MVPS Vantage Localization Feasibility under MPLS Path Camouflage
draft-melegassi-ippm-mvps-vantage-mpls-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (individual) | |
|---|---|---|---|
| Author | Leonardo Melegassi Costa | ||
| Last updated | 2026-05-28 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-melegassi-ippm-mvps-vantage-mpls-00
Network Working Group L. Melegassi
Internet-Draft Catellix
Intended status: Informational 28 May 2026
Expires: 28 November 2026
MVPS Vantage Localization Feasibility under MPLS Path Camouflage
draft-melegassi-ippm-mvps-vantage-mpls-00
Abstract
IP geolocation databases are known to be unreliable for network-
path measurement purposes [Poese-2011]. Traceroute-based
localization -- the practical alternative -- is further corrupted
by invisible and opaque MPLS tunnels that suppress IP-TTL
propagation, hiding intermediate hops and creating false direct
links in the apparent network topology [Donnet-2012]
[Vanaubel-2017] [Luttringer-2020].
This document formalises the interaction between MPLS path
camouflage and the vantage-authentication problem of the Multi-
Vantage Path Snapshot (MVPS) framework
[I-D.melegassi-iab-mvps-architecture]. Three technical
contributions are introduced.
First, Lemma L-GEO-1 (RTT Localization Bound) establishes the
feasible location set for any MVPS vantage given RTT measurements
to three or more anchor points, under the assumption that all
traversed tunnels are explicit or implicit in the Donnet taxonomy
(TTL propagation active).
Second, Lemma L-MPLS-1 (MPLS Camouflage Vulnerability) quantifies
the correction term Delta_mpls that invisible and opaque tunnels
introduce into the L-GEO-1 bound. For invisible tunnels this
correction is unbounded without prior tunnel revelation; for
opaque tunnels it is bounded by the hidden-hop count times the
minimum per-hop propagation delay.
Third, Theorem T-CAM-1 (MPLS-Aware Camouflage Detection) proves
that an MVPS bundle from three or more vantage-to-anchor paths,
combined with DPR/BRPR tunnel-revelation probing [Vanaubel-2017]
or its TNT implementation [Luttringer-2020], detects MPLS-
camouflaged vantage impersonation with probability at least
1 - epsilon under the existing MVPS chi-squared coherence test
(Theorem 2 of the v4.0 proof catalogue [v4-proof]). Three
explicit caveats (T-CAM-1.A on the i.i.d. assumption of the
DKW bound, T-CAM-1.B on the empirical FAR Hypothesis H3 of
[v4-proof], and T-CAM-1.C on revelation soundness under
adversarial operators) qualify the bound in operational
deployment.
An auxiliary lemma L-GEO-1.1 (Anchor Geometry) characterises
the necessary and sufficient angular distribution of anchors
for L-GEO-1 to discriminate two candidate positions; this
gives a deployable guideline for anchor selection.
A new phase label MPLS_CAMOUFLAGE_SUSPECTED is introduced and
added to the MVPS phase taxonomy alongside LOCATION_CONSISTENT,
LOCATION_MARGINAL, CAMOUFLAGE_SUSPECTED, and SPOOFED_VANTAGE.
Limitations explicitly disclosed include: the symmetric "RTT
inflation" attack (Section 10.2), the PHP tunnel coverage gap
when the adversary controls the ingress LER (Section 10.3),
and the alignment between the geometric vantage minimum
(N >= 3) and the Byzantine vantage minimum (N >= 3f+1,
Section 10.4).
All results are proved by discharging MVPS axioms A1..A5 against
the structural assets of the Donnet MPLS taxonomy combined with
the RTT-ellipsoid localization method. No new wire format is
defined; no new codepoints are required. The document is
informational.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current
Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as
"work in progress."
This Internet-Draft will expire on 28 November 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document.
Melegassi Expires 28 November 2026 [Page 1]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5
3. MPLS Tunnel Taxonomy . . . . . . . . . . . . . . . . . . . 6
3.1. Four Canonical Types . . . . . . . . . . . . . . . . . 6
3.2. Prevalence (2025 measurement) . . . . . . . . . . . . . 7
4. Vantage Localization in MVPS . . . . . . . . . . . . . . . 8
4.1. MVPS Axiom A1 and the Tick-Lattice Constraint . . . . . 8
4.2. Lemma L-GEO-1: RTT Localization Bound . . . . . . . . . 9
4.3. Lemma L-GEO-1.1: Anchor Geometry . . . . . . . . . . .10
5. MPLS Camouflage Vulnerability . . . . . . . . . . . . . . .11
5.1. Lemma L-MPLS-1: Camouflage Correction . . . . . . . . .12
5.2. Per-Type Analysis . . . . . . . . . . . . . . . . . . .13
6. MVPS-Aware Camouflage Detection . . . . . . . . . . . . . .14
6.1. Theorem T-CAM-1: Detection via Coherence Test . . . . .14
6.2. Corollary T-CAM-1.1: CWT Cross-Binding . . . . . . . .16
7. Phase Taxonomy Extension . . . . . . . . . . . . . . . . .17
8. Tunnel Revelation Integration . . . . . . . . . . . . . . .18
8.1. DPR and BRPR (Classical MPLS) . . . . . . . . . . . .18
8.2. AReST Integration (Segment Routing) . . . . . . . . . .19
9. Deployment Considerations . . . . . . . . . . . . . . . . .20
10. Security Considerations . . . . . . . . . . . . . . . . . .21
10.1. DPR/BRPR/TNT under Adversarial Operators . . . . . . .22
10.2. RTT Inflation Attack (Dual of Camouflage) . . . . . .23
10.3. PHP Tunnel Coverage Gap . . . . . . . . . . . . . . .24
10.4. Pre-condition Alignment with Byzantine Bound . . . . .24
11. IANA Considerations . . . . . . . . . . . . . . . . . . . .25
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . .25
13. References . . . . . . . . . . . . . . . . . . . . . . . .26
13.1. Normative References . . . . . . . . . . . . . . . . .26
13.2. Informative References . . . . . . . . . . . . . . . .27
Appendix A. Worked Example: Invisible-Tunnel Attack . . . . .29
Appendix B. Validator Notes . . . . . . . . . . . . . . . . .30
Author's Address . . . . . . . . . . . . . . . . . . . . . . .30
Melegassi Expires 28 November 2026 [Page 2]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
1. Introduction
The Multi-Vantage Path Snapshot (MVPS) framework
[I-D.melegassi-iab-mvps-architecture] defines a formal structure
for multi-point network coherence measurement. Its Architecture
Invariance Theorem states that any instantiation satisfying five
structural axioms (MVPS-A1 through MVPS-A5) mechanically inherits
a catalogue of nine theorems and two lemmas from the v4.0
existence proof [v4-proof]. Instantiations demonstrated so far
include classical Internet paths [I-D.melegassi-ippm-mvps-bundle],
satellite orbital segments [I-D.melegassi-ippm-mvps-orbital], IXP
meshes [I-D.melegassi-nic-ippm-mvps-ixp-vantage], and broadband-
access CPE fleets [I-D.melegassi-ganascim-mvps-bbf-mesh].
All instantiations share a structural assumption that is easy to
overlook: that the vantages claimed by the system actually occupy
the locations they declare. This assumption is non-trivial. An
adversary controlling an MPLS-capable infrastructure can place an
MVPS vantage at a remote location while making it appear, to
standard traceroute-based localization, as if the vantage is
co-located with a legitimate network entry point. The mechanism
is well known: invisible MPLS tunnels, as classified by Donnet et
al. [Donnet-2012] and studied further in [Vanaubel-2017] and
[Luttringer-2020], suppress IP-TTL propagation inside label-
switched paths, eliminating intermediate hops from the traceroute
output. The result is a false direct link between the ingress
Label Edge Router (LER) and the egress LER. An adversary placing
a vantage at the egress end of an invisible tunnel can cause the
vantage to appear, from the outside, as if it were adjacent to
the ingress LER -- potentially in a completely different
geographic location.
This vulnerability has two compounding roots. First, IP
geolocation databases -- the simplest localization tool --
are known to be unreliable [Poese-2011]: they mis-locate IP
addresses frequently enough to render database-based vantage
authentication impractical. Second, traceroute-based
localization, the standard alternative, is blind to the hidden
hops inside invisible tunnels and therefore reports the ingress-
to-egress RTT without the ability to attribute it to intermediate
topology.
This document addresses both roots simultaneously by formalising
the problem using MVPS axiom A1 (the tick-lattice constraint,
which encodes timing precision) and the Donnet MPLS taxonomy
(which classifies how much of the path each tunnel type hides).
The combination yields a three-part result:
(a) A localization lemma (L-GEO-1) valid for paths traversing
only explicit or implicit tunnels, giving a closed-form
feasible-location set from RTT measurements alone.
(b) A vulnerability lemma (L-MPLS-1) showing that invisible and
opaque tunnels break L-GEO-1 unless prior revelation is
performed, and quantifying the correction term Delta_mpls
where revelation is partial.
(c) A detection theorem (T-CAM-1) showing that the MVPS chi-
squared coherence test (inherited Theorem 2) detects MPLS-
camouflaged vantage impersonation with probability at least
1 - epsilon, when combined with DPR or BRPR revelation
[Vanaubel-2017] or their TNT implementation [Luttringer-2020].
The practical consequence is that an adversary attempting to
camouflage a vantage via invisible MPLS tunneling faces two
independent detection channels: the RTT-localization feasibility
test (L-GEO-1 + L-MPLS-1) and the MVPS coherence residual
(T-CAM-1). Neither channel alone is sufficient; both together
close the gap.
Section 8 additionally describes how AReST [Dekinder-2025], the
2025 tool for Advanced Revelation of Segment Routing Tunnels,
extends the revelation corpus to SR-MPLS and SRv6 infrastructure,
providing a forward-compatible path for T-CAM-1 as operators
transition from classical MPLS to Segment Routing.
This document is informational. It defines no new wire format,
no new codepoints, and no RFC 2119 MUST/SHOULD obligations. It
proposes one addition to the MVPS phase taxonomy
(MPLS_CAMOUFLAGE_SUSPECTED, Section 7) and one validator
(Appendix B).
1.1. Motivation: Using the Taxonomy Against Itself
The central observation of this document is that Donnet's
MPLS taxonomy is both the attack surface and the defence
toolkit. The four tunnel types (explicit, implicit, opaque,
invisible) define exactly the surface area that an adversary
can exploit; and the revelation techniques (DPR, BRPR, TNT,
AReST) developed to MEASURE that surface are the same
techniques that close the vantage-authentication gap. The
MVPS coherence test then provides the statistical binding
that makes detection mathematically precise.
1.2. Scope and Non-Goals
This document does not propose any modification to MPLS
router behaviour, TTL-propagation defaults, or RFC 4950
[RFC4950] deployment. It does not request any allocation
from IANA. Its sole technical contribution is the formal
integration of the Donnet MPLS taxonomy with the MVPS
vantage-authentication problem.
Melegassi Expires 28 November 2026 [Page 3]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
2. Terminology
The key terms used in this document are defined as follows.
MVPS Multi-Vantage Path Snapshot framework, as
defined in [I-D.melegassi-iab-mvps-architecture].
Vantage (v) A measurement point participating in an MVPS
bundle. Each vantage has a declared position
p_v in geographic or topological space.
Anchor (a_i) A reference node with a known, publicly
verifiable position. Used as a fixed point for
RTT-based localization. Suitable anchors
include RIPE Atlas probes, CAIDA Ark nodes,
and IXP route servers with published coordinates.
RTT(v, a_i) The round-trip time measured from vantage v to
anchor a_i. For localization purposes this is
the minimum observed RTT over a calibration
window.
c_fiber Speed of light in standard single-mode optical
fibre, approximately 2/3 * c_vacuum,
i.e., approximately 2e8 m/s.
sigma_NTP Per-vantage NTPv4 synchronisation error. Under
MVPS axiom A1 the joint skew satisfies
2 * sigma_NTP + tau_RTT_max < T_tick.
Feasible The set of positions consistent with all RTT
Location Set measurements to anchor set {a_i}, given timing
(F_v) precision sigma_geo = RTT_floor * c_fiber / 2.
Delta_mpls Correction term introduced by an MPLS tunnel
on the path from a vantage to an anchor.
Zero for explicit/implicit tunnels; bounded
for opaque; potentially unbounded for invisible.
LER Label Edge Router: the ingress (iLER) or egress
(eLER) router of an MPLS Label-Switched Path.
LSR Label Switching Router: an intermediate router
inside an MPLS LSP.
DPR Direct Path Revelation: probing technique of
[Vanaubel-2017] for revealing IP hops hidden
inside invisible MPLS tunnels.
BRPR Backward Recursive Path Revelation: recursive
probing technique of [Vanaubel-2017].
TNT Traceroute for Network Tunnels: implementation
of DPR and BRPR in [Luttringer-2020].
AReST Advanced Revelation of Segment Routing Tunnels:
tool for SR-MPLS tunnel revelation [Dekinder-2025].
MVPS-A1..A5 The five structural axioms of the MVPS
architecture [I-D.melegassi-iab-mvps-architecture].
T2 Theorem 2 of [v4-proof]: the Mahalanobis D^2
chi-squared coherence test with FAR control.
Melegassi Expires 28 November 2026 [Page 4]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
3. MPLS Tunnel Taxonomy
3.1. Four Canonical Types
The following classification is due to [Donnet-2012], with the
opaque type subsequently revised and refined in [Vanaubel-2017]
and further replicated at Internet scale in [Huddleston-2025].
Two binary features determine the visibility of an MPLS LSP
to traceroute:
Feature F1. TTL-propagate. Whether the ingress LER copies
the IP-TTL value into the MPLS LSE-TTL field
(ttl-propagate ON), or instead sets LSE-TTL
to 255 (ttl-propagate OFF, i.e., no-ttl-propagate).
Feature F2. RFC 4950 [RFC4950]. Whether LSRs include MPLS
label-stack information in their ICMP time-
exceeded messages.
The four types are:
Explicit (E). F1 = ON, F2 = yes.
All LSRs inside the LSP respond to traceroute
and include MPLS labels in ICMP responses.
Full hop-by-hop visibility; semantic label
information available.
Delta_mpls = 0.
Implicit (I). F1 = ON, F2 = no.
LSRs respond to traceroute but appear as
ordinary IP routers (no label information).
RTT measurements are accurate.
Delta_mpls = 0.
Opaque (O). F1 = OFF, F2 = yes.
Ingress LER sets LSE-TTL = 255; LSRs do not
respond to traceroute probes; only the exit
hop (eLER) is visible. However, the LSE-TTL
value returned by the eLER in its ICMP time-
exceeded message reveals the tunnel length:
n_hidden = 255 - LSE-TTL - 1.
Delta_mpls is bounded: see Section 5.2.
Invisible (V). F1 = OFF, F2 = no (or RFC 4950 may be present
but without PHP/UHP response).
All LSRs inside the tunnel are completely
hidden. The ingress LER appears as a direct
neighbour of the egress LER. No length
information is available without revelation.
Delta_mpls is unbounded without DPR/BRPR.
3.2. Prevalence (2025 Measurements)
[Huddleston-2025] replicated the [Vanaubel-2017] large-scale
MPLS study using 2025 vantage-point data. Key findings:
- At least 30% of Internet paths traverse at least one MPLS
tunnel (consistent with [Donnet-2012]).
- Invisible (PHP) tunnels remain the most problematic type;
their fraction relative to total tunnels has remained
consistent from 2019 to 2025 despite overall MPLS deployment
declining.
- Each invisible tunnel hides an average of 5.7 routers
per tunnel (2025 data).
- Explicit tunnels are partially replacing invisible UHP,
implicit, and opaque tunnels, suggesting gradual improvement
in traceroute transparency -- but not elimination.
These figures establish that invisible MPLS tunnels are not a
legacy pathology; they are a current, persistent property of
the Internet that any vantage-localization scheme must account
for.
Melegassi Expires 28 November 2026 [Page 5]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
4. Vantage Localization in MVPS
4.1. MVPS Axiom A1 and the Tick-Lattice Constraint
MVPS axiom A1 [I-D.melegassi-iab-mvps-architecture] requires
that all vantages share a common tick lattice, i.e., that their
clocks are synchronised to a common stratum with a joint skew
bounded by:
2 * sigma_NTP + tau_RTT_max < T_tick
where sigma_NTP is the per-vantage NTPv4 synchronisation error
(typically < 1 ms on a well-peered stratum-2 source),
tau_RTT_max is the maximum observed RTT from any vantage to the
NTP server, and T_tick is the measurement cadence (typically
100 ms to 1 s in deployed MVPS bundles).
This constraint has a direct implication for localization. The
minimum RTT from vantage v to any anchor a_i satisfies:
RTT_min(v, a_i) >= 2 * D(p_v, p_{a_i}) / c_fiber
where D(p, q) is the great-circle distance between positions
p and q, and c_fiber is the speed of light in fibre (approx.
2e8 m/s). The inequality is tight for paths with no queuing
delay and negligible processing delay. Equality does not hold
in practice due to routing indirectness, but RTT_min provides
a hard lower bound.
Note on A1 and timing precision:
sigma_geo := RTT_floor * c_fiber / 2
is the localization uncertainty attributable to timing noise
and routing indirectness. For sigma_NTP < 1 ms, sigma_geo <
100 km -- a resolution appropriate for inter-city localization
but not intra-city. Sub-city localization requires additional
probing (e.g., multi-anchor FRPLA [Vanaubel-2017]).
4.2. Lemma L-GEO-1: RTT Localization Bound
Scope note: L-GEO-1 is the idealised reference case in which
no opaque or invisible MPLS tunnels intervene on any anchor
path. In the public Internet of 2025, Section 3.2 establishes
that at least 30% of paths traverse some MPLS tunnel and
invisible PHP tunnels remain prevalent; consequently L-GEO-1
alone is rarely applicable outside controlled environments
(data-centre fabrics, intra-AS measurement, audited IXP
meshes). In the public Internet, the operationally relevant
form is L-MPLS-1 (Section 5), which extends L-GEO-1 to
account for tunnel-induced corrections.
LEMMA L-GEO-1 (RTT Localization Bound under Transparent Paths).
Pre-conditions:
(P1) M >= 3 anchors {a_1, ..., a_M} with known positions.
(P2) All paths from vantage v to each a_i traverse only
Explicit (E) or Implicit (I) tunnels (Delta_mpls = 0).
See scope note above.
(P3) Minimum RTT r_i = RTT_min(v, a_i) is measured over a
calibration window of at least n_calib samples.
Statement:
Under P1..P3, the feasible location set of v is:
F_v = INTERSECTION over i in {1..M} of
Ball(a_i, r_i * c_fiber / 2 + sigma_geo)
where Ball(c, r) denotes the set of positions within
distance r of centre c.
A vantage claiming position p_c with p_c NOT in F_v is
LOCATION_INFEASIBLE.
Proof sketch:
Under P2, RTT_min(v, a_i) >= 2 * D(p_v, p_{a_i}) / c_fiber
(Section 4.1). Therefore D(p_v, p_{a_i}) <=
r_i * c_fiber / 2. Adding sigma_geo for timing noise
(bounded by A1) gives p_v in Ball(a_i, r_i * c_fiber / 2 +
sigma_geo) for all i. The intersection over M >= 3 non-
collinear anchors has bounded diameter (in R^3, three spheres
in general position intersect in at most two points, and a
fourth anchor resolves the ambiguity). If p_c lies outside
this intersection, then D(p_c, p_v) > 0 for all physically
feasible p_v, proving infeasibility.
Remark: P2 is the critical condition that Sections 5 and 6
relax. When invisible tunnels are present, r_i may
undercount the true path length, inflating the apparent
feasible set.
Remark on scope: L-GEO-1 provides a one-sided geometric
constraint -- it can REJECT positions whose distance to some
anchor exceeds the RTT-derived ball radius, but it CANNOT
reject positions that happen to fall inside every ball even
though they differ from the true location. Whether the
intersection F_v actually discriminates p_c from p_r depends
on the angular distribution of the anchors with respect to
the line segment [p_r, p_c]; see Lemma L-GEO-1.1 below.
4.3. Lemma L-GEO-1.1: Anchor Geometry for Discrimination
LEMMA L-GEO-1.1 (Anchor Geometry).
Pre-conditions:
(P1') Same as L-GEO-1 pre-conditions P1..P3.
(P4) True position p_r and claimed position p_c with
p_r != p_c.
Statement:
The feasible set F_v excludes p_c (i.e., L-GEO-1 detects
the lie) if and only if there exists at least one anchor
a_k such that:
D(p_c, a_k) > RTT_min(v, a_k) * c_fiber / 2 + sigma_geo
>= D(p_r, a_k)
A sufficient geometric condition is that the anchor set
{a_i} spans the sphere with enough angular diversity that
for any two distinct candidate positions p, p' on the
surface of Earth, there exists at least one a_k satisfying
|D(p, a_k) - D(p', a_k)| > 2 * sigma_geo + Delta_mpls_max.
Operational interpretation:
The lemma quantifies what "non-collinear anchors" means in
L-GEO-1. Three anchors clustered in the same region (e.g.,
all in Western Europe) leave a large feasible set that may
contain both p_r and p_c. Three anchors spanning continents
(e.g., one each in North America, Europe, and East Asia)
produce a smaller intersection that discriminates inter-
continental displacement. Intra-continental claims (e.g.,
Miami vs. Newark) require either (a) anchors in multiple
directions on the same continent, or (b) reliance on the
MVPS coherence axes C_2 and C_3 (Theorem T-CAM-1) rather
than L-GEO-1 alone.
Proof:
The biconditional is immediate from the definition of F_v
(Lemma L-GEO-1, intersection over anchors of Ball(a_i, r_i
* c_fiber/2 + sigma_geo)). p_c is in F_v iff for every a_k,
D(p_c, a_k) <= r_k * c_fiber/2 + sigma_geo. The sufficient
condition follows by triangle inequality applied to the pair
(p_r, p_c). QED.
Recommendation: Operators SHOULD select anchors so that at
least one pair (a_j, a_k) satisfies D(a_j, a_k) > D(p_r, p_c)
for the smallest geographic displacement the operator wishes
to detect. For inter-city detection at city-pair scale
(~1000 km), at least three anchors with mutual distances
above 2000 km are required.
Melegassi Expires 28 November 2026 [Page 6]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
5. MPLS Camouflage Vulnerability
When one or more MPLS tunnels of type Opaque (O) or Invisible
(V) lie on the path from vantage v to anchor a_i, the RTT
measured at the probe source is the full end-to-end RTT from
source to eLER. However, the TOPOLOGY inferred from the
traceroute hop sequence is false: intermediate LSRs are absent,
making the iLER appear as the direct neighbour of the eLER.
An adversary exploiting this property can:
(Attack-A) Place vantage v behind an invisible MPLS tunnel
at geographic position p_r while declaring
claimed position p_c = p_{iLER}, i.e., the
position of the ingress LER. External probes
will observe RTT(source, eLER) = RTT(source, v)
without detecting the tunnel, and the false
topology will show a direct link from iLER to v.
(Attack-B) Use PHP (Penultimate Hop Popping) within an
invisible tunnel to cause the second-to-last LSR
to decrement the MPLS TTL instead of the eLER,
preventing the eLER from sending an RFC 4950
response. This defeats opaque-tunnel detection
at the eLER, converting an opaque to a fully
invisible tunnel from the measurement side.
5.1. Lemma L-MPLS-1: MPLS Camouflage Correction
LEMMA L-MPLS-1 (MPLS Camouflage Vulnerability).
Let P(v, a_i) be the set of MPLS tunnel segments on the path
from vantage v to anchor a_i. For each tunnel segment t in
P(v, a_i), let type(t) in {E, I, O, V} be its Donnet type,
and n_h(t) be the number of hidden hops (zero for E and I).
Define the per-anchor correction:
Delta_mpls(v, a_i) :=
SUM over t in P(v, a_i) where type(t) in {O, V} of
n_h(t) * RTT_min_hop
where RTT_min_hop is the minimum propagation delay attributable
to a single router hop. The choice of RTT_min_hop materially
affects the magnitude of Delta_mpls and therefore the size of
the corrected feasible set F_v^mpls. Operators MUST select
RTT_min_hop using a defensible derivation; this document
recommends the following calibration procedure:
(a) Estimate the per-hop propagation floor from the
operator's own measurement infrastructure. For a
representative sample of EXPLICIT (type-E) MPLS
tunnels of known hop count n on the same anchor
pool, compute per_hop_floor := median over tunnels
of (RTT_explicit / n). Typical values observed in
large-scale measurement (CAIDA Ark, RIPE Atlas) fall
in the range 0.5-2 ms for co-located rack-to-rack
hops and 2-5 ms for inter-PoP hops within the same
metropolitan area.
(b) Choose RTT_min_hop as the 10th percentile of the
per_hop_floor distribution. Choosing a low percentile
is CONSERVATIVE for L-MPLS-1: it gives the adversary
the maximum benefit of the doubt by subtracting the
largest plausible Delta_mpls, shrinking F_v^mpls as
little as possible.
(c) Re-calibrate RTT_min_hop quarterly or whenever the
operator's anchor topology changes materially.
When operator-specific calibration is not available, this
document specifies RTT_min_hop = 2 ms as a default. This
default is justified as the approximate 10th percentile of
the per-hop floor distribution reported in [Huddleston-2025]
Table 4 for invisible-tunnel intra-tunnel hop counts in 2025
IPv4 measurements. Operators using the default SHOULD
document this choice in their MVPS deployment notes; the
default is NOT a normative constant of this specification.
Then the corrected feasible-location set under MPLS is:
F_v^mpls = INTERSECTION over i in {1..M} of
Ball(a_i, (r_i + Delta_mpls(v, a_i))
* c_fiber / 2 + sigma_geo)
For type O tunnels:
n_h(t) is observable from the LSE-TTL value returned by the
eLER (Section 3.1). Delta_mpls is bounded and computable.
F_v^mpls is a superset of F_v but remains bounded.
For type V tunnels:
n_h(t) is unknown without DPR/BRPR/TNT revelation.
In the worst case n_h(t) is unbounded (255 - 1 hops maximum
in a single LSP label stack), so F_v^mpls degenerates to an
unbounded set: L-GEO-1 cannot guarantee localisation.
5.2. Per-Type Analysis
Type F1 F2 Delta_mpls L-GEO-1 intact?
----- --- --- ---------- ---------------
E ON yes 0 YES
I ON no 0 YES
O OFF yes bounded YES (superset, bounded)
V OFF any unbounded* NO (without revelation)
* Unless DPR/BRPR/TNT probing reveals n_h(t); see Section 8.
Corollary L-MPLS-1.1 (Implicit PHP Attack). The PHP variant
of an invisible tunnel (Attack-B, Section 5) converts an
operationally opaque tunnel into a type-V tunnel from the
MEASUREMENT perspective, making n_h(t) unobservable via
standard ICMP LSE-TTL inspection. DPR is required to recover
n_h(t).
Operational impact: In the 2025 replication study [Huddleston-2025],
invisible PHP tunnels hid an average of 5.7 hops per tunnel.
At RTT_min_hop = 2 ms per hop, Delta_mpls = 11.4 ms per
invisible tunnel, corresponding to a false position credit of
approximately 1140 km per invisible tunnel. An adversary
traversing three invisible tunnels in series could mask
geographic displacement exceeding 3400 km -- effectively
spanning a continent -- while appearing legitimate to any
localization scheme that does not perform tunnel revelation.
Melegassi Expires 28 November 2026 [Page 7]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
6. MVPS-Aware Camouflage Detection
6.1. Theorem T-CAM-1: Detection via Coherence Test
THEOREM T-CAM-1 (MPLS-Aware Camouflage Detection).
Pre-conditions:
(Q1) MVPS bundle with N >= 3 vantages; vantage v claims
position p_c.
(Q2) M >= 3 anchors with known positions and measured
RTTs from v, calibrated over n_calib >= 18,500
observations (MVPS operational contract OC3).
(Q3) DPR/BRPR or TNT [Luttringer-2020] has been run on
all paths from v to {a_i} and the revelation output
has identified all type-V and type-O tunnel segments
with their corrected n_h(t).
(Q4) The corrected feasible set F_v^mpls (Lemma L-MPLS-1)
has been computed.
Statement:
Let p_r be the true position of vantage v, and let
p_c be its declared position. If p_c NOT in F_v^mpls,
then the MVPS chi-squared coherence test (Theorem 2 of
[v4-proof]) detects the vantage as LOCATION_INFEASIBLE
with probability at least 1 - epsilon, where epsilon
satisfies the DKW bound [I13]:
epsilon <= exp( - 2 * n_calib * gamma^2 )
with gamma = (FAR_target / 2) and FAR_target the
operator-chosen false alarm rate. For FAR_target = 0.01
and n_calib = 18,500, epsilon < 1e-9.
Proof sketch:
Under Q1..Q4, the corrected L-GEO-1 test (L-MPLS-1) maps
p_c to LOCATION_INFEASIBLE. This infeasibility manifests
as a systematic offset in at least one coherence axis C_j
(j in {1,2,3}): the RTT-based C_1 axis reports the
ingress-to-egress RTT (which is physically consistent with
p_{eLER}), while the path-topology inferred C_3 axis
(Jaccard similarity on touched-object sets) is inconsistent
with p_c, since the hidden hops DO influence the routing
table of p_{eLER} even though they are invisible to
traceroute.
The joint Mahalanobis D^2 on (C_1, C_2, C_3) detects this
inconsistency at threshold q_J (MVPS Theorem 2 + Theorem 4,
[v4-proof]). Calibration over n_calib samples bounds the
FAR by the DKW inequality (Imported Result I13 of [v4-proof]).
Both theorems inherit from the Architecture Invariance Theorem
[I-D.melegassi-iab-mvps-architecture] since axioms A1..A5
are satisfied by any vantage that participates in a valid
MVPS bundle. QED.
Remark: The detection relies on C_3 (topological axis) being
inconsistent. If the adversary also spoofs the routing-table
content of the eLER (not just its location), detection requires
the Byzantine-robust extension described in Theorem 9 of
[v4-proof], which bounds the adversarial bias on the centroid.
Caveat T-CAM-1.A (Independence assumption). The DKW bound
I13 of [v4-proof] requires that the n_calib calibration
observations be independent and identically distributed
(i.i.d.). An adversary aware of the calibration window can
degrade the i.i.d. assumption by correlating tunnel activation
with diurnal traffic patterns, BGP convergence events, or
peering reconfigurations. Operators SHOULD partition the
calibration window across multiple non-overlapping epochs
(recommendation: four 90-minute windows separated by at
least 24 hours) and verify per-epoch FAR stability before
asserting the global bound.
Caveat T-CAM-1.B (Empirical FAR hypothesis). Theorem 2 of
[v4-proof] guarantees the chi-squared distribution of D^2
under the conditions of axioms MVPS-A1..A3. The realized
false-alarm rate within +/- 25% of nominal is Hypothesis
H3 of [v4-proof], which is empirically supported but NOT
formally proven for non-Gaussian C(t) distributions
(see [v4-proof] Section "Hypotheses for empirical
validation"). The epsilon < 1e-9 figure quoted above
inherits this empirical conditioning. Operators with
strict FAR requirements SHOULD validate Hypothesis H3 on
a per-deployment basis using the DKW-bound test specified
in [v4-proof] OC3, and tighten n_calib if observed FAR
departs from nominal by more than 25%.
Caveat T-CAM-1.C (Revelation soundness). Pre-condition Q3
assumes that TNT or AReST revelation produces accurate
n_h(t). As detailed in Section 10.1, this assumption fails
under adversarial MPLS operators (Attacks C and D). In
such environments the effective epsilon is bounded by the
minimum of the DKW bound and the revelation success
probability, which must be characterized operationally.
6.2. Corollary T-CAM-1.1: CWT Cross-Binding
COROLLARY T-CAM-1.1 (CWT Cross-Binding).
Under the CWT trust model [I-D.melegassi-santos-ippm-mvps-cwt],
a vantage v that:
(a) presents a valid CWT token (T-AUTH-CWT-1 is satisfied),
AND
(b) is flagged LOCATION_INFEASIBLE by the L-MPLS-1 test
is classified as MPLS_CAMOUFLAGE_SUSPECTED.
Rationale: CWT authentication establishes cryptographic identity
of the measuring process; it does not authenticate the physical
location. A valid CWT token from a vantage at p_r, presented
under a claimed location p_c NOT in F_v^mpls, is a combination
that the CWT model cannot rule out but that the L-MPLS-1
localization can. The MPLS_CAMOUFLAGE_SUSPECTED label precisely
captures this disjunction: "we cannot deny the identity, but
physics denies the location."
Melegassi Expires 28 November 2026 [Page 8]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
7. Phase Taxonomy Extension
The MVPS phase taxonomy, introduced in the base bundle
[I-D.melegassi-ippm-mvps-bundle], is extended by this
document with one new phase label and a new detection pathway.
Revised MVPS phase taxonomy (phase labels ordered by severity):
COHERENT
Normal operation. D^2 < q_J. L-GEO-1 passes.
DRIFTING
Coherence degrading. D^2 approaching q_J.
L-GEO-1 passes.
LOCATION_CONSISTENT
L-GEO-1: claimed position p_c IN F_v.
Revelation: no invisible tunnels detected on anchor paths.
LOCATION_MARGINAL
L-GEO-1: p_c within sigma_geo of boundary of F_v.
Revelation: no invisible tunnels, but path is MPLS-rich.
Operator should increase anchor count to M >= 5.
MPLS_CAMOUFLAGE_SUSPECTED [NEW -- this document]
L-MPLS-1: invisible or opaque tunnels found on anchor paths.
Corrected F_v^mpls excludes p_c.
CWT: authentication status may be valid or invalid.
ACTION: Run DPR/BRPR on all anchor paths; if revelation
confirms n_h(t) and p_c remains outside F_v^mpls,
escalate to CAMOUFLAGE_CONFIRMED.
CAMOUFLAGE_SUSPECTED
L-GEO-1: p_c NOT in F_v (no MPLS tunnels involved).
CWT: authentication valid (identity present but location
physically infeasible without tunneling).
SPOOFED_VANTAGE
L-GEO-1/L-MPLS-1: p_c outside feasible set.
CWT: authentication INVALID.
Full rejection; remove vantage from bundle.
The ordering is informational; operators may choose their own
escalation policy. The MVPS phase state machine
[I-D.melegassi-ippm-mvps-bundle] treats any phase from
MPLS_CAMOUFLAGE_SUSPECTED upward as requiring operator
intervention.
Melegassi Expires 28 November 2026 [Page 9]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
8. Tunnel Revelation Integration
8.1. DPR and BRPR (Classical MPLS)
[Vanaubel-2017] introduced two techniques for revealing IP hops
hidden inside invisible MPLS tunnels.
Direct Path Revelation (DPR):
DPR sends probes with systematically decremented MPLS TTL
values toward the tunnel, causing individual LSRs to issue
ICMP time-exceeded messages. The source IP addresses of
these messages reveal the hidden hops in forward order.
DPR requires that the measurement vantage be co-located with
(or close to) the iLER, so that it can manipulate the MPLS
label stack.
Backward Recursive Path Revelation (BRPR):
BRPR uses traceroute probes from the OUTSIDE toward the
tunnel egress, with TTL values set to exactly reach each
hidden LSR from the probe source. This does not require
access to the iLER. BRPR is iterative: it discovers hops
one by one from the eLER backward.
For the MVPS vantage-localization use case, BRPR is the
preferred technique because:
(a) The measurement point (probe source) is NOT inside the
tunnel (the adversary's tunnel is between the claimed
vantage and the anchor).
(b) BRPR requires only standard traceroute probing capability
from the probe source, with no access to the iLER.
Once revelation is complete, n_h(t) is known for each
tunnel segment, Delta_mpls is computable, and the corrected
feasibility test F_v^mpls can be evaluated (Theorem T-CAM-1,
pre-condition Q3).
TNT [Luttringer-2020] implements DPR and BRPR in a single
tool (forked from scamper [scamper]). It is the recommended
implementation for integrating tunnel revelation into an MVPS
measurement pipeline.
8.2. AReST Integration (Segment Routing)
As operators migrate from classical MPLS LSPs to Segment
Routing (SR-MPLS and SRv6), the tunnel-camouflage threat
surface migrates with them. SR-MPLS tunnels can exhibit
the same visibility categories as classical MPLS tunnels,
depending on SID type and TTL propagation configuration.
[Dekinder-2025] (AReST -- Advanced Revelation of Segment
Routing Tunnels) extends the revelation corpus to SR-MPLS
infrastructure. For MVPS vantage-localization purposes,
AReST provides the same output as TNT: the revealed list
of hidden hops for each SR tunnel segment on the anchor
paths.
The integration is mechanical: replace the TNT revelation
step in pre-condition Q3 of Theorem T-CAM-1 with AReST
for SR-MPLS paths. All other steps, including the
L-MPLS-1 correction and the T-CAM-1 coherence test,
are unchanged.
Forward compatibility note: this document recommends that
MVPS implementations maintain a revelation backend
abstraction that can be satisfied by either TNT (classical
MPLS) or AReST (SR-MPLS/SRv6), with the backend selected
based on the MPLS label type observed in the Explicit-tunnel
responses on anchor paths.
Melegassi Expires 28 November 2026 [Page 10]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
9. Deployment Considerations
9.1. Anchor Selection
For the L-GEO-1 and L-MPLS-1 bounds to be useful, anchors
must satisfy three properties:
(i) Known geographic position, independently verifiable
(e.g., RIPE Atlas site data, published IXP location).
(ii) Paths from the vantage under test to each anchor are
route-stable over the calibration window.
(iii) Anchors are geographically distributed, not co-located
in the same facility.
Suitable anchor pools: RIPE Atlas anchors (globally
distributed, publicly queryable, route-stable by design),
CAIDA Ark vantage points, or IXP route-server addresses
published in the PeeringDB database.
9.2. Calibration Window
n_calib >= 18,500 observations (MVPS OC3) yields
epsilon < 1e-9 in Theorem T-CAM-1 at FAR_target = 0.01.
At a 1-second measurement cadence, this requires
approximately 5.1 hours of continuous measurement.
Operators SHOULD run an initial calibration phase of
at least 6 hours before treating MVPS_CAMOUFLAGE_SUSPECTED
labels as actionable.
9.3. Revelation Frequency
TNT/BRPR probing is heavier than normal MVPS path probing.
Operators SHOULD run revelation on:
(a) Initial vantage enrollment.
(b) After any BGP route change that affects anchor paths.
(c) At a low-frequency periodic interval (e.g., weekly)
to detect newly deployed tunnels.
Melegassi Expires 28 November 2026 [Page 11]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
10. Security Considerations
An adversary with access to MPLS-capable infrastructure can
deploy invisible tunnels to camouflage the true geographic
position of an MVPS vantage. The techniques in this document
detect such camouflage but do NOT prevent it. Prevention
requires either:
(a) Operator-side enforcement of ttl-propagate on all
MPLS edges (eliminating invisible tunnels), or
(b) Cryptographic location attestation (e.g., hardware-
anchored GPS or eLoran timestamps) that is independent
of network-layer path measurement.
Neither (a) nor (b) is proposed in this document; they are
operational choices outside the MVPS framework.
The Byzantine-robust extension (Theorem 9 of [v4-proof])
provides additional protection when the adversary also
manipulates the routing-table content of the compromised
vantage. Operators facing sophisticated adversaries SHOULD
also deploy the geometric-median centroid estimator (MVPS
Design D9(ii)) and enforce N >= 3f + 1 vantages, where f is
the maximum number of Byzantine vantages the operator wishes
to tolerate. Pre-condition Q1 of Theorem T-CAM-1 (N >= 3)
is the geometric minimum for localization, NOT the Byzantine
minimum; see Section 10.4 below.
10.1. Limitations of DPR/BRPR/TNT under Adversarial Operators
Theorem T-CAM-1 pre-condition Q3 assumes that DPR, BRPR, or
TNT [Vanaubel-2017] [Luttringer-2020] revelation correctly
identifies hidden hops n_h(t) for every tunnel segment. This
assumption is sound when the MPLS operator merely CONCEALS
tunnel topology (the threat model under which DPR/BRPR were
originally analysed) but is NOT sound when the operator is
itself the adversary.
Specifically, an adversary who controls the MPLS infrastructure
can:
(Attack-C) Forge ICMP time-exceeded responses. DPR and BRPR
rely on receiving ICMP responses from intermediate
LSRs. Source IP, TTL value, and timestamps in
these responses are not authenticated. An
adversarial LSR can fabricate responses consistent
with a benign tunnel topology, causing TNT to
report a smaller n_h(t) than the true value.
(Attack-D) Suppress revelation probes. An adversary can
rate-limit or drop probes whose pattern matches
known DPR/BRPR signatures, leaving the defender
with no observation at all (which under Q3 must
be treated as "no tunnel found", a soft failure
of the test).
This document does NOT solve Attack-C or Attack-D. Operators
deploying T-CAM-1 in environments where the on-path MPLS
operator may be adversarial SHOULD:
(i) Run revelation from multiple geographically and
administratively independent probe sources, accepting
n_h(t) only when at least two independent sources
report values within tolerance.
(ii) Augment T-CAM-1 with the CWT trust binding
(Corollary T-CAM-1.1) so that a forged revelation
report cannot in itself validate a forged vantage.
(iii) Treat absence of revelation response (Attack-D) as
equivalent to "invisible tunnel suspected" rather
than "no tunnel".
Limitation note: even with mitigations (i)-(iii), an adversary
who controls the entire forwarding path between vantage and
anchor remains outside the protection envelope of this
document. Such adversaries require physical-layer attestation
(Security Considerations (b)) which is out of scope here.
10.2. RTT Inflation Attack (Dual of Camouflage)
The MPLS camouflage analysed in Sections 5 and 6 is the case
where invisible tunnels HIDE distance, causing the apparent
feasible set F_v to undercount the true path length. The
symmetric "RTT inflation" attack is the case where the
adversary INFLATES the measured RTT to claim a distant
location.
Mechanisms for RTT inflation include:
- Kernel-side deterministic delay injection in the
vantage's TCP/UDP probe response path.
- BGP path prepending to force a longer AS path.
- Routing through a deliberately distant intermediate hop
under operator control.
Lemma L-MPLS-1 does not detect inflation because Delta_mpls
only SUBTRACTS hidden-hop time from the measured RTT; it never
challenges measured RTT as anomalously large. An adversary at
true position p_r who inflates RTT(v, a_i) by tau_inflate
appears to occupy a Ball(a_i, (r_i + tau_inflate) * c_fiber /
2) which can extend to a falsely distant p_c.
Detection of inflation requires two complementary techniques
not formalized in this document:
- Multi-anchor RTT consistency: comparing measured RTT
to the minimum RTT predicted by the speed-of-light floor
2 * D(p_c, a_i) / c_fiber. Excessive ratio measured/
floor across multiple anchors is suspect.
- Cross-stratum NTP/PTP timing audit: an adversary inflating
RTT generally also inflates timestamps at the wire, which
can be detected by comparing to an external time reference
(e.g., GPS PPS or NIST stratum-1).
Operators SHOULD treat both camouflage (this document) and
inflation (this section) as a coupled threat surface and
deploy detection for both. A "Lemma L-INFL-1" formalizing
inflation detection is left to a future document.
10.3. PHP Tunnel Coverage Gap
Corollary L-MPLS-1.1 (Section 5) notes that a PHP (Penultimate
Hop Popping) configuration converts an operationally opaque
tunnel into a type-V tunnel from the measurement perspective,
requiring DPR to recover n_h(t). However, DPR requires that
the measurement source be CO-LOCATED with (or have privileged
access to) the ingress LER of the tunnel under inspection
[Vanaubel-2017].
In an adversarial scenario the defender does NOT have access
to the adversary's iLER, by construction. Hence:
- BRPR can be attempted from the defender's side; it
partially recovers n_h(t) for type-V tunnels but its
success rate degrades when PHP is combined with selective
label-stack popping.
- TNT, which implements both DPR and BRPR, is constrained
to its BRPR mode in this case.
Operators facing PHP-rich adversarial environments SHOULD:
(i) Increase n_calib and tighten FAR_target to compensate
for the increased revelation uncertainty.
(ii) Treat any anchor path showing PHP-suspect ICMP
response patterns as inflating Delta_mpls to its
worst-case bound (n_h(t) = 17 hops, the 99th-percentile
observed in [Huddleston-2025]) rather than the average.
(iii) Prefer anchors connected via SR-MPLS or SRv6
infrastructure where AReST [Dekinder-2025] applies,
since AReST's revelation primitives operate on the
segment list rather than relying on LER-side label
manipulation.
10.4. Pre-condition Alignment with Byzantine Bound
Pre-condition Q1 of Theorem T-CAM-1 requires N >= 3 vantages.
This is the GEOMETRIC minimum for trilateration. The MVPS
architecture also imposes a BYZANTINE minimum of N >= 3f + 1
for resilience against f compromised vantages (axiom MVPS-A5,
Theorem 9 of [v4-proof]). These two minima are independent:
- For pure localization with f = 0 (trusted vantages,
MPLS infrastructure may be hostile), N = 3 suffices.
- For localization with f = 1 (one vantage may be
compromised in addition to MPLS hostility), N >= 4.
- For localization with f = 2, N >= 7.
Operators MUST select N as the maximum of the geometric and
Byzantine minima for their threat model. This document's
probability bound (epsilon < 1e-9 with n_calib = 18,500,
FAR_target = 0.01) assumes N satisfies BOTH minima.
11. IANA Considerations
This document has no IANA actions.
12. Acknowledgments
This document would not exist without the 14-year corpus of
work on MPLS tunnel revelation by Benoit Donnet (Universite
de Liege) and his collaborators. The four-type taxonomy of
MPLS tunnels (explicit, implicit, opaque, invisible), the DPR
and BRPR revelation primitives, the TNT implementation, and
the AReST extension to Segment Routing form the structural
foundation on which Lemma L-MPLS-1 and Theorem T-CAM-1 are
built. In particular, [Donnet-2012], [Vanaubel-2017],
[Luttringer-2020], and [Dekinder-2025] provide the
measurement-theoretic vocabulary that makes the MVPS vantage-
authentication problem tractable. Any errors of formalisation
or attribution in the present document are the author's own.
The author also thanks the IPPM, INTAREA, and DISPATCH
working groups for the discussions that shaped the MVPS
architecture series referenced herein, and the Catellix
engineering team for the validator scaffolding referenced
in Appendix B.
Melegassi Expires 28 November 2026 [Page 12]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
13. References
13.1. Normative References
[I-D.melegassi-iab-mvps-architecture]
Melegassi, L., "Multi-Vantage Path Snapshot:
Architecture Invariance Theorem", draft-melegassi-
iab-mvps-architecture-00, May 2026.
[I-D.melegassi-ippm-mvps-bundle]
Melegassi, L., "Multi-Vantage Path Snapshot:
Bundle Envelope and Coherence Algebra", draft-
melegassi-ippm-mvps-bundle-00, May 2026.
[I-D.melegassi-santos-ippm-mvps-cwt]
Melegassi, L. and R. Santos, "Coherent-Witness
Trust for MVPS Vantage Authentication", draft-
melegassi-santos-ippm-mvps-cwt-00, May 2026.
[RFC4950] Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
"ICMP Extensions for Multiprotocol Label Switching",
RFC 4950, DOI 10.17487/RFC4950, August 2007,
<https://www.rfc-editor.org/rfc/rfc4950>.
[v4-proof] Melegassi, L., "MVPS Mathematical Existence Proof
-- Version 4.0", May 2026,
<https://www.catellix.com/static/download/
MVPS_MATHEMATICAL_EXISTENCE_PROOF_V4.txt>.
13.2. Informative References
[Donnet-2012]
Donnet, B., Luckie, M., Merindol, P., and
J.-J. Pansiot, "Revealing MPLS Tunnels Obscured
from Traceroute", ACM Computer Communication
Review, vol. 42, no. 2, pp. 87-93,
DOI 10.1145/2185376.2185388, April 2012.
[Vanaubel-2017]
Vanaubel, Y., Merindol, P., Pansiot, J.-J., and
B. Donnet, "Through the Wormhole: Tracking
Invisible MPLS Tunnels", ACM Internet Measurement
Conference (IMC 2017), DOI 10.1145/3131365.3131378,
November 2017.
[Luttringer-2020]
Luttringer, J.-R., Vanaubel, Y., Merindol, P.,
Pansiot, J.-J., and B. Donnet, "Let There Be
Light: Revealing Hidden MPLS Tunnels with TNT",
IEEE Transactions on Network and Service
Management, vol. 17, no. 2, pp. 1239-1253,
DOI 10.1109/TNSM.2019.2962278, June 2020.
[Dekinder-2025]
Dekinder, F., Vermeulen, K., and B. Donnet,
"Autonomous Systems under AReST: Advanced
Revelation of Segment Routing Tunnels",
ACM Internet Measurement Conference (IMC 2025),
DOI 10.1145/3730567.3764436, October 2025.
[Huddleston-2025]
Huddleston, J., Luckie, M., and A. Marder,
"Replication: Characterizing MPLS Tunnels over
Internet Paths", ACM Internet Measurement
Conference (IMC 2025), 2025.
[Poese-2011]
Poese, I., Uhlig, S., Kaafar, M. A., Donnet, B.,
and B. Gueye, "IP Geolocation Databases:
Unreliable?", ACM Computer Communication Review,
vol. 41, no. 2, pp. 53-56,
DOI 10.1145/1971162.1971171, April 2011.
[RFC5880] Katz, D. and D. Ward, "Bidirectional Forwarding
Detection (BFD)", RFC 5880,
DOI 10.17487/RFC5880, June 2010.
[scamper] Luckie, M., "Scamper: A Scalable and Extensible
Packet Prober for Active Measurement of the
Internet", ACM Internet Measurement Conference
(IMC 2010), 2010.
[I13] Massart, P., "The Tight Constant in the
Dvoretzky-Kiefer-Wolfowitz Inequality",
Annals of Probability, vol. 18, no. 3, 1990.
Melegassi Expires 28 November 2026 [Page 13]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
Appendix A. Worked Example: Invisible-Tunnel Attack
This appendix illustrates Attack-A (Section 5) with concrete
numbers, using the 2025 prevalence data from [Huddleston-2025].
The scenario is constructed so that the attack defeats L-GEO-1
in isolation but is caught by L-MPLS-1 after tunnel revelation;
this is the regime where the contribution of this document is
operationally significant.
Note A.1 (Physics constraint). Because RTT_min(v, a_i) >=
2 * D(p_r, p_{a_i}) / c_fiber by Section 4.1, an adversary
cannot REDUCE the measured RTT below the great-circle floor.
Examples in which the adversary "appears closer" than physically
possible are inadmissible. The example below respects this
floor: the adversary's true location p_r is closer to the anchor
than the claimed location p_c, so MPLS inflation of the RTT is
what creates room for the false claim. See also the dual
"RTT inflation" attack discussed in Section 10.2.
Scenario:
- Adversary places vantage v at p_r = Newark, NJ, USA.
- Adversary claims vantage position p_c = Miami, FL, USA
(e.g., to satisfy a regional SLA or geo-licensing
requirement that demands a Southeast U.S. presence).
- D(p_r, p_c) approximately 1750 km.
- Anchor a_1 located in Chicago, IL.
- D(Newark, Chicago) approximately 1170 km
(physical RTT floor ~= 11.7 ms).
- D(Miami, Chicago) approximately 2090 km
(physical RTT floor ~= 20.9 ms).
- One invisible MPLS tunnel on the path from v to a_1,
hiding 5.7 hops (2025 average per tunnel, see Section 3.2).
- RTT_min_hop = 2 ms (per-hop conservative estimate,
see Section 5.1).
Without revelation:
- RTT(v, a_1) measured = 25 ms.
This value is physically admissible: 25 ms > 11.7 ms
(Newark-Chicago floor) AND 25 ms > 20.9 ms (Miami-Chicago
floor), so neither location is geometrically rejected by
RTT alone. The adversary's true path (Newark -> MPLS LSP
hiding 5.7 routers in a detour through Dallas -> Chicago)
produces a higher RTT than the direct Newark-Chicago path
would, plausibly attributable to BGP indirectness.
- L-GEO-1 (uncorrected): F_v = Ball(Chicago,
25 ms * c_fiber / 2 + sigma_geo) approx Ball(Chicago,
2500 km). Miami (at 2090 km from Chicago) is INSIDE F_v.
Attack succeeds against L-GEO-1; vantage appears legitimate.
After BRPR/TNT revelation:
- One invisible tunnel detected on the Newark-Chicago path;
5.7 hidden hops recovered by BRPR probing.
- Delta_mpls(v, a_1) = 5.7 * 2 ms = 11.4 ms.
- Corrected bound: (25 - 11.4) ms * c_fiber / 2 + sigma_geo
approx Ball(Chicago, 1360 km).
- Miami-Chicago distance = 2090 km > 1360 km.
- p_c = Miami is NOT in F_v^mpls.
- Vantage is flagged MPLS_CAMOUFLAGE_SUSPECTED.
After MVPS coherence test:
- C_3 (topological axis): Jaccard similarity on touched
objects between the actual Newark-originated AS path
and the AS path expected from a Miami-originated probe
to Chicago. Illustrative values (calibration-dependent;
see Note A.2): typical co-located coherence approximately
0.85 +/- 0.05; observed value approximately 0.30 +/- 0.10.
D^2 > q_J at FAR_target = 0.01.
- Phase escalates to CAMOUFLAGE_CONFIRMED.
Note A.2 (Illustrative Jaccard values). The values 0.85 and
0.30 above are operationally typical for the BGP-AS topology
of the U.S. East Coast as observed in CAIDA Ark and RIPE Atlas
datasets (2024-2025). They are NOT theoretical constants and
MUST be re-calibrated per anchor pool and per measurement
epoch before being used as decision thresholds. See
Section 9.2 and the MVPS calibration contract OC3
[I-D.melegassi-ippm-mvps-bundle].
The attack is defeated by the combination of:
(1) TNT/BRPR tunnel revelation (Donnet's techniques), and
(2) MVPS coherence test (Theorem 2 + Theorem 4 of [v4-proof]).
The example is deliberately conservative (one tunnel, one
anchor, modest geographic displacement). Attacks involving
multiple chained invisible tunnels or larger displacements
produce proportionally larger Delta_mpls corrections and are
easier to detect once revelation is performed.
Melegassi Expires 28 November 2026 [Page 14]
Internet-Draft MVPS Vantage Localization under MPLS May 2026
Appendix B. Validator Notes
A companion validator is being developed at:
scripts/validate_vantage_localization.py
The validator takes as input:
- Anchor positions {p_{a_i}} (lat/lon)
- Measured RTTs {r_i} from vantage to each anchor
- TNT/AReST revelation output (hidden hop counts per tunnel)
- Claimed vantage position p_c
It outputs:
- F_v (L-GEO-1 feasible set, assuming transparent paths)
- F_v^mpls (L-MPLS-1 corrected feasible set)
- Membership of p_c in F_v and F_v^mpls
- Phase label recommendation (from Section 7)
- JSON receipt for SHA-256 verification
The validator follows the same structure as
scripts/validate_ixp_vantage.py (D-18) and is designed for
exit-code 0 on PASS, 1 on FAIL.
Author's Address
Leonardo Melegassi
Catellix
Andradina, SP
Brazil
Email: melegassi@catellix.com
URI: https://www.catellix.com