Author Archives: Steve Uhlig

A Scalable VPN Gateway for Multi-Tenant Cloud Services

Mina Tahmasbi Arashloo, Pavel Shirshov, Rohan Gandhi, Guohan Lu, Lihua Yuan, Jennifer Rexford

Abstract

Major cloud providers offer networks of virtual machines with private IP addresses as a service on the cloud. To isolate the address space of different customers, customers are required to tunnel their traffic to a Virtual Private Network (VPN) gateway, which is typically a middlebox inside the cloud that internally tunnels each packet to the correct destination. To improve performance, an increasing number of enterprises connect directly to the cloud provider’s network at the edge, to a device we call the provider’s edge (PE). PE is a chokepoint for customer’s traffic to the cloud, and therefore a natural candidate for implementing network functions concerning customers’ virtual networks, including the VPN gateway, to avoid a detour to middleboxes inside the cloud.

At the scale of today’s cloud providers, VPN gateways need to maintain information for around a million internal tunnels. We argue that no single commodity device can handle these many tunnels while providing a high enough port density to connect to hundreds of cloud customers at the edge. Thus, in this paper, we propose a hybrid architecture for the PE, consisting of a commodity switch, connected to a commodity server which uses Data-Plane Development Kit (DPDK) for fast packet processing. This architecture enables a variety of network functions at the edge by offering the benefits of both hardware and software data planes. We implement a scalable VPN gateway on our proposed PE and show that it matches the scale requirements of today’s cloud providers while processing packets close to line rate.

Download the full article DOI: 10.1145/3211852.3211860

ex uno pluria: The Service-Infrastructure Cycle, Ossification, and the Fragmentation of the Internet

Mostafa Ammar

Abstract

In this article I will first argue that a Service-Infrastructure Cycle is fundamental to networking evolution. Networks are built to accommodate certain services at an expected scale. New applications and/or a significant increase in scale require a rethinking of network mechanisms which results in new deployments. Four decades-worth of iterations of this process have yielded the Internet as we know it today, a common and shared global networking infrastructure that delivers almost all services. I will further argue, using brief historical case studies, that success of network mechanism deployments often hinges on whether or not mechanism evolution follows the iterations of this Cycle. Many have observed that this network, the Internet, has become ossified and unable to change in response to new demands. In other words, after decades of operation, the Service-Infrastructure Cycle has become stuck. However, novel service requirements and scale increases continue to exert significant pressure on this ossified infrastructure. The result, I will conjecture, will be a fragmentation, the beginnings of which are evident today, that will ultimately fundamentally change the character of the network infrastructure. By ushering in a ManyNets world, this fragmentation will lubricate the Service-Infrastructure Cycle so that it can continue to govern the evolution of networking. I conclude this article with a brief discussion of the possible implications of this emerging ManyNets world on networking research.

Download the full article DOI: 10.1145/3211852.3211861

A Survey among Network Operators on BGP Prefix Hijacking

Pavlos Sermpezis, Vasileios Kotronis, Alberto Dainotti, Xenofontas Dimitropoulos

Abstract

BGP prefix hijacking is a threat to Internet operators and users. Several mechanisms or modifications to BGP that protect the Internet against it have been proposed. However, the reality is that most operators have not deployed them and are reluctant to do so in the near future. Instead, they rely on basic – and often inefficient – proactive defenses to reduce the impact of hijacking events, or on detection based on third party services and reactive approaches that might take up to several hours. In this work, we present the results of a survey we conducted among 75 network operators to study: (a) the operators’ awareness of BGP prefix hijacking attacks, (b) presently used defenses (if any) against BGP prefix hijacking, (c) the willingness to adopt new defense mechanisms, and (d) reasons that may hinder the deployment of BGP prefix hijacking defenses. We expect the findings of this survey to increase the understanding of existing BGP hijacking defenses and the needs of network operators, as well as contribute towards designing new defense mechanisms that satisfy the requirements of the operators.

Download the full article DOI: 10.1145/3211852.3211862

Thoughts and Recommendations from the ACM SIGCOMM 2017 Reproducibility Workshop

Damien Saucez, Luigi Iannone

Abstract

Ensuring the reproducibility of results is an essential part of experimental sciences, including computer networking. Unfortunately, as highlighted recently, a large portion of research results are hardly, if not at all, reproducible, raising reasonable lack of conviction on the research carried out around the world.

Recent years have shown an increasing awareness about reproducibility of results as an essential part of research carried out by members of the ACM SIGCOMM community. To address this important issue, ACM has introduced a new policy on results and artifacts review and badging. The policy defines the terminology to be used to assess results and artifacts but does not specify the review process or how to make research reproducible.

During SIGCOMM’17 a side workshop has been organized with the specific purpose to tackle this issue. The objective being to trigger discussion and activity in order to craft recommendations on how to introduce incentives for authors to share their artifacts, and the details on how to use them, as well as defining the process to be used.

This editorial overviews the workshop activity and summarizes the main discussions and outcomes.

Download the full article DOI: 10.1145/3211852.3211863

A Survey on Artifacts from CoNEXT, ICN, IMC, and SIGCOMM Conferences in 2017

Matthias Flittner, Mohamed Naoufal Mahfoudi, Damien Saucez, Matthias Wählisch, Luigi Iannone, Vaibhav Bajpai, Alex Afanasyev

Abstract

Reproducibility of artifacts is a cornerstone of most scientific publications. To improve the current state and strengthen ongoing community efforts towards reproducibility by design, we conducted a survey among the papers published at leading ACM computer networking conferences in 2017: CoNEXT, ICN, IMC, and SIGCOMM.

The objective of this paper is to assess the current state of artifact availability and reproducibility based on a survey. We hope that it will serve as a starting point for further discussions to encourage researchers to ease the reproduction of scientific work published within the SIGCOMM community. Furthermore, we hope this work will inspire program chairs of future conferences to emphasize reproducibility within the ACM SIGCOMM community as well as will strengthen awareness of researchers.

Download the full article DOI: 10.1145/3211852.3211864

The October 2017 Issue

Computer Communication Review (CCR) continues to promote reproducible research by encouraging the submission of papers providing artifacts (software, datasets, . . . ). As in the previous issue, all the accepted technical papers have released their artifacts. These artifacts will help other researchers to improve the results published in CCR by easily comparing their new ideas with those described in the related work.

As announced in the last issue, the CCR Online website, https://ccronline. sigcomm.org has been enhanced with a Community Comments section to encourage interactions between readers and authors. Several submitted articles have been posted in this section and I encourage you to look at them and provide constructive comments to their authors. Providing open and constructive comments is a nice way to be involved in the SIGCOMM community.

Three technical papers were accepted from the open call. In Measuring YouTube Content Delivery over IPv6 Vaibhav Bajpai et al. report on large scale measurements that compared the performance of Youtube over IPv4 and IPv6. As IPv6 gets widely deployed, it is interesting to study whether the two network stacks provide similar performance. They release both the measurement software and the collected dataset.

In Inside the Walled Garden: Deconstructing Facebook’s Free Basics Program, Rijurekha Sen et al. study the operation of Facebook’s recent Free Basics program in Pakistan and South Africa. Their software and measurement dataset will probably serve as a baseline for researchers who will explore the evolution of similar programs in the future. These artifacts have been significantly improved by the authors based on interactions with reviewers.

In Dissecting Last-mile Latency Characteristics Vaibhav Bajpai et al. use measurements on two different platforms to analyse the factors that influence the performance of access networks. They release both measurement scripts and datasets.

Two editorial papers report on recent workshops. In The 9th Workshop on Active Internet Measurements (AIMS-9) Re- port, kc Claffy and David Clark summarise the AIMS-9 workshop that was held in March 2017 at CAIDA. In Report on Net- working and Programming Languages 2017, Nikolaj Bjorner et al. summarise the SIGCOMM’17 NetPL workshop.

In addition to the papers accepted from the open call, this issue also contains the best papers from the SIGCOMM’17 workshops:

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online or by email at ccr-editor at sigcomm.org.

Olivier Bonaventure

CCR Editor

Measuring YouTube Content Delivery over IPv6

Vaibhav Bajpai, Saba Ahsan, Jürgen Schönwälder, Jörg Ott

Abstract

We measure YouTube content delivery over IPv6 using ∼100 SamKnows probes connected to dual-stacked networks representing 66 different origin ASes. Using a 34-months long (Aug 2014-Jun 2017) dataset, we show that success rates of streaming a stall-free version of a video over IPv6 have improved over time. We show that a Happy Eyeballs (HE) race during initial TCP connection establishment leads to a strong (more than 97%) preference over IPv6. However, even though clients prefer streaming videos over IPv6, we observe worse performance over IPv6 than over IPv4. We witness consistently higher TCP connection establishment times and startup delays (∼100 ms or more) over IPv6. We also observe consistently lower achieved throughput both for audio and video over IPv6. We observe less than 1% stall rates over both address families. Due to lower stall rates, bitrates that can be reliably streamed over both address families are comparable. However, in situations, where a stall does occur, 80% of the samples experience higher stall durations that are at least 1s longer over IPv6 and have not reduced over time. The worse performance over IPv6 is due to the disparity in the availability of Google Global Caches (GGC) over IPv6. The measurements performed in this work using the youtube test and the entire dataset is made available to the measurement community.

Download the full article DOI: 10.1145/3155055.3155057

Inside the Walled Garden: Deconstructing Facebook’s Free Basics Program

Rijurekha Sen, Sohaib Ahmad, Amreesh Phokeer, Zaid Ahmed Farooq, Ihsan Ayyub Qazi, David Choffnes, Krishna P. Gummadi
Abstract

Free Basics is a Facebook initiative to provide zero-rated web services in developing countries. The program has grown rapidly to 60+ countries in the past two years. But it has also seen strong opposition from Internet activists and has been banned in some countries like India. Facebook highlights the societal benefits of providing low-income populations with free Internet access, while detractors point to concerns about privacy and network neutrality.

In this paper, we provide the first independent analysis of such claims regarding the Free Basics service, using both the perspective of a Free Basics service provider and of web clients visiting the service via cellular phones providing access to Free Basics in Pakistan and South Africa.

Specifically, with control of both endpoints, we not only provide a more detailed view of how the Free Basics service is architected, but also can isolate the likely causes of network performance impairments. Our analysis reveals that Free Basics services experience 4 to 12 times worse network performance than their paid counterparts. We isolate the root causes using factors such as network path inflation and throttling policies by Facebook and telecom service providers.

The Free Basics service and its restrictions are designed with assumptions about users’ device capabilities (e.g., lack of JavaScript support). To evaluate such assumptions, we infer the types of mobile devices that generated 47K unique visitors to our Free Basics services between Sep 2016 and Jan 2017. We find that there are large numbers of requests from constrained WAP browsers, but also large fractions of high-capability mobile phones that send Free Basics requests.

We discuss the implications of our observations, with the hope to aid more informed debates on such telecom policies.

Download the full article DOI: 10.1145/3155055.3155058

Dissecting Last-mile Latency Characteristics

Vaibhav Bajpai, Steffie Jacob Eravuchira, Jürgen Schönwälder
Abstract

Recent research has shown that last-mile latency is a key network performance indicator that contributes heavily to DNS lookup and page load times. Using a month-long dataset collected from 696 residential RIPE Atlas probes and 1245 SamKnows probes, we measure last-mile latencies from 19 ISPs (RIPE Atlas) in the US and the EU, and 9 ISPs (SamKnows) in the UK. We show that DSL deployments not only tend to enable interleaving on the last-mile, but also employ multiple depth levels that change over time. We also witness that last-mile latency is considerably stable over time and not affected by diurnal load patterns. Unlike observations from prior studies, we show that cable providers in the US do not generally exhibit lower last-mile latencies when compared to that of DSL. We instead identify that last-mile latencies vary by subscriber location and show that last-mile latencies of cable providers in the US are considerably different across the US east and west coast. We further show that last-mile latencies vary depending on the access technology used by the DSL modem wherein VDSL deployments show last-mile latencies lower than ADSL1/ADSL2+ broadband speeds. The entire dataset and software used in this study is made available to the measurement community.

Download the full article DOI: 10.1145/3155055.3155059

The 9th Workshop on Active Internet Measurements (AIMS-9) Report

kc Claffy, David Clark
Abstract

For almost a decade” CAIDA has hosted its Workshop on Active Internet Measurements (AIMS-9). This workshop series provides a forum for stakeholders in Internet active measurement projects to communicate their interests and concerns, and explore cooperative approaches to maximizing the collective benefit of deployed infrastructure and gathered measurements. On 1-3 March 2017, CAIDA hosted the ninth Workshop on Active Internet Measurements (AIMS-9). Materials related to the workshop are at http://www.caida.org/workshops/aims/1703/.

 

Download the full article DOI: 10.1145/3155055.3155060