Category Archives: 2018

A Formally Verified NAT Stack

Solal Pirelli, Arseniy Zaostrovnykh, George Candea

Prior work proved a stateful NAT network function to be semantically correct, crash-free, and memory safe. Their toolchain verifies the network function code while assuming the underlying kernel-bypass framework, drivers, operating system, and hardware to be correct. We extend the toolchain to verify the kernel-bypass framework and a NIC driver in the context of the NAT. We uncover bugs in both the framework and the driver. Our code is publicly available.

Download the full article

The July 2018 issue

In May, the CCR Editorial board selects the two best papers that were published in the four previous issues (i.e. July 2017, October 2017, January 2018 and April 2018). For 2018, two measurement papers were chosen:

These two papers will be presented during the CCR session at SIGCOMM’18. Both papers have proposed a methodology, collected measurements and released artifacts to allow other researchers to reproduce and extend the paper results. CCR continues to encourage papers to release their artifacts by allowing them to be longer than six pages. SIGCOMM will do one further step to encourage the release of paper artifacts by the creation of an Artifacts Evaluation Committe that will organise the evaluation of the artifacts associated with papers accepted in CCR and the SIGCOMM sponsored conferences in 2018. The final details are still being discussed. They will be announced during SIGCOMM’18 and posted on

This issue starts with three technical articles. In Accelerating Network Measurement in Software, Y. Zhou, O. Alipourfard, M. Yu and T. Yang propose a new technique that leverages caching to improve network measurement software. They release the software
developed for the paper at

Our second technical paper looks at the BGP peerings and more precisely those maintained by the so called Hypergiants, i.e. the larget content providers and CDNs. T. Bottger, F. Cuadrado and S. Uhlig analyse in Looking for Hypergiants in PeeringDB the interconnections of those networks from IXP data. The authors also release the code and the dataset used to write their paper.

The third technical paper of this issue fo- cuses on the Domain Name System. R. AlDalky, M. Rabinovich and M. Allman propose and evaluate in Practical Challenge-Response for DNS a new technique that relies on challenge-responses to validate the authenticity of DNS requests.

In addition to the technical papers, this issue also contains three editorial notes. In Mosaic5G: Agile and Flexible Service Platforms for 5G Research, N. Nikaein, C. Chang and K. Alexandris describe Mosaic5G, an open-source software platform that can be used to create 5G networks. Given the buzz around 5G networks, I expect that many researchers will be interested by this platform. In NDN Host Model, H. Zhang, Y. Li, Z. Zhang, A. Afanasyev and L. Zhang discuss how the traditionnal host model must be reconsidered with Named Data Networking (NDN). Finally, KC Claffy, G. Huston and D. Clark summarise in Workshop on Internet Economics (WIE2017) Final Report the conclusions of a recent workshop that they organised.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online  or by email at ccr-editor at

Olivier Bonaventure

CCR Editor

Accelerating Network Measurement in Software

Yang ZhouOmid Alipourfard, Minlan YuTong Yang

Network measurement plays an important role for many network functions such as detecting network anomalies and identifying big flows. However, most existing measurement solutions fail to achieve high performance in software as they often incorporate heavy computations and a large number of random memory accesses. We present Agg-Evict, a generic framework for accelerating network measurement in software. Agg-Evict aggregates the incoming packets on the same flows and sends them as a batch, reducing the number of computations and random memory accesses in the subsequent measurement solutions. We perform extensive experiments on top of DPDK with 10G NIC and observe that almost all the tested measurement solutions under Agg-Evict can achieve 14.88 Mpps throughput and see up to 5.7× lower average processing latency per packet.

Download the full article

Looking for Hypergiants in PeeringDB

Timm Böttger, Felix Cuadrado, Steve Uhlig

Hypergiants, such as Google or Netflix, are important organisations in the Internet ecosystem, due to their sheer impact in terms of traffic volume exchanged. However, the research community still lacks a sufficiently crisp definition for them, beyond naming specific instances of them. In this paper we analyse PeeringDB data and identify features that differentiate hypergiants from the other organisations. To this end, we first characterise the organisations present in PeeringDB, allowing us to identify discriminating properties of these organisations. We then use these properties to separate the data in two clusters, differentiating hypergiants from other organisations. We conclude this paper by investigating how hypergiants and other organisations exploit the IXP ecosystem to reach the global IPv4 space.

Download the full article


Practical Challenge-Response for DNS

Rami Al-Dalky, Michael RabinovichMark Allman

Authoritative DNS servers are susceptible to being leveraged in denial of service attacks in which the attacker sends DNS queries while masquerading as a victim—and hence causing the DNS server to send the responses to the victim. This reflection off innocent DNS servers hides the attackers identity and often allows the attackers to amplify their traffic by employing small requests to elicit large responses. Several challenge-response techniques have been proposed to establish a requester’s identity before sending a full answer. However, none of these are practical in that they do not work in the face of “resolver pools”—or groups of DNS resolvers that work in concert to lookup records in the DNS. In these cases a challenge transmitted to some resolver R1 may be handled by a resolver R2, hence leaving an authoritative DNS server wondering whether R2 is in fact another resolver in the pool or a victim. We offer a practical challenge-response mechanism that uses challenge chains to establish identity in the face of resolver pools. We illustrate that the practical cost of our scheme in terms of added delay is small.

Download the full article

Mosaic5G: Agile and Flexible Service Platforms for 5G Research

Navid NikaeinChia-Yu Chang, Konstantinos Alexandris

Network slicing is one of the key enablers to provide the required flexibility and to realize the service-oriented vision toward fifth generation (5G) mobile networks. In that sense, virtualization, softwarization, and disaggregation are core concepts to accommodate the requirements of an end-to-end (E2E) service to be either isolated, shared, or customized. They lay the foundation for a multi-service and multi-tenant architecture, and are realized by applying the principles of software-defined networking (SDN), network function virtualization (NFV), and cloud computing to the mobile networks. Research on these principles requires agile and flexible platforms that offer a wide range of real-world experimentations over different domains to open up innovations in 5G. To this end, we present Mosaic5G, a community-led consortium for sharing platforms, providing a number of software components, namely FlexRAN, LL-MEC, JOX and Store, spanning application, management, control and user plane on top of OpenAirInterface (OAI) platform. Finally, we show several use cases of Mosaic5G corresponding to widely-mentioned 5G research directions.

Download the full article

NDN Host Model

Haitao ZhangYanbiao Li , Zhiyi Zhang, Alexander Afanasyev, Lixia Zhang

As a proposed Internet architecture, Named Data Networking (NDN) changes the network communication model from delivering packets to destinations identified by IP addresses to fetching data packets by names. This architectural change leads to changes of host functions and initial configurations. In this paper we present an overview of the host functions in an NDN network, together with necessary operations to configure an NDN host.We also compare and contrast the functionality and configuration between an NDN host and an IP host, to help readers see the differences in between clearly.

Download the full article

Workshop on Internet Economics (WIE2017) Final Report

KC Claffy, Geoff Huston  David Clark,

On December 13-14 2017, CAIDA hosted the 8th interdisciplinary
Workshop on Internet Economics (WIE) at the UC San Diego’s Supercomputer Center. This workshop series provides a forum for researchers, Internet facilities and service providers, technologists, economists, theorists, policy makers, and other stakeholders to exchange views on current and emerging regulatory and policy debates. The FCC’s expected decision (released during the workshop, on 14 December 2017) — to repeal the 2015 classification of broadband Internet access service as a telecommunications
(common carrier) service — set the stage for vigorous discussion on what type of data can inform debate, development, and empirical evaluation of public policies we will need for Internet services in the future.

Download the full article DOI:

The April 2018 Issue

This issue starts with two technical articles that provide artefacts. The first one, Scanning the Internet for Liveness, written by a team of eight researchers led by S. Bano uses the ZMap software to probe the IPv4 addressing space for Internet hosts that respond to different types of probes. They propose different liveness probes that use ICMP, TCP and UDP. Their scans of the IPv4 Internet revealed that different protocols (or ports for TCP/UDP) provide different results as different types of hosts respond or not to different types of probes. Furthermore, collecting ICMP error messages for the TCP and UDP probes is important to increase the coverage. The authors release their modification to ZMap that includes the proposed probes and data collected during their measurement campaigns.

The second technical paper that provides artefacts is A First Look at Certifi- cation Authority Authorization (CAA) was co-authored by eleven researchers led by Q. Scheitle. This is also a measurement paper that tries to understand how the Certification Authority Authorization (CAA) DNS record is actually used by Certification Authorities (CA), domain holders and DNS operators. This is a timely paper since RFC6844 mandates that CAs validate CAA records as of September 8, 2017. Their study reveals some anomalies for already-issued certificates and they provide some guidelines to improve the security impact of CAA. Their study continues and you can follow the updated results on https://caastudy. The authors release both the collected data and their analysis tools.

In our third technical paper, Towards Slack-Aware Networking, Fahad Dogar proposes a new architecture targeted at machine-to-machine communications where hosts could indicate some slack when transmitting packets to let the network optimise their delivery to reduce the consumption of network ressources. This new idea still needs to be implemented and validated but it could open new directions of research.

In addition to the technical papers, this issue also contains three editorial notes. In VANETs’ research over the past decade: overview, credibility, and trends, E. Caval- canti et al. provide a detailed survey of the research in Vehicular Ad hoc Networks (VANETs) during the last decade and analyse 283 papers according to different criterias. They release the collected data as paper artefacts. In Failures from the Environment, a Report on the First FAILSAFE workshop, M. Breza et al. summarise the FAILSAFE 2017 workshop held at the SenSys 2017 conference. Finally, I. Baldin et al. summarise in The Future of Distributed Network Research Infrastructure the lessons that they learned from the Global Environment for Network Innovations (GENI) infrastructure and provide several directions for future research projects.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online or by email at ccr-editor at

Olivier Bonaventure

CCR Editor

Scanning the Internet for Liveness

Shehar Bano, Philipp Richter, Mobin Javed, Srikanth Sundaresan, Zakir Durumeric, Steven J. Murdoch, Richard Mortier, Vern Paxson


Internet-wide scanning depends on a notion of liveness: does a target IP address respond to a probe packet? However, the interpretation of such responses, or lack of them, is nuanced and depends on multiple factors, including: how we probed, how different protocols in the network stack interact, the presence of filtering policies near the target, and temporal churn in IP responsiveness. Although often neglected, these factors can significantly affect the results of active measurement studies. We develop a taxonomy of liveness which we employ to develop a method to perform concurrent IPv4 scans using ICMP, five TCP-based, and two UDP-based protocols, comprehensively capturing all responses to our probes, including negative and cross-layer responses. Leveraging our methodology, we present a systematic analysis of liveness and how it manifests in active scanning campaigns, yielding practical insights and methodological improvements for the design and the execution of active Internet measurement studies.

Download the full article DOI:10.1145/3213232.3213234