A Region-Centric Analysis of the Internet Peering Ecosystem

The Internet is transitioning from a hierarchical structure to a flat structure where more and more networks participate in public peering at IXPs and private peering at interconnection facilities to increase performance and reduce transit costs. PeeringDB is a public online database containing information about IXPs, facilities, and networks participating at IXPs and facilities. In this paper, we perform an in-depth analysis of the PeeringDB data to gain an understanding of the public and private peering ecosystems in the five regions of the world (i.e., North America, Europe, Asia Pacific, Latin America, and Africa). We study how IXPs, facilities, and peering networks are distributed across the five regions. We also investigate how distribution of network business type, peering policy, and traffic level varies across the five regions. Our analysis provides a snapshot of the current state of the peering ecosystems in the five regions of the world and reveals the similarities and differences between these peering ecosystems

TRY plant trait database - enhanced coverage and open access

Plant traits-the morphological, anatomical, physiological, biochemical and phenological characteristics of plants-determine how plants respond to environmental factors, affect other trophic levels, and influence ecosystem properties and their benefits and detriments to people. Plant trait data thus represent the basis for a vast area of research spanning from evolutionary biology, community and functional ecology, to biodiversity conservation, ecosystem and landscape management, restoration, biogeography and earth system modelling. Since its foundation in 2007, the TRY database of plant traits has grown continuously. It now provides unprecedented data coverage under an open access data policy and is the main plant trait database used by the research community worldwide. Increasingly, the TRY database also supports new frontiers of trait-based plant research, including the identification of data gaps and the subsequent mobilization or measurement of new data. To support this development, in this article we evaluate the extent of the trait data compiled in TRY and analyse emerging patterns of data coverage and representativeness. Best species coverage is achieved for categorical traits-almost complete coverage for 'plant growth form'. However, most traits relevant for ecology and vegetation modelling are characterized by continuous intraspecific variation and trait-environmental relationships. These traits have to be measured on individual plants in their respective environment. Despite unprecedented data coverage, we observe a humbling lack of completeness and representativeness of these continuous traits in many aspects. We, therefore, conclude that reducing data gaps and biases in the TRY database remains a key challenge and requires a coordinated approach to data mobilization and trait measurements. This can only be achieved in collaboration with other initiatives

As reações brasileiras ao Caso Snowden: implicações para o estudo das Relações Internacionais em um mundo interconectado

Despite of the central role the Internet plays in cyberspace-related matters, it was only when Edward Snowden brought light to American-led digital espionage programs that Internet governance and cybersecurity agendas definitely converged. The Snowden Affairs increased the entropy within the broader Internet ecosystem and reignited political tensions that revolve around the US prominence within the narrower arena of critical Internet resources management. In this context, many countries have shown great concern regarding the governance of the Internet, and Brazil has gained a prominent role in the debate. This paper (a) summarizes the concerns arisen from Snowden's leaks and their general impacts over the Internet governance ecosystem; (b) tracks the policy actions undertaken by Brazil in the issue-area of Internet governance both before and after Snowden; and (c) details how Brazil seized the Snowden Affair as an opportunity to promote its broader political agenda internationally, fostering a more democratic and pluralistic Internet governance worldwide. In the end, the paper reflects upon the prospects for change in global Internet governance after the US government announced its intention to relinquish its privileged position vis-a-vis critical Internet resources. Apesar do papel central da Internet para a compreensão atual do ciberespaço, as agendas de governança da Internet e de cibersegurança apenas convergiram a partir das revelações de Edward Snowden sobre os programas de espionagem digital dos Estados Unidos. O Caso Snowden aumentou a entropia do complexo ecossistema da Internet, e reacendeu tensões a respeito da proeminência americana na administração dos recursos críticos da Rede. Nesse contexto, muitos países demonstraram preocupações sobre o futuro da governança da Internet, e o Brasil ganhou destaque no debate. Este artigo (a) resume as preocupações oriundas do Caso Snowden e seus impactos gerais sobre o ecossistema de governança da Internet; (b) analisa as medidas políticas tomadas pelo Brasil no campo em questão, antes e depois dos vazamentos de Snowden; e (c) detalha como o Brasil utilizou o Caso para promover sua agenda política para governança da Rede internacionalmente, fomentando a adoção de um complexo de governança mais pluralístico e democrático. Ao fim, o texto reflete sobre as possibilidades de mudança no ecossistema de governança global da Internet após o anúncio da intenção estadunidense de renunciar seus privilégios na supervisão do funcionamento de recursos críticos da Rede.

A first look at the IP eXchange ecosystem

The IPX Network interconnects about 800 Mobile Network Operators (MNOs) worldwide and a range of other service providers (such as cloud and content providers). It forms the core that enables global data roaming while supporting emerging applications, from VoLTE and video streaming to IoT verticals. This paper presents the first characterization of this, so-far opaque, IPX ecosystem and a first-of-its-kind in-depth analysis of an IPX Provider (IPX-P). The IPX Network is a private network formed by a small set of tightly interconnected IPX-Ps. We analyze an operational dataset from a large IPX-P that includes BGP data as well as statistics from signaling. We shed light on the structure of the IPX Network as well as on the temporal, structural and geographic features of the IPX traffic. Our results are a first step in understanding the IPX Network at its core, key to fully understand the global mobile Internet.The work of Andra Lutu was supported by the EC H2020 Marie Curie Individual Fellowship 841315 (DICE)

Improving the accuracy of spoofed traffic inference in inter-domain traffic

Ascertaining that a network will forward spoofed traffic usually requires an active probing vantage point in that network, effectively preventing a comprehensive view of this global Internet vulnerability. We argue that broader visibility into the spoofing problem may lie in the capability to infer lack of Source Address Validation (SAV) compliance from large, heavily aggregated Internet traffic data, such as traffic observable at Internet Exchange Points (IXPs). The key idea is to use IXPs as observatories to detect spoofed packets, by leveraging Autonomous System (AS) topology knowledge extracted from Border Gateway Protocol (BGP) data to infer which source addresses should legitimately appear across parts of the IXP switch fabric. In this thesis, we demonstrate that the existing literature does not capture several fundamental challenges to this approach, including noise in BGP data sources, heuristic AS relationship inference, and idiosyncrasies in IXP interconnec- tivity fabrics. We propose Spoofer-IX, a novel methodology to navigate these challenges, leveraging Customer Cone semantics of AS relationships to guide precise classification of inter-domain traffic as In-cone, Out-of-cone ( spoofed ), Unverifiable, Bogon, and Unas- signed. We apply our methodology on extensive data analysis using real traffic data from two distinct IXPs in Brazil, a mid-size and a large-size infrastructure. In the mid-size IXP with more than 200 members, we find an upper bound volume of Out-of-cone traffic to be more than an order of magnitude less than the previous method inferred on the same data, revealing the practical importance of Customer Cone semantics in such analysis. We also found no significant improvement in deployment of SAV in networks using the mid-size IXP between 2017 and 2019. In hopes that our methods and tools generalize to use by other IXPs who want to avoid use of their infrastructure for launching spoofed-source DoS attacks, we explore the feasibility of scaling the system to larger and more diverse IXP infrastructures. To promote this goal, and broad replicability of our results, we make the source code of Spoofer-IX publicly available. This thesis illustrates the subtleties of scientific assessments of operational Internet infrastructure, and the need for a community focus on reproducing and repeating previous methods.A constatação de que uma rede encaminhará tráfego falsificado geralmente requer um ponto de vantagem ativo de medição nessa rede, impedindo efetivamente uma visão abrangente dessa vulnerabilidade global da Internet. Isto posto, argumentamos que uma visibilidade mais ampla do problema de spoofing pode estar na capacidade de inferir a falta de conformidade com as práticas de Source Address Validation (SAV) a partir de dados de tráfego da Internet altamente agregados, como o tráfego observável nos Internet Exchange Points (IXPs). A ideia chave é usar IXPs como observatórios para detectar pacotes falsificados, aproveitando o conhecimento da topologia de sistemas autônomos extraído dos dados do protocolo BGP para inferir quais endereços de origem devem aparecer legitimamente nas comunicações através da infra-estrutura de um IXP. Nesta tese, demonstramos que a literatura existente não captura diversos desafios fundamentais para essa abordagem, incluindo ruído em fontes de dados BGP, inferência heurística de relacionamento de sistemas autônomos e características específicas de interconectividade nas infraestruturas de IXPs. Propomos o Spoofer-IX, uma nova metodologia para superar esses desafios, utilizando a semântica do Customer Cone de relacionamento de sistemas autônomos para guiar com precisão a classificação de tráfego inter-domínio como In-cone, Out-of-cone ( spoofed ), Unverifiable, Bogon, e Unassigned. Aplicamos nossa metodologia em análises extensivas sobre dados reais de tráfego de dois IXPs distintos no Brasil, uma infraestrutura de médio porte e outra de grande porte. No IXP de tamanho médio, com mais de 200 membros, encontramos um limite superior do volume de tráfego Out-of-cone uma ordem de magnitude menor que o método anterior inferiu sob os mesmos dados, revelando a importância prática da semântica do Customer Cone em tal análise. Além disso, não encontramos melhorias significativas na implantação do Source Address Validation (SAV) em redes usando o IXP de tamanho médio entre 2017 e 2019. Na esperança de que nossos métodos e ferramentas sejam aplicáveis para uso por outros IXPs que desejam evitar o uso de sua infraestrutura para iniciar ataques de negação de serviço através de pacotes de origem falsificada, exploramos a viabilidade de escalar o sistema para infraestruturas IXP maiores e mais diversas. Para promover esse objetivo e a ampla replicabilidade de nossos resultados, disponibilizamos publicamente o código fonte do Spoofer-IX. Esta tese ilustra as sutilezas das avaliações científicas da infraestrutura operacional da Internet e a necessidade de um foco da comunidade na reprodução e repetição de métodos anteriores

On the importance of Internet eXchange Points for today's Internet ecosystem

Internet eXchange Points (IXPs) are generally considered to be the successors of the four Network Access Points that were mandated as part of the decommissioning of the NSFNET in 1994/95 to facilitate the transition from the NSFNET to the "public Internet" as we know it today. While this popular view does not tell the whole story behind the early beginnings of IXPs, what is true is that since around 1994, the number of operational IXPs worldwide has grown to more than 300 (as of May 2013), with the largest IXPs handling daily traffic volumes comparable to those carried by the largest Tier-1 ISPs, but IXPs have never really attracted any attention from the networking research community. At first glance, this lack of interest seems understandable as IXPs have apparently little to do with current "hot" topic areas such as data centers and cloud services or software defined networking (SDN) and mobile communication. However, we argue in this article that, in fact, IXPs are all about data centers and cloud services and even SDN and mobile communication and should be of great interest to networking researchers interested in understanding the current and future Internet ecosystem. To this end, we survey the existing but largely unknown sources of publicly available information about IXPs to describe their basic technical and operational aspects and highlight the critical differences among the various IXPs in the different regions of the world, especially in Europe and North America. More importantly, we illustrate the important role that IXPs play in today's Internet ecosystem and discuss how IXP-driven innovation in Europe is shaping and redefining the Internet marketplace, not only in Europe but increasingly so around the world.Comment: 10 pages, keywords: Internet Exchange Point, Internet Architecture, Peering, Content Deliver

Exchange Communication Point Modeling in the context of the Enterprise Architecture

It is important to understand the performance and operation of an Internet Exchange Point to improve the management, and to reduce the cost associated with implementation and the information shared. Enterprise Architecture supports the design of systems, according to the business domain processes, network infrastructure and all the different applications running. Existing Enterprise Architecture modelling languages only provide a general concept of a network and do not represent specific information such as the protocols used, the internet protocols or the network addresses used for sharing information. This paper proposes a set of new concepts and attributes to the technology layer of reference language (ArchiMate) to enhance the representation and management of the network infrastructure. The ArchiMate language extensions are then used in modelling two Case Studies of Internet Exchange Point implementation in the Portuguese Public Administration. It was possible to compute which services will have impact in case of failure