing hidden tunnels. We use GNS3 to reproduce, verify, and understand the limits and capabilities of TNT in a controlled environment. We also calibrate the thresholds at which alarms are triggered through a dedicated measurement campaign. Finally, we deploy TNT on the Archipelago platform and provide a quantified classification of MPLS usage. All our results, including the data, the code, and the emulation configurations, are fully and publicly available [less ▲]

Detailed reference viewed: 15 (1 ULiège)
Full Text
See detailTNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Vanaubel, Yves ULiege; Luttringer, Jean-Romain; Mérindol, Pascal et al

Report (2019)

Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect ... [more ▼]

Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect topological data in order to infer the Internet topology at a given scale (e.g., at the router or the AS level). However, traceroute comes with multiple limitations, in particular with layer-2 clouds such as MPLS that might hide their content to traceroute exploration. Thus, the resulting Internet topology data and models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing most (if not all) MPLS tunnels along a path. TNT works in two basic stages. First, along with traceroute probes, it looks for evidences of the potential presence of hidden tunnels. Those evidences are surprising patterns in the traceroute output, e.g., abrupt and significant TTL shifts. Second, if alarms are triggered due to the presence of such evidences, TNT launches additional and dedicated probing for possibly revealing the content of the hidden tunnel. We validate TNT through emulation with GNS3 and tune its parameters through a dedicated measurement campaign. We also largely deploy TNT on the Archipelago platform and provide a quantification of tunnels, updating so the state of the art vision of MPLS tunnels. Finally, TNT and its validation platform are fully and publicly available, as well as the collected data and scripts used for processing data. [less ▲]

Detailed reference viewed: 31 (6 ULiège)
Full Text
See detailRevealing and Characterizing MPLS Networks
Vanaubel, Yves ULiege

Doctoral thesis (2018)

The Internet is a wide network of computers in constant evolution. Each year, more and more organizations are connected to this worldwide network. Each of them has its own structure and administration ... [more ▼]

The Internet is a wide network of computers in constant evolution. Each year, more and more organizations are connected to this worldwide network. Each of them has its own structure and administration that are not publicly revealed for economical, political, and security reasons. Consequently, our perception of the Internet structure, and more specifically, its topology, is incomplete. In order to balance this lack of knowledge, the research community relies on network measurements. Most of the time, they are performed based on the well-known tool traceroute. However, in practice, an operator may privilege other technologies than IP to forward packets inside its network. MultiProtocol Label Switching (MPLS) is one them. Even if it is heavily deployed by operators, it has not been really investigated by researchers. Prior to this thesis, only two studies focused on the identification of MPLS tunnels in traceroute data. Moreover, while one of them does not take all possible scenarios into account, the other lack of precision in some of its models. In addition, MPLS tunnels may hide their content to traceroute. Topologies inferred from such data may thus contain false links or nodes with an artificially high degree, leading so to biases in standard graph metrics used to model the network. Even if some researchers already tried to tackle this issue, the revelation of hidden MPLS devices in traceroute data is still an open question. This thesis aims at characterizing MPLS in two different ways. On the one hand, at an architectural level, we will analyze in detail its deployment and use in both IPv4 and IPv6 networks in order to improve its state-of-the-art view. We will show that, in practice, more than one IPv4 trace out of two crosses at least one MPLS tunnel. We will also see that, even if this protocol can simplify the internal architecture of transit networks, it also allows some operators to perform traffic engineering in their domain. On the other hand, MPLS will be studied from a measurement point of view. We will see that routers from different manufacturers may have distinct default behaviors regarding to MPLS, and that these specific behaviors can be exploited to identify MPLS tunnels during traceroute measurements. More precisely, we will focus on new methods able to infer the presence of tunnels that are invisible in traceroute outputs, as well as on mechanisms to reveal their content. We will also show that they can be used in order to improve the inference of Internet graph properties, such as path lengths and node degrees. Finally, these techniques will be integrated into Trace the Naughty Tunnels (TNT), a traceroute extension able to identify all types of MPLS tunnels along a path towards a destination. We will prove that this tool can be used in order to get a detailed quantification of MPLS tunnels in the worldwide network. TNT is publicly available, and can therefore be part of many future studies conducted by the research community. [less ▲]

Detailed reference viewed: 52 (11 ULiège)
Full Text
Peer Reviewed
See detailThrough the Wormhole: Tracking Invisible MPLS Tunnels
Vanaubel, Yves ULiege; Mérindol, Pascal; Pansiot, Jean-Jacques et al

in ACM Internet Measurement Conference (2017, November)

For years, Internet topology research has been conducted through active measurement. For instance, CAIDA builds router level topologies on top of IP level traces obtained with traceroute. The resulting ... [more ▼]

For years, Internet topology research has been conducted through active measurement. For instance, CAIDA builds router level topologies on top of IP level traces obtained with traceroute. The resulting graphs contain a significant amount of nodes with a very large degree, often exceeding the actual number of interfaces of a router. Although this property may result from inaccurate alias resolution, we believe that opaque MPLS clouds made of invisible tunnels are the main cause. Using Layer-2 technologies such as MPLS, routers can be configured to hide internal IP hops from traceroute. Consequently, an entry point of an MPLS network appears as the neighbor of all exit points and the whole Layer-3 network turns into a dense mesh of high degree nodes. This paper tackles three problems: the revelation of IP hops hidden by MPLS tunnels, the MPLS deployment underestimation, and the overestimation of high degree nodes. We develop new measurement techniques able to reveal the presence and content of invisible MPLS tunnels. We assess them through emulation and cross-validation and perform a large-scale measurement campaign targeting suspicious networks on which we apply statistical analysis. Finally, based on our dataset, we look at basic graph properties impacted by invisible tunnels. [less ▲]

Detailed reference viewed: 108 (15 ULiège)
Full Text
Peer Reviewed
See detailA Brief History of MPLS Usage in IPv6
Vanaubel, Yves ULiege; Mérindol, Pascal; Pansiot, Jean-Jacques et al

in Lecture Notes in Computer Science (2016)

Recent researches have stated the fast deployment of IPv6. It has been demonstrated that IPv6 grows much faster, being so more and more adopted by both Internet service providers but also by servers and ... [more ▼]

Recent researches have stated the fast deployment of IPv6. It has been demonstrated that IPv6 grows much faster, being so more and more adopted by both Internet service providers but also by servers and end-hosts. In parallel, researches have been conducted to discover and assess the usage of MPLS tunnels. Indeed, recent developments in the ICMP protocol make certain categories of MPLS tunnels transparent to traceroute probing. However, these studies focus only on IPv4, where MPLS is strongly deployed. In this paper, we provide a first look at how MPLS is used under IPv6 networks using traceroute data collected by CAIDA. At first glance, we observe that the MPLS deployment and usage seem to greatly differ between IPv4 and IPv6, in particular in the way MPLS label stacks are used. While label stacks with at least two labels are marginal in IPv4 (and mostly correspond to a VPN usage), they are prevalent in IPv6. After a deeper analysis of the label stack typical content in IPv6, we show that such tunnels result from the use of 6PE. This is not really surprising since this mechanism was specifically designed to forward IPv6 traffic using MPLS tunnels through networks that are not fully IPv6 compliant. However, we show that it does not result from non dual-stack routers but rather from the absence of native IPv6 MPLS signaling protocols. Finally, we investigate a large Tier-1 network, Cogent, that stands out with an original set-up. [less ▲]

Detailed reference viewed: 377 (29 ULiège)
Full Text
Peer Reviewed
See detailMPLS Under the Microscope: Revealing Actual Transit Path Diversity
Vanaubel, Yves ULiege; Mérindol, Pascal; Pansiot, Jean-Jacques et al

in ACM Internet Measurement Conference (2015, October)

Traffic Engineering (TE) is one of the keys for improving packet forwarding in the Internet. It allows IP network operators to finely tune their forwarding paths according to various customer needs. One ... [more ▼]

Traffic Engineering (TE) is one of the keys for improving packet forwarding in the Internet. It allows IP network operators to finely tune their forwarding paths according to various customer needs. One of the most popular tool available today for optimizing the use of networking resources is MPLS. On the one hand, operators may use MPLS and label distribution mechanisms such as RSVP-TE in conjunction with BGP to define multiple transit paths (for a given edge pair) verifying different constraints on their network. On the other hand, when operators simply enable LDP for distributing MPLS labels in order to improve the scalability of their network, another kind of path diversity may appear thanks to the ECMP feature of IGP routing. In this paper, using an MPLS labels analysis, we demonstrate that it is possible to better understand the transit path diversity deployed within a given ISP. More specifically, we introduce the Label Pattern Recognition (LPR) algorithm, a method for analyzing traceroute data including MPLS information. LPR reveals the actual usage of MPLS according to the inferred label distribution protocol and is able to make the distinction between ECMP and TE multi-path forwarding. Based on an extensive and longitudinal traceroute dataset obtained from CAIDA, we apply LPR and find that each ISP behavior is really specific in regard to its MPLS usage. In particular, we are able to observe independently for each ISP the MPLS path diversity and usage, and its evolution over time. Globally speaking, the main outcomes of our study are that (i) the usage of MPLS has been increasing over the the last five years with basic encapsulation being predominant, (ii) path diversity is mainly provided thanks to ECMP and LDP, and, (iii), TE using MPLS is as common as MPLS without path diversity. [less ▲]

Detailed reference viewed: 118 (20 ULiège)
Full Text
Peer Reviewed
See detailRevealing Middlebox Interference with Tracebox
Detal, Grégory; Hesmans, Benjamin; Bonaventure, Olivier et al

in ACM/USENIX Internet Measurement Conference (2013, October)

Middleboxes such as firewalls, NAT, proxies, or Deep Packet Inspection play an increasingly important role in various types of IP networks, including enterprise and cellular networks. Recent studies have ... [more ▼]

Middleboxes such as firewalls, NAT, proxies, or Deep Packet Inspection play an increasingly important role in various types of IP networks, including enterprise and cellular networks. Recent studies have shed the light on their impact on real traffic and the complexity of managing them. Network operators and researchers have few tools to understand the impact of those boxes on any path. In this paper, we propose tracebox, an extension to the widely used traceroute tool, that is capable of detecting various types of middlebox interference over almost any path. tracebox sends IP packets containing TCP segments with different TTL values and analyses the packet encapsulated in the returned ICMP message. Further, as recent routers quote, in the ICMP message, the entire IP packet that they received, \tracebox is able to detect any modification performed by upstream middleboxes. In addition, tracebox can often pinpoint the network hop where the middlebox interference occurs. We evaluate tracebox with measurements performed on PlanetLab nodes. Our analysis reveals various types of middleboxes that were not expected on such an experimental testbed supposed to be connected to the Internet without any restriction. [less ▲]

Detailed reference viewed: 165 (27 ULiège)
Full Text
Peer Reviewed
See detailNetwork Fingerprinting: TTL-Based Router Signatures
Vanaubel, Yves ULiege; Pansiot, Jean-Jacques; Mérindol, Pascal et al

in ACM/USENIX Internet Measurement Conference (2013, October)

Fingerprinting networking equipment has many potential applications and benefits in network management and security. More generally, it is useful for the understanding of network structures and their ... [more ▼]

Fingerprinting networking equipment has many potential applications and benefits in network management and security. More generally, it is useful for the understanding of network structures and their behaviors. In this paper, we describe a simple fingerprinting mechanism based on the initial TTL values used by routers to reply to various probing messages. We show that main classes obtained using this simple mechanism are meaningful to distinguish routers platforms. Besides, it comes at a very low additional cost compared to standard active topology discovery measurements. As a proof of concept, we apply our method to gain more insight on the behavior of MPLS routers and to, thus, more accurately quantify their visible/invisible deployment. [less ▲]

Detailed reference viewed: 434 (51 ULiège)