[e2e] determining ingress interface?

David G. Andersen dga at lcs.mit.edu
Tue Jul 2 19:25:04 PDT 2002 

It's quite possible that you could use the various denial of
service attack tracking packages in conjunction with "ping"
to figure this out.  (Same as traffic filters/logs).  Just
set up the filters, and then send a few pings to the host.
Assuming it'll reply to pings (or tcpings, see an earlier
postof mine), then you can watch the return traffic with
existing tools.

  -Dave

On Tue, Jul 02, 2002 at 06:00:09PM -0700, k claffy mooed:
> On Fri, Jun 21, 2002 at 09:12:33AM -0400, Rajesh Talpade wrote:
>   
>   Hi
>   
>   I asked this question on the NANOG mailing list.....
>   
>   > Is there a way for an ISP to determine the ingress router interface at
>   > its network border that _should be_ passing IP traffic _from_ an IP 
>   > address not owned by it? In other words, given an IP address, I would 
>   > like to know what interface should be used by traffic from this address 
>   > to enter my network.
>   > I realize the interface used may change over time.
>   
>   ....and got some answers....
>   
>   
>   > Use "traceroute -g" (Randy Bush, Buddy Bagga)
>     Issues: Not all ISPs allow it; is only useful for a few hops into peer 
>     ISP networks, and for IP addresses belonging to peer ISPs
>   
>   > Use traffic filters/logs on routers (Dylan Greene)
>     Issues: Requires instantiation on all border routers; requires traffic 
>     from IP address to exist
>   
>   > Use routes learned from peer ISP (Dylan Greene)
>     Issues: Requires assumption that paths are same in both directions
>   
>   
>   Is there work that answers the question without requiring the traffic to
>   exist or assuming same bi-directional paths, perhaps using BGP path info, 
>   or data from CAIDA's skitter tool?
> 
> unfortunately i don't know of any,
> it's one of those things i'd pay good money 
> to be wrong about though
> 
> you might find http://www.caida.org/tools/measurement/iffinder/
> of interest (only marginally relevant but at least tries to
> match interfaces to a single chassis)
> 
> would recommend against assumptions of either symmetric paths
> or bgp reflecting actual traffic flow
> unless you're writing science fiction
> 
> k

-- 
work: dga at lcs.mit.edu                          me:  dga at pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

More information about the end2end-interest mailing list