Ownership of Routers on Both Ends of Transnational Links
Howdy folks, We are a group of researchers at UC Riverside conducting some measurement about transnational networks. In particular, we are interested in studying the ownership of routers on the two sides of transnational links. We have some concrete questions which we hope someone can shed some light on. Basically when we send packets from US/Canada to China, through traceroute and the RTT of each hop, we can locate the last hop in the US before the packets enter China (*there is a large jump of RTT of 100+ms from this hop onwards*). Oftentimes the ownership of such routers is ambiguous. These hops whose IPs seem to belong to US or European ISPs (*according to BGP info*) but their reverse DNS names have *chinaunicom* in it, which is a Chinese ISP. AS1299 Telia Company AB 62.115.170.57 name = chinaunicom-ic-341501-sjo-b21.c.telia.net. 62.115.33.230 name = chinaunicom-ic-302366-las-bb1.c.telia.net. 213.248.73.190 name = chinaunicom-ic-127288-sjo-b21.c.telia.net. AS701 Verizon Business 152.179.103.254 name = chinaunicom-gw.customer.alter.net. While the following routers, they don't have a reverse DNS name at all, which seem to be uncommon if they were managed by US or European ISPs but quite common for Chinese ISPs. AS6453 TATA COMMUNICATIONS (AMERICA) INC 63.243.205.90 66.110.59.118 Can anyone confirm that these are indeed managed by the Chinese ISPs (even though they are physically located in the US according to the traceroute and RTT analysis)? Best, Pengxiong Zhu Department of Computer Science and Engineering University of California, Riverside
"company-ic" and "company-gw" are commonly used names for /30s used for interconnection to a customer or another carrier. Those routers are likely owned/managed by Telia/Verizon. On Tue, Apr 16, 2019 at 8:54 AM Pengxiong Zhu <pzhu011@ucr.edu> wrote:
Howdy folks,
We are a group of researchers at UC Riverside conducting some measurement about transnational networks. In particular, we are interested in studying the ownership of routers on the two sides of transnational links.
We have some concrete questions which we hope someone can shed some light on. Basically when we send packets from US/Canada to China, through traceroute and the RTT of each hop, we can locate the last hop in the US before the packets enter China (*there is a large jump of RTT of 100+ms from this hop onwards*). Oftentimes the ownership of such routers is ambiguous.
These hops whose IPs seem to belong to US or European ISPs (*according to BGP info*) but their reverse DNS names have *chinaunicom* in it, which is a Chinese ISP. AS1299 Telia Company AB 62.115.170.57 name = chinaunicom-ic-341501-sjo-b21.c.telia.net. 62.115.33.230 name = chinaunicom-ic-302366-las-bb1.c.telia.net. 213.248.73.190 name = chinaunicom-ic-127288-sjo-b21.c.telia.net.
AS701 Verizon Business 152.179.103.254 name = chinaunicom-gw.customer.alter.net.
While the following routers, they don't have a reverse DNS name at all, which seem to be uncommon if they were managed by US or European ISPs but quite common for Chinese ISPs. AS6453 TATA COMMUNICATIONS (AMERICA) INC 63.243.205.90 66.110.59.118
Can anyone confirm that these are indeed managed by the Chinese ISPs (even though they are physically located in the US according to the traceroute and RTT analysis)?
Best, Pengxiong Zhu Department of Computer Science and Engineering University of California, Riverside
On Tue, Apr 16, 2019 at 09:13:30AM -0400, Ross Tajvar wrote:
"company-ic" and "company-gw" are commonly used names for /30s used for interconnection to a customer or another carrier. Those routers are likely owned/managed by Telia/Verizon.
I highly doubt VZ or Telia owns and provides a Big Expensive Router as CPE sitting on US landing POP for a major international carrier. More likely, thease routers are China Unicom's routers in their US POP, not managed by VZ/Telia. The /30s in this case are unmanaged IP transit hand-offs, coming in as Nx10G or 100G. When your IP transit provider assigns the /30, your router looks like it belongs to your upstream, common mistake when interpreting traceroutes[1]. [1]: see Page 22 on https://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N... James
On Tue, Apr 16, 2019 at 10:59 AM James Jun <james.jun@towardex.com> wrote:
More likely, thease routers are China Unicom's routers in their US POP, not managed by VZ/Telia. The /30s in this case are unmanaged IP transit hand-offs, coming in as Nx10G or 100G. When your IP transit provider assigns the /30, your router looks like it belongs to your upstream, common mistake when interpreting traceroutes[1].
$ nslookup 62.115.170.56 56.170.115.62.in-addr.arpa name = sjo-b21-link.telia.net. if you model (as james says) each interconnect as a /30 or /31 ... look for the adjacent ip and see the PTR for that ip. (the above is your first link example's peer ip)
[1]: see Page 22 on https://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N...
James
I think it's clear that the IPs belong to Telia, but I understood James's point to be that the router using the IP in question may belong to China Unicom. (I agree with that, I was not thinking clearly this morning.) As this is an interconnect link, one side must belong to Telia and the other to China Unicom. The question, then, is which side are we looking at? Well, first I want to know how big the subnet is. I assume either /30 or /31. So, I do a reverse DNS lookup on all the IPs in the surrounding /30 block: 62.115.170.56 - sjo-b21-link.telia.net 62.115.170.57 - chinaunicom-ic-341501-sjo-b21.c.telia.net 62.115.170.58 - las-b24-link.telia.net 62.115.170.59 - chinaunicom-ic-341499-las-b24.c.telia.net That looks like two /31s. Only one IP in each has the name of China Unicom in it, so that one is probably in use by China Unicom, and the other is probably in use by Telia. On Tue, Apr 16, 2019, 3:50 PM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Tue, Apr 16, 2019 at 10:59 AM James Jun <james.jun@towardex.com> wrote:
More likely, thease routers are China Unicom's routers in their US POP, not managed by VZ/Telia. The /30s in this case are unmanaged IP transit hand-offs, coming in as Nx10G or 100G. When your IP transit provider assigns the /30, your router looks like it belongs to your upstream, common mistake when interpreting traceroutes[1].
$ nslookup 62.115.170.56 56.170.115.62.in-addr.arpa name = sjo-b21-link.telia.net.
if you model (as james says) each interconnect as a /30 or /31 ... look for the adjacent ip and see the PTR for that ip. (the above is your first link example's peer ip)
[1]: see Page 22 on https://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N...
James
Thank you so much for your insightful replies. We are asking the right people! I checked the rest of them, they all seem to be /30 or /31s. 62.115.33.227 jax-b1-link.telia.net 62.115.33.228 telconet-ic-337544-jax-b1.c.telia.net 62.115.33.229 las-bb1-link.telia.net * 62.115.33.230 chinaunicom-ic-302366-las-bb1.c.telia.net 213.248.73.185 adm-b4-link.telia.net 213.248.73.186 riot-ic-303251-adm-b4.c.telia.net 213.248.73.187 213.248.73.188 213.248.73.189 sjo-b21-link.telia.net <http://sjo-b21-link.telia.net> * 213.248.73.190 chinaunicom-ic-127288-sjo-b21.c.telia.net. 152.179.103.250 0.xe-1-2-1.GW7.LAX1.ALTER.NET 152.179.103.250 chinaunicom-gw.customer.alter.net 152.179.103.251 152.179.103.252 152.179.103.253 0.xe-1-0-0.gw2.lax1.alter.net * 152.179.103.254 chinaunicom-gw.customer.alter.net. 63.243.205.89 ix-xe-0-3-3-0.tcore1.sqn-san-jose.as6453.net <http://ix-xe-0-3-3-0.tcore1.sqn-san-jose.as6453.net> * 63.243.205.90 63.243.205.91 63.243.205.92 63.243.205.93 ix-xe-8-2-5-0.tcore1.sqn-san-jose.as6453.net 66.110.59.117 ix-xe-2-1-3-0-0.tcore1.lvw-los-angeles.as6453.net * 66.110.59.118 66.110.59.119 66.110.59.120 66.110.59.121 ix-ae-2-611.tcore1.lvw-los-angeles.as6453.net How about the two IPs(63.243.205.90, 66.110.59.118) that don't have a reserve DNS name? Since they don't have any PTR records. Best, Pengxiong Zhu Department of Computer Science and Engineering University of California, Riverside On Tue, Apr 16, 2019 at 1:50 PM Ross Tajvar <ross@tajvar.io> wrote:
I think it's clear that the IPs belong to Telia, but I understood James's point to be that the router using the IP in question may belong to China Unicom. (I agree with that, I was not thinking clearly this morning.) As this is an interconnect link, one side must belong to Telia and the other to China Unicom. The question, then, is which side are we looking at? Well, first I want to know how big the subnet is. I assume either /30 or /31. So, I do a reverse DNS lookup on all the IPs in the surrounding /30 block: 62.115.170.56 - sjo-b21-link.telia.net 62.115.170.57 - chinaunicom-ic-341501-sjo-b21.c.telia.net 62.115.170.58 - las-b24-link.telia.net 62.115.170.59 - chinaunicom-ic-341499-las-b24.c.telia.net That looks like two /31s. Only one IP in each has the name of China Unicom in it, so that one is probably in use by China Unicom, and the other is probably in use by Telia.
On Tue, Apr 16, 2019, 3:50 PM Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Tue, Apr 16, 2019 at 10:59 AM James Jun <james.jun@towardex.com> wrote:
More likely, thease routers are China Unicom's routers in their US POP, not managed by VZ/Telia. The /30s in this case are unmanaged IP transit hand-offs, coming in as Nx10G or 100G. When your IP transit provider assigns the /30, your router looks like it belongs to your upstream, common mistake when interpreting traceroutes[1].
$ nslookup 62.115.170.56 56.170.115.62.in-addr.arpa name = sjo-b21-link.telia.net.
if you model (as james says) each interconnect as a /30 or /31 ... look for the adjacent ip and see the PTR for that ip. (the above is your first link example's peer ip)
[1]: see Page 22 on https://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N...
James
"Can anyone confirm that these are indeed managed by the Chinese ISPs (even though they are physically located in the US according to the traceroute and RTT analysis)?" If a router is part of the CU AS, it's owed and managed by them. Physical location isn't really relevant to your question. On Tue, Apr 16, 2019 at 8:53 AM Pengxiong Zhu <pzhu011@ucr.edu> wrote:
Howdy folks,
We are a group of researchers at UC Riverside conducting some measurement about transnational networks. In particular, we are interested in studying the ownership of routers on the two sides of transnational links.
We have some concrete questions which we hope someone can shed some light on. Basically when we send packets from US/Canada to China, through traceroute and the RTT of each hop, we can locate the last hop in the US before the packets enter China (*there is a large jump of RTT of 100+ms from this hop onwards*). Oftentimes the ownership of such routers is ambiguous.
These hops whose IPs seem to belong to US or European ISPs (*according to BGP info*) but their reverse DNS names have *chinaunicom* in it, which is a Chinese ISP. AS1299 Telia Company AB 62.115.170.57 name = chinaunicom-ic-341501-sjo-b21.c.telia.net. 62.115.33.230 name = chinaunicom-ic-302366-las-bb1.c.telia.net. 213.248.73.190 name = chinaunicom-ic-127288-sjo-b21.c.telia.net.
AS701 Verizon Business 152.179.103.254 name = chinaunicom-gw.customer.alter.net.
While the following routers, they don't have a reverse DNS name at all, which seem to be uncommon if they were managed by US or European ISPs but quite common for Chinese ISPs. AS6453 TATA COMMUNICATIONS (AMERICA) INC 63.243.205.90 66.110.59.118
Can anyone confirm that these are indeed managed by the Chinese ISPs (even though they are physically located in the US according to the traceroute and RTT analysis)?
Best, Pengxiong Zhu Department of Computer Science and Engineering University of California, Riverside
participants (5)
-
Christopher Morrow
-
James Jun
-
Pengxiong Zhu
-
Ross Tajvar
-
Tom Beecher