TNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
share
Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect topological data in order to infer the Internet topology at a given scale (e.g., at the router or the AS level). However, traceroute comes with multiple limitations, in particular with layer-2 clouds such as MPLS that might hide their content to traceroute exploration. Thus, the resulting Internet topology data and models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing most (if not all) MPLS tunnels along a path. TNT works in two basic stages. First, along with traceroute probes, it looks for evidences of the potential presence of hidden tunnels. Those evidences are surprising patterns in the traceroute output, e.g., abrupt and significant TTL shifts. Second, if alarms are triggered due to the presence of such evidences, TNT launches additional and dedicated probing for possibly revealing the content of the hidden tunnel. We validate TNT through emulation with GNS3 and tune its parameters through a dedicated measurement campaign. We also largely deploy TNT on the Archipelago platform and provide a quantification of tunnels, updating so the state of the art vision of MPLS tunnels. Finally, TNT and its validation platform are fully and publicly available, as well as the collected data and scripts used for processing data.
READ FULL TEXT