[49015] in North American Network Operators' Group
Re: query about determining ingress interface
daemon@ATHENA.MIT.EDU (Rajesh Talpade)
Thu Jun 20 18:07:19 2002
From: Rajesh Talpade <rrt@research.telcordia.com>
To: dylan@juniper.net (Dylan Greene)
Date: Thu, 20 Jun 2002 18:06:51 -0400 (EDT)
Cc: rrt@research.telcordia.com (Rajesh Talpade), nanog@merit.edu
In-Reply-To: <20020620013811.C622@juniper.net> from "Dylan Greene" at Jun 20, 2002 01:38:11 AM
Errors-To: owner-nanog-outgoing@merit.edu
"--- begin message from Dylan Greene ---"
>
> On Thu, Jun 20, 2002 at 05:42:23PM -0400, Rajesh Talpade wrote:
>
> > Is there a way for an ISP to determine the ingress router interface at
> > its network border that will carry IP traffic _from_ an IP address not
> > owned by it?
> >
> > I don't want to assume the path is the same in both directions, and tools
> > such as CAIDA's skitter plot paths from specific sources. One approach
> > might be deriving network paths from CAIDA's data, perhaps someone has
> > already done this?
>
> Rajesh,
>
> Hi there..
>
> Are you asking to determine the interface that "will" or "is" passing said
> traffic?
the interface that "should be" passing the traffic.
in other words, given an IP address, i would like to know what interface
traffic from this address should enter my network.
i realize the interface may change over time, but can i at least know what
interface it is without using filters or logging mechanisms on the actual
routers? hence i was alluding to using existing data, such as bgp paths,
or caida's database.
thanks.
rajesh.
> I think it depends on what you're trying to do- Are you trying to track
> an individual src at one given point, or collect some stats/trends on where
> various srcs are entering your network?
>
> I.e, for an individual src/dst (maybe you're tracing a DoS, etc..) there are
> a number of ways to use filters and other mechanisms to log/count packets
> matching some known charachteristics (src/dst, length, etc..)
>
> There are various ways to do things like this, it depends on what exactly you're
> trying to track though.
>
> ..Dylan
>
