TNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels

Vanaubel, Yves; Luttringer, Jean-Romain; Mérindol, Pascal; Pansiot, Jean-Jacques; Donnet, Benoît

doi:10.23919/TMA.2019.8784525

Download

Paper published in a book (Scientific congresses and symposiums)

TNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels

Vanaubel, Yves; Luttringer, Jean-Romain; Mérindol, Pascal et al.

2019 • In TMA 2019 - Proceedings of the 3rd Network Traffic Measurement and Analysis Conference

Peer reviewed

Permalink
https://hdl.handle.net/2268/235109

DOI
10.23919/TMA.2019.8784525

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper.pdf

Author preprint (632.69 kB)

Download

All documents in ORBi are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

TNT; MPLS tunnels; Traceroute

Abstract :

[en] Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute. However, this probing tool comes with several limits. In particular, some MPLS clouds might obfuscate collected traces. Thus, the resulting Internet maps, the inferred properties, and the graph models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing, or at least detect, all MPLS tunnels along a path. First, along with traceroute and ping probes, TNTlooks for hints indicating the presence of hidden tunnels. Those hints are peculiar patterns in the resulting output, e.g., significant TTL shifts or duplicate IP addresses. Second, if those hints trigger alarms, TNT launches additional dedicated probing for possibly revealing hidden tunnels. We use GNS3 to reproduce, verify, and understand the limits and capabilities of TNT in a controlled environment. We also calibrate the thresholds at which alarms are triggered through a dedicated measurement campaign. Finally, we deploy TNT on the Archipelago platform and provide a quantified classification of MPLS usage. All our results, including the data, the code, and the emulation configurations, are fully and publicly available

Disciplines :

Computer science

Author, co-author :

Vanaubel, Yves ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Smart grids

Luttringer, Jean-Romain

Mérindol, Pascal

Pansiot, Jean-Jacques

Donnet, Benoît ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Algorithmique des grands systèmes

Language :

English

Title :

TNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels

Publication date :

June 2019

Event name :

Network Traffic Measurement and Analysis (TMA) Conference 2019

Event place :

Paris, France

Event date :

du 19 juin 2019 au 21 juin 2019

Audience :

International

Main work title :

TMA 2019 - Proceedings of the 3rd Network Traffic Measurement and Analysis Conference

ISBN/EAN :

978-390317617-1

Peer reviewed :

Peer reviewed

Commentary :

Extended version available here http://hdl.handle.net/2268/232334 TMA Best Paper Award, TMA runner up for Best Dataset Award, ITC Best Paper Award

Available on ORBi :

since 03 May 2019

Statistics

Number of views

95 (9 by ULiège)

Number of downloads

174 (13 by ULiège)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

B. Donnet and T. Friedman, "Internet topology discovery: a survey," IEEE Communications Surveys and Tutorials, vol. 9, no. 4, pp. 2-15, December 2007.
B. Donnet, P. Raoult, T. Friedman, and M. Crovella, "Efficient algorithms for large-scale topology discovery," in Proc. ACM SIGMETRICS, June 2005.
R. Beverly, "Yarrp'ing the Internet: Randomized high-speed active topology discovery," in Proc. ACM Internet Measurement Conference (IMC), November 2016.
E. Katz-Bassett, H. Madhyastha, V. Adhikari, C. Scott, J. Sherry, P. van Wesep, A. Krishnamurthy, and T. Anderson, "Reverse traceroute," in Proc. USENIX Symposium on Networked Systems Design and Implementations (NSDI), June 2010, see https://www.revtr.ccs.neu.edu.
K. Keys, "Internet-scale IP alias resolution techniques," ACM SIG-COMM Computer Communication Review, vol. 40, no. 1, pp. 50-55, January 2010.
R. Pastor-Satorras and A. Vespignani, Evolution and Structure of the Internet: A Statistical Physics Approach. Cambridge University Press, 2004.
P. Mérindol, B. Donnet, O. Bonaventure, and J.-J. Pansiot, "On the impact of layer-2 on node degree distribution," in Proc. ACM Internet Measurement Conference (IMC), November 2010.
G. Detal, B. Hesmans, O. Bonaventure, Y. Vanaubel, and B. Donnet, "Revealing middlebox interference with tracebox," in Proc. ACM Internet Measurement Conference (IMC), October 2013.
K. Edeline and B. Donnet, "A first look at the prevalence and persistence of middleboxes in the wild," in Proc. International Teletraffic Congress (ITC), September 2017.
E. Rosen, A. Viswanathan, and R. Callon, "Multiprotocol label switching architecture," Internet Engineering Task Force, RFC 3031, January 2001.
B. Donnet, M. Luckie, P. Mérindol, and J.-J. Pansiot, "Revealing MPLS tunnels obscured from traceroute," ACM SIGCOMM Computer Communication Review, vol. 42, no. 2, pp. 87-93, April 2012.
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet, "Through the wormhole: Tracking invisible MPLS tunnels," in In Proc. ACM Internet Measurement Conference (IMC), November 2017.
J. Sommers, B. Eriksson, and P. Barford, "On the prevalence and characteristics of MPLS deployments in the open Internet," in Proc. ACM Internet Measurement Conference (IMC), November 2011.
R. Sherwood and N. Spring, "Touring the internet in a TCP sidecar," in Proc. ACM Internet Measurement Conference (IMC), October 2006.
R. Sherwood, A. Bender, and N. Spring, "Discarte: a disjunctive Internet cartographer," in Proc. ACM SIGCOMM, August 2008.
P. Marchetta and A. Pescapé, "DRAGO: Detecting, quantifying and locating hidden routers in traceroute IP paths," in Proc. Global Internet Symposium (GI), April 2013.
B. Augustin, X. Cuvellier, B. Orgogozo, F. Viger, T. Friedman, M. Lat-apy, C. Magnien, and R. Teixeira, "Avoiding traceroute anomalies with Paris traceroute," in Proc. ACM Internet Measurement Conference (IMC), October 2006.
M. Luckie, "Scamper: a scalable and extensible packet prober for active measurement of the Internet," in Proc. ACM Internet Measurement Conference (IMC), November 2010.
K. claffy, Y. Hyun, K. Keys, M. Fomenkov, and D. Krioukov, "Internet mapping: from art to science," in Proc. IEEE Cybersecurity Application and Technologies Conference for Homeland Security (CATCH), March 2009.
Y. Vanaubel, J.-R. Luttringer, P. Mérindol, J.-J. Pansiot, and B. Donnet, "Tnt, watch me explode: A light in the dark for revealing mpls tunnels," arXiv, cs.NI 1901.10156, February 2019.
D. Awduche, L. Berger, D. Gan, T. Li, V. Srinivasan, and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP tunnels," Internet Engineering Task Force, RFC 3209, December 2001.
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet, "MPLS under the microscope: Revealing actual transit path diversity," in Proc. ACM Internet Measurement Conference (IMC), October 2015.
L. Andersson, I. Minei, and T. Thomas, "LDP specification," Internet Engineering Task Force, RFC 5036, October 2007.
D. Aydin, "CISCO vs. Juniper MPLS," June 2014, see http://monsterdark.com/cisco-vs-juniper-mpls/.
L. De Ghein, MPLS Fundamental: A Comprehensive Introduction to MPLS (Theory and Practice). CISCO Press, November 2006.
R. Bonica, D. Gan, D. Tappan, and C. Pignataro, "ICMP extensions for multiprotocol label switching," Internet Engineering Task Force, RFC 4950, August 2007.
J.-F. Grailet, F. Tarissan, and B. Donnet, "TreeNET: Discovering and connecting subnets," in Proc. Traffic Monitoring and Analysis Workshop (TMA), April 2016.
Y. Vanaubel, J.-J. Pansiot, P. Mérindol, and B. Donnet, "Network fingerprinting: TTL-based router signature," in Proc. ACM Internet Measurement Conference (IMC), October 2013.
G. Davila Revelo, M. A. Ricci, B. Donnet, and J. I. Alvarez-Hamelin, "Unveiling the MPLS structure on Internet topology," in Proc. Traffic Monitoring and Analysis Workshop (TMA), April 2016.