Let There Be Light: Revealing Hidden MPLS Tunnels with TNT

Luttringer, Jean-Romain; Vanaubel, Yves; Mérindol, Pascal; Pansiot, Jean-Jacques; Donnet, Benoît

doi:10.1109/TNSM.2019.2962278

Download

Article (Scientific journals)

Let There Be Light: Revealing Hidden MPLS Tunnels with TNT

Luttringer, Jean-Romain; Vanaubel, Yves; Mérindol, Pascal et al.

2020 • In IEEE Transactions on Network and Service Management, 17 (2), p. 1239-1253

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/2268/246054

DOI
10.1109/TNSM.2019.2962278

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper.pdf

Author preprint (9.34 MB)

Download

All documents in ORBi are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

TNT; MPLS; FRPLA; RTLA; BRPR; DPR; Fingerprinting; Taxonomy

Abstract :

[en] Internet topology discovery aims at analyzing one of the most complex distributed systems currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute. However, this probing tool comes with several limits. In particular, some MPLS clouds might obfuscate collected traces. The resulting Internet maps, their inferred properties, and the graph models are thus incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing, or at least detect, all MPLS tunnels along a path. First, along with traceroute and ping probes, TNT looks for hints indicating the presence of hidden tunnels. Those hints are peculiar patterns in the resulting output, e.g., significant TTL shifts or duplicate IP addresses. Second, if those hints trigger alarms, TNT launches additional dedicated probing for possibly revealing hidden tunnels. We use GNS3 to reproduce, verify, and understand the limits and capabilities of TNT in a controlled environment. We also calibrate the thresholds at which alarms are triggered through a dedicated measurement campaign. Finally, we deploy TNT on the Archipelago platform and provide a quantified classification of MPLS configurations. All our results, including the data, the code, and the GNS3 experiments, are fully and publicly available.

Disciplines :

Computer science

Author, co-author :

Luttringer, Jean-Romain

Vanaubel, Yves ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Smart grids

Mérindol, Pascal

Pansiot, Jean-Jacques

Donnet, Benoît ; Université de Liège - ULiège > Dép. d'électric., électron. et informat. (Inst.Montefiore) > Algorithmique des grands systèmes

Language :

English

Title :

Let There Be Light: Revealing Hidden MPLS Tunnels with TNT

Publication date :

June 2020

Journal title :

IEEE Transactions on Network and Service Management

ISSN :

1932-4537

Publisher :

Institute of Electrical and Electronics Engineers, United States - New York

Volume :

Issue :

Pages :

1239-1253

Peer reviewed :

Peer Reviewed verified by ORBi

Available on ORBi :

since 17 March 2020

Statistics

Number of views

93 (10 by ULiège)

Number of downloads

248 (12 by ULiège)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

Bibliography

B. Donnet and T. Friedman, "Internet topology discovery: A survey, "IEEE Commun. Surveys Tuts., vol. 9, no. 4, pp. 56-69, 4th Quart., 2007.
H. Haddadi, G. Iannaccone, A. Moore, R. Mortier, and M. Rio, "Network topologies: Inference, modeling, and generation, "IEEE Commun. Surveys Tuts., vol. 10, no. 2, pp. 48-69, 2nd Quart., 2008.
R. Pastor-Satorras and A. Vespignani, Evolution and Structure of the Internet: A Statistical Physics Approach. Cambridge, U.K.: Cambridge Univ. Press, 2004.
P. Mérindol, B. Donnet, O. Bonaventure, and J.-J. Pansiot, "On the impact of layer-2 on node degree distribution, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2010, pp. 179-191.
G. Detal, B. Hesmans, O. Bonaventure, Y. Vanaubel, and B. Donnet, "Revealing middlebox interference with tracebox, "in Proc. ACM Internet Meas.Conf. (IMC), Oct. 2013, pp. 1-8.
K. Edeline and B. Donnet, "A first look at the prevalence and persistence of middleboxes in the wild, "in Proc. Int. Teletraffic Cong. (ITC), Sep. 2017, pp. 161-168.
E. Rosen, A. Viswanathan, and R. Callon, "Multiprotocol label switching architecture, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 3031, Jan. 2001.
B. Donnet, M. Luckie, P. Mérindol, and J.-J. Pansiot, "Revealing MPLS tunnels obscured from traceroute, "ACM SIGCOMM Comput. Commun.Rev., vol. 42, no. 2, pp. 87-93, Apr. 2012.
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet, "Through the wormhole: Tracking invisible MPLS tunnels, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2017, pp. 29-42.
J. Sommers, B. Eriksson, and P. Barford, "On the prevalence and characteristics of MPLS deployments in the open Internet, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2011, pp. 445-462.
M. Luckie, "Scamper: A scalable and extensible packet prober for active measurement of the Internet, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2010, pp. 239-245.
B. Augustin et al., "Avoiding traceroute anomalies with Paris traceroute, "in Proc. ACM Internet Meas. Conf. (IMC), Oct. 2006, pp. 153-158.
L. Andersson, I. Minei, and T. Thomas, "LDP specification, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 5036, Oct. 2007.
D. Awduche, L. Berger, D. Gan, T. Li, V. Srinivasan, and G. Swallow, "RSVP-TE: Extensions to RSVP for LSP tunnels, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 3209, Dec. 2001.
B. Gleeson, A. Lin, J. Heinanen, G. Armitage, and A. Malis, "A framework for IP based virtual private networks, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 2764, Feb. 2000.
Center for Applied Data Analysis. (Mar. 2016). The CAIDA UCSD Internet Topology Data Kit. [Online]. Available: Http://www.caida.org/data/internet-topology-data-kit
K. Claffy, Y. Hyun, K. Keys, M. Fomenkov, and D. Krioukov, "Internet mapping: From art to science, "in Proc. IEEE Cybersecurity Appl. Technol. Conf. Homel. Secur. (CATCH), Mar. 2009, pp. 205-211.
Y. Vanaubel, J.-R. Luttringer, P. Mérindol, J.-J. Pansiot, and B. Donnet, "TNT, watch me explode: A light in the dark for revealing MPLS tunnels, "in Proc. IFIP Netw. Traffic Meas. Anal. Conf. (TMA), Jun. 2019, pp. 65-72.
Y. Vanaubel, J.-J. Pansiot, P. Mérindol, and B. Donnet, "Network fingerprinting: TTL-based router signature, "in Proc. ACM Internet Meas. Conf. (IMC), Oct. 2013, pp. 369-376.
L. Andersson and R. Asati, "Multiprotocol label switching (MPLS) label stack entry: EXP field renamed to traffic class field, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 5462, Feb. 2009.
E. Rosen et al., "MPLS label stack encoding, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 3032, Jan. 2001.
P. Agarwal and B. Akyol, "Time-to-live (TTL) processing in multiprotocol label switching (MPLS) networks, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 3443, Jan. 2003.
D. Aydin. (Jun. 2014). CISCO vs. Juniper MPLS . [Online]. Available: Http://monsterdark.com/cisco-vs-juniper-mpls/
L. De Ghein, MPLS Fundamental: A Comprehensive Introduction to MPLS (Theory and Practice). Indianapolis, IN, USA: CISCO Press, Nov. 2006.
R. Bonica, D. Gan, D. Tappan, and C. Pignataro, "ICMP extensions for multiprotocol label switching, "Internet Eng. Task Force, Fremont, CA, USA, Rep. 4950, Aug. 2007.
T. Fiola and J. Panagos, "This week: Deploying MPLS, "in Junos Networking Technologies Series. Ontario, CA, USA: Juniper Netw. Books, Apr. 2011.
Y. Vanaubel, J.-R. Luttringer, P. Mérindol, J.-J. Pansiot, and B. Donnet, "Tnt, watch me explode: A light in the dark for revealing MPLS tunnels, "arXiv, cs.NI 1901.10156, Feb. 2019.
E. Rosen and Y. Rekhter, "BGP/MPLS IP virtual private networks (VPNs), "Internet Eng. Task Force, Fremont, CA, USA, Rep. 4364, Feb. 2006.
J.-F. Grailet, F. Tarissan, and B. Donnet, "TreeNET: Discovering and connecting subnets, "in Proc. Traffic Monitor. Anal. Workshop (TMA), Apr. 2016, pp. 10-17.
J.-F. Grailet and B. Donnet, "Revisiting subnet inference WISE-ly, "in Proc. IFIP Network Traffic Meas. Anal. Conf. (TMA), Jun. 2019, pp. 73-80.
J.-F. Grailet and B. Donnet, "Towards a renewed alias resolution with space search reduction and IP fingerprinting, "in Proc. IFIP Network Traffic Meas. Anal. Conf. (TMA), Jun. 2017, pp. 1-9.
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet, "MPLS under the microscope: Revealing actual transit path diversity, "in Proc. ACM Internet Meas. Conf. (IMC), Oct. 2015, pp. 49-62.
B. Donnet, P. Raoult, T. Friedman, and M. Crovella, "Efficient algorithms for large-scale topology discovery, "in Proc. ACM SIGMETRICS, Jun. 2005, pp. 327-338.
R. Beverly, A. Berger, and G. Xie, "Primitives for active Internet topology mapping: Toward high-frequency characterization, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2010. pp. 165-171.
K. Vermeulen, S.-D. Strowes, O. Fourmaux, and T. Friedman, "Multilevel MDA-lite Paris traceroute, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2018, pp. 29-42.
R. Beverly, "Yarrp'ing the Internet: Randomized high-speed active topology discovery, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2016, pp. 413-420.
E. Katz-Bassett et al., "Reverse traceroute, "in Proc. USENIX Symp. Netw. Syst. Design Implementations (NSDI), Jun. 2010, pp. 219-234. [Online]. Available: Https://www.revtr.ccs.neu.edu
R. Sherwood and N. Spring, "Touring the Internet in a TCP sidecar, "in Proc. ACM Internet Meas. Conf. (IMC), Oct. 2006, pp. 339-344.
R. Sherwood, A. Bender, and N. Spring, "Discarte: A disjunctive Internet cartographer, "in Proc. ACM SIGCOMM, Aug. 2008, pp. 303-314.
P. Marchetta, W. de Donato, V. Persico, and A. Pescapé, "Experimenting with alternative path tracing solutions, "in Proc. IEEE Symp. Comput. Commun. (ISCC, Jul. 2015, pp. 427-432.
M. E. Tozal and K. Sarac, "TraceNET: An Internet topology data collector, "in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2010, pp. 356-368.
P. Marchetta and A. Pescapé, "DRAGO: Detecting, quantifying and locating hidden routers in traceroute IP paths, "in Proc. Glob. Internet Symp. (GI), Apr. 2013, pp. 3237-3242.
B. J. Goodchild et al., "The record route option is an option!" in Proc. ACM Internet Meas. Conf. (IMC), Nov. 2017, pp. 311-317.