Uploaded byedge7
PPTX, PDF373 views

Slide aansw

The document describes a study that aims to reveal MPLS tunnels obscured from traceroute in the Italian internet infrastructure. It discusses different types of MPLS tunnels including explicit, implicit, opaque and invisible tunnels. The study involved selecting Italian IP address prefixes and performing traceroute and ping scans from four different locations in Italy. Scamper was used to launch the traceroutes and pings. The analysis involved identifying signatures like q-ttl and u-turn to detect implicit tunnels, and examining LSE-TTL values to detect opaque tunnels. The goal is to understand MPLS deployment and perform AS-level statistics of the Italian internet infrastructure.

Embed presentation

Download to read offline
Course project for AANSW Course project for AANSW Revealing MPLS Tunnels obscured fromtraceroute Revealing MPLS Tunnels osbuscured by traceroute inin ItalianInternetinfrastructure Italian internet infrastructure Adriano Donato De Matteis Daniele Di Proietto Enrico D’Urso Tutor: Dott. Valerio Luconi Prof: Luciano Lenzini
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Paper We reproduced the experiment in the paper: “Revealing MPLS tunnels obscured from traceroute” , B. Donnet, M. Luckie, P. Mérindol and J. Pansiot, 2012 Goals • Understand the deployment of MPLS in Italian infrastructure • Perform AS-Level statistics The paper presents some improvements to the traceroute technique, to detect MPLS tunnels.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure MPLS features of interest - RFC4950 RFC 4950: It allows routers to embed MPLS information into an ICMP time-exceeded message
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure MPLS features of interest - ttl-propagate TTL-propagate: Router option to copy IP TTL into MPLS TTL when creating an MPLS label for an IP packet
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B ? C D
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Explicit and Invisible tunnels Explicit Tunnels Easily detectable with an enhanced traceroute tool. Invisible Tunnels There is no way to detect them with our methodologies.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: q-ttl signature Q-ttl signature Based on TTL of the probe quoted when the ICMP time-exceeded reply is generated.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: q-ttl signature Q-ttl signature For each traceroute probe the quoted TTL will be one greater, and we observe an increasing sequence of quoted TTL values in traceroute.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: u-turn tunnel signature U-turn tunnel signature Precondition: For each unique IP address send six ICMP-echo packets from the same monitor. Based on the fact that LSR could send ping reply packet and traceroute reply packet not in the same way.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: u-turn tunnel signature U-turn tunnel signature The u-turn signatures we search for are in the form of X, X – 2, X – 4, X – 6, ..., 2, 0 where X corresponds to two times the tunnel length.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Opaque tunnels Opaque tunnels In opaque tunnels, only LH is visible. The LSE-TTL returned by this one in the time-exceeded reply indicates the presence of an opaque tunnel and its length.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Opaque tunnels Opaque tunnels ILER does not enable ttl-propagate, so at the LH the LSE-TTL will be 253, indicating that the tunnel obscures two LSRs.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Dataset • We took announced BGP prefixes from Isolario (www.isolario.it) • We selected only italian prefixes, crossing the data with MaxMind GeoIPLite (www.maxmind.com) • We took one random address from each italian prefix, avoiding overlaps. This is our target list.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Scans We launched four scans from four different places, two different cities (same target list).  Pisa. ISP: Fastweb  Pisa. ISP: Infostrada  Pisa. ISP: GARR  Orbetello (GR). ISP: Telecom Italia
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Scamper To launch traceroute and to ping we used the tool scamper. Scamper Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet. • Traceroutes: we used the Paris technique with udp probes • Pings: we launched six ping probes for each detected hop, to measure distance from monitor.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure LSE-TTL = 255 Several times in our traceroute we notice the presence of an LSE-TTL equal to 255. hop 6 172.17.8.173 attempt: 1, rtt: 0.232696s, probe-size: 44 reply-size: 168, reply-ttl: 244, reply-ipid: 0x994a, reply-tos 0x00 icmp-type: 11, icmp-code: 0, q-ttl: 2, q-len: 44, q-tos 0 flags: 0x11 ( sockrxts replyttl ) mpls ext ttl: 255, s: 1, exp: 0, label: 16289 hop 7 172.17.9.17 attempt: 1, rtt: 0.201051s, probe-size: 44 reply-size: 168, reply-ttl: 245, reply-ipid: 0xa14d, reply-tos 0x00 icmp-type: 11, icmp-code: 0, q-ttl: 3, q-len: 44, q-tos 0 flags: 0x11 ( sockrxts replyttl ) mpls ext ttl: 255, s: 1, exp: 0, label: 16288
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure LSE-TTL = 255 In these cases, according to the paper's authors, in our analysis we assume an LSE-TTL equal to 1.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Ping reply TTL = ? (u-turn signature detection) To measure the distance between monitor and router, we launch a ping request, observing then, the IP TTL field in the ping reply. IP_TTL: 252 IP_TTL: 253 IP_TTL: 254 But there is no guarantee that the router will initialize the IP TTL to 255 IP_TTL: ?-2 IP_TTL: ?-1 We assume that routers will start counting from 254, 128 or 64. IP_TTL: ?
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Normally we retrieve the information about the AS in which the tunnel is located through a whois query on a LSP router’s IP. WHOIS ?
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Normally we retrieve the information about the AS in which the tunnel is located through a whois query on a LSP router’s IP. But … 172.18.5.234 IS PRIVATE!
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Normally we retrieve the information about the AS in which the tunnel is located through a whois query on a LSP router’s IP. But … 152.164.58.173 172.18.5.234 NO ENTRY IN WHOIS DB!
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Thus we get the information about the AS for ILER and ELER. If these ASs are the same, we assume that the tunnel is located in this AS. 85.36.9.114 80.20.6.106 172.17.8.93 Whois : AS3269_INTERB 172.17.8.46 Whois : AS3269_INTERB
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Thus we get the information about the AS for ILER and ELER. If these ASs are the same, we assume that the tunnel is located in this AS. Otherwise … 2.115.102.2 217.27.70.35 10.54.1.57 Whois : AS3269_INTERB 110.54.1.13 Whois : AS16098_FULCOM
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Private IP, No Entry in Whois DB Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Results: AS-Level We performed AS-level statistics Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: AS-Level Distribution of tunnels among the AS AS 3269 - INTERB 137 - GARR 3356-LEVEL3 1267 - INFOSTRADA % 15.5% 6.5% 4.3% 3%
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Generals Total MPLS Tunnels found : 1380 Global ratio: Number traceroute with MPLS 10355 = 20044 Number tot traceroute 52%
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Explicit Tunnels Fraction of paths with MPLS tunnels observed per monitor IP interface granularity: Average Explicit Tunnels observed per monitor : 676 Total Explicit Tunnels found : 1264 (number of interfaces that return an ICMP response with RFC4950 ext.) More prevalent in AS3269-INTERB (Telecom Italia) : 208 (≈1/6) Interfaces with RFC 4950 687 Tot Interfaces 7159 9.6%
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Explicit Tunnels 60% of the unique tunnels begin at least 5 hops away from monitor ….
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute osbuscured by in Italian Internet infrastructure internet Results: Explicit Tunnels …. and 90% of tunnels are less than 4 hops in length.
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute osbuscured by in Italian Internet infrastructure internet Results: Implicit Tunnels Total Implicit Tunnels found : 107 91,6% were identified through q-ttl signature technique More prealentthrough u-ttl tunnel signature technique27 (≈1/4) 8,4% in AS20746-FULCOM (Telecom Italia) :
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Opaque Tunnels In our experiment Opaque tunnels were not prevalent … We have found only nine unique opaque tunnels. More prevalent in AS8968-ALBACOM LH are hidden) (unique paths between ILER and (BT Italia) : 6 (2/3)
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Result: Lenghts Explicit : 1 – 7 (AS12874-FASTWEB) Implicit : 1 – 2 Opaque : 1 – 6 We can distinguish an opaque tunnel of one hop by an explicit tunnel of one hop because the first has MPLS-ttl = 254 and the second has MPLS-ttl = 1
Introduction Inference Methodology Our Experiment Analysis Results & Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Conclusions By comparing our results with the paper’s ones, we can state that in Italy MPLS is well deployed as well as in other countries. In our analysis we observe that 50% of the tunnels, for each kind of them, was discovered in the ASes in which the monitors are located. Like paper's ones, explicit tunnels are more common than other types (91.6% of the total). 70,4% of the LSP belong to an Tier-2 ASes 20,1% of the LSP belong to an Tier-1 ASes. The remaining part belongs to lower-level ASes.
Questions

More Related Content

PDF
05 1 mobile_computing
byDipashri Mokashi
 
PDF
Tutorial on end-to-end text-to-speech synthesis: Part 2 – Tactron and related...
byYamagishi Laboratory, National Institute of Informatics, Japan
 
PDF
Preliminary study on using vector quantization latent spaces for TTS/VC syste...
byYamagishi Laboratory, National Institute of Informatics, Japan
 
PDF
エンドツーエンド音声合成に向けたNIIにおけるソフトウェア群 ~ TacotronとWaveNetのチュートリアル (Part 2)~
byYamagishi Laboratory, National Institute of Informatics, Japan
 
PPTX
Neural Waveform Modeling
byYamagishi Laboratory, National Institute of Informatics, Japan
 
PDF
Concurrency in Python
bykonryd
 
PDF
Advancements in Neural Vocoders
byYamagishi Laboratory, National Institute of Informatics, Japan
 
PDF
9517ijnsa03
byIJNSA Journal
 
05 1 mobile_computing
byDipashri Mokashi
 
Tutorial on end-to-end text-to-speech synthesis: Part 2 – Tactron and related...
byYamagishi Laboratory, National Institute of Informatics, Japan
 
Preliminary study on using vector quantization latent spaces for TTS/VC syste...
byYamagishi Laboratory, National Institute of Informatics, Japan
 
エンドツーエンド音声合成に向けたNIIにおけるソフトウェア群 ~ TacotronとWaveNetのチュートリアル (Part 2)~
byYamagishi Laboratory, National Institute of Informatics, Japan
 
Neural Waveform Modeling
byYamagishi Laboratory, National Institute of Informatics, Japan
 
Concurrency in Python
bykonryd
 
Advancements in Neural Vocoders
byYamagishi Laboratory, National Institute of Informatics, Japan
 
9517ijnsa03
byIJNSA Journal
 

What's hot

PDF
Java Code Generation from Formal Models: The CO-OPN Framework
byAng Chen
 
PDF
エンドツーエンド音声合成に向けたNIIにおけるソフトウェア群 ~ TacotronとWaveNetのチュートリアル (Part 1)~
byYamagishi Laboratory, National Institute of Informatics, Japan
 
PDF
A Portable Approach for Bidirectional Integration between a Logic and a Stati...
bySergio Castro
 
DOCX
Net2
byshwetha mk
 
PPTX
Nlp
byPrasid Mitra
 
PDF
Digital Signal Processinf (DSP) Course Outline
byMohammad Sohai Khan Niazi
 
PDF
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
bysiouxhotornot
 
PDF
Keynote joearmstrong
bySentifi
 
Java Code Generation from Formal Models: The CO-OPN Framework
byAng Chen
 
エンドツーエンド音声合成に向けたNIIにおけるソフトウェア群 ~ TacotronとWaveNetのチュートリアル (Part 1)~
byYamagishi Laboratory, National Institute of Informatics, Japan
 
A Portable Approach for Bidirectional Integration between a Logic and a Stati...
bySergio Castro
 
Net2
byshwetha mk
 
Nlp
byPrasid Mitra
 
Digital Signal Processinf (DSP) Course Outline
byMohammad Sohai Khan Niazi
 
Sioux Hot-or-Not: Functional programming: unlocking the real power of multi-c...
bysiouxhotornot
 
Keynote joearmstrong
bySentifi
 

Viewers also liked

PPTX
Images of cranston power point
by46144
 
PDF
Theorem proving and the real numbers: overview and challenges
byLawrence Paulson
 
PDF
Emulink: A graphical modelling environment for PVS
byedge7
 
PDF
Slides Mpls Tunnel
byedge7
 
ODP
Emulink: Simulink environment for PVS
byedge7
 
ODP
Uniplaces slides.
byedge7
 
ODP
Uniplaces presentation
byedge7
 
Images of cranston power point
by46144
 
Theorem proving and the real numbers: overview and challenges
byLawrence Paulson
 
Emulink: A graphical modelling environment for PVS
byedge7
 
Slides Mpls Tunnel
byedge7
 
Emulink: Simulink environment for PVS
byedge7
 
Uniplaces slides.
byedge7
 
Uniplaces presentation
byedge7
 

Similar to Slide aansw

PDF
Multiprotocol Label Switching - A brief introduction to the most relevant asp...
byAlberto Serna
 
PDF
IRJET- Performance Analysis of MPLS-VPN and Traditional IP Network
byIRJET Journal
 
PPTX
Future Internet protocols
byOlivier Bonaventure
 
PPT
MPLS101.ppt
byssuserd0c720
 
PPT
Mpls101
byAnees Jaffar
 
PPTX
Innovation is back in the transport and network layers
byOlivier Bonaventure
 
PDF
L347176
byIJERA Editor
 
PDF
Extending TCP the Major Protocol of Transport Layer
byScientific Review
 
PDF
Extending TCP the Major Protocol of Transport Layer
byScientific Review SR
 
PPT
Transmission of data over electric powerlines
bySaumya Ranjan Behura
 
PPTX
Analyzing and optimizing mpls technology at Reliance Jio
byTusharSaxena53
 
PPTX
Presentation2 RAMPRASAD134.pptxhahshshshhs
bynewshunt535
 
PDF
tHE GENERATION AND USE OF TLS FINGERPRINGTS
byortdx
 
PPTX
Introduction to MPLS - NANOG 61
byRichard Steenbergen
 
PDF
Mpls
bysrkraju_cisco
 
DOCX
BSNL training report
byravi kant
 
PPTX
ECI UTC Webinar MPLS-TP Value for Utilities-dec 2015
byECI – THE ELASTIC NETWORK™
 
PDF
IJSRED-V1I1P4
byIJSRED
 
PDF
Advanced Computing Techonologies
byKathirvel Ayyaswamy
 
PDF
MPLS Traffic Engineering
byAPNIC
 
Multiprotocol Label Switching - A brief introduction to the most relevant asp...
byAlberto Serna
 
IRJET- Performance Analysis of MPLS-VPN and Traditional IP Network
byIRJET Journal
 
Future Internet protocols
byOlivier Bonaventure
 
MPLS101.ppt
byssuserd0c720
 
Mpls101
byAnees Jaffar
 
Innovation is back in the transport and network layers
byOlivier Bonaventure
 
L347176
byIJERA Editor
 
Extending TCP the Major Protocol of Transport Layer
byScientific Review
 
Extending TCP the Major Protocol of Transport Layer
byScientific Review SR
 
Transmission of data over electric powerlines
bySaumya Ranjan Behura
 
Analyzing and optimizing mpls technology at Reliance Jio
byTusharSaxena53
 
Presentation2 RAMPRASAD134.pptxhahshshshhs
bynewshunt535
 
tHE GENERATION AND USE OF TLS FINGERPRINGTS
byortdx
 
Introduction to MPLS - NANOG 61
byRichard Steenbergen
 
Mpls
bysrkraju_cisco
 
BSNL training report
byravi kant
 
ECI UTC Webinar MPLS-TP Value for Utilities-dec 2015
byECI – THE ELASTIC NETWORK™
 
IJSRED-V1I1P4
byIJSRED
 
Advanced Computing Techonologies
byKathirvel Ayyaswamy
 
MPLS Traffic Engineering
byAPNIC
 

Recently uploaded

PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Top 7 Manufacturing Software for Small Businesses Boosting Growth in 2025
byEnvertis Software Solutions
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 

Slide aansw

  • 1.
    Course project forAANSW Course project for AANSW Revealing MPLS Tunnels obscured fromtraceroute Revealing MPLS Tunnels osbuscured by traceroute inin ItalianInternetinfrastructure Italian internet infrastructure Adriano Donato De Matteis Daniele Di Proietto Enrico D’Urso Tutor: Dott. Valerio Luconi Prof: Luciano Lenzini
  • 2.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 3.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Paper We reproduced the experiment in the paper: “Revealing MPLS tunnels obscured from traceroute” , B. Donnet, M. Luckie, P. Mérindol and J. Pansiot, 2012 Goals • Understand the deployment of MPLS in Italian infrastructure • Perform AS-Level statistics The paper presents some improvements to the traceroute technique, to detect MPLS tunnels.
  • 4.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure MPLS features of interest - RFC4950 RFC 4950: It allows routers to embed MPLS information into an ICMP time-exceeded message
  • 5.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure MPLS features of interest - ttl-propagate TTL-propagate: Router option to copy IP TTL into MPLS TTL when creating an MPLS label for an IP packet
  • 6.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
  • 7.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
  • 8.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
  • 9.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B ? C D
  • 10.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Tunnel taxonomy ttl-propagate Enabled Disabled RFC4950 Enabled Explicit Opaque Disabled Implicit Invisible A B C D
  • 11.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 12.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Explicit and Invisible tunnels Explicit Tunnels Easily detectable with an enhanced traceroute tool. Invisible Tunnels There is no way to detect them with our methodologies.
  • 13.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: q-ttl signature Q-ttl signature Based on TTL of the probe quoted when the ICMP time-exceeded reply is generated.
  • 14.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: q-ttl signature Q-ttl signature For each traceroute probe the quoted TTL will be one greater, and we observe an increasing sequence of quoted TTL values in traceroute.
  • 15.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: u-turn tunnel signature U-turn tunnel signature Precondition: For each unique IP address send six ICMP-echo packets from the same monitor. Based on the fact that LSR could send ping reply packet and traceroute reply packet not in the same way.
  • 16.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Implicit tunnels: u-turn tunnel signature U-turn tunnel signature The u-turn signatures we search for are in the form of X, X – 2, X – 4, X – 6, ..., 2, 0 where X corresponds to two times the tunnel length.
  • 17.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Opaque tunnels Opaque tunnels In opaque tunnels, only LH is visible. The LSE-TTL returned by this one in the time-exceeded reply indicates the presence of an opaque tunnel and its length.
  • 18.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Opaque tunnels Opaque tunnels ILER does not enable ttl-propagate, so at the LH the LSE-TTL will be 253, indicating that the tunnel obscures two LSRs.
  • 19.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 20.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Dataset • We took announced BGP prefixes from Isolario (www.isolario.it) • We selected only italian prefixes, crossing the data with MaxMind GeoIPLite (www.maxmind.com) • We took one random address from each italian prefix, avoiding overlaps. This is our target list.
  • 21.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Scans We launched four scans from four different places, two different cities (same target list).  Pisa. ISP: Fastweb  Pisa. ISP: Infostrada  Pisa. ISP: GARR  Orbetello (GR). ISP: Telecom Italia
  • 22.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Scamper To launch traceroute and to ping we used the tool scamper. Scamper Scamper: a Scalable and Extensible Packet Prober for Active Measurement of the Internet. • Traceroutes: we used the Paris technique with udp probes • Pings: we launched six ping probes for each detected hop, to measure distance from monitor.
  • 23.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 24.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure LSE-TTL = 255 Several times in our traceroute we notice the presence of an LSE-TTL equal to 255. hop 6 172.17.8.173 attempt: 1, rtt: 0.232696s, probe-size: 44 reply-size: 168, reply-ttl: 244, reply-ipid: 0x994a, reply-tos 0x00 icmp-type: 11, icmp-code: 0, q-ttl: 2, q-len: 44, q-tos 0 flags: 0x11 ( sockrxts replyttl ) mpls ext ttl: 255, s: 1, exp: 0, label: 16289 hop 7 172.17.9.17 attempt: 1, rtt: 0.201051s, probe-size: 44 reply-size: 168, reply-ttl: 245, reply-ipid: 0xa14d, reply-tos 0x00 icmp-type: 11, icmp-code: 0, q-ttl: 3, q-len: 44, q-tos 0 flags: 0x11 ( sockrxts replyttl ) mpls ext ttl: 255, s: 1, exp: 0, label: 16288
  • 25.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure LSE-TTL = 255 In these cases, according to the paper's authors, in our analysis we assume an LSE-TTL equal to 1.
  • 26.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Ping reply TTL = ? (u-turn signature detection) To measure the distance between monitor and router, we launch a ping request, observing then, the IP TTL field in the ping reply. IP_TTL: 252 IP_TTL: 253 IP_TTL: 254 But there is no guarantee that the router will initialize the IP TTL to 255 IP_TTL: ?-2 IP_TTL: ?-1 We assume that routers will start counting from 254, 128 or 64. IP_TTL: ?
  • 27.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Normally we retrieve the information about the AS in which the tunnel is located through a whois query on a LSP router’s IP. WHOIS ?
  • 28.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Normally we retrieve the information about the AS in which the tunnel is located through a whois query on a LSP router’s IP. But … 172.18.5.234 IS PRIVATE!
  • 29.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Normally we retrieve the information about the AS in which the tunnel is located through a whois query on a LSP router’s IP. But … 152.164.58.173 172.18.5.234 NO ENTRY IN WHOIS DB!
  • 30.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Thus we get the information about the AS for ILER and ELER. If these ASs are the same, we assume that the tunnel is located in this AS. 85.36.9.114 80.20.6.106 172.17.8.93 Whois : AS3269_INTERB 172.17.8.46 Whois : AS3269_INTERB
  • 31.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Private IP, No Entry in Whois DB Thus we get the information about the AS for ILER and ELER. If these ASs are the same, we assume that the tunnel is located in this AS. Otherwise … 2.115.102.2 217.27.70.35 10.54.1.57 Whois : AS3269_INTERB 110.54.1.13 Whois : AS16098_FULCOM
  • 32.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Private IP, No Entry in Whois DB Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 33.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Outline 1 Introduction 2 Inference Methodology 3 Our Experiment 4 Analysis 5 Results and Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 34.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Results: AS-Level We performed AS-level statistics Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure
  • 35.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: AS-Level Distribution of tunnels among the AS AS 3269 - INTERB 137 - GARR 3356-LEVEL3 1267 - INFOSTRADA % 15.5% 6.5% 4.3% 3%
  • 36.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Generals Total MPLS Tunnels found : 1380 Global ratio: Number traceroute with MPLS 10355 = 20044 Number tot traceroute 52%
  • 37.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Explicit Tunnels Fraction of paths with MPLS tunnels observed per monitor IP interface granularity: Average Explicit Tunnels observed per monitor : 676 Total Explicit Tunnels found : 1264 (number of interfaces that return an ICMP response with RFC4950 ext.) More prevalent in AS3269-INTERB (Telecom Italia) : 208 (≈1/6) Interfaces with RFC 4950 687 Tot Interfaces 7159 9.6%
  • 38.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Explicit Tunnels 60% of the unique tunnels begin at least 5 hops away from monitor ….
  • 39.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute osbuscured by in Italian Internet infrastructure internet Results: Explicit Tunnels …. and 90% of tunnels are less than 4 hops in length.
  • 40.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute osbuscured by in Italian Internet infrastructure internet Results: Implicit Tunnels Total Implicit Tunnels found : 107 91,6% were identified through q-ttl signature technique More prealentthrough u-ttl tunnel signature technique27 (≈1/4) 8,4% in AS20746-FULCOM (Telecom Italia) :
  • 41.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Results: Opaque Tunnels In our experiment Opaque tunnels were not prevalent … We have found only nine unique opaque tunnels. More prevalent in AS8968-ALBACOM LH are hidden) (unique paths between ILER and (BT Italia) : 6 (2/3)
  • 42.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Result: Lenghts Explicit : 1 – 7 (AS12874-FASTWEB) Implicit : 1 – 2 Opaque : 1 – 6 We can distinguish an opaque tunnel of one hop by an explicit tunnel of one hop because the first has MPLS-ttl = 254 and the second has MPLS-ttl = 1
  • 43.
    Introduction Inference Methodology Our Experiment Analysis Results& Conclusions Course project for AANSW Revealing MPLS Tunnels obscured from traceroute in Italian Internet infrastructure Conclusions By comparing our results with the paper’s ones, we can state that in Italy MPLS is well deployed as well as in other countries. In our analysis we observe that 50% of the tunnels, for each kind of them, was discovered in the ASes in which the monitors are located. Like paper's ones, explicit tunnels are more common than other types (91.6% of the total). 70,4% of the LSP belong to an Tier-2 ASes 20,1% of the LSP belong to an Tier-1 ASes. The remaining part belongs to lower-level ASes.
  • 44.