




Network Working Group                                    L. Melegassi
Internet-Draft                                               Catellix
Intended status: Informational                           28 May 2026
Expires: 28 November 2026


      MVPS Vantage Localization Feasibility under MPLS Path Camouflage
           draft-melegassi-ippm-mvps-vantage-mpls-00

Abstract

   IP geolocation databases are known to be unreliable for network-
   path measurement purposes [Poese-2011].  Traceroute-based
   localization -- the practical alternative -- is further corrupted
   by invisible and opaque MPLS tunnels that suppress IP-TTL
   propagation, hiding intermediate hops and creating false direct
   links in the apparent network topology [Donnet-2012]
   [Vanaubel-2017] [Luttringer-2020].

   This document formalises the interaction between MPLS path
   camouflage and the vantage-authentication problem of the Multi-
   Vantage Path Snapshot (MVPS) framework
   [I-D.melegassi-iab-mvps-architecture].  Three technical
   contributions are introduced.

   First, Lemma L-GEO-1 (RTT Localization Bound) establishes the
   feasible location set for any MVPS vantage given RTT measurements
   to three or more anchor points, under the assumption that all
   traversed tunnels are explicit or implicit in the Donnet taxonomy
   (TTL propagation active).

   Second, Lemma L-MPLS-1 (MPLS Camouflage Vulnerability) quantifies
   the correction term Delta_mpls that invisible and opaque tunnels
   introduce into the L-GEO-1 bound.  For invisible tunnels this
   correction is unbounded without prior tunnel revelation; for
   opaque tunnels it is bounded by the hidden-hop count times the
   minimum per-hop propagation delay.

   Third, Theorem T-CAM-1 (MPLS-Aware Camouflage Detection) proves
   that an MVPS bundle from three or more vantage-to-anchor paths,
   combined with DPR/BRPR tunnel-revelation probing [Vanaubel-2017]
   or its TNT implementation [Luttringer-2020], detects MPLS-
   camouflaged vantage impersonation with probability at least
   1 - epsilon under the existing MVPS chi-squared coherence test
   (Theorem 2 of the v4.0 proof catalogue [v4-proof]).  Three
   explicit caveats (T-CAM-1.A on the i.i.d. assumption of the
   DKW bound, T-CAM-1.B on the empirical FAR Hypothesis H3 of
   [v4-proof], and T-CAM-1.C on revelation soundness under
   adversarial operators) qualify the bound in operational
   deployment.

   An auxiliary lemma L-GEO-1.1 (Anchor Geometry) characterises
   the necessary and sufficient angular distribution of anchors
   for L-GEO-1 to discriminate two candidate positions; this
   gives a deployable guideline for anchor selection.

   A new phase label MPLS_CAMOUFLAGE_SUSPECTED is introduced and
   added to the MVPS phase taxonomy alongside LOCATION_CONSISTENT,
   LOCATION_MARGINAL, CAMOUFLAGE_SUSPECTED, and SPOOFED_VANTAGE.

   Limitations explicitly disclosed include: the symmetric "RTT
   inflation" attack (Section 10.2), the PHP tunnel coverage gap
   when the adversary controls the ingress LER (Section 10.3),
   and the alignment between the geometric vantage minimum
   (N >= 3) and the Byzantine vantage minimum (N >= 3f+1,
   Section 10.4).

   All results are proved by discharging MVPS axioms A1..A5 against
   the structural assets of the Donnet MPLS taxonomy combined with
   the RTT-ellipsoid localization method.  No new wire format is
   defined; no new codepoints are required.  The document is
   informational.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current
   Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-
   Drafts as reference material or to cite them other than as
   "work in progress."

   This Internet-Draft will expire on 28 November 2026.

Copyright Notice

   Copyright (c) 2026 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with
   respect to this document.


Melegassi                Expires 28 November 2026               [Page 1]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . 5
   3.  MPLS Tunnel Taxonomy  . . . . . . . . . . . . . . . . . . . 6
     3.1.  Four Canonical Types  . . . . . . . . . . . . . . . . . 6
     3.2.  Prevalence (2025 measurement) . . . . . . . . . . . . . 7
   4.  Vantage Localization in MVPS  . . . . . . . . . . . . . . . 8
     4.1.  MVPS Axiom A1 and the Tick-Lattice Constraint . . . . . 8
     4.2.  Lemma L-GEO-1: RTT Localization Bound . . . . . . . . . 9
     4.3.  Lemma L-GEO-1.1: Anchor Geometry  . . . . . . . . . . .10
   5.  MPLS Camouflage Vulnerability . . . . . . . . . . . . . . .11
     5.1.  Lemma L-MPLS-1: Camouflage Correction . . . . . . . . .12
     5.2.  Per-Type Analysis . . . . . . . . . . . . . . . . . . .13
   6.  MVPS-Aware Camouflage Detection . . . . . . . . . . . . . .14
     6.1.  Theorem T-CAM-1: Detection via Coherence Test . . . . .14
     6.2.  Corollary T-CAM-1.1: CWT Cross-Binding . . . . . . . .16
   7.  Phase Taxonomy Extension  . . . . . . . . . . . . . . . . .17
   8.  Tunnel Revelation Integration . . . . . . . . . . . . . . .18
     8.1.  DPR and BRPR (Classical MPLS)  . . . . . . . . . . . .18
     8.2.  AReST Integration (Segment Routing) . . . . . . . . . .19
   9.  Deployment Considerations . . . . . . . . . . . . . . . . .20
  10.  Security Considerations . . . . . . . . . . . . . . . . . .21
     10.1.  DPR/BRPR/TNT under Adversarial Operators . . . . . . .22
     10.2.  RTT Inflation Attack (Dual of Camouflage)  . . . . . .23
     10.3.  PHP Tunnel Coverage Gap  . . . . . . . . . . . . . . .24
     10.4.  Pre-condition Alignment with Byzantine Bound . . . . .24
  11.  IANA Considerations . . . . . . . . . . . . . . . . . . . .25
  12.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . .25
  13.  References  . . . . . . . . . . . . . . . . . . . . . . . .26
     13.1.  Normative References . . . . . . . . . . . . . . . . .26
     13.2.  Informative References . . . . . . . . . . . . . . . .27
   Appendix A.  Worked Example: Invisible-Tunnel Attack  . . . . .29
   Appendix B.  Validator Notes  . . . . . . . . . . . . . . . . .30
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . .30


Melegassi                Expires 28 November 2026               [Page 2]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


1.  Introduction

   The Multi-Vantage Path Snapshot (MVPS) framework
   [I-D.melegassi-iab-mvps-architecture] defines a formal structure
   for multi-point network coherence measurement.  Its Architecture
   Invariance Theorem states that any instantiation satisfying five
   structural axioms (MVPS-A1 through MVPS-A5) mechanically inherits
   a catalogue of nine theorems and two lemmas from the v4.0
   existence proof [v4-proof].  Instantiations demonstrated so far
   include classical Internet paths [I-D.melegassi-ippm-mvps-bundle],
   satellite orbital segments [I-D.melegassi-ippm-mvps-orbital], IXP
   meshes [I-D.melegassi-nic-ippm-mvps-ixp-vantage], and broadband-
   access CPE fleets [I-D.melegassi-ganascim-mvps-bbf-mesh].

   All instantiations share a structural assumption that is easy to
   overlook: that the vantages claimed by the system actually occupy
   the locations they declare.  This assumption is non-trivial.  An
   adversary controlling an MPLS-capable infrastructure can place an
   MVPS vantage at a remote location while making it appear, to
   standard traceroute-based localization, as if the vantage is
   co-located with a legitimate network entry point.  The mechanism
   is well known: invisible MPLS tunnels, as classified by Donnet et
   al. [Donnet-2012] and studied further in [Vanaubel-2017] and
   [Luttringer-2020], suppress IP-TTL propagation inside label-
   switched paths, eliminating intermediate hops from the traceroute
   output.  The result is a false direct link between the ingress
   Label Edge Router (LER) and the egress LER.  An adversary placing
   a vantage at the egress end of an invisible tunnel can cause the
   vantage to appear, from the outside, as if it were adjacent to
   the ingress LER -- potentially in a completely different
   geographic location.

   This vulnerability has two compounding roots.  First, IP
   geolocation databases -- the simplest localization tool --
   are known to be unreliable [Poese-2011]: they mis-locate IP
   addresses frequently enough to render database-based vantage
   authentication impractical.  Second, traceroute-based
   localization, the standard alternative, is blind to the hidden
   hops inside invisible tunnels and therefore reports the ingress-
   to-egress RTT without the ability to attribute it to intermediate
   topology.

   This document addresses both roots simultaneously by formalising
   the problem using MVPS axiom A1 (the tick-lattice constraint,
   which encodes timing precision) and the Donnet MPLS taxonomy
   (which classifies how much of the path each tunnel type hides).
   The combination yields a three-part result:

   (a) A localization lemma (L-GEO-1) valid for paths traversing
       only explicit or implicit tunnels, giving a closed-form
       feasible-location set from RTT measurements alone.

   (b) A vulnerability lemma (L-MPLS-1) showing that invisible and
       opaque tunnels break L-GEO-1 unless prior revelation is
       performed, and quantifying the correction term Delta_mpls
       where revelation is partial.

   (c) A detection theorem (T-CAM-1) showing that the MVPS chi-
       squared coherence test (inherited Theorem 2) detects MPLS-
       camouflaged vantage impersonation with probability at least
       1 - epsilon, when combined with DPR or BRPR revelation
       [Vanaubel-2017] or their TNT implementation [Luttringer-2020].

   The practical consequence is that an adversary attempting to
   camouflage a vantage via invisible MPLS tunneling faces two
   independent detection channels: the RTT-localization feasibility
   test (L-GEO-1 + L-MPLS-1) and the MVPS coherence residual
   (T-CAM-1).  Neither channel alone is sufficient; both together
   close the gap.

   Section 8 additionally describes how AReST [Dekinder-2025], the
   2025 tool for Advanced Revelation of Segment Routing Tunnels,
   extends the revelation corpus to SR-MPLS and SRv6 infrastructure,
   providing a forward-compatible path for T-CAM-1 as operators
   transition from classical MPLS to Segment Routing.

   This document is informational.  It defines no new wire format,
   no new codepoints, and no RFC 2119 MUST/SHOULD obligations.  It
   proposes one addition to the MVPS phase taxonomy
   (MPLS_CAMOUFLAGE_SUSPECTED, Section 7) and one validator
   (Appendix B).

   1.1.  Motivation: Using the Taxonomy Against Itself

      The central observation of this document is that Donnet's
      MPLS taxonomy is both the attack surface and the defence
      toolkit.  The four tunnel types (explicit, implicit, opaque,
      invisible) define exactly the surface area that an adversary
      can exploit; and the revelation techniques (DPR, BRPR, TNT,
      AReST) developed to MEASURE that surface are the same
      techniques that close the vantage-authentication gap.  The
      MVPS coherence test then provides the statistical binding
      that makes detection mathematically precise.

   1.2.  Scope and Non-Goals

      This document does not propose any modification to MPLS
      router behaviour, TTL-propagation defaults, or RFC 4950
      [RFC4950] deployment.  It does not request any allocation
      from IANA.  Its sole technical contribution is the formal
      integration of the Donnet MPLS taxonomy with the MVPS
      vantage-authentication problem.


Melegassi                Expires 28 November 2026               [Page 3]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


2.  Terminology

   The key terms used in this document are defined as follows.

   MVPS            Multi-Vantage Path Snapshot framework, as
                   defined in [I-D.melegassi-iab-mvps-architecture].

   Vantage (v)     A measurement point participating in an MVPS
                   bundle.  Each vantage has a declared position
                   p_v in geographic or topological space.

   Anchor (a_i)    A reference node with a known, publicly
                   verifiable position.  Used as a fixed point for
                   RTT-based localization.  Suitable anchors
                   include RIPE Atlas probes, CAIDA Ark nodes,
                   and IXP route servers with published coordinates.

   RTT(v, a_i)     The round-trip time measured from vantage v to
                   anchor a_i.  For localization purposes this is
                   the minimum observed RTT over a calibration
                   window.

   c_fiber         Speed of light in standard single-mode optical
                   fibre, approximately 2/3 * c_vacuum,
                   i.e., approximately 2e8 m/s.

   sigma_NTP       Per-vantage NTPv4 synchronisation error.  Under
                   MVPS axiom A1 the joint skew satisfies
                   2 * sigma_NTP + tau_RTT_max < T_tick.

   Feasible        The set of positions consistent with all RTT
   Location Set    measurements to anchor set {a_i}, given timing
   (F_v)           precision sigma_geo = RTT_floor * c_fiber / 2.

   Delta_mpls      Correction term introduced by an MPLS tunnel
                   on the path from a vantage to an anchor.
                   Zero for explicit/implicit tunnels; bounded
                   for opaque; potentially unbounded for invisible.

   LER             Label Edge Router: the ingress (iLER) or egress
                   (eLER) router of an MPLS Label-Switched Path.

   LSR             Label Switching Router: an intermediate router
                   inside an MPLS LSP.

   DPR             Direct Path Revelation: probing technique of
                   [Vanaubel-2017] for revealing IP hops hidden
                   inside invisible MPLS tunnels.

   BRPR            Backward Recursive Path Revelation: recursive
                   probing technique of [Vanaubel-2017].

   TNT             Traceroute for Network Tunnels: implementation
                   of DPR and BRPR in [Luttringer-2020].

   AReST           Advanced Revelation of Segment Routing Tunnels:
                   tool for SR-MPLS tunnel revelation [Dekinder-2025].

   MVPS-A1..A5     The five structural axioms of the MVPS
                   architecture [I-D.melegassi-iab-mvps-architecture].

   T2              Theorem 2 of [v4-proof]: the Mahalanobis D^2
                   chi-squared coherence test with FAR control.


Melegassi                Expires 28 November 2026               [Page 4]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


3.  MPLS Tunnel Taxonomy

3.1.  Four Canonical Types

   The following classification is due to [Donnet-2012], with the
   opaque type subsequently revised and refined in [Vanaubel-2017]
   and further replicated at Internet scale in [Huddleston-2025].

   Two binary features determine the visibility of an MPLS LSP
   to traceroute:

     Feature F1.  TTL-propagate.  Whether the ingress LER copies
                  the IP-TTL value into the MPLS LSE-TTL field
                  (ttl-propagate ON), or instead sets LSE-TTL
                  to 255 (ttl-propagate OFF, i.e., no-ttl-propagate).

     Feature F2.  RFC 4950 [RFC4950].  Whether LSRs include MPLS
                  label-stack information in their ICMP time-
                  exceeded messages.

   The four types are:

     Explicit (E).  F1 = ON, F2 = yes.
                    All LSRs inside the LSP respond to traceroute
                    and include MPLS labels in ICMP responses.
                    Full hop-by-hop visibility; semantic label
                    information available.
                    Delta_mpls = 0.

     Implicit (I).  F1 = ON, F2 = no.
                    LSRs respond to traceroute but appear as
                    ordinary IP routers (no label information).
                    RTT measurements are accurate.
                    Delta_mpls = 0.

     Opaque (O).    F1 = OFF, F2 = yes.
                    Ingress LER sets LSE-TTL = 255; LSRs do not
                    respond to traceroute probes; only the exit
                    hop (eLER) is visible.  However, the LSE-TTL
                    value returned by the eLER in its ICMP time-
                    exceeded message reveals the tunnel length:
                    n_hidden = 255 - LSE-TTL - 1.
                    Delta_mpls is bounded: see Section 5.2.

     Invisible (V). F1 = OFF, F2 = no (or RFC 4950 may be present
                    but without PHP/UHP response).
                    All LSRs inside the tunnel are completely
                    hidden.  The ingress LER appears as a direct
                    neighbour of the egress LER.  No length
                    information is available without revelation.
                    Delta_mpls is unbounded without DPR/BRPR.

3.2.  Prevalence (2025 Measurements)

   [Huddleston-2025] replicated the [Vanaubel-2017] large-scale
   MPLS study using 2025 vantage-point data.  Key findings:

   - At least 30% of Internet paths traverse at least one MPLS
     tunnel (consistent with [Donnet-2012]).

   - Invisible (PHP) tunnels remain the most problematic type;
     their fraction relative to total tunnels has remained
     consistent from 2019 to 2025 despite overall MPLS deployment
     declining.

   - Each invisible tunnel hides an average of 5.7 routers
     per tunnel (2025 data).

   - Explicit tunnels are partially replacing invisible UHP,
     implicit, and opaque tunnels, suggesting gradual improvement
     in traceroute transparency -- but not elimination.

   These figures establish that invisible MPLS tunnels are not a
   legacy pathology; they are a current, persistent property of
   the Internet that any vantage-localization scheme must account
   for.


Melegassi                Expires 28 November 2026               [Page 5]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


4.  Vantage Localization in MVPS

4.1.  MVPS Axiom A1 and the Tick-Lattice Constraint

   MVPS axiom A1 [I-D.melegassi-iab-mvps-architecture] requires
   that all vantages share a common tick lattice, i.e., that their
   clocks are synchronised to a common stratum with a joint skew
   bounded by:

      2 * sigma_NTP + tau_RTT_max  <  T_tick

   where sigma_NTP is the per-vantage NTPv4 synchronisation error
   (typically < 1 ms on a well-peered stratum-2 source),
   tau_RTT_max is the maximum observed RTT from any vantage to the
   NTP server, and T_tick is the measurement cadence (typically
   100 ms to 1 s in deployed MVPS bundles).

   This constraint has a direct implication for localization.  The
   minimum RTT from vantage v to any anchor a_i satisfies:

      RTT_min(v, a_i) >= 2 * D(p_v, p_{a_i}) / c_fiber

   where D(p, q) is the great-circle distance between positions
   p and q, and c_fiber is the speed of light in fibre (approx.
   2e8 m/s).  The inequality is tight for paths with no queuing
   delay and negligible processing delay.  Equality does not hold
   in practice due to routing indirectness, but RTT_min provides
   a hard lower bound.

   Note on A1 and timing precision:

      sigma_geo := RTT_floor * c_fiber / 2

   is the localization uncertainty attributable to timing noise
   and routing indirectness.  For sigma_NTP < 1 ms, sigma_geo <
   100 km -- a resolution appropriate for inter-city localization
   but not intra-city.  Sub-city localization requires additional
   probing (e.g., multi-anchor FRPLA [Vanaubel-2017]).

4.2.  Lemma L-GEO-1: RTT Localization Bound

   Scope note: L-GEO-1 is the idealised reference case in which
   no opaque or invisible MPLS tunnels intervene on any anchor
   path.  In the public Internet of 2025, Section 3.2 establishes
   that at least 30% of paths traverse some MPLS tunnel and
   invisible PHP tunnels remain prevalent; consequently L-GEO-1
   alone is rarely applicable outside controlled environments
   (data-centre fabrics, intra-AS measurement, audited IXP
   meshes).  In the public Internet, the operationally relevant
   form is L-MPLS-1 (Section 5), which extends L-GEO-1 to
   account for tunnel-induced corrections.

   LEMMA L-GEO-1 (RTT Localization Bound under Transparent Paths).

   Pre-conditions:
     (P1) M >= 3 anchors {a_1, ..., a_M} with known positions.
     (P2) All paths from vantage v to each a_i traverse only
          Explicit (E) or Implicit (I) tunnels (Delta_mpls = 0).
          See scope note above.
     (P3) Minimum RTT r_i = RTT_min(v, a_i) is measured over a
          calibration window of at least n_calib samples.

   Statement:
     Under P1..P3, the feasible location set of v is:

       F_v = INTERSECTION over i in {1..M} of
               Ball(a_i, r_i * c_fiber / 2 + sigma_geo)

     where Ball(c, r) denotes the set of positions within
     distance r of centre c.

     A vantage claiming position p_c with p_c NOT in F_v is
     LOCATION_INFEASIBLE.

   Proof sketch:
     Under P2, RTT_min(v, a_i) >= 2 * D(p_v, p_{a_i}) / c_fiber
     (Section 4.1).  Therefore D(p_v, p_{a_i}) <=
     r_i * c_fiber / 2.  Adding sigma_geo for timing noise
     (bounded by A1) gives p_v in Ball(a_i, r_i * c_fiber / 2 +
     sigma_geo) for all i.  The intersection over M >= 3 non-
     collinear anchors has bounded diameter (in R^3, three spheres
     in general position intersect in at most two points, and a
     fourth anchor resolves the ambiguity).  If p_c lies outside
     this intersection, then D(p_c, p_v) > 0 for all physically
     feasible p_v, proving infeasibility.

   Remark: P2 is the critical condition that Sections 5 and 6
   relax.  When invisible tunnels are present, r_i may
   undercount the true path length, inflating the apparent
   feasible set.

   Remark on scope: L-GEO-1 provides a one-sided geometric
   constraint -- it can REJECT positions whose distance to some
   anchor exceeds the RTT-derived ball radius, but it CANNOT
   reject positions that happen to fall inside every ball even
   though they differ from the true location.  Whether the
   intersection F_v actually discriminates p_c from p_r depends
   on the angular distribution of the anchors with respect to
   the line segment [p_r, p_c]; see Lemma L-GEO-1.1 below.

4.3.  Lemma L-GEO-1.1: Anchor Geometry for Discrimination

   LEMMA L-GEO-1.1 (Anchor Geometry).

   Pre-conditions:
     (P1') Same as L-GEO-1 pre-conditions P1..P3.
     (P4)  True position p_r and claimed position p_c with
           p_r != p_c.

   Statement:
     The feasible set F_v excludes p_c (i.e., L-GEO-1 detects
     the lie) if and only if there exists at least one anchor
     a_k such that:

        D(p_c, a_k)  >  RTT_min(v, a_k) * c_fiber / 2 + sigma_geo
                     >=  D(p_r, a_k)

     A sufficient geometric condition is that the anchor set
     {a_i} spans the sphere with enough angular diversity that
     for any two distinct candidate positions p, p' on the
     surface of Earth, there exists at least one a_k satisfying
     |D(p, a_k) - D(p', a_k)| > 2 * sigma_geo + Delta_mpls_max.

   Operational interpretation:
     The lemma quantifies what "non-collinear anchors" means in
     L-GEO-1.  Three anchors clustered in the same region (e.g.,
     all in Western Europe) leave a large feasible set that may
     contain both p_r and p_c.  Three anchors spanning continents
     (e.g., one each in North America, Europe, and East Asia)
     produce a smaller intersection that discriminates inter-
     continental displacement.  Intra-continental claims (e.g.,
     Miami vs. Newark) require either (a) anchors in multiple
     directions on the same continent, or (b) reliance on the
     MVPS coherence axes C_2 and C_3 (Theorem T-CAM-1) rather
     than L-GEO-1 alone.

   Proof:
     The biconditional is immediate from the definition of F_v
     (Lemma L-GEO-1, intersection over anchors of Ball(a_i, r_i
     * c_fiber/2 + sigma_geo)).  p_c is in F_v iff for every a_k,
     D(p_c, a_k) <= r_k * c_fiber/2 + sigma_geo.  The sufficient
     condition follows by triangle inequality applied to the pair
     (p_r, p_c).  QED.

   Recommendation: Operators SHOULD select anchors so that at
   least one pair (a_j, a_k) satisfies D(a_j, a_k) > D(p_r, p_c)
   for the smallest geographic displacement the operator wishes
   to detect.  For inter-city detection at city-pair scale
   (~1000 km), at least three anchors with mutual distances
   above 2000 km are required.


Melegassi                Expires 28 November 2026               [Page 6]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


5.  MPLS Camouflage Vulnerability

   When one or more MPLS tunnels of type Opaque (O) or Invisible
   (V) lie on the path from vantage v to anchor a_i, the RTT
   measured at the probe source is the full end-to-end RTT from
   source to eLER.  However, the TOPOLOGY inferred from the
   traceroute hop sequence is false: intermediate LSRs are absent,
   making the iLER appear as the direct neighbour of the eLER.

   An adversary exploiting this property can:

     (Attack-A)  Place vantage v behind an invisible MPLS tunnel
                 at geographic position p_r while declaring
                 claimed position p_c = p_{iLER}, i.e., the
                 position of the ingress LER.  External probes
                 will observe RTT(source, eLER) = RTT(source, v)
                 without detecting the tunnel, and the false
                 topology will show a direct link from iLER to v.

     (Attack-B)  Use PHP (Penultimate Hop Popping) within an
                 invisible tunnel to cause the second-to-last LSR
                 to decrement the MPLS TTL instead of the eLER,
                 preventing the eLER from sending an RFC 4950
                 response.  This defeats opaque-tunnel detection
                 at the eLER, converting an opaque to a fully
                 invisible tunnel from the measurement side.

5.1.  Lemma L-MPLS-1: MPLS Camouflage Correction

   LEMMA L-MPLS-1 (MPLS Camouflage Vulnerability).

   Let P(v, a_i) be the set of MPLS tunnel segments on the path
   from vantage v to anchor a_i.  For each tunnel segment t in
   P(v, a_i), let type(t) in {E, I, O, V} be its Donnet type,
   and n_h(t) be the number of hidden hops (zero for E and I).

   Define the per-anchor correction:

      Delta_mpls(v, a_i) :=
        SUM over t in P(v, a_i) where type(t) in {O, V} of
          n_h(t) * RTT_min_hop

   where RTT_min_hop is the minimum propagation delay attributable
   to a single router hop.  The choice of RTT_min_hop materially
   affects the magnitude of Delta_mpls and therefore the size of
   the corrected feasible set F_v^mpls.  Operators MUST select
   RTT_min_hop using a defensible derivation; this document
   recommends the following calibration procedure:

     (a) Estimate the per-hop propagation floor from the
         operator's own measurement infrastructure.  For a
         representative sample of EXPLICIT (type-E) MPLS
         tunnels of known hop count n on the same anchor
         pool, compute per_hop_floor := median over tunnels
         of (RTT_explicit / n).  Typical values observed in
         large-scale measurement (CAIDA Ark, RIPE Atlas) fall
         in the range 0.5-2 ms for co-located rack-to-rack
         hops and 2-5 ms for inter-PoP hops within the same
         metropolitan area.

     (b) Choose RTT_min_hop as the 10th percentile of the
         per_hop_floor distribution.  Choosing a low percentile
         is CONSERVATIVE for L-MPLS-1: it gives the adversary
         the maximum benefit of the doubt by subtracting the
         largest plausible Delta_mpls, shrinking F_v^mpls as
         little as possible.

     (c) Re-calibrate RTT_min_hop quarterly or whenever the
         operator's anchor topology changes materially.

   When operator-specific calibration is not available, this
   document specifies RTT_min_hop = 2 ms as a default.  This
   default is justified as the approximate 10th percentile of
   the per-hop floor distribution reported in [Huddleston-2025]
   Table 4 for invisible-tunnel intra-tunnel hop counts in 2025
   IPv4 measurements.  Operators using the default SHOULD
   document this choice in their MVPS deployment notes; the
   default is NOT a normative constant of this specification.

   Then the corrected feasible-location set under MPLS is:

      F_v^mpls = INTERSECTION over i in {1..M} of
                   Ball(a_i, (r_i + Delta_mpls(v, a_i))
                              * c_fiber / 2 + sigma_geo)

   For type O tunnels:
     n_h(t) is observable from the LSE-TTL value returned by the
     eLER (Section 3.1).  Delta_mpls is bounded and computable.
     F_v^mpls is a superset of F_v but remains bounded.

   For type V tunnels:
     n_h(t) is unknown without DPR/BRPR/TNT revelation.
     In the worst case n_h(t) is unbounded (255 - 1 hops maximum
     in a single LSP label stack), so F_v^mpls degenerates to an
     unbounded set: L-GEO-1 cannot guarantee localisation.

5.2.  Per-Type Analysis

     Type   F1   F2    Delta_mpls    L-GEO-1 intact?
     -----  ---  ---   ----------    ---------------
     E      ON   yes   0             YES
     I      ON   no    0             YES
     O      OFF  yes   bounded       YES (superset, bounded)
     V      OFF  any   unbounded*    NO (without revelation)

   * Unless DPR/BRPR/TNT probing reveals n_h(t); see Section 8.

   Corollary L-MPLS-1.1 (Implicit PHP Attack).  The PHP variant
   of an invisible tunnel (Attack-B, Section 5) converts an
   operationally opaque tunnel into a type-V tunnel from the
   MEASUREMENT perspective, making n_h(t) unobservable via
   standard ICMP LSE-TTL inspection.  DPR is required to recover
   n_h(t).

   Operational impact: In the 2025 replication study [Huddleston-2025],
   invisible PHP tunnels hid an average of 5.7 hops per tunnel.
   At RTT_min_hop = 2 ms per hop, Delta_mpls = 11.4 ms per
   invisible tunnel, corresponding to a false position credit of
   approximately 1140 km per invisible tunnel.  An adversary
   traversing three invisible tunnels in series could mask
   geographic displacement exceeding 3400 km -- effectively
   spanning a continent -- while appearing legitimate to any
   localization scheme that does not perform tunnel revelation.


Melegassi                Expires 28 November 2026               [Page 7]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


6.  MVPS-Aware Camouflage Detection

6.1.  Theorem T-CAM-1: Detection via Coherence Test

   THEOREM T-CAM-1 (MPLS-Aware Camouflage Detection).

   Pre-conditions:
     (Q1) MVPS bundle with N >= 3 vantages; vantage v claims
          position p_c.
     (Q2) M >= 3 anchors with known positions and measured
          RTTs from v, calibrated over n_calib >= 18,500
          observations (MVPS operational contract OC3).
     (Q3) DPR/BRPR or TNT [Luttringer-2020] has been run on
          all paths from v to {a_i} and the revelation output
          has identified all type-V and type-O tunnel segments
          with their corrected n_h(t).
     (Q4) The corrected feasible set F_v^mpls (Lemma L-MPLS-1)
          has been computed.

   Statement:
     Let p_r be the true position of vantage v, and let
     p_c be its declared position.  If p_c NOT in F_v^mpls,
     then the MVPS chi-squared coherence test (Theorem 2 of
     [v4-proof]) detects the vantage as LOCATION_INFEASIBLE
     with probability at least 1 - epsilon, where epsilon
     satisfies the DKW bound [I13]:

          epsilon <= exp( - 2 * n_calib * gamma^2 )

     with gamma = (FAR_target / 2) and FAR_target the
     operator-chosen false alarm rate.  For FAR_target = 0.01
     and n_calib = 18,500, epsilon < 1e-9.

   Proof sketch:
     Under Q1..Q4, the corrected L-GEO-1 test (L-MPLS-1) maps
     p_c to LOCATION_INFEASIBLE.  This infeasibility manifests
     as a systematic offset in at least one coherence axis C_j
     (j in {1,2,3}): the RTT-based C_1 axis reports the
     ingress-to-egress RTT (which is physically consistent with
     p_{eLER}), while the path-topology inferred C_3 axis
     (Jaccard similarity on touched-object sets) is inconsistent
     with p_c, since the hidden hops DO influence the routing
     table of p_{eLER} even though they are invisible to
     traceroute.

     The joint Mahalanobis D^2 on (C_1, C_2, C_3) detects this
     inconsistency at threshold q_J (MVPS Theorem 2 + Theorem 4,
     [v4-proof]).  Calibration over n_calib samples bounds the
     FAR by the DKW inequality (Imported Result I13 of [v4-proof]).
     Both theorems inherit from the Architecture Invariance Theorem
     [I-D.melegassi-iab-mvps-architecture] since axioms A1..A5
     are satisfied by any vantage that participates in a valid
     MVPS bundle.  QED.

   Remark: The detection relies on C_3 (topological axis) being
   inconsistent.  If the adversary also spoofs the routing-table
   content of the eLER (not just its location), detection requires
   the Byzantine-robust extension described in Theorem 9 of
   [v4-proof], which bounds the adversarial bias on the centroid.

   Caveat T-CAM-1.A (Independence assumption).  The DKW bound
   I13 of [v4-proof] requires that the n_calib calibration
   observations be independent and identically distributed
   (i.i.d.).  An adversary aware of the calibration window can
   degrade the i.i.d. assumption by correlating tunnel activation
   with diurnal traffic patterns, BGP convergence events, or
   peering reconfigurations.  Operators SHOULD partition the
   calibration window across multiple non-overlapping epochs
   (recommendation: four 90-minute windows separated by at
   least 24 hours) and verify per-epoch FAR stability before
   asserting the global bound.

   Caveat T-CAM-1.B (Empirical FAR hypothesis).  Theorem 2 of
   [v4-proof] guarantees the chi-squared distribution of D^2
   under the conditions of axioms MVPS-A1..A3.  The realized
   false-alarm rate within +/- 25% of nominal is Hypothesis
   H3 of [v4-proof], which is empirically supported but NOT
   formally proven for non-Gaussian C(t) distributions
   (see [v4-proof] Section "Hypotheses for empirical
   validation").  The epsilon < 1e-9 figure quoted above
   inherits this empirical conditioning.  Operators with
   strict FAR requirements SHOULD validate Hypothesis H3 on
   a per-deployment basis using the DKW-bound test specified
   in [v4-proof] OC3, and tighten n_calib if observed FAR
   departs from nominal by more than 25%.

   Caveat T-CAM-1.C (Revelation soundness).  Pre-condition Q3
   assumes that TNT or AReST revelation produces accurate
   n_h(t).  As detailed in Section 10.1, this assumption fails
   under adversarial MPLS operators (Attacks C and D).  In
   such environments the effective epsilon is bounded by the
   minimum of the DKW bound and the revelation success
   probability, which must be characterized operationally.

6.2.  Corollary T-CAM-1.1: CWT Cross-Binding

   COROLLARY T-CAM-1.1 (CWT Cross-Binding).

   Under the CWT trust model [I-D.melegassi-santos-ippm-mvps-cwt],
   a vantage v that:

     (a) presents a valid CWT token (T-AUTH-CWT-1 is satisfied),
         AND
     (b) is flagged LOCATION_INFEASIBLE by the L-MPLS-1 test

   is classified as MPLS_CAMOUFLAGE_SUSPECTED.

   Rationale: CWT authentication establishes cryptographic identity
   of the measuring process; it does not authenticate the physical
   location.  A valid CWT token from a vantage at p_r, presented
   under a claimed location p_c NOT in F_v^mpls, is a combination
   that the CWT model cannot rule out but that the L-MPLS-1
   localization can.  The MPLS_CAMOUFLAGE_SUSPECTED label precisely
   captures this disjunction: "we cannot deny the identity, but
   physics denies the location."


Melegassi                Expires 28 November 2026               [Page 8]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


7.  Phase Taxonomy Extension

   The MVPS phase taxonomy, introduced in the base bundle
   [I-D.melegassi-ippm-mvps-bundle], is extended by this
   document with one new phase label and a new detection pathway.

   Revised MVPS phase taxonomy (phase labels ordered by severity):

     COHERENT
       Normal operation.  D^2 < q_J.  L-GEO-1 passes.

     DRIFTING
       Coherence degrading.  D^2 approaching q_J.
       L-GEO-1 passes.

     LOCATION_CONSISTENT
       L-GEO-1: claimed position p_c IN F_v.
       Revelation: no invisible tunnels detected on anchor paths.

     LOCATION_MARGINAL
       L-GEO-1: p_c within sigma_geo of boundary of F_v.
       Revelation: no invisible tunnels, but path is MPLS-rich.
       Operator should increase anchor count to M >= 5.

     MPLS_CAMOUFLAGE_SUSPECTED  [NEW -- this document]
       L-MPLS-1: invisible or opaque tunnels found on anchor paths.
       Corrected F_v^mpls excludes p_c.
       CWT: authentication status may be valid or invalid.
       ACTION: Run DPR/BRPR on all anchor paths; if revelation
               confirms n_h(t) and p_c remains outside F_v^mpls,
               escalate to CAMOUFLAGE_CONFIRMED.

     CAMOUFLAGE_SUSPECTED
       L-GEO-1: p_c NOT in F_v (no MPLS tunnels involved).
       CWT: authentication valid (identity present but location
            physically infeasible without tunneling).

     SPOOFED_VANTAGE
       L-GEO-1/L-MPLS-1: p_c outside feasible set.
       CWT: authentication INVALID.
       Full rejection; remove vantage from bundle.

   The ordering is informational; operators may choose their own
   escalation policy.  The MVPS phase state machine
   [I-D.melegassi-ippm-mvps-bundle] treats any phase from
   MPLS_CAMOUFLAGE_SUSPECTED upward as requiring operator
   intervention.


Melegassi                Expires 28 November 2026               [Page 9]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


8.  Tunnel Revelation Integration

8.1.  DPR and BRPR (Classical MPLS)

   [Vanaubel-2017] introduced two techniques for revealing IP hops
   hidden inside invisible MPLS tunnels.

   Direct Path Revelation (DPR):
     DPR sends probes with systematically decremented MPLS TTL
     values toward the tunnel, causing individual LSRs to issue
     ICMP time-exceeded messages.  The source IP addresses of
     these messages reveal the hidden hops in forward order.
     DPR requires that the measurement vantage be co-located with
     (or close to) the iLER, so that it can manipulate the MPLS
     label stack.

   Backward Recursive Path Revelation (BRPR):
     BRPR uses traceroute probes from the OUTSIDE toward the
     tunnel egress, with TTL values set to exactly reach each
     hidden LSR from the probe source.  This does not require
     access to the iLER.  BRPR is iterative: it discovers hops
     one by one from the eLER backward.

   For the MVPS vantage-localization use case, BRPR is the
   preferred technique because:

     (a) The measurement point (probe source) is NOT inside the
         tunnel (the adversary's tunnel is between the claimed
         vantage and the anchor).
     (b) BRPR requires only standard traceroute probing capability
         from the probe source, with no access to the iLER.

   Once revelation is complete, n_h(t) is known for each
   tunnel segment, Delta_mpls is computable, and the corrected
   feasibility test F_v^mpls can be evaluated (Theorem T-CAM-1,
   pre-condition Q3).

   TNT [Luttringer-2020] implements DPR and BRPR in a single
   tool (forked from scamper [scamper]).  It is the recommended
   implementation for integrating tunnel revelation into an MVPS
   measurement pipeline.

8.2.  AReST Integration (Segment Routing)

   As operators migrate from classical MPLS LSPs to Segment
   Routing (SR-MPLS and SRv6), the tunnel-camouflage threat
   surface migrates with them.  SR-MPLS tunnels can exhibit
   the same visibility categories as classical MPLS tunnels,
   depending on SID type and TTL propagation configuration.

   [Dekinder-2025] (AReST -- Advanced Revelation of Segment
   Routing Tunnels) extends the revelation corpus to SR-MPLS
   infrastructure.  For MVPS vantage-localization purposes,
   AReST provides the same output as TNT: the revealed list
   of hidden hops for each SR tunnel segment on the anchor
   paths.

   The integration is mechanical: replace the TNT revelation
   step in pre-condition Q3 of Theorem T-CAM-1 with AReST
   for SR-MPLS paths.  All other steps, including the
   L-MPLS-1 correction and the T-CAM-1 coherence test,
   are unchanged.

   Forward compatibility note: this document recommends that
   MVPS implementations maintain a revelation backend
   abstraction that can be satisfied by either TNT (classical
   MPLS) or AReST (SR-MPLS/SRv6), with the backend selected
   based on the MPLS label type observed in the Explicit-tunnel
   responses on anchor paths.


Melegassi                Expires 28 November 2026              [Page 10]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


9.  Deployment Considerations

   9.1.  Anchor Selection

      For the L-GEO-1 and L-MPLS-1 bounds to be useful, anchors
      must satisfy three properties:

        (i)   Known geographic position, independently verifiable
              (e.g., RIPE Atlas site data, published IXP location).
        (ii)  Paths from the vantage under test to each anchor are
              route-stable over the calibration window.
        (iii) Anchors are geographically distributed, not co-located
              in the same facility.

      Suitable anchor pools: RIPE Atlas anchors (globally
      distributed, publicly queryable, route-stable by design),
      CAIDA Ark vantage points, or IXP route-server addresses
      published in the PeeringDB database.

   9.2.  Calibration Window

      n_calib >= 18,500 observations (MVPS OC3) yields
      epsilon < 1e-9 in Theorem T-CAM-1 at FAR_target = 0.01.
      At a 1-second measurement cadence, this requires
      approximately 5.1 hours of continuous measurement.
      Operators SHOULD run an initial calibration phase of
      at least 6 hours before treating MVPS_CAMOUFLAGE_SUSPECTED
      labels as actionable.

   9.3.  Revelation Frequency

      TNT/BRPR probing is heavier than normal MVPS path probing.
      Operators SHOULD run revelation on:
        (a) Initial vantage enrollment.
        (b) After any BGP route change that affects anchor paths.
        (c) At a low-frequency periodic interval (e.g., weekly)
            to detect newly deployed tunnels.


Melegassi                Expires 28 November 2026              [Page 11]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


10.  Security Considerations

   An adversary with access to MPLS-capable infrastructure can
   deploy invisible tunnels to camouflage the true geographic
   position of an MVPS vantage.  The techniques in this document
   detect such camouflage but do NOT prevent it.  Prevention
   requires either:

     (a) Operator-side enforcement of ttl-propagate on all
         MPLS edges (eliminating invisible tunnels), or
     (b) Cryptographic location attestation (e.g., hardware-
         anchored GPS or eLoran timestamps) that is independent
         of network-layer path measurement.

   Neither (a) nor (b) is proposed in this document; they are
   operational choices outside the MVPS framework.

   The Byzantine-robust extension (Theorem 9 of [v4-proof])
   provides additional protection when the adversary also
   manipulates the routing-table content of the compromised
   vantage.  Operators facing sophisticated adversaries SHOULD
   also deploy the geometric-median centroid estimator (MVPS
   Design D9(ii)) and enforce N >= 3f + 1 vantages, where f is
   the maximum number of Byzantine vantages the operator wishes
   to tolerate.  Pre-condition Q1 of Theorem T-CAM-1 (N >= 3)
   is the geometric minimum for localization, NOT the Byzantine
   minimum; see Section 10.4 below.

10.1.  Limitations of DPR/BRPR/TNT under Adversarial Operators

   Theorem T-CAM-1 pre-condition Q3 assumes that DPR, BRPR, or
   TNT [Vanaubel-2017] [Luttringer-2020] revelation correctly
   identifies hidden hops n_h(t) for every tunnel segment.  This
   assumption is sound when the MPLS operator merely CONCEALS
   tunnel topology (the threat model under which DPR/BRPR were
   originally analysed) but is NOT sound when the operator is
   itself the adversary.

   Specifically, an adversary who controls the MPLS infrastructure
   can:

     (Attack-C) Forge ICMP time-exceeded responses.  DPR and BRPR
                rely on receiving ICMP responses from intermediate
                LSRs.  Source IP, TTL value, and timestamps in
                these responses are not authenticated.  An
                adversarial LSR can fabricate responses consistent
                with a benign tunnel topology, causing TNT to
                report a smaller n_h(t) than the true value.

     (Attack-D) Suppress revelation probes.  An adversary can
                rate-limit or drop probes whose pattern matches
                known DPR/BRPR signatures, leaving the defender
                with no observation at all (which under Q3 must
                be treated as "no tunnel found", a soft failure
                of the test).

   This document does NOT solve Attack-C or Attack-D.  Operators
   deploying T-CAM-1 in environments where the on-path MPLS
   operator may be adversarial SHOULD:

     (i)  Run revelation from multiple geographically and
          administratively independent probe sources, accepting
          n_h(t) only when at least two independent sources
          report values within tolerance.
     (ii) Augment T-CAM-1 with the CWT trust binding
          (Corollary T-CAM-1.1) so that a forged revelation
          report cannot in itself validate a forged vantage.
     (iii) Treat absence of revelation response (Attack-D) as
           equivalent to "invisible tunnel suspected" rather
           than "no tunnel".

   Limitation note: even with mitigations (i)-(iii), an adversary
   who controls the entire forwarding path between vantage and
   anchor remains outside the protection envelope of this
   document.  Such adversaries require physical-layer attestation
   (Security Considerations (b)) which is out of scope here.

10.2.  RTT Inflation Attack (Dual of Camouflage)

   The MPLS camouflage analysed in Sections 5 and 6 is the case
   where invisible tunnels HIDE distance, causing the apparent
   feasible set F_v to undercount the true path length.  The
   symmetric "RTT inflation" attack is the case where the
   adversary INFLATES the measured RTT to claim a distant
   location.

   Mechanisms for RTT inflation include:

     - Kernel-side deterministic delay injection in the
       vantage's TCP/UDP probe response path.
     - BGP path prepending to force a longer AS path.
     - Routing through a deliberately distant intermediate hop
       under operator control.

   Lemma L-MPLS-1 does not detect inflation because Delta_mpls
   only SUBTRACTS hidden-hop time from the measured RTT; it never
   challenges measured RTT as anomalously large.  An adversary at
   true position p_r who inflates RTT(v, a_i) by tau_inflate
   appears to occupy a Ball(a_i, (r_i + tau_inflate) * c_fiber /
   2) which can extend to a falsely distant p_c.

   Detection of inflation requires two complementary techniques
   not formalized in this document:

     - Multi-anchor RTT consistency: comparing measured RTT
       to the minimum RTT predicted by the speed-of-light floor
       2 * D(p_c, a_i) / c_fiber.  Excessive ratio measured/
       floor across multiple anchors is suspect.
     - Cross-stratum NTP/PTP timing audit: an adversary inflating
       RTT generally also inflates timestamps at the wire, which
       can be detected by comparing to an external time reference
       (e.g., GPS PPS or NIST stratum-1).

   Operators SHOULD treat both camouflage (this document) and
   inflation (this section) as a coupled threat surface and
   deploy detection for both.  A "Lemma L-INFL-1" formalizing
   inflation detection is left to a future document.

10.3.  PHP Tunnel Coverage Gap

   Corollary L-MPLS-1.1 (Section 5) notes that a PHP (Penultimate
   Hop Popping) configuration converts an operationally opaque
   tunnel into a type-V tunnel from the measurement perspective,
   requiring DPR to recover n_h(t).  However, DPR requires that
   the measurement source be CO-LOCATED with (or have privileged
   access to) the ingress LER of the tunnel under inspection
   [Vanaubel-2017].

   In an adversarial scenario the defender does NOT have access
   to the adversary's iLER, by construction.  Hence:

     - BRPR can be attempted from the defender's side; it
       partially recovers n_h(t) for type-V tunnels but its
       success rate degrades when PHP is combined with selective
       label-stack popping.
     - TNT, which implements both DPR and BRPR, is constrained
       to its BRPR mode in this case.

   Operators facing PHP-rich adversarial environments SHOULD:

     (i)  Increase n_calib and tighten FAR_target to compensate
          for the increased revelation uncertainty.
     (ii) Treat any anchor path showing PHP-suspect ICMP
          response patterns as inflating Delta_mpls to its
          worst-case bound (n_h(t) = 17 hops, the 99th-percentile
          observed in [Huddleston-2025]) rather than the average.
     (iii) Prefer anchors connected via SR-MPLS or SRv6
           infrastructure where AReST [Dekinder-2025] applies,
           since AReST's revelation primitives operate on the
           segment list rather than relying on LER-side label
           manipulation.

10.4.  Pre-condition Alignment with Byzantine Bound

   Pre-condition Q1 of Theorem T-CAM-1 requires N >= 3 vantages.
   This is the GEOMETRIC minimum for trilateration.  The MVPS
   architecture also imposes a BYZANTINE minimum of N >= 3f + 1
   for resilience against f compromised vantages (axiom MVPS-A5,
   Theorem 9 of [v4-proof]).  These two minima are independent:

     - For pure localization with f = 0 (trusted vantages,
       MPLS infrastructure may be hostile), N = 3 suffices.
     - For localization with f = 1 (one vantage may be
       compromised in addition to MPLS hostility), N >= 4.
     - For localization with f = 2, N >= 7.

   Operators MUST select N as the maximum of the geometric and
   Byzantine minima for their threat model.  This document's
   probability bound (epsilon < 1e-9 with n_calib = 18,500,
   FAR_target = 0.01) assumes N satisfies BOTH minima.


11.  IANA Considerations

   This document has no IANA actions.


12.  Acknowledgments

   This document would not exist without the 14-year corpus of
   work on MPLS tunnel revelation by Benoit Donnet (Universite
   de Liege) and his collaborators.  The four-type taxonomy of
   MPLS tunnels (explicit, implicit, opaque, invisible), the DPR
   and BRPR revelation primitives, the TNT implementation, and
   the AReST extension to Segment Routing form the structural
   foundation on which Lemma L-MPLS-1 and Theorem T-CAM-1 are
   built.  In particular, [Donnet-2012], [Vanaubel-2017],
   [Luttringer-2020], and [Dekinder-2025] provide the
   measurement-theoretic vocabulary that makes the MVPS vantage-
   authentication problem tractable.  Any errors of formalisation
   or attribution in the present document are the author's own.

   The author also thanks the IPPM, INTAREA, and DISPATCH
   working groups for the discussions that shaped the MVPS
   architecture series referenced herein, and the Catellix
   engineering team for the validator scaffolding referenced
   in Appendix B.


Melegassi                Expires 28 November 2026              [Page 12]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


13.  References

13.1.  Normative References

   [I-D.melegassi-iab-mvps-architecture]
              Melegassi, L., "Multi-Vantage Path Snapshot:
              Architecture Invariance Theorem", draft-melegassi-
              iab-mvps-architecture-00, May 2026.

   [I-D.melegassi-ippm-mvps-bundle]
              Melegassi, L., "Multi-Vantage Path Snapshot:
              Bundle Envelope and Coherence Algebra", draft-
              melegassi-ippm-mvps-bundle-00, May 2026.

   [I-D.melegassi-santos-ippm-mvps-cwt]
              Melegassi, L. and R. Santos, "Coherent-Witness
              Trust for MVPS Vantage Authentication", draft-
              melegassi-santos-ippm-mvps-cwt-00, May 2026.

   [RFC4950]  Bonica, R., Gan, D., Tappan, D., and C. Pignataro,
              "ICMP Extensions for Multiprotocol Label Switching",
              RFC 4950, DOI 10.17487/RFC4950, August 2007,
              <https://www.rfc-editor.org/rfc/rfc4950>.

   [v4-proof] Melegassi, L., "MVPS Mathematical Existence Proof
              -- Version 4.0", May 2026,
              <https://www.catellix.com/static/download/
              MVPS_MATHEMATICAL_EXISTENCE_PROOF_V4.txt>.

13.2.  Informative References

   [Donnet-2012]
              Donnet, B., Luckie, M., Merindol, P., and
              J.-J. Pansiot, "Revealing MPLS Tunnels Obscured
              from Traceroute", ACM Computer Communication
              Review, vol. 42, no. 2, pp. 87-93,
              DOI 10.1145/2185376.2185388, April 2012.

   [Vanaubel-2017]
              Vanaubel, Y., Merindol, P., Pansiot, J.-J., and
              B. Donnet, "Through the Wormhole: Tracking
              Invisible MPLS Tunnels", ACM Internet Measurement
              Conference (IMC 2017), DOI 10.1145/3131365.3131378,
              November 2017.

   [Luttringer-2020]
              Luttringer, J.-R., Vanaubel, Y., Merindol, P.,
              Pansiot, J.-J., and B. Donnet, "Let There Be
              Light: Revealing Hidden MPLS Tunnels with TNT",
              IEEE Transactions on Network and Service
              Management, vol. 17, no. 2, pp. 1239-1253,
              DOI 10.1109/TNSM.2019.2962278, June 2020.

   [Dekinder-2025]
              Dekinder, F., Vermeulen, K., and B. Donnet,
              "Autonomous Systems under AReST: Advanced
              Revelation of Segment Routing Tunnels",
              ACM Internet Measurement Conference (IMC 2025),
              DOI 10.1145/3730567.3764436, October 2025.

   [Huddleston-2025]
              Huddleston, J., Luckie, M., and A. Marder,
              "Replication: Characterizing MPLS Tunnels over
              Internet Paths", ACM Internet Measurement
              Conference (IMC 2025), 2025.

   [Poese-2011]
              Poese, I., Uhlig, S., Kaafar, M. A., Donnet, B.,
              and B. Gueye, "IP Geolocation Databases:
              Unreliable?", ACM Computer Communication Review,
              vol. 41, no. 2, pp. 53-56,
              DOI 10.1145/1971162.1971171, April 2011.

   [RFC5880]  Katz, D. and D. Ward, "Bidirectional Forwarding
              Detection (BFD)", RFC 5880,
              DOI 10.17487/RFC5880, June 2010.

   [scamper]  Luckie, M., "Scamper: A Scalable and Extensible
              Packet Prober for Active Measurement of the
              Internet", ACM Internet Measurement Conference
              (IMC 2010), 2010.

   [I13]      Massart, P., "The Tight Constant in the
              Dvoretzky-Kiefer-Wolfowitz Inequality",
              Annals of Probability, vol. 18, no. 3, 1990.


Melegassi                Expires 28 November 2026              [Page 13]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


Appendix A.  Worked Example: Invisible-Tunnel Attack

   This appendix illustrates Attack-A (Section 5) with concrete
   numbers, using the 2025 prevalence data from [Huddleston-2025].
   The scenario is constructed so that the attack defeats L-GEO-1
   in isolation but is caught by L-MPLS-1 after tunnel revelation;
   this is the regime where the contribution of this document is
   operationally significant.

   Note A.1 (Physics constraint).  Because RTT_min(v, a_i) >=
   2 * D(p_r, p_{a_i}) / c_fiber by Section 4.1, an adversary
   cannot REDUCE the measured RTT below the great-circle floor.
   Examples in which the adversary "appears closer" than physically
   possible are inadmissible.  The example below respects this
   floor: the adversary's true location p_r is closer to the anchor
   than the claimed location p_c, so MPLS inflation of the RTT is
   what creates room for the false claim.  See also the dual
   "RTT inflation" attack discussed in Section 10.2.

   Scenario:
     - Adversary places vantage v at p_r = Newark, NJ, USA.
     - Adversary claims vantage position p_c = Miami, FL, USA
       (e.g., to satisfy a regional SLA or geo-licensing
       requirement that demands a Southeast U.S. presence).
     - D(p_r, p_c) approximately 1750 km.
     - Anchor a_1 located in Chicago, IL.
     - D(Newark, Chicago) approximately 1170 km
       (physical RTT floor ~= 11.7 ms).
     - D(Miami, Chicago) approximately 2090 km
       (physical RTT floor ~= 20.9 ms).
     - One invisible MPLS tunnel on the path from v to a_1,
       hiding 5.7 hops (2025 average per tunnel, see Section 3.2).
     - RTT_min_hop = 2 ms (per-hop conservative estimate,
       see Section 5.1).

   Without revelation:
     - RTT(v, a_1) measured = 25 ms.
       This value is physically admissible: 25 ms > 11.7 ms
       (Newark-Chicago floor) AND 25 ms > 20.9 ms (Miami-Chicago
       floor), so neither location is geometrically rejected by
       RTT alone.  The adversary's true path (Newark -> MPLS LSP
       hiding 5.7 routers in a detour through Dallas -> Chicago)
       produces a higher RTT than the direct Newark-Chicago path
       would, plausibly attributable to BGP indirectness.
     - L-GEO-1 (uncorrected): F_v = Ball(Chicago,
       25 ms * c_fiber / 2 + sigma_geo) approx Ball(Chicago,
       2500 km).  Miami (at 2090 km from Chicago) is INSIDE F_v.
       Attack succeeds against L-GEO-1; vantage appears legitimate.

   After BRPR/TNT revelation:
     - One invisible tunnel detected on the Newark-Chicago path;
       5.7 hidden hops recovered by BRPR probing.
     - Delta_mpls(v, a_1) = 5.7 * 2 ms = 11.4 ms.
     - Corrected bound: (25 - 11.4) ms * c_fiber / 2 + sigma_geo
       approx Ball(Chicago, 1360 km).
     - Miami-Chicago distance = 2090 km > 1360 km.
     - p_c = Miami is NOT in F_v^mpls.
     - Vantage is flagged MPLS_CAMOUFLAGE_SUSPECTED.

   After MVPS coherence test:
     - C_3 (topological axis): Jaccard similarity on touched
       objects between the actual Newark-originated AS path
       and the AS path expected from a Miami-originated probe
       to Chicago.  Illustrative values (calibration-dependent;
       see Note A.2): typical co-located coherence approximately
       0.85 +/- 0.05; observed value approximately 0.30 +/- 0.10.
       D^2 > q_J at FAR_target = 0.01.
     - Phase escalates to CAMOUFLAGE_CONFIRMED.

   Note A.2 (Illustrative Jaccard values).  The values 0.85 and
   0.30 above are operationally typical for the BGP-AS topology
   of the U.S. East Coast as observed in CAIDA Ark and RIPE Atlas
   datasets (2024-2025).  They are NOT theoretical constants and
   MUST be re-calibrated per anchor pool and per measurement
   epoch before being used as decision thresholds.  See
   Section 9.2 and the MVPS calibration contract OC3
   [I-D.melegassi-ippm-mvps-bundle].

   The attack is defeated by the combination of:
     (1) TNT/BRPR tunnel revelation (Donnet's techniques), and
     (2) MVPS coherence test (Theorem 2 + Theorem 4 of [v4-proof]).

   The example is deliberately conservative (one tunnel, one
   anchor, modest geographic displacement).  Attacks involving
   multiple chained invisible tunnels or larger displacements
   produce proportionally larger Delta_mpls corrections and are
   easier to detect once revelation is performed.


Melegassi                Expires 28 November 2026              [Page 14]

Internet-Draft    MVPS Vantage Localization under MPLS         May 2026


Appendix B.  Validator Notes

   A companion validator is being developed at:

     scripts/validate_vantage_localization.py

   The validator takes as input:
     - Anchor positions {p_{a_i}} (lat/lon)
     - Measured RTTs {r_i} from vantage to each anchor
     - TNT/AReST revelation output (hidden hop counts per tunnel)
     - Claimed vantage position p_c

   It outputs:
     - F_v (L-GEO-1 feasible set, assuming transparent paths)
     - F_v^mpls (L-MPLS-1 corrected feasible set)
     - Membership of p_c in F_v and F_v^mpls
     - Phase label recommendation (from Section 7)
     - JSON receipt for SHA-256 verification

   The validator follows the same structure as
   scripts/validate_ixp_vantage.py (D-18) and is designed for
   exit-code 0 on PASS, 1 on FAIL.


Author's Address

   Leonardo Melegassi
   Catellix
   Andradina, SP
   Brazil
   Email: melegassi@catellix.com
   URI:   https://www.catellix.com
