[e2e] determining ingress interface?

Serge Maskalik serge at netvmg.com
Wed Jul 10 00:28:16 PDT 2002


  Another method of getting feedback and gleaning ingress  
  interface is exporting netflow (most versions will work 
  for this except sampled) and filtering the export data
  to keep only the flows in which source ip address match 
  the prefixes under investigation. The netflow records 
  will contain ingress ifindex, the item you are looking
  for. 

  	- Serge  

Thus spake David G. Andersen (dga at lcs.mit.edu):

> It's quite possible that you could use the various denial of
> service attack tracking packages in conjunction with "ping"
> to figure this out.  (Same as traffic filters/logs).  Just
> set up the filters, and then send a few pings to the host.
> Assuming it'll reply to pings (or tcpings, see an earlier
> postof mine), then you can watch the return traffic with
> existing tools.
> 
>   -Dave
> 
> On Tue, Jul 02, 2002 at 06:00:09PM -0700, k claffy mooed:
> > On Fri, Jun 21, 2002 at 09:12:33AM -0400, Rajesh Talpade wrote:
> >   
> >   Hi
> >   
> >   I asked this question on the NANOG mailing list.....
> >   
> >   > Is there a way for an ISP to determine the ingress router interface at
> >   > its network border that _should be_ passing IP traffic _from_ an IP 
> >   > address not owned by it? In other words, given an IP address, I would 
> >   > like to know what interface should be used by traffic from this address 
> >   > to enter my network.
> >   > I realize the interface used may change over time.
> >   
> >   ....and got some answers....
> >   
> >   
> >   > Use "traceroute -g" (Randy Bush, Buddy Bagga)
> >     Issues: Not all ISPs allow it; is only useful for a few hops into peer 
> >     ISP networks, and for IP addresses belonging to peer ISPs
> >   
> >   > Use traffic filters/logs on routers (Dylan Greene)
> >     Issues: Requires instantiation on all border routers; requires traffic 
> >     from IP address to exist
> >   
> >   > Use routes learned from peer ISP (Dylan Greene)
> >     Issues: Requires assumption that paths are same in both directions
> >   
> >   
> >   Is there work that answers the question without requiring the traffic to
> >   exist or assuming same bi-directional paths, perhaps using BGP path info, 
> >   or data from CAIDA's skitter tool?
> > 
> > unfortunately i don't know of any,
> > it's one of those things i'd pay good money 
> > to be wrong about though
> > 
> > you might find http://www.caida.org/tools/measurement/iffinder/
> > of interest (only marginally relevant but at least tries to
> > match interfaces to a single chassis)
> > 
> > would recommend against assumptions of either symmetric paths
> > or bgp reflecting actual traffic flow
> > unless you're writing science fiction
> > 
> > k
> 
> -- 
> work: dga at lcs.mit.edu                          me:  dga at pobox.com
>       MIT Laboratory for Computer Science           http://www.angio.net/




More information about the end2end-interest mailing list