34 research outputs found
Measurement-based Protocol Design
Peer reviewedPostprin
Tracing Internet Path Transparency
This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No 688421, and was supported by the Swiss State Secretariat for Education, Research and Innovation (SERI) under contract number 15.0268. The opinions expressed and arguments employed reflect only the authors’ views. The European Commission is not responsible for any use that may be made of that information. Further, the opinions expressed and arguments employed herein do not necessarily reflect the official views of the Swiss Government.Peer reviewedPublisher PD
From Single Lane to Highways: Analyzing the Adoption of Multipath TCP in the Internet
Multipath TCP (MPTCP) extends traditional TCP to enable simultaneous use of
multiple connection endpoints at the source and destination. MPTCP has been
under active development since its standardization in 2013, and more recently
in February 2020, MPTCP was upstreamed to the Linux kernel.
In this paper, we provide the first broad analysis of MPTCPv0 in the
Internet. We probe the entire IPv4 address space and an IPv6 hitlist to detect
MPTCP-enabled systems operational on port 80 and 443. Our scans reveal a steady
increase in MPTCP-capable IPs, reaching 9k+ on IPv4 and a few dozen on IPv6. We
also discover a significant share of seemingly MPTCP-capable hosts, an artifact
of middleboxes mirroring TCP options. We conduct targeted HTTP(S) measurements
towards select hosts and find that middleboxes can aggressively impact the
perceived quality of applications utilizing MPTCP. Finally, we analyze two
complementary traffic traces from CAIDA and MAWI to shed light on the
real-world usage of MPTCP. We find that while MPTCP usage has increased by a
factor of 20 over the past few years, its traffic share is still quite low.Comment: Proceedings of the 2021 IFIP Networking Conference (Networking '21).
Visit https://mptcp.io for up-to-date MPTCP measurement result
An Observation-Based Middlebox Policy Taxonomy
peer reviewedRecent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, including enterprise networks and cellular networks. However, despite their undisputable success in modern network architecture, their actual impact on packets, traffic, and network performance is not that much understood. In this paper, we propose a path impairment oriented middlebox classification that aims at categorizing the initial purpose of a middlebox policy as well as its potential complications
A Longitudinal View at the Adoption of Multipath TCP
Multipath TCP (MPTCP) extends traditional TCP to enable simultaneous use ofmultiple connection endpoints at the source and destination. MPTCP has beenunder active development since its standardization in 2013, and more recentlyin February 2020, MPTCP was upstreamed to the Linux kernel. In this paper, weprovide an in-depth analysis of MPTCPv0 in the Internet and the first analysisof MPTCPv1 to date. We probe the entire IPv4 address space and an IPv6 hitlistto detect MPTCP-enabled systems operational on port 80 and 443. Our scansreveal a steady increase in MPTCPv0-capable IPs, reaching 13k+ on IPv4(2 increase in one year) and 1k on IPv6 (40 increase). MPTCPv1deployment is comparatively low with 100 supporting hosts in IPv4 andIPv6, most of which belong to Apple. We also discover a substantial share ofseemingly MPTCP-capable hosts, an artifact of middleboxes mirroring TCPoptions. We conduct targeted HTTP(S) measurements towards select hosts and findthat middleboxes can aggressively impact the perceived quality of applicationsutilizing MPTCP. Finally, we analyze two complementary traffic traces fromCAIDA and MAWI to shed light on the real-world usage of MPTCP. We find thatwhile MPTCP usage has increased by a factor of 20 over the past few years, itstraffic share is still quite low.<br
MUST, SHOULD, DON'T CARE: TCP Conformance in the Wild
Standards govern the SHOULD and MUST requirements for protocol implementers
for interoperability. In case of TCP that carries the bulk of the Internets'
traffic, these requirements are defined in RFCs. While it is known that not all
optional features are implemented and nonconformance exists, one would assume
that TCP implementations at least conform to the minimum set of MUST
requirements. In this paper, we use Internet-wide scans to show how Internet
hosts and paths conform to these basic requirements. We uncover a
non-negligible set of hosts and paths that do not adhere to even basic
requirements. For example, we observe hosts that do not correctly handle
checksums and cases of middlebox interference for TCP options. We identify
hosts that drop packets when the urgent pointer is set or simply crash. Our
publicly available results highlight that conformance to even fundamental
protocol requirements should not be taken for granted but instead checked
regularly
Detecting Middlebox Interference on Applications
PhDMiddleboxes are widely used in today’s Internet, especially for security and performance. Middleboxes
classify, filter and shape traffic, therefore interfering with application behaviour and
performing new network functions for end hosts. Recent studies have uncovered and studied
middleboxes in different types of networks.
In order to understand the middlebox interference on traffic flows and explore the involved ASes,
our methodology relies on a client-server architecture, to be able to observe both directions of
the middlebox interaction. Meanwhile, probing with increasing TTL values provides us chances
to inspect behaviour of middleboxes hop by hop.
Implementing our methodologies, we exploit a large-scale proxy infrastructure Luminati, to detect
HTTP-interacting middleboxes across the Internet. We collect a large-scale dataset from vantage
points distributed in nearly 10,000 ASes across 196 countries. Our results provide abundant
evidence for middleboxes deployed across more than 1000 ASes. We observe various middlebox
interference in both directions of traffic flows, and across a wide range networks, including
mobile operators and data center networks
Sundials in the Shade: An Internet-wide Perspective on ICMP Timestamps
ICMP timestamp request and response packets have been standardized for nearly
40 years, but have no modern practical application, having been superseded by
NTP. However, ICMP timestamps are not deprecated, suggesting that while hosts
must support them, little attention is paid to their implementation and use. In
this work, we perform active measurements and find 2.2 million hosts on the
Internet responding to ICMP timestamp requests from over 42,500 unique
autonomous systems. We develop a methodology to classify timestamp responses,
and find 13 distinct classes of behavior. Not only do these behaviors enable a
new fingerprinting vector, some behaviors leak important information about the
host e.g., OS, kernel version, and local timezone.Comment: Passive and Active Measurements (PAM) 201
LEVANTAMENTO E MAPEAMENTO DA DISTRIBUIÇÃO DE MIDDLEBOXES PRESENTES NA WORLD WIDE WEB SURVEY AND MAPPING OF MIDDLEBOX DISTRIBUTION IN THE WORLD WIDE WEB
Este trabalho visou investigar a ação de dispositivos, presentes em redes de computadores de forma geral, chamados middleboxes. Além disso a pesquisa visa trazer à luz, em forma de resultados, o impacto e a frequência de atuação desses dispositivos. A pesquisa se deu de forma ampla e global, avaliando diferentes modos de conexão, bem como testando a interação desses dispositivos com diversas caracterÃsticas dos dados que trafegam na rede mundial de computadores