The Internet architecture has facilitated a multi-party, distributed, and heterogeneous physical infrastructure where routers from different vendors connect and inter-operate via IP. Such vendor heterogeneity can have important security and policy implications. For example, a security vulnerability may be specific to a particular vendor and implementation, and thus will have a disproportionate impact on particular networks and paths if exploited. From a policy perspective, governments are now explicitly banning particular vendors, or have threatened to do so. Despite these critical issues, the composition of router vendors across the Internet remains largely opaque. Remotely identifying router vendors is challenging due to their strict security posture, indistinguishability due to code sharing across vendors, and noise due to vendor mergers. We make progress in overcoming these challenges by developing LFP, a tool that improves the coverage, accuracy, and efficiency of router fingerprinting as compared to the current state-of-the-art. We leverage LFP to characterize the degree of router vendor homogeneity within networks and the regional distribution of vendors. We then take a path-centric view and apply LFP to better understand the potential for correlated failures and fate-sharing. Finally, we perform a case study on inter- and intra-United States data paths to explore the feasibility to make vendor-based routing policy decisions, i.e., whether it is possible to avoid a particular vendor given the current infrastructure.

翻译：互联网架构促进了多方、分布式、异构的物理基础设施，其中来自不同厂商的路由器通过IP协议进行连接与互操作。这种厂商异构性可能带来重要的安全与政策影响。例如，安全漏洞可能特定于某一厂商及其实现方式，若被利用，将对特定网络和路径产生不成比例的影响。从政策角度看，各国政府正明确禁止特定厂商，或威胁采取此类措施。尽管存在这些关键问题，跨互联网的路由器厂商组成情况仍大多难以明确。由于路由器严格的安全防护、厂商间代码共享导致的难以区分性，以及厂商合并带来的噪声，远程识别路由器厂商颇具挑战。我们通过开发LFP工具在克服这些挑战方面取得进展，相比当前最先进方法，该工具提高了路由器指纹识别的覆盖率、准确性和效率。我们利用LFP刻画网络内部路由器厂商同质化程度及厂商区域分布特征。随后采用路径中心视角，应用LFP更深入理解关联故障与命运共享的可能性。最后，我们对美国境内及跨美数据路径进行案例研究，探索基于厂商的路由策略决策的可行性——即现有基础设施条件下能否规避特定厂商。