Author Archives: Olivier Bonaventure

The April 2018 Issue

This issue starts with two technical articles that provide artefacts. The first one, Scanning the Internet for Liveness, written by a team of eight researchers led by S. Bano uses the ZMap software to probe the IPv4 addressing space for Internet hosts that respond to different types of probes. They propose different liveness probes that use ICMP, TCP and UDP. Their scans of the IPv4 Internet revealed that different protocols (or ports for TCP/UDP) provide different results as different types of hosts respond or not to different types of probes. Furthermore, collecting ICMP error messages for the TCP and UDP probes is important to increase the coverage. The authors release their modification to ZMap that includes the proposed probes and data collected during their measurement campaigns.

The second technical paper that provides artefacts is A First Look at Certifi- cation Authority Authorization (CAA) was co-authored by eleven researchers led by Q. Scheitle. This is also a measurement paper that tries to understand how the Certification Authority Authorization (CAA) DNS record is actually used by Certification Authorities (CA), domain holders and DNS operators. This is a timely paper since RFC6844 mandates that CAs validate CAA records as of September 8, 2017. Their study reveals some anomalies for already-issued certificates and they provide some guidelines to improve the security impact of CAA. Their study continues and you can follow the updated results on https://caastudy. github.io. The authors release both the collected data and their analysis tools.

In our third technical paper, Towards Slack-Aware Networking, Fahad Dogar proposes a new architecture targeted at machine-to-machine communications where hosts could indicate some slack when transmitting packets to let the network optimise their delivery to reduce the consumption of network ressources. This new idea still needs to be implemented and validated but it could open new directions of research.

In addition to the technical papers, this issue also contains three editorial notes. In VANETs’ research over the past decade: overview, credibility, and trends, E. Caval- canti et al. provide a detailed survey of the research in Vehicular Ad hoc Networks (VANETs) during the last decade and analyse 283 papers according to different criterias. They release the collected data as paper artefacts. In Failures from the Environment, a Report on the First FAILSAFE workshop, M. Breza et al. summarise the FAILSAFE 2017 workshop held at the SenSys 2017 conference. Finally, I. Baldin et al. summarise in The Future of Distributed Network Research Infrastructure the lessons that they learned from the Global Environment for Network Innovations (GENI) infrastructure and provide several directions for future research projects.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online or by email at ccr-editor at sigcomm.org.

Olivier Bonaventure

CCR Editor

Scanning the Internet for Liveness

Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven J. Murdoch, Richard Mortier, Vern Paxson

Abstract

Internet-wide scanning depends on a notion of liveness: does a target IP address respond to a probe packet? However, the interpretation of such responses, or lack of them, is nuanced and depends on multiple factors, including: how we probed, how different protocols in the network stack interact, the presence of filtering policies near the target, and temporal churn in IP responsiveness. Although often neglected, these factors can significantly affect the results of active measurement studies. We develop a taxonomy of liveness which we employ to develop a method to perform concurrent IPv4 scans using ICMP, five TCP-based, and two UDP-based protocols, comprehensively capturing all responses to our probes, including negative and cross-layer responses. Leveraging our methodology, we present a systematic analysis of liveness and how it manifests in active scanning campaigns, yielding practical insights and methodological improvements for the design and the execution of active Internet measurement studies.

Download the full article DOI:10.1145/3213232.3213234

A First Look at Certification Authority Authorization (CAA)

Quirin Scheitle, Taejoong Chung, Jens Hiller, Oliver Gasser, Johannes Naab, Roland van Rijswijk-Deij, Oliver Hohlfeld, Ralph Holz, Dave Choffnes, Alan Mislove, Georg Carle

Abstract

Shaken by severe compromises, the Web’s Public Key Infrastructure has seen the addition of several security mechanisms over recent years. One such mechanism is the Certification Authority Authorization (CAA) DNS record, that gives domain name holders control over which Certification Authorities (CAs) may issue certificates for their domain. First defined in RFC 6844, adoption by the CA/B forum mandates that CAs validate CAA records as of September 8, 2017. The success of CAA hinges on the behavior of three actors: CAs, domain name holders, and DNS operators. We empirically study their behavior, and observe that CAs exhibit patchy adherence in issuance experiments, domain name holders configure CAA records in encouraging but error-prone ways, and only six of the 31 largest DNS operators enable customers to add CAA records. Furthermore, using historic CAA data, we uncover anomalies for already-issued certificates. We disseminated our results in the community. This has already led to specific improvements at several CAs and revocation of mis-issued certificates. Furthermore, in this work, we suggest ways to improve the security impact of CAA. To foster further improvements and to practice reproducible research, we share raw data and analysis tools.

Download the full article DOI:10.1145/3213232.3213235

Towards Slack-Aware Networking

Fahad R. Dogar

Abstract

We are moving towards an Internet where most of the packets may be consumed by machines — set-top-boxes or smart-phone apps prefetching content, Internet of Things (IoT) devices uploading their data to the cloud, or data centers doing geo-distributed replication. We observe that such machine centric communication can afford to have slack built into it: every packet can be marked as to when it will be consumed in future. Slack could be anywhere from seconds to hours or even days. In this paper, we make a case for slack-aware networking by illustrating slack opportunities that arise for a wide range of applications as they interact with the cloud and its pricing models (e.g., spot pricing). We also sketch the design of SlackStack, a network stack with explicit support for slack at multiple levels of the stack, from a slack-based interface to slack-aware optimizations at the transport and network layers.

Download the full article DOI:10.1145/3213232.3213236

VANETs’ research over the past decade: overview, credibility, and trends

Elmano Ramalho Cavalcanti, Jose Anderson Rodrigues de Souza, Marco Aurelio Spohn, Reinaldo Cezar de Morais Gomes, Anderson Fabiano Batista Ferreira da Costa

Abstract

Since its inception, Vehicular Ad hoc Networks (VANETs) have been attracting much attention from both academia and industry. As for other wireless networking areas, scientific advancements are mainly due to the employment of simulation tools and mathematical models. After surveying 283 papers published in the last decade on vehicular networking, we pinpoint the main studied topics as well the most employed tools, pointing out the changes in research subject preference over the years. As a key contribution, we also evaluate to what extent the research community has evolved concerning the principles of credibility in simulation-based studies, such as repeatability and replicability, comparing our results with previous studies.

Download the full article DOI:10.1145/3213232.3213237

Failures from the Environment, a Report on the First FAILSAFE workshop

Michael Breza, Ivana Tomic, Julie McCann

Abstract

This document presents the views expressed in the submissions and discussions at the FAILSAFE workshop about the common problems that plague embedded sensor system deployments in the wild. We present analysis gathered from the submissions and the panel session of the FAILSAFE 2017 workshop held at the SenSys 2017 conference. The FAILSAFE call for papers specifically asked for descriptions of wireless sensor network (WSN) deployments and their problems and failures. The submissions, the questions raised at the presentations, and the panel discussion give us a sufficient body of work to review, and draw conclusions regarding the effect that the environment has as the most common cause of embedded sensor system failures.

Download the full article DOI:10.1145/3213232.3213238

The Future of CISE Distributed Research Infrastructure

Ilya Baldin, Tilman Wolf, et al.

Abstract

The following paper represents an initial snapshot of the community vision for a possible future of CISE distributed research infrastructure aimed at enabling new types of research and discoveries. As such, it is only the first step in helping define this vision. It is expected that it will change over time as the research community contributes new ideas.

Download the full article DOI:10.1145/3213232.3213239

The January 2018 issue

Computer Communication Review (CCR) continues to promote reproducible re- search by encouraging the submission of papers providing artifacts (software, datasets, . . . ). The editorial board also evolves. Katherina Argyraki, Athina Markopoulos and Fabian Bustamante have stepped down after several years of service to our community. Thanks again for all your effort in handling papers submitted to CCR. I’m happy to announce that four new editors have agreed to serve the community : KC Claffy (CAIDA), Phillipa Gill (UMass), Anna Sperotto (University of Twente) and Hamed Haddadi (Imperial College).

The first three technical papers provide artefacts to enable other researchers to reproduce and expand their work. In Relaxing state-access constraints in stateful programmable data planes, C. Cascone and his colleagues propose a new model for pipelined stateful packet processing in hardware and evaluate this design with trace-driven simulations. They release their trace-driven simulator. In Towards a Rigorous Methodology for Measuring Adoption of RPKI Route Validation and Filtering, A. Reuter and his colleagues study interdomain routing security. After many discussions, the ISP community has agreed to deploy Route Origin Authorization (ROA) to improve the security of interdomain routing. As we are currently at the beginning of this deployment, little is known about how those ROAs are actually used by network operators. One question is whether network operators use ROAs to validate interdomain routes before accepting them. A. Reuter et al. first tried to reproduce a measurement methodology proposed in a recent paper that unfortunately did not release software or datasets. They explain why they could not succeed to repro- duce those results and propose a more accurate methodology that enables them to correctly identify which network operators validate ROAs. They release the source code for their methodology and have launched a companion website that tracks this deployment at https://rov.rpki.net.

In Open Connect Everywhere: A Glimpse at the Internet Ecosystem through the Lens of the Netflix CDN, T. Bottger and his colleagues analyse the role that Internet eXchange Points (IXPs) play in the deployment of a large content provider such as Netflix. K. Foerster et al. propose in Local Fast Failover Routing With Low Stretch new algorithms to reroute flows in case of failures. In Charting the Algorithmic Complexity of Waypoint Routing S. Amiri et al. provide an overview of algorithmic techniques to route flows through specific waypoints, e.g. to support Network Function Virtualisation. Finally, M. Arashloo et al. propose and evaluate A Scalable VPN Gateway for Multi-Tenant Cloud Services.

In addition to the technical papers, this issue also contains four editorial notes. The first editorial note, ex uno pluria: The Service-Infrastructure Cycle, Ossification, and the Fragmentation of the Internet, was initially written as a conference keynote by M. Ammar. In this note, he takes a step back and look at some examples of successful deployments of network services. He identifies the Service-Infrastructure Cycle as one of the reasons to explain the success of some network services. P. Sermpezis reports in A Survey among Network Operators on BGP Prefix Hijacking the results of a recent survey that will be of interest for researchers working on interdomain routing or security.

The last two editorial notes discuss the reproducibility of networking research. In Thoughts and Recommendations from the ACM SIGCOMM 2017 Reproducibility Workshop, D. Saucez and L. Iannone sum- marise the main conclusions of a workshop organised during SIGCOMM 2017. Finally, M. Flittner et al. analyse in A Survey on Artifacts from CoNEXT, ICN, IMC, and SIGCOMM Conferences in 2017 the artifacts re- leased by the authors of the papers published at CoNEXT, ICN, IMC and SIGCOMM last year. This survey shows that there is a growing interest in releasing artefacts within the broad SIGCOMM community.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online or by email at ccr-editor at sigcomm.org.

Olivier Bonaventure

CCR Editor

Relaxing state-access constraints in stateful programmable data planes

Carmelo Cascone, Roberto Bifulco, Salvatore Pontarelli, Antonio Capone

Abstract

Supporting programmable stateful packet forwarding functions in hardware requires a tight balance between functionality and performance. Current state-of-the-art solutions are based on a very conservative model that assumes worst-case workloads. This finally limits the programmability of the system, even if actual deployment conditions may be very different from the worst-case scenario.

We use trace-based simulations to highlight the benefits of accounting for specific workload characteristics. Furthermore, we show that relatively simple additions to a switching chip design can take advantage of such characteristics. In particular, we argue that introducing stalls in the switching chip pipeline enables stateful functions to be executed in a larger but bounded time without harming the overall forwarding performance. Our results show that, in some cases, the stateful processing of a packet could use 30x the time budget provided by state of the art solutions.

Download the full article DOI:10.1145/3211852.3211854

A longitudinal study of IP Anycast

Danilo Cicalese, Dario Rossi

Abstract

IP anycast is a commonly used technique to share the load of a variety of global services. For more than one year, leveraging a lightweight technique for IP anycast detection, enumeration and geolocation, we perform regular IP monthly censuses. This paper provides a brief longitudinal study of the anycast ecosystem, and we additionally make all our datasets (raw measurements from PlanetLab and RIPE Atlas), results (monthly geolocated anycast replicas for all IP/24) and code available to the community.

Download the full article DOI:10.1145/3211852.3211855