In this project we use Internet Yellow Pages and Scamper to traceroute hosts in RPKI invalid prefixes.
RQ1: Verify if RPKI Invalid prefixes have more hops, higher RTT
RQ2: Do ASes in RoVista dataset drop all invalids?
Control : Perform RTT measurement for RPKI valid prefixes originated from same AS
The traceroutes to Cloudflare had the following results:
Note that traceroute to an RPKI invalid prefix can still reach the destination when intermediate ASes drop the invalid announcement. They can do so when the intermediate routers have the path to a less specific prefix which is RPKI Valid or NotFound.
To remove this artifact from the results we discard all RPKI Invalid prefixes with a covering prefix which is RPKI Valid or NotFound. Now we perform traceroutes to the remaining RPKI Invalid prefixes. If the traceroute reaches the destination, it means that none of the ASes in the path are dropping the invalid announcement.
We use RoVista dataset2 to check if an ASN is safe from RPKI invalids.
Observation: We can still traceroute successfully to 103.21.244.12
from UCSD and the traffic goes through CENIC(AS2152) and Cloudflare(AS13335) which are both partially protected from RPKI Invalids according to RoVista.
Cloudflare:
CENIC:
CENIC has Level3 as the upstream and since Level3 is dropping invalids, CENIC is partially protected from invalids. But they also have a peering relationship with Cloudflare and they do not drop invalids coming from Cloudflare. Thus, the traceroute to Cloudflare’s IP is successful. We cal also infer that UCSD has CENIC as the only upstream provider and they do not drop any invalids coming from CENIC.
We can use Internet Yellow Pages and Scamper to measure the visibility of RPKI Invalid prefixes and infer the ROV filtering behavior of ASes.
Code Snippet to perform traceroutes
def get_traces(dest_ips, val_flag=False):
for dest_ip in dest_ips:
ctrl.do_trace(
dest_ip,
method="udp-paris",
inst=ctrl.instances(),
attempts=1,
squeries=5,
wait_timeout=timedelta(seconds=2),
)
trace_list = []
for o in tqdm(ctrl.responses(timeout=timedelta(seconds=30))):
trace_list.append(o)
return trace_list
from scamper import ScamperCtrl
mux = "/run/ark/mux"
ctrl = ScamperCtrl(mux=mux)
vp_list = ctrl.vps()
_ = ctrl.add_vps(vp_list)