February92013

Star Wars Traceroute

(Lots of hits direct to this page, see Here for why it is down)

(New! IPV6 version working!.  Here is a condensed version. Do it yourself with -m 100 on linux, -h 100 on windows to get the full monty) Obiwan.beaglenetworks.net


Bored in the blizzard in Boston; I was inspired by my IRC friend ‘Plazma’ constantly making fun of my reverse dns of scrye.net I came up with this pretty neat hack.
It is accomplished using many vrfs on (2) Cisco 1841s. For those less technical, VRFs are essentially private routing tables similar to a VPN. When a packet destined to 216.81.59.173 (AKA obiwan.scrye.net) hits my main gateway, I forward it onto the first VRF on the “ASIDE” router on 206.214.254.1. That router then has a specific route for 216.81.59.173 to 206.214.254.6, which resides on a different VRF on the “BSIDE” router. It then has a similar set up which points it at 206.214.254.9 which lives in another VPN on “ASIDE” router. All packets are returned using a default route pointing at the global routing table. This was by design so the packets TTL expiration did not have to return fully through the VRF Maze. I am a consultant to Epik Networks who let me use the Reverse DNS for an unused /24, and I used PowerDNS to update all of the entries through mysql. This took about 30 minutes to figure out how to do it, and about 90 minutes to implement. All VRFs and DNS were generated by a PHP script.
Disclaimer: I am not a very elegant programmer. I can do whatever I need to. I think very linearly and do not plan very well. Below is the code I used to generate the VRFs.

Traceroute posted below for posterity.


$BASE="206.214.251.";
$NUMBER=1;
while ($NUMBER<250) {
$VLAN=$NUMBER+199;
$VLAN2=$NUMBER+203;
$NH = $NUMBER+5;
$SRCIP = $NUMBER+4;
$ASIDE="
vrf definition  FOO$NUMBER
rd 10:$NUMBER
address-family ipv4

int fa0/0.$VLAN
encap dot1q $VLAN
vrf forwarding FOO$NUMBER
ip addr $BASE$NUMBER 255.255.255.252
ip route vrf FOO$NUMBER 216.81.59.173 255.255.255.255 $BASE$NH
ip route vrf FOO$NUMBER 0.0.0.0 0.0.0.0 216.81.59.175 global
int fa0/0.$VLAN2
encap dot1q $VLAN2
vrf forwarding FOO$NUMBER
ip addr $BASE$SRCIP 255.255.255.252
";
$DSTNUMBER=$SRCIP+1;
$DSTIP2=$SRCIP+5;
$VLAN3=$VLAN2+4;
$OUTIP=$DSTIP2-1;
echo "VLAN2 is $VLAN2 VLAN3 is $VLAN3\n";
$BSIDE="
vrf definition  FOO$NUMBER
rd 10:$NUMBER
address-family ipv4

int fa0/0.$VLAN2
encap dot1q $VLAN2
vrf forwarding FOO$NUMBER
ip addr $BASE$DSTNUMBER 255.255.255.252
ip route vrf FOO$NUMBER 216.81.59.173 255.255.255.255 $BASE$OUTIP
ip route vrf FOO$NUMBER 0.0.0.0 0.0.0.0 216.81.59.175 global
int fa0/0.$VLAN3
encap dot1q $VLAN3
vrf forwarding FOO$NUMBER
ip addr $BASE$DSTIP2 255.255.255.252
";

$tmp = `echo "$ASIDE" >> OUT1.TXT`;
$tmp = `echo "$BSIDE" >> OUT2.TXT`;
$NUMBER=$NUMBER+8;
}

 
 6  Episode.IV (206.214.251.1)  68.642 ms  67.307 ms  67.005 ms
 7  A.NEW.HOPE (206.214.251.6)  65.986 ms  68.502 ms  68.708 ms
 8  It.is.a.period.of.civil.war (206.214.251.9)  67.067 ms  70.139 ms  66.52
 9  Rebel.spaceships (206.214.251.14)  70.214 ms  70.192 ms  71.622 ms
10  striking.from.a.hidden.base (206.214.251.17)  71.427 ms  74.206 ms  
11  have.won.their.first.victory (206.214.251.22)  71.665 ms  70.434 ms  7
12  against.the.evil.Galactic.Empire (206.214.251.25)  69.218 ms  70.621 
13  During.the.battle (206.214.251.30)  69.059 ms  68.931 ms  69.981 ms
14  Rebel.spies.managed (206.214.251.33)  77.247 ms  72.757 ms  77.61
15  to.steal.secret.plans (206.214.251.38)  71.224 ms  71.164 ms  69.543 
16  to.the.Empires.ultimate.weapon (206.214.251.41)  68.744 ms  68.824 
17  the.DEATH.STAR (206.214.251.46)  72.316 ms  74.551 ms  66.354 ms
18  an.armored.space.station (206.214.251.49)  69.413 ms  70.334 ms  6
19  with.enough.power.to (206.214.251.54)  66.182 ms  66.627 ms  71.23
20  destroy.an.entire.planet (206.214.251.57)  71.926 ms  71.266 ms  70.
21  Pursued.by.the.Empires (206.214.251.62)  67.298 ms  65.956 ms  66.
22  sinister.agents (206.214.251.65)  65.020 ms  67.806 ms  70.508 ms
23  Princess.Leia.races.home (206.214.251.70)  68.894 ms  71.147 ms  71
24  aboard.her.starship (206.214.251.73)  72.130 ms  71.093 ms  74.026 
25  custodian.of.the.stolen.plans (206.214.251.78)  68.568 ms  67.939 ms
26  that.can.save.her (206.214.251.81)  67.063 ms  69.874 ms  68.889 m
27  people.and.restore (206.214.251.86)  70.395 ms  70.144 ms  
28  freedom.to.the.galaxy (206.214.251.89)  66.098 ms  65.432 ms 
29  0-------------------0 (206.214.251.94)  75.931 ms  74.159 ms  80.012 
30  0------------------0 (206.214.251.97)  73.026 ms  73.403 ms  73.256 
31  0-----------------0 (206.214.251.102)  83.602 ms  82.079 ms  70.743 
32  0----------------0 (206.214.251.105)  70.459 ms  69.403 ms  68.782 m
33  0---------------0 (206.214.251.110)  68.516 ms  72.472 ms  71.811 ms
34  0--------------0 (206.214.251.113)  69.056 ms  65.981 ms  68.202 ms
35  0-------------0 (206.214.251.118)  66.790 ms  71.556 ms  74.292 ms
36  0------------0 (206.214.251.121)  68.286 ms  71.042 ms  71.587 ms
37  0-----------0 (206.214.251.126)  72.702 ms  71.785 ms  72.442 ms
38  0----------0 (206.214.251.129)  78.143 ms  74.411 ms  72.828 ms
39  0---------0 (206.214.251.134)  69.692 ms  66.187 ms  67.369 ms
40  0--------0 (206.214.251.137)  69.184 ms  70.678 ms  67.445 ms
41  0-------0 (206.214.251.142)  70.383 ms  68.220 ms  67.543 ms
42  0------0 (206.214.251.145)  67.593 ms  72.970 ms  73.220 ms
43  0-----0 (206.214.251.150)  70.964 ms  69.082 ms  70.831 ms
44  0----0 (206.214.251.153)  73.856 ms  71.848 ms  70.311 ms
45  0---0 (206.214.251.158)  71.517 ms  69.204 ms  69.538 ms
46  0--0 (206.214.251.161)  68.076 ms  68.179 ms  67.620 ms
47  0-0 (206.214.251.166)  68.738 ms  70.518 ms  68.757 ms
48  00 (206.214.251.169)  68.281 ms  70.225 ms  74.811 ms
49  I (206.214.251.174)  70.203 ms  71.668 ms  71.672 ms
50  By.Ryan.Werber (206.214.251.177)  68.900 ms  71.461 ms  72.297 ms
51  When.CCIEs.Get.Bored (206.214.251.182)  75.816 ms  73.957 ms  71.333 ms
52  read.more.at.beaglenetworks.net (206.214.251.185)  70.254 ms  73.799 ms 
Page 1 of 1