Category Archives: CCR April 2022

Recommendations for Designing Hybrid Conferences

Vaibhav Bajpai, Oliver Hohlfeld, Jon Crowcroft, Srinivasan Keshav, Henning Schulzrine, Jorg Ott, Simone Ferlin-Reiter, Georg Carle, Andrew Hines, Alexander Raake

Abstract

During the Covid-19 pandemic, many smaller conferences have moved entirely online and larger ones are being held as hybrid events. This reduces the carbon footprint of conference travel and
makes events more accessible to parts of the research community that have difficulty traveling long distances. Hybrid events will become an attractive alternative in the future since they make meetings broadly available without the need for travels, while preserving all elements of in-person gatherings. While we have developed a solid understanding of how to design virtual events, we do not yet know how to properly run hybrid events. We present guidelines and considerations–spanning technology, organization and social factors–for organizing successful hybrid conferences. This is the output of a Dagstuhl seminar on “Climate Friendly Internet Research” held in July 2021.

Download from ACM

A Case for an Open Customizable Cloud Network

Dean H. Lorenz, David Breitgand, Kathy Barabash, Etai Lev-Ran, Danny Raz

Abstract

Cloud computing is transforming networking landscape over the last few years. The first order of business for major cloud providers today is to attract as many organizations as possible to their own clouds. To that end cloud providers offer a new generation of managed network solutions to connect the premises of the enterprises to their clouds. To serve their customers better and to innovate fast, major cloud providers are currently on the route to building their own “private Internets”, which are idiosyncratic. On the other hand, customers that do not want to stay locked by vendors and who want flexibility in using best-for-the-task services spanning multiple clouds and, possibly, their own premises, seek for solutions that will provide smart overlay connectivity across clouds.

The result of these developments is a multiplication of closed idiosyncratic solutions rather than an open standardized ecosystem. In this editorial note we argue for desirability of such an ecosystem, outline the main requirements and sketch possible solutions. We focus on enterprise as our primary use case and illustrate the main ideas through it, but the same principles apply to various different use cases.

Download from ACM

Measuring DNS over TCP in the Era of Increasing DNS Response Sizes: A View from the Edge

Mike Kosek, Trinh Viet Doan, Simon Huber, Vaibhav Bajpai

Abstract

The Domain Name System (DNS) is one of the most crucial parts of the Internet. Although the original standard defined the usage of DNS over UDP (DoUDP) as well as DNS over TCP (DoTCP), UDP has become the predominant protocol used in the DNS. With the introduction of new Resource Records (RRs), the sizes of DNS responses have increased considerably. Since this can lead to truncation or IP fragmentation, the fallback to DoTCP as required by the standard ensures successful DNS responses by overcoming the size limitations of DoUDP. However, the effects of the usage of DoTCP by stub resolvers are not extensively studied to this date. We close this gap by presenting a view at DoTCP from the Edge, issuing 12.1M DNS requests from 2,500 probes toward Public as well as Probe DNS recursive resolvers. In our measurement study, we observe that DoTCP is generally slower than DoUDP, where the relative increase in Response Time is less than 37% for most resolvers. While optimizations to DoTCP can be leveraged to further reduce the response times, we show that support on Public resolvers is still missing, hence leaving room for optimizations in the future. Moreover, we also find that Public resolvers generally have comparable reliability for DoTCP and DoUDP. However, Probe resolvers show a significantly different behavior: DoTCP queries targeting Probe resolvers fail in 3 out of 4 cases, and, therefore, do not comply with the standard. This problem will only aggravate in the future: As DNS response sizes will continue to grow, the need for DoTCP will solidify.

Download from ACM

Programming Socket-Independent Network Functions with Nethuns

Nicola Bonelli, Fabio Del Vigna, Alessandra Fais, Giuseppe Lettieri, Gregorio Procissi

Abstract

Software data planes running on commodity servers are very popular in real deployments. However, to attain top class performance, the software approach requires the adoption of accelerated network I/O frameworks, each of them characterized by its own programming model and API. As a result, network applications are often closely tied to the underlying technology, with obvious issues of portability over different systems. This is especially true in cloud scenarios where different I/O frameworks could be installed depending on the configuration of the physical servers in the infrastructure. The nethuns library proposes a unified programming abstraction to access and manage network operations over different I/O frameworks. The library is freely available to the community under the BSD license and currently supports AF_XDP and netmap for fast packet handling along with the classic AF_PACKET and the pcap library. Network applications based on nethuns need only to be re-compiled to run over a different network API. The experiments prove that the overhead introduced by nethuns is negligible, hence making it a convenient programming platform that eases the coding process while guaranteeing high performance and portability. As proofs of concept, a handy traffic generator as well as the popular Open vSwitch application have been successfully ported and tested over nethuns.

Download from ACM

Hyper-Specific Prefixes: Gotta Enjoy the Little Things in Interdomain Routing

Khwaja Zubair Sediqi, Lars Prehn, Oliver Gasser

Abstract

Autonomous Systems (ASes) exchange reachability information between each other using BGP—the de-facto standard inter-AS routing protocol. While IPv4 (IPv6) routes more specific than /24 (/48) are commonly filtered (and hence not propagated), route collectors still observe many of them. In this work, we take a closer look at those hyper-specific prefixes (HSPs). In particular, we analyze their prevalence, use cases, and whether operators use them intentionally or accidentally. While their total number increases over time, most HSPs can only be seen by route collector peers. Nonetheless, some HSPs can be seen constantly throughout an entire year and propagate widely. We find that most HSPs represent (internal) routes to peering infrastructure or are related to address block relocations or blackholing. While hundreds of operators intentionally add HSPs to well-known routing databases, we observe that many HSPs are possibly accidentally leaked routes.

Download from ACM

One Bad Apple Can Spoil Your IPv6 Privacy

Said Jawad Saidi, Oliver Gasser, Georgios Smaragdakis

Abstract

IPv6 is being more and more adopted, in part to facilitate the millions of smart devices that have already been installed at home. Unfortunately, we find that the privacy of a substantial fraction of end-users is still at risk, despite the efforts by ISPs and electronic vendors to improve end-user security, e.g., by adopting prefix rotation and IPv6 privacy extensions. By analyzing passive data from a large ISP, we find that around 19% of end-users’ privacy can be at risk. When we investigate the root causes, we notice that a single device at home that encodes its MAC address into the IPv6 address can be utilized as a tracking identifier for the entire end-user prefix—even if other devices use IPv6 privacy extensions. Our results show that IoT devices contribute the most to this privacy leakage and, to a lesser extent, personal computers and mobile devices. To our surprise, some of the most popular IoT manufacturers have not yet adopted privacy extensions that could otherwise mitigate this privacy risk. Finally, we show that third-party providers, e.g., hypergiants, can track up to 17% of subscriber lines in our study.

Download from ACM

The April 2022 issue

This April 2022 issue contains five technical papers and two editorial notes.

The first technical paper, Data-Plane Security Applications in Adversarial Settings, by Liang Wang and colleagues, investigates security issues that may arise when creating and running data-plane applications for programmable switches. This work moves security analysis and design forward in this particular area. This paper also calls for a more thorough rethinking of security for data-plane applications for programmable switches.

The second technical paper, One Bad Apple Can Spoil Your IPv6 Privacy, by Said Jawad Saidi and colleagues, leverages IPv6 passive measurements to pinpoint that a non-negligible portion of devices encodes their MAC address in their IPv6 address. This threatens users’ privacy, allowing content providers and CDNs to consistently track users and their devices across multiple sessions and locations. Overall, the paper is an excellent contribution toward privacy-by-design solutions and a nicely executed measurements study that clarifies the problem and provides solid suggestions to mitigate the problem.

The third technical paper, Hyper-Specific Prefixes: Gotta Enjoy the Little Things in Interdomain Routing, by Khwaja Zubair Sediqi and colleagues, investigates the presence of high-specific prefixes (HSP) on the BGP Internet routing during the last decade. These prefixes are more-specific than /24 (/48) for IPv4 (IPv6) and are commonly filtered by Autonomous Systems operators. Overall this paper offers a nice contribution to the understanding of the BGP universe, with a clear message and a nice quantification of the phenomenon. The authors clearly present and motivate the work, offering also to not experts a nice view of the routing complexity of the internet nowadays.

The fourth technical paper, Programming Socket-Independent Network Functions with Nethuns, by Nicola Bonelli and colleagues, proposes a new solution to transparently develop packet-processing programs on top of different network I/O frameworks. The authors design and develop an open-source library, nethuns, serving as a unified programming abstraction for network functions that natively supports multi-core programming. Not only is this work very relevant to our community, but also the code is released open-source through a BSD license, which can be used to foster more research in the area, towards unifying programming mechanisms of end-host networking.

The fifth technical paper, Measuring DNS over TCP in the Era of Increasing DNS Response Sizes: A View from the Edge, by Mike Kosek and colleagues, studies one of the foundations of today’s Internet: the Domain Name Service (DNS). The original RFC document of DNS instructs to send queries either over UDP (DoUDP) or TCP (DoTCP). This paper presents a measurement study on DoTCP focusing on two perspectives: failure rates and response times.

Finally, we have two editorial notes. A Case for an Open Customizable Cloud Network, by Dean H. Lorenz and his colleagues, argues for the desirability of the new ecosystem of managed network solutions to connect to the Cloud, outlines the main requirements and sketches possible solutions. Recommendations for Designing Hybrid Conferences, by Vaibhav Bajpai and colleagues, presents guidelines and considerations–spanning technology, organization and social factors–for organizing successful hybrid conferences.

I hope that you will enjoy reading this new issue and welcome comments and suggestions on CCR Online (https://ccronline.sigcomm.org) or by email at ccr-editor at sigcomm.org.

Data-Plane Security Applications in Adversarial Settings

Liang Wang, Prateek Mittal, Jennifer Rexford

Abstract

High-speed programmable switches have emerged as a promising building block for developing performant data-plane applications. In this paper, we argue that the resource constraints and programming model in hardware switches have led to developers adopting problematic design patterns, whose security implications are not widely understood. We bridge the gap by identifying the major challenges and common design pitfalls in switch-based applications in adversarial settings. Examining five recently-proposed switch-based security applications, we find that adversaries can exploit these design pitfalls to completely bypass the protection these applications were designed to provide, or disrupt system operations by introducing collateral damage.

Download from ACM