Loose Source Routing as a
Mechanism for Traffic
Policies
Katerina Argyraki and David R. Cheriton
Presented by Thuan Huynh, Robert Patro, and Shomir Wilson
Overview
 Background and theory
 Implementation
 Applications
 Related works
Brief Review of LSRR
Loose Source Record Routing (LSRR) is an
option in IP.
 The sender specifies a list of IP addresses that
the datagram must traverse.
 The route is “loose”: the datagram can pass
through other routers between any two
addresses on the list.
LSRR Continued
General Format of the IP Source Route Option
39 bytes
code len ptr IP addr #1 IP addr #2
1
1
1
dest=D
{#R1, R2, R3}
S
4 bytes
IP addr #9
4 bytes
4 bytes
Example of IP Source Routing
R1
dest=R1
{#R2, R3, D}
...
R2
dest=R2
{R1, #R3, D}
R3
dest=R3
{R1, R2, #D}
D
dest=D
{R1, R2, R3#}
WRAP: Wide-Area Relay
Addressing Protocol
WRAP runs on top of IP and uses loose-source routing, but
implements it differently from IP’s LSRR.
WRAP and LSRR are…
 Similar: A WRAP packet includes a forward path and a
reverse path. Every time a relay on the forward path is
traversed, it is moved to the reverse path.
 Different: The WRAP header (including the forward and
reverse paths) is included as the beginning of the IP
payload. The source and destination in the IP header
are the next and previous “hops” taken by the packet.
WRAP Advantages Over LSRR
 Relaying of WRAP packets is easier to
implement in hardware.
 Filtering of WRAP packets can be done with
conventional wire-speed filters (similar to
TCP/UDP-level filters).
 LSRR relaying or filtering requires processing
the variable-length IP options field, typically
requiring the CPU.
Transmit Policies
 WRAP enables a node to specify a transmit policy for




each packet.
An edge system can compute multiple paths to a
destination, monitor them, and choose between
them based on QoS needs.
An access router that connects an edge network to
the Internet computes paths and choices, or…
The end user (PC application, person) can specify
outgoing traffic paths.
Either way, the Internet core becomes purely a
forwarding engine.
Receive Policies
 WRAP enables a node to specify a receive policy for
each packet (accept, block, rate-limit) according to its
end-to-end path.
 A victim of a DDoS attack can ask routers close to the
attack sources to block “bad” traffic from them.
 This is implemented with Active Internet Traffic Filtering
(AITF), which verifies requests are real: node M cannot
disrupt traffic between A and B unless M is on the path
between them.
Alternatives to LSRR/WRAP
Transmit policies with labels: edge system tags each
packet with a policy label that indicates how it should be
routed.
 Good: less burdensome on edge systems
 Bad: each ISP knows only its own internal performance
Receive policies via hop-by-hop traceback: requests to
rate-limit traffic propagate hop-by-hop upstream.
 Good: again, less burdensome
 Bad: core routers become a filtering bottleneck
WRAP: IMPLEMENTATION
THE HEADER
0-7
8-15
16-23
protocol
length
foffset
24-31
reserved
reverse path
forward path
data
• protocol – The higher layer protocol (UDP, TCP etc.).
• length – The number of 32-bit addresses the reverse and forward paths
• foffset – The offset into the list of addresses where forward path field
starts
• reverse path – List of 32-bit addresses corresponding to the end-point
and relays already traversed
• forward path – List of 32-bit addresses corresponding to the relays and
end-point still ahead
• data – Contains the higher level (protocol format) packet
RELAYING
S
IP Src: B
IP Dst: D
Fpath: [ ]
Rpath: [S,A]
IP Src: S
IP Dst: A
Fpath: [B,D]
Rpath: [ ]
IP Src: A
IP Dst: B
Fpath: [D]
Rpath: [S]
A
B
D
WRAP: IMPLEMENTATION
Name-To-Path Resolution
 Wrap requires modification of current DNS
 Current – DNS maps names to IP addresses
 Modified – DNS maps names to domain-level paths
 How?
 Each realm gets internal & external DNS server
 Internal responds to requests originating inside the realm.
Provides mappings from domain names to WRAP paths
 External responds to requests originating outside the realm. Provides
mappings from domain names to a tuple { global prefix, IP }
 Forward Reference (Incremental Deployment)

State for WRAPID gateways can be instantiated during name resolution
WRAP: IMPLEMENTATION
Name-To-Path Resolution
S
D
S: DNS Name Lookup (D)
A: propagates
request to B
A
B
A: path = [A,B,D]
B: { prefix = P, IP = D }
DESIRABLE PROPERTIES:
Limited Path Spoofing
 WRAP limits the effectiveness of spoofing by
it’s design.
 Property A: Just as a destination addr. must be
correct for delivery in IP, the forward path must be
correct for delivery in WRAP.
 A malicious node may still spoof some other node
by placing that node’s address in the reverse path.
 However, because of property A, the malicious
node’s gateway will necessarily appear in the
reverse path.
DESIRABLE PROPERTIES:
Limited Path Spoofing
IP Src: A
IP Dst: B
Fpath: [C,D]
Rpath: [V]
IP Src: B
IP Dst: C
Fpath: [D]
Rpath: [V,A]
M
IP Src: C
IP Dst: D
Fpath: [ ]
Rpath:[ V,A,B]
B
A
C
V
D
DESIRABLE PROPERTIES:
Low Packet Overhead

WRAP chooses to explicitly include variable length lists of IP addresses
in it’s headers.

Seems as though it might introduce much larger headers than a scheme
like NIRA, but how bad is it in practice?

Mangoni and Pansiot [14], find that AS path distance appears to have a
Gaussian distribution with a mean m, with 3 < m < 4
 75% of AS pairs have a path length < 4, and 95% of AS pairs have a path
length < 6.
 WRAP authors make the conservative assumption that each AS may be a
collection of networks behind a NAT. This shifts the distribution average by
2.
 Still, 75% of WRAP headers would have a path length < 6 and 95% of WRAP
headers would have a path length < 8

Also Mangoni and Pansiot found the “empirical law”:


The average distance, diameter and radius of the inter-domain graph of AS
networks stays constant
This “law” holds despite the fact that the # of ASs grew by 40% during
the duration of their study
DESIRABLE PROPERTIES:
Address Space
 Make IP addresses become routing tags and
have NO end-to-end significance
S
[S, B, D]
[S, A, D]
A
D
B
D
DESIRABLE PROPERTIES:
Address Space
 Unlike NIRA and other schemes, globally unique
addresses are not required:
 IP addresses must only be unique within a
realm.
 4 billion addresses per realm.
 Relay addresses specify not just a specific router,
but a pair { router, outgoing realm }. This is an
artifact of a router’s non-uniqueness in the global
address space.
Similarity to IPNL
 IPNL is an NAT-extended architecture
 An address has 10 bytes, consists of
 Global IPv4 address
 Realm number
 Local IPv4 address
 Packets must be routed to global address
first, then to the realm, and local address.
WRAPID Gateways
 Deploying WRAP is similar to placing every
administrative domain behind NAT
 can be incremental
 must upgrade routers to WRAP capable
 hosts can be upgraded or not
 can support non-WRAP hosts by WRAPID
gateways (WRAP to IP Domain)
 WRAPID gateways can implement IP  WRAP and
WRAP  IP translating functionality.
WRAPID Gateways
IP Src: S
IP Dst: X
IP Src: Y
IP Dst: D
S
D
IP Src: A
IP Dst: B
Fpath: [D]
Rpath: [S]
A
WRAPID gateway
B
WRAPID gateway
Problems?
Applications
 Virtual Private Network
 Different sites are connected by WRAP relay
nodes
 Policy-based routing
 Extended forwarding path check
 The source can be verified up to the trusted relay
node.
 Multicast
 WRAPsec
Related works
 TRIAD (Translating Relaying Internet




Architecture integrating Active Directories)
RouteScience
RON
NIRA (Tuesday)
IPNL and IPv4+4
 “shim protocol”
 router upgrade
 routing information in header
Q&A