[e2e] determining ingress interface?

David G. Andersen dga at lcs.mit.edu
Tue Jul 2 19:25:04 PDT 2002

It's quite possible that you could use the various denial of
service attack tracking packages in conjunction with "ping"
to figure this out.  (Same as traffic filters/logs).  Just
set up the filters, and then send a few pings to the host.
Assuming it'll reply to pings (or tcpings, see an earlier
postof mine), then you can watch the return traffic with
existing tools.


On Tue, Jul 02, 2002 at 06:00:09PM -0700, k claffy mooed:
> On Fri, Jun 21, 2002 at 09:12:33AM -0400, Rajesh Talpade wrote:
>   Hi
>   I asked this question on the NANOG mailing list.....
>   > Is there a way for an ISP to determine the ingress router interface at
>   > its network border that _should be_ passing IP traffic _from_ an IP 
>   > address not owned by it? In other words, given an IP address, I would 
>   > like to know what interface should be used by traffic from this address 
>   > to enter my network.
>   > I realize the interface used may change over time.
>   ....and got some answers....
>   > Use "traceroute -g" (Randy Bush, Buddy Bagga)
>     Issues: Not all ISPs allow it; is only useful for a few hops into peer 
>     ISP networks, and for IP addresses belonging to peer ISPs
>   > Use traffic filters/logs on routers (Dylan Greene)
>     Issues: Requires instantiation on all border routers; requires traffic 
>     from IP address to exist
>   > Use routes learned from peer ISP (Dylan Greene)
>     Issues: Requires assumption that paths are same in both directions
>   Is there work that answers the question without requiring the traffic to
>   exist or assuming same bi-directional paths, perhaps using BGP path info, 
>   or data from CAIDA's skitter tool?
> unfortunately i don't know of any,
> it's one of those things i'd pay good money 
> to be wrong about though
> you might find http://www.caida.org/tools/measurement/iffinder/
> of interest (only marginally relevant but at least tries to
> match interfaces to a single chassis)
> would recommend against assumptions of either symmetric paths
> or bgp reflecting actual traffic flow
> unless you're writing science fiction
> k

work: dga at lcs.mit.edu                          me:  dga at pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/

More information about the end2end-interest mailing list