Howdy folks,
We are a group of researchers at UC Riverside conducting some measurement about transnational networks. In particular, we are interested in studying the ownership of routers on the two sides of transnational links.
We have some concrete questions which we hope someone can shed some light on. Basically when we send packets from US/Canada to China, through traceroute and the RTT of each hop, we can locate the last hop in the US before the packets enter China (there is a large jump of RTT of 100+ms from this hop onwards). Oftentimes the ownership of such routers is ambiguous.
These hops whose IPs seem to belong to US or European ISPs (according to BGP info) but their reverse DNS names have chinaunicom in it, which is a Chinese ISP.
AS1299 Telia Company AB
62.115.170.57 name = chinaunicom-ic-341501-sjo-b21.c.telia.net.
62.115.33.230 name = chinaunicom-ic-302366-las-bb1.c.telia.net.
213.248.73.190 name = chinaunicom-ic-127288-sjo-b21.c.telia.net.
AS701 Verizon Business
152.179.103.254 name = chinaunicom-gw.customer.alter.net.
While the following routers, they don’t have a reverse DNS name at all, which seem to be uncommon if they were managed by US or European ISPs but quite common for Chinese ISPs.
AS6453 TATA COMMUNICATIONS (AMERICA) INC
63.243.205.90
66.110.59.118
Can anyone confirm that these are indeed managed by the Chinese ISPs (even though they are physically located in the US according to the traceroute and RTT analysis)?
Best,
Pengxiong Zhu
Department of Computer Science and Engineering
University of California, Riverside
“company-ic” and “company-gw” are commonly used names for /30s used for interconnection to a customer or another carrier. Those routers are likely owned/managed by Telia/Verizon.
I highly doubt VZ or Telia owns and provides a Big Expensive Router as CPE sitting on US landing
POP for a major international carrier.
More likely, thease routers are China Unicom's routers in their US POP, not managed by VZ/Telia.
The /30s in this case are unmanaged IP transit hand-offs, coming in as Nx10G or 100G. When your
IP transit provider assigns the /30, your router looks like it belongs to your upstream, common
mistake when interpreting traceroutes[1].
[1]: see Page 22 on https://www.nanog.org/meetings/nanog47/presentations/Sunday/RAS_Traceroute_N47_Sun.pdf
James
More likely, thease routers are China Unicom's routers in their US POP, not managed by VZ/Telia.
The /30s in this case are unmanaged IP transit hand-offs, coming in as Nx10G or 100G. When your
IP transit provider assigns the /30, your router looks like it belongs to your upstream, common
mistake when interpreting traceroutes[1].
$ nslookup 62.115.170.56
56.170.115.62.in-addr.arpa name = sjo-b21-link.telia.net.
if you model (as james says) each interconnect as a /30 or /31 ...
look for the adjacent ip and see the PTR for that ip.
(the above is your first link example's peer ip)
I think it’s clear that the IPs belong to Telia, but I understood James’s point to be that the router using the IP in question may belong to China Unicom. (I agree with that, I was not thinking clearly this morning.) As this is an interconnect link, one side must belong to Telia and the other to China Unicom. The question, then, is which side are we looking at? Well, first I want to know how big the subnet is. I assume either /30 or /31. So, I do a reverse DNS lookup on all the IPs in the surrounding /30 block:
62.115.170.56 - sjo-b21-link.telia.net
62.115.170.57 - chinaunicom-ic-341501-sjo-b21.c.telia.net
62.115.170.58 - las-b24-link.telia.net
62.115.170.59 - chinaunicom-ic-341499-las-b24.c.telia.net
That looks like two /31s. Only one IP in each has the name of China Unicom in it, so that one is probably in use by China Unicom, and the other is probably in use by Telia.
I think it's clear that the IPs belong to Telia, but I understood James's point to be that the router using the IP in question may belong to China Unicom. (I agree with that, I was not thinking clearly this morning.) As this is an interconnect link, one side must belong to Telia and the other to China Unicom. The question, then, is which side are we looking at? Well, first I want to know how big the subnet is. I assume either /30 or /31. So, I do a reverse DNS lookup on all the IPs in the surrounding /30 block:
62.115.170.56 - sjo-b21-link.telia.net
62.115.170.57 - chinaunicom-ic-341501-sjo-b21.c.telia.net
62.115.170.58 - las-b24-link.telia.net
62.115.170.59 - chinaunicom-ic-341499-las-b24.c.telia.net
That looks like two /31s. Only one IP in each has the name of China Unicom in it, so that one is probably in use by China Unicom, and the other is probably in use by Telia.
that was my point yes.
I think we're making a lot of assumptions about how well PTR records are maintained. All of this could be totally accurate. Or...not...
this is totally true 
but... if the next hop after
chinaunicom-ic-341501-sjo-b21.c.telia.net is a CU ip... it's better
than average chance that the
chinaunicom-ic-341501-sjo-b21.c.telia.net
address is a telia /30 (or /31) on the ptp link between CU/Telia. That
Telia owns the ip space and that PROBABLY the customer identification
is correct. (cu)
-chris
Thank you so much for your insightful replies. We are asking the right people!
I checked the rest of them, they all seem to be /30 or /31s.
62.115.33.227 jax-b1-link.telia.net
62.115.33.228 telconet-ic-337544-jax-b1.c.telia.net
62.115.33.229 las-bb1-link.telia.net
213.248.73.185 adm-b4-link.telia.net
213.248.73.186 riot-ic-303251-adm-b4.c.telia.net
213.248.73.187
213.248.73.188
213.248.73.189 sjo-b21-link.telia.net
152.179.103.250 0.xe-1-2-1.GW7.LAX1.ALTER.NET
152.179.103.250 chinaunicom-gw.customer.alter.net
152.179.103.251
152.179.103.252
152.179.103.253 0.xe-1-0-0.gw2.lax1.alter.net
63.243.205.89 ix-xe-0-3-3-0.tcore1.sqn-san-jose.as6453.net
- 63.243.205.90
63.243.205.91
63.243.205.92
63.243.205.93 ix-xe-8-2-5-0.tcore1.sqn-san-jose.as6453.net
66.110.59.117 ix-xe-2-1-3-0-0.tcore1.lvw-los-angeles.as6453.net
How about the two IPs(63.243.205.90, 66.110.59.118) that don’t have a reserve DNS name? Since they don’t have any PTR records.
Best,
Pengxiong Zhu
Department of Computer Science and Engineering
University of California, Riverside
this is totally true but… if the next hop after
chinaunicom-ic-341501-sjo-b21.c.telia.net is a CU ip… it’s better
than average chance that the
chinaunicom-ic-341501-sjo-b21.c.telia.net
address is a telia /30 (or /31) on the ptp link between CU/Telia. That
Telia owns the ip space and that PROBABLY the customer identification
is correct. (cu)
Yes, in our case, the next hops after all the six routers are some CU IPs.
Best,
Pengxiong Zhu
Department of Computer Science and Engineering
University of California, Riverside
“Can anyone confirm that these are indeed managed by the Chinese ISPs (even though they are physically located in the US according to the traceroute and RTT analysis)?”
If a router is part of the CU AS, it’s owed and managed by them. Physical location isn’t really relevant to your question.
Thanks again for your insightful responses!
The case we discuss above is Chinese ISPs renting routers located outside China and the IPs belong to other ISPs.
How about the case that the IP belongs to a Chinese ISP and is located in US(from RTT result), can we say it is very likely or definitely owned/operated by the Chinese ISP? Why would some ISP try to rent routers of Chinese ISP in US?
For example, a traceroute from Ohio to an IP in China. Hop 17 and hop 18 should be located in US based on the RTT, and yet they belong to a Chinese AS(China Telecom). Does this mean that Chinese Telecom is managing these two hops?
HOST: Loss% Snt Last Avg Best Wrst StDev
6. AS??? 100.65.11.97 0.0% 100 2.0 1.0 0.4 12.6 1.3
7. AS??? 52.93.15.238 0.0% 100 2.4 2.0 1.5 11.4 1.1
8. AS??? 52.93.14.134 0.0% 100 21.9 26.3 4.2 54.4 11.3
9. AS??? 52.93.14.119 0.0% 100 2.6 2.1 1.6 10.8 1.2
10. AS??? 100.91.27.86 0.0% 100 25.8 26.2 25.6 34.9 1.2
11. AS??? 54.239.42.197 0.0% 100 25.5 25.9 25.4 35.8 1.5
12. AS??? 100.91.4.218 0.0% 100 25.9 26.2 25.1 38.3 1.6
13. AS??? 100.91.4.217 0.0% 100 25.4 26.0 25.3 41.4 2.0
14. AS??? 100.91.5.85 0.0% 100 25.3 25.8 25.2 29.1 0.9
15. AS??? 54.239.103.86 0.0% 100 25.6 30.0 25.2 49.1 3.8
16. AS??? 54.239.103.77 0.0% 100 25.3 25.6 25.2 28.1 0.5
17. AS4134 218.30.53.1 0.0% 100 28.0 29.1 25.2 33.1 2.3
18. AS4134 202.97.50.21 0.0% 100 32.4 29.1 25.2 33.5 2.4
19. AS??? ??? 100.0 100 0.0 0.0 0.0 0.0 0.0
20. AS??? ??? 100.0 100 0.0 0.0 0.0 0.0 0.0
21. AS4134 202.97.94.121 0.0% 100 186.8 185.6 181.8 189.8 2.3
22. AS4816 119.147.222.6 0.0% 100 182.6 183.5 182.4 195.8 1.8
23. AS4816 183.2.182.130 0.0% 100 181.7 183.3 181.5 207.0 3.9
24. AS??? ??? 100.0 100 0.0 0.0 0.0 0.0 0.0
25. AS45102 116.251.113.158 0.0% 100 176.7 177.9 176.5 186.7 2.1
26. AS45102 116.251.115.141 0.0% 100 213.2 213.4 213.1 218.5 0.6
Best,
Pengxiong Zhu
Department of Computer Science and Engineering
University of California, Riverside
I think you are using all of the wrong verbs here... 'renting' does
not make sense here, I'm unclear on what you actually mean, please try
again with a different verb OR more clarifying text.
\
Sorry for the confusion. I mean the IPs belong to non-Chinese ISPs but are actually controlled/managed by Chinese ISPs.
Sorry for the confusion. I mean the IPs belong to non-Chinese ISPs but are actually controlled/managed by Chinese ISPs.
this is, as I think was said earlier, normal practice.
Sometimes you accept a /31 from your "provider" or "peer", sometimes
they accept yours...
sometimes this is because of seasons/reasons/etc, sometimes because
it's how folk denote who's paying for the link in between.
Those ips are not useful as a signal, which I think was also said
previously in this thread.
i suspect the OP is down the rabbit hole of what is known as
"anti-aliasing," trying to find out whether IP address A on some router
is actually on the same router as IP address B, and what AS(s) those IPs
are in. your point is that an inter-as link may have IPs from either of
the providers. yup. and, because it is an INTER-as link, it does not
really belong to one or t'other.
this particular rabbit digs deep holes. an early entrance to the burrow
is the classic from the uw crew
inproceedings{Spring:2002:MIT:633025.633039,
author = {Spring, Neil and Mahajan, Ratul and Wetherall, David},
title = {Measuring ISP Topologies with Rocketfuel},
booktitle = {Proceedings of the 2002 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications},
series = {SIGCOMM '02},
year = {2002},
isbn = {1-58113-570-X},
location = {Pittsburgh, Pennsylvania, USA},
pages = {133--145},
numpages = {13},
url = {http://doi.acm.org/10.1145/633025.633039},
doi = {10.1145/633025.633039},
acmid = {633039},
publisher = {ACM},
address = {New York, NY, USA},
}
randy