a middlebox cooperative tcp for a non end to end internet
play

A Middlebox-Cooperative TCP for a non End-to-End Internet Ryan - PowerPoint PPT Presentation

Jun 29, 2023 •166 likes •557 views

A Middlebox-Cooperative TCP for a non End-to-End Internet Ryan Craven (NPS / SPAWAR) Robert Beverly (NPS) Mark Allman (ICSI) Support from: ACM SIGCOMM 19 Aug 2014 1 TCPs knowledge of end -to-end path conditions a priori ??? ???

  1. A Middlebox-Cooperative TCP for a non End-to-End Internet Ryan Craven (NPS / SPAWAR) Robert Beverly (NPS) Mark Allman (ICSI) Support from: ACM SIGCOMM 19 Aug 2014 1

  2. TCP’s knowledge of end -to-end path conditions a priori  ???  ???  ???  ???  ??? 2

  3. But TCP has questions…  How fast can I send?  How much should I send at once?  Did the other end get my data?  Was a piece lost?  Was it in the right order?  Was it error-free? 3

  4. …so it makes inferences  How fast can I send? Congestion Control  How much should I send at once?  Did the other end get my data?  Was a piece lost? • Sequence Numbers • Duplicate Acknowledgements  Was it in the right order? • Selective Acknowledgements  Was it error-free? Checksums 4

  5. One more…  How fast can I send?  How much should I send at once?  Did Bob get my data?  Was a piece lost?  Was it in the right order?  Was it error-free?  Am I being misinterpreted? 5

  6. Bob 0 Alice 6

  7. Bob 0 ??? Alice 7

  8. Bob “Across all network sizes, the number of middleboxes 0 is on par with the number of routers in a network” Sherry et al ., SIGCOMM ‘11 (from a survey of NANOG admins) Alice 8

  9. Bob “A majority of administrators stated 0 misconfiguration as the most common cause of [middlebox] failure ” Sherry et al ., SIGCOMM ‘11 (from a survey of NANOG admins) Alice 9

  10. Example: ECN 2000 2000 1980 1980 10

  11. Example: ECN 0b11 == congestion experienced  Switch was copying a value to the ToS byte 1 1 Bauer et al . “Measuring the State of ECN Readiness in Servers, Clients, and Routers.” In Proc. of IMC 2011 . 11

  12. TCP/IP Headers Win. scale Source: Alice Dest: Bob … … Window Size 1024 Win. Scale 7 Alice Data Bob TCP/IP Headers Source: Alice Dest: Bob … … Window Size 1024 Win. Scale 7 Data 12

  13. TCP/IP Headers Win. scale Source: Alice Dest: Bob … … Window Size 1024 0 Win. Scale Alice Data Bob TCP/IP Headers Source: Alice Dest: Bob Misconfigured … … Window Size 1024 Middlebox 1 Win. Scale 7 1 corbet. “TCP window scaling and broken routers.” http://lwn.net/Articles/92727/ Data 13

  14. TCP/IP Headers Win. scale Source: Alice Dest: Bob … … Window Size 1024 0 Win. Scale Alice thinks her window size is 12 128k Alice Data Bob TCP/IP Headers Bob thinks her window size is 1k 1k Source: Alice Dest: Bob Misconfigured … … Window Size 1024 Middlebox Win. Scale 7 corbet . “TCP window scaling and broken routers.” http://lwn.net/Articles/92727/ Data 14

  15. Other Examples  TCP SACK  Artificial TCP flow control  Path MTU discovery  ICMP blocking  ICMP misquoting  TCP MSS alterations  IP and TCP options stripped  Extra problematic:  Asymmetric (stripped on SYN-ACK but not SYN)  Allowed in handshake, then stripped 15

  16. Middlebox Misconfiguration  These are real problems  Will continue to occur  The network is not getting any less intelligent  Are critical and timely right now  Multipath TCP  TCP Fast Open  Gentle Aggression TCP (proactive/reactive/corrective)  tcpcrypt  ECN (still) 16

  17. Wouldn’t it be great if we had an easy way to detect these? Could benefit Researchers • New network measurement tools TCP • Performance Operators • Extensibility • End-to-end debugging 17

  18. Challenges  Available and reliable communications channel  Out-of-band ICMP?  New IP or TCP option?  Redefine a field?  Capacity  Incrementally deployable  Middlebox-cooperative  Inform both endpoints 18

  19. HICCUPS HICCUPS is a lightweight TCP extension that exposes in-flight packet header modification to endpoints  HICCUPS seeks to automate the question: “ Did my packet arrive at the destination with the same headers as sent? ” 19

  20. HICCUPS Methodology  Overloads three header fields in TCP 3WHS… ISN ISN, HICCUPS IPID IPID, HICCUPS Rwin Rwin, HICCUPS  …with a function of the packet headers 0x47a0b136 20

  21. HICCUPS Methodology  Spread over 3 fields in case one is changed  Lightweight hash function  Only have three sets of 12-bits  Assume no shared secret available  Preimage and hash sent together  Primary goal is to reduce collisions  Add randomness (salt) to ISN 21

  22. HICCUPS Methodology  Creates an end-to-end tamper-evident seal over the packet headers  Different than a checksum  If mods occur, we still accept the packet 22

  23. Using HICCUPS  Once a host’s TCP stack is HICCUPS -enabled, HICCUPS can be used without endpoint coordination  Our long-term vision: all TCP stacks include HICCUPS TCP Congestion Control TCP HICCUPS Infers e2e Infers e2e packet header congestion state modification state 23

  24. Implementation  Patch written for Linux kernel v3.9.4 TCP stack  Requires no action by applications  However, we do provide optional features:  Get HICCUPS status  Manually specify fields to check  Engage AppSalt mode (see paper)  Set of cross-platform userspace tools 24

  25. Performance  Analyzed HICCUPS kernel overhead with ftrace  Increases mean processing time by about 10 μ s  About 8.5% of the total SYN/ACK processing time  If load gets too high, automatically mitigates with SYN cookies 25

  26. Validation  Controlled environment Simulates a middlebox that overwrites different fields  VMs in forwarded packets  Range of tests (scapy) 50,000 trials each run Host B Host A HICCUPS-enabled HICCUPS-enabled 26

  27. Measurements  Over 26k directed port/path pairs across 197 ASes and 48 countries  Different ports: 22, 80, 443, and 34343  Range of parameters 27

  28. Meas. Summary  Almost half of the nodes saw at least one in-path header modification  More than we expected to find  Saw asymmetric cases 28

  29. Mods Detected 29

  30. What can go wrong? Potential SACK disruption 30

  31. What can go wrong? Potential ToS byte semantics 31

  32. ECN IP bits 32

  33. ECN IP bits 33

  34. What can go wrong? Options stripped 34

  35. What can go wrong? New behavior 35

  36. Window Scaling SYN  Israeli PlanetLab node Add WINSCL planetlab2.mta.ac.il X  Window scaling option added  Only when going to SYN-ACK ports 80 or 443 X Remove WINSCL M A B 36

  37. Window Scaling SYN  Israeli PlanetLab node Add WINSCL planetlab2.mta.ac.il X  Window scaling option added  Only when going to ports 80 or 443 SYN-ACK X Remove WINSCL Result: bulk transfer is flow-controlled, doubles when WINSCL ignored M A B 37

  38. Conclusions  HICCUPS can help TCP infer whether it is being misinterpreted  Integrates nicely with TCP, incrementally deployable  End-to-end  Middlebox-cooperative  Demonstrated ease of deployment through mass Internet measurements http://tcphiccups.org 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox

Middlebox Discovery Jamshid Mahdavi Andrew Knutsen March 23, 2010 Talk Outline Middlebox Discovery ID Summary and Status Discussion of Middlebox Needs Other Common Middlebox Issues of Potential Interest to IETF References ID

474 views • 12 slides
Cooperative Web Caching Cooperative Web Caching Cooperative Caching Cooperative Caching

Cooperative Web Caching Cooperative Web Caching Cooperative Caching Cooperative Caching

Cooperative Web Caching Cooperative Web Caching Cooperative Caching Cooperative Caching Previous work has shown that hit rate increases with population size [Duska et al. 97, Breslau et al. 98] However, single proxy caches have practical limits

868 views • 53 slides
Cooperative Choice Cooperative and non-cooperative motives and their consequences via Mark

Cooperative Choice Cooperative and non-cooperative motives and their consequences via Mark

Cooperative Choice Cooperative and non-cooperative motives and their consequences via Mark L oczy Livia.Markoczy@ucr.edu Gary A. Anderson Graduate School of Management University of California, Riverside Cooperative Choice p.1/26

413 views • 26 slides
Internet Science: a survey of CAIDA Internet Science: a survey of CAIDA activities CAIDA =

Internet Science: a survey of CAIDA Internet Science: a survey of CAIDA activities CAIDA =

Internet Science: a survey of CAIDA Internet Science: a survey of CAIDA activities CAIDA = Cooperative Association for Internet Data Analysis CAIDA Cooperative Association for Internet Data Analysis Marina Fomenkov, CAIDA 2nd CAIDA-WIDE-CASFI

605 views • 18 slides
Low-power Internet of Things with NDN & Cooperative Caching Oliver Hahm INRIA/Zhlke

Low-power Internet of Things with NDN & Cooperative Caching Oliver Hahm INRIA/Zhlke

Low-power Internet of Things with NDN & Cooperative Caching Oliver Hahm INRIA/Zhlke Emmanuel Baccelli, Cdric Adjih, Laurent Massouli INRIA Thomas C. Schmidt HAW Hamburg Matthias Whlisch Freie Universitt Berlin Low-power

644 views • 33 slides
On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Teemu Rytilahti,

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Teemu Rytilahti,

On Using Application-Layer Middlebox Protocols for Peeking Behind NAT Gateways Teemu Rytilahti, Thorsten Holz Horst Grtz Institute for IT-Security, Ruhr University Bochum, Germany Network and Distributed System Security Symposium 2020 1

581 views • 46 slides
COOPERATIVE EDUCATION INVENTORY STUDY Association of Cooperative Christina Clamp, PhD.

COOPERATIVE EDUCATION INVENTORY STUDY Association of Cooperative Christina Clamp, PhD.

COOPERATIVE EDUCATION INVENTORY STUDY Association of Cooperative Christina Clamp, PhD. Educators Austin, Texas Eklou Amendah, PhD. July 14, 2014 AGENDA 1. Introduction Deficiencies in research on Cooperative Education Cooperative

181 views • 17 slides
Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science

Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science

Policy-preserving Middlebox Placement in SDN-Enabled Data Centers Bin Tang Computer Science Department California State University Dominguez Hills Some slides are from www.cs.berkeley.edu/~randy/Courses/CS268.F08/lectures/22-

867 views • 30 slides
Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement Yan Yang

Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement Yan Yang

Optimizing Flow Bandwidth Consumption with Traffic-diminishing Middlebox Placement Yan Yang Chen en, Jie Wu, and Bo Ji Center for Networked Computing Temple University, USA VNF: Evolution of Network Service l Network Function Virtualization

315 views • 19 slides
LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI

LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI

LB-MAP: LOAD-BALANCED MIDDLEBOX ASSIGNMENT IN POLICY-DRIVEN DATA CENTERS MANAR ALQARNI DEPARTMENT OF COMPUTER SCIENCE CALIFORNIA STATE UNIVERSITY DOMINGUEZ HILLS 1 INTRODUCTION - Middleboxes network appliances or network functions

489 views • 25 slides
Cooperative Game Theory Outline Introduction Relationship between Non-cooperative and

Cooperative Game Theory Outline Introduction Relationship between Non-cooperative and

Cooperative Game Theory Jennifer Wilson Cooperative Game Theory Outline Introduction Relationship between Non-cooperative and Cooperative Games Cooperative Jennifer Wilson GameTheory A Survey of Different Solution Department of Natural

2.47k views • 196 slides
Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network

Exposing and Evading Middlebox Policies DAVID CHOFFNES Middleboxes are pervasive In-network functionality can be really helpful Security (IPS) Performance (proxies) Fairness (traffic management) 2 Middleboxes are pervasive

617 views • 37 slides
fling: A Flexible Ping for Middlebox Measurements Ahmed Elmokashfi, Runa Barik, Michael Welzel,

fling: A Flexible Ping for Middlebox Measurements Ahmed Elmokashfi, Runa Barik, Michael Welzel,

fling: A Flexible Ping for Middlebox Measurements Ahmed Elmokashfi, Runa Barik, Michael Welzel, Thomas Dreibholz, Stein Gjessing AIMs 2018 March 14 th 2018 Metropolitan Center for Digital Engineering Motivation Lack of a generic tool that

538 views • 19 slides
Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1

Middlebox Technologies with Intel SGX A Literature Survey Shiv Kushwah & Sumukh Shivakumar 1 Whats all the fuss with middleboxes? 2 Background 3 What are middleboxes? 4 Middleboxes in the Cloud Cloud APLOMB gateway Enterprise

668 views • 37 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
ABLE Cooperative A Better Living Environment ABLE Cooperative Mission : Empower people with

ABLE Cooperative A Better Living Environment ABLE Cooperative Mission : Empower people with

ABLE Cooperative A Better Living Environment ABLE Cooperative Mission : Empower people with physical disabilities to access reliable, self-directed care services, for complete control, choice, and flexibility in their lives Core

262 views • 12 slides
BIOTRON LIMITED ASX:BIT January 2012 Michelle Miller CEO & Managing Director Forward

BIOTRON LIMITED ASX:BIT January 2012 Michelle Miller CEO & Managing Director Forward

BIOTRON LIMITED ASX:BIT January 2012 Michelle Miller CEO & Managing Director Forward Looking Statements This presentation may contain forward looking statements with respect to the financial condition, results and business

313 views • 16 slides
BIOTRON LIMITED ASX:BIT Investor Briefing October 2012 Forward Looking Statements This

BIOTRON LIMITED ASX:BIT Investor Briefing October 2012 Forward Looking Statements This

BIOTRON LIMITED ASX:BIT Investor Briefing October 2012 Forward Looking Statements This presentation may contain forward looking statements with respect to the financial condition, results and business achievements/performance of Biotron

310 views • 15 slides
Spelling Frome Vale Academy Finding out. about spelling within the new primary curriculum

Spelling Frome Vale Academy Finding out. about spelling within the new primary curriculum

Spelling Frome Vale Academy Finding out. about spelling within the new primary curriculum how spelling is being taught in school and what is considered to be good practise how you can support spelling at home Have a go! In a

441 views • 16 slides
What is Liferay and why do we need it? Vy Bui Todays agenda Introduction What is Liferay?

What is Liferay and why do we need it? Vy Bui Todays agenda Introduction What is Liferay?

What is Liferay and why do we need it? Vy Bui Todays agenda Introduction What is Liferay? Why should developers care about Liferay? What is Liferay as a CMS? How to use some cool features to achieve the fullest results? Q&A

668 views • 45 slides
PREPARING YOUR RESEARCH-BASED PRESENTATION FOR THE CONFERENCE

PREPARING YOUR RESEARCH-BASED PRESENTATION FOR THE CONFERENCE

PREPARING YOUR RESEARCH-BASED PRESENTATION FOR THE CONFERENCE Below are some guidelines and tips for preparing your presentations. The tips will be

163 views • 3 slides
PRESENTER SENTER : PAUL UL TAYLOR LOR KO KOHA HA (ILS) ILS) Koha ha is s an open en

PRESENTER SENTER : PAUL UL TAYLOR LOR KO KOHA HA (ILS) ILS) Koha ha is s an open en

PRESENTER SENTER : PAUL UL TAYLOR LOR KO KOHA HA (ILS) ILS) Koha ha is s an open en so source ce Integ egrate rated d Library brary Syst stem em (ILS) S) so software ware Dev evel eloped oped in New ew Zea ealand

370 views • 25 slides
NCSPRA-SC/NSPRA 2013 Fall Conference Sponsored by BlackBoard Renaissance Hotel Asheville, North

NCSPRA-SC/NSPRA 2013 Fall Conference Sponsored by BlackBoard Renaissance Hotel Asheville, North

NCSPRA-SC/NSPRA 2013 Fall Conference Sponsored by BlackBoard Renaissance Hotel Asheville, North Carolina November 6 8, 2013 Wednesday, November 6 11:30 a.m. 12:30 p.m. Newcomers Lunch and Orientation 1:00-1:30 p.m.

251 views • 6 slides
GUIDE TO BUYING A HOME The OKey Group at Brock Real Estate 2235 Hyperion Ave. Los Angeles,

GUIDE TO BUYING A HOME The OKey Group at Brock Real Estate 2235 Hyperion Ave. Los Angeles,

GUIDE TO BUYING A HOME The OKey Group at Brock Real Estate 2235 Hyperion Ave. Los Angeles, CA 90027 323-207-5270 info@theokeygroup.com www.theokeygroup.com THE OKEY GROUP Real estate is smart. Its savvy. And its within your

250 views • 14 slides

More recommend