query about determining ingress interface
Hi Is there a way for an ISP to determine the ingress router interface at its network border that will carry IP traffic _from_ an IP address not owned by it? I don't want to assume the path is the same in both directions, and tools such as CAIDA's skitter plot paths from specific sources. One approach might be deriving network paths from CAIDA's data, perhaps someone has already done this? Thanks. Rajesh.
On Thu, Jun 20, 2002 at 05:42:23PM -0400, Rajesh Talpade wrote:
Is there a way for an ISP to determine the ingress router interface at its network border that will carry IP traffic _from_ an IP address not owned by it?
I don't want to assume the path is the same in both directions, and tools such as CAIDA's skitter plot paths from specific sources. One approach might be deriving network paths from CAIDA's data, perhaps someone has already done this?
Rajesh, Hi there.. Are you asking to determine the interface that "will" or "is" passing said traffic? I think it depends on what you're trying to do- Are you trying to track an individual src at one given point, or collect some stats/trends on where various srcs are entering your network? I.e, for an individual src/dst (maybe you're tracing a DoS, etc..) there are a number of ways to use filters and other mechanisms to log/count packets matching some known charachteristics (src/dst, length, etc..) There are various ways to do things like this, it depends on what exactly you're trying to track though. ..Dylan -- , Dylan Greene , + Juniper Networks + + +1 617/407-6254 + ` dylan@juniper.net '
"--- begin message from Dylan Greene ---"
On Thu, Jun 20, 2002 at 05:42:23PM -0400, Rajesh Talpade wrote:
Is there a way for an ISP to determine the ingress router interface at its network border that will carry IP traffic _from_ an IP address not owned by it?
I don't want to assume the path is the same in both directions, and tools such as CAIDA's skitter plot paths from specific sources. One approach might be deriving network paths from CAIDA's data, perhaps someone has already done this?
Rajesh,
Hi there..
Are you asking to determine the interface that "will" or "is" passing said traffic?
the interface that "should be" passing the traffic. in other words, given an IP address, i would like to know what interface traffic from this address should enter my network. i realize the interface may change over time, but can i at least know what interface it is without using filters or logging mechanisms on the actual routers? hence i was alluding to using existing data, such as bgp paths, or caida's database. thanks. rajesh.
I think it depends on what you're trying to do- Are you trying to track an individual src at one given point, or collect some stats/trends on where various srcs are entering your network?
I.e, for an individual src/dst (maybe you're tracing a DoS, etc..) there are a number of ways to use filters and other mechanisms to log/count packets matching some known charachteristics (src/dst, length, etc..)
There are various ways to do things like this, it depends on what exactly you're trying to track though.
..Dylan
On Thu, Jun 20, 2002 at 06:06:51PM -0400, Rajesh Talpade wrote:
the interface that "should be" passing the traffic.
Rajesh, Hmm.. Short of trusting that you're only going to receive traffic on a given ingress interface from a source you're learning from it (uRPF, sorta), I'm unsure how you could really reliably determine this?
in other words, given an IP address, i would like to know what interface traffic from this address should enter my network.
Would be be sufficent to just look at the routes you're learning via a given interface on your edge, and say that you can expect to receive traffic from those sources on those interfaces? It's not going to be particularly accurate, but unless you have tables from all of your peers, I'm not sure what else you'll have to go by.. ..Dylan -- , Dylan Greene , + Juniper Networks + + +1 617/407-6254 + ` dylan@juniper.net '
indeed, altho you will have to go back to filters if you want to do this on an IP more than a couple of hops away, I tend to find most of my peers allow it a little way into their network and it either stops or it stops at the next network boundary.. Steve On Thu, 20 Jun 2002, Randy Bush wrote:
Is there a way for an ISP to determine the ingress router interface at its network border that will carry IP traffic _from_ an IP address not owned by it?
traceroute -g, which is what insisting on lsr is all about
randy
Wouldn't it be nice for router vendors to include traceroute servers into basic router features, and bury the expensive (in silicon) and dangerous (for inattentive sysadmins) source-routing IP options? (...keeps dreaming... :) --vadim On Thu, 20 Jun 2002, Randy Bush wrote:
Is there a way for an ISP to determine the ingress router interface at its network border that will carry IP traffic _from_ an IP address not owned by it?
traceroute -g, which is what insisting on lsr is all about
randy
participants (5)
-
Dylan Greene -
Rajesh Talpade -
Randy Bush -
Stephen J. Wilcox -
Vadim Antonov