through the wormhole
play

Through the Wormhole: Yves V ANAUBEL Tracking Invisible MPLS Pascal - PowerPoint PPT Presentation

November 1st, 2017 Through the Wormhole: Yves V ANAUBEL Tracking Invisible MPLS Pascal M RINDOL Jean-Jacques P ANSIOT Tunnels Benoit D ONNET Agenda MPLS background Invisible MPLS tunnels Measurement Campaign and Results Agenda


  1. November 1st, 2017 Through the Wormhole: Yves V ANAUBEL Tracking Invisible MPLS Pascal M ÉRINDOL Jean-Jacques P ANSIOT Tunnels Benoit D ONNET

  2. Agenda ❖ MPLS background ❖ Invisible MPLS tunnels ❖ Measurement Campaign and Results

  3. Agenda ❖ MPLS Background • Label Stack Entries • MPLS Network ❖ Invisible MPLS tunnels ❖ Measurement Campaign and Results

  4. MPLS Label Stack Entries ❖ L abel S tack E ntries (LSE) : • 32 bits • Inserted between the MAC and the IP layer 0 31 7 15 23 Label TC S TTL ‣ Label : Label value, 20 bits ‣ S: Bottom of stack, 1 bit ‣ TTL: T ime T o L ive, 8 bits ‣ TC: T raffic C lass field, 3 bits

  5. MPLS Network Ingress LSR (LER) Egress LSR (LER) ISP X FH LSR LSR LH LSR LSP IP/to:2.2.2.2 5 4 3 IP/to:2.2.2.2 ISP A ISP B 1.1.1.0/24 2.2.2.0/24 UHP : U ltimate H op P opping PHP : P enultimate H op P opping IP/to:2.2.2.2 LSR : L abel S witching R outer LER : L abel E dge R outer IP/to:2.2.2.2 LSP : L abel S witched P ath Source Destination L abel D istribution P rotocol (LDP) 1.1.1.1 2.2.2.2

  6. Agenda ❖ MPLS Background ❖ Invisible MPLS tunnels • Definition • Impact on the Topology Inference • Revelation ❖ Measurement Campaign and Results

  7. MPLS Tunnel Discovery ❖ Classical MPLS tunnels can be revealed based on standard active measurement tools ( traceroute ) ❖ Two features are required: • ICMP extension ([RFC4950]): ✓ If an MPLS router must forge an ICMP time exceeded message, it should quote the MPLS LSE into it. • TTL propagation ([RFC3443]): ✓ The ingress router of an MPLS tunnel should initialize the LSE-TTL with the value inside the IP-TTL field. ✓ The opposite operation is done by the egress LER.

  8. Explicit Tunnels ❖ The two options are enabled ❖ This kind of tunnel is perfectly visible with traceroute R 1 R 2 R 3 R 4 R 5 Source Destination LSP PHP Ingress Egress LER LER Traceroute output: 1. R 1 2. R 2 - MPLS tag 3. R 3 - MPLS tag 4. R 4 - MPLS tag 5. R 5 6. Destination

  9. Invisible Tunnels ❖ With invisible tunnels, the TTL propagation is disabled ❖ Only ingress/egress LERs visible R 1 R 2 R 2 R 3 R 3 R 4 R 5 Source Destination LSP Ingress Egress LER LER Traceroute output: 1. R 1 False IP link (R1 → R5) 2. R 5 inference! 3. Destination

  10. Impact on the Topology Inference ❖ Internal MPLS routers are hidden from traceroute ❖ An entry point of an MPLS network appears as the neighbor of all exit points ❖ The whole layer-3 network turns into a dense mesh of H igh D egree N odes (HDN) Hidden MPLS Cloud Entry Degree = 6

  11. High Degree Node ❖ A node is a HDN if it has at least 128 neighbors • 128 is a lower bound relative to well-known physical provider edge hardware • Reasonable balance between the volume of probes sent and the amount of interesting data collected

  12. Invisible Tunnels - Revelation ❖ D irect P ath R evelation (DPR) • For networks not using MPLS for internal routing • Mostly Juniper devices (default behavior) ❖ B ackward R ecursive P ath R evelation (BRPR) • For networks using MPLS for all prefixes (internal and external) • Mostly CISCO routers (default behavior)

  13. Direct Path Revelation (DPR) Juniper Return Ingress Return Egress IP TTL not modified Forward Egress Forward Ingress LSP PHP VP PE 1 P 1 P 2 P 3 PE 2 CE 1 AS2 AS1 traceroute from VP to PE 2 : traceroute from VP to DST : CE 2 1 CE 1 18.317 ms 1 CE 1 18.317 ms 2 PE 1 34.508 ms => HDN 2 PE 1 34.508 ms AS3 3 PE 2 97.529 ms => HDN 3 P 1 58.521 ms 4 CE 2 107.050 ms 4 P 2 73.981 ms DST 5 P 3 85.190 ms 5 DST 131.278 ms 6 PE 2 94.529 ms Simple IP forwarding if MPLS not used for internal traffic => Try to run a trace to an internal prefix and see if routers reveal themselves

  14. Backward Recursive Path Revelation (BRPR) CISCO Return Ingress Return Egress IP TTL not modified Forward Egress Forward Ingress LSP PHP VP PE 1 P 1 P 2 P 3 PE 2 AS2 CE 1 AS1 MPLS is used for internal traffic, with PHP enabled => Try to run a trace to the egress router (internal prefix) CE 2 Path from VP to DST : AS3 CE 1 18.317 ms PE 1 34.508 ms => HDN PE 2 97.529 ms => HDN DST traceroute from VP to PE 2 reveals P 3 CE 2 107.050 ms traceroute from VP to P 3 reveals P 2 traceroute from VP to P 2 reveals P 1 DST 131.278 ms traceroute from VP to P 1 does not reveal any new node => STOP

  15. Agenda ❖ MPLS background ❖ Invisible MPLS tunnels ❖ Measurement Campaign and Results

  16. Measurement Campaign ❖ PlanetLab network ❖ 91 vantage points equally divided in 5 groups ❖ Selection of HDNs in CAIDA ITDK dataset ❖ Destinations set: HDNs and their neighbors, i.e. about 1.3M IP addresses ❖ Destinations distributed amongst the 5 groups ❖ Scamper with paris - traceroute ❖ Each IP address in the traces pinged for fingerprinting ❖ About 19 days of measurement

  17. Measurement Results ❖ 13,771 revealed invisible tunnels • 61% with DPR • 16% with BRPR • 23% with DPR/BRPR (1 hop, impossible to discriminate between the two techniques) ❖ 5193 revealed public IP addresses

  18. Invisible Tunnels Length Nb. Egress Interfaces 3000 DPR BRPR 2500 DPR or BRPR 2000 1500 1000 500 0 0 5 10 15 Nb. Hops

  19. Impact of Invisible Tunnel on Internet Models ❖ Degree distribution Invisible 0 . 20 Visible 0 . 15 PDF 0 . 10 0 . 05 0 . 00 0 10 20 30 40 Nb. Neighbors

  20. Impact of Invisible Tunnel on Internet Models ❖ Path lengths 0 . 10 Invisible Visible 0 . 08 0 . 06 PDF 0 . 04 0 . 02 0 . 00 0 5 10 15 20 25 30 Path Length

  21. Conclusions ❖ New techniques to infer the presence and reveal invisible MPLS tunnels ❖ Validation based on GNS3 emulations ❖ Gain knowledge on the internal architecture of opaque MPLS ASes ❖ Help improving Internet models

  22. Conclusions ❖ Other techniques allow to infer the length of invisible tunnels without revealing the content • Can be used as triggers before applying the revelation methods • Allow a modification of traceroute to run hidden MPLS tunnel revelations based on the triggers ❖ Dataset and GNS3 validation models publicly available: http://www.montefiore.ulg.ac.be/~bdonnet/mpls

Recommend


More recommend