Korian Edeline scite author profile

Donnet

2017

Abstract-Recent years have seen an uprise in the development of middleboxes functionalities (CGNATs, proxies, accelerators, etc), participating so in the ossification of the Internet. In parallel, various solutions have been developed to detect or circumvent unwanted middleboxes interferences such as UDP-based middlebox-proof transports (Google's QUIC, PLUS), middleboxproof extensions to TCP (HICCUPS, TCPcrypt), and middlebox traversal mechanisms (STUN, ICE, PLUS) [1].All those solutions make the assumption of ubiquitous middleboxes. However, a view of their actual deployment in the wild, in IPv4 wired networks, is missing. In particular, knowing how autonomous systems (ASes) deploy middleboxes in terms of prevalence and persistence would provide additional relevant information to Internet topology models. In this paper, we aim at filling this gap. Based on a large-scale measurement campaign, we highlight different characteristics of middlebox deployment within ASes to elicit middleboxes profiles.

A Bottom-Up Investigation of the Transport-Layer Ossification

Donnet

2019

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, and are now extensively deployed in various networks including corporate networks, Tier-1 ASes, cellular networks, and WiFi hot-spots. Unfortunately, despite the added value that they bring to networks, they radically change the transport paradigm from the legacy end-to-end principle, and drive increasing complexity in the path. The consequences of these changes are a wide variety of simple to subtle impairments to protocols and features, that in turn lead to the ossification of the network infrastructure. While the latter is now a well-known problem, its causes are not that much understood. To fill this gap, we provide a more detailed explanation of the factors of the transport-level ossification, and we give insights on their prevalence in the wild. We extract path conditions by processing a large collection of observations of middlebox in-path packet manipulations, and we categorize the observed transport impairments based on the complications that they engender. We show that more than one third of network paths are crossing at least one middlebox, and a substantial percentage are affected by feature or protocol-breaking policies. Finally, we show that the majority of the devices that implements them are located in edge networks.

Tracking Middleboxes in the Mobile World with TraceboxAndroid

Thirion

Donnet

2015

Middleboxes are largely deployed over cellular networks. It is known that they might disrupt network performance, expose users to security issues, and harm protocols deployability. Further, hardly any network measurements tools for smartphones are able to infer middlebox behaviors, specially if one cannot control both ends of a path. In this paper, we present TraceboxAndroid a proof-of-concept measurement application for Android mobile devices implementing the tracebox algorithm. It aims at diagnosing middlebox-impaired paths by detecting and locating rewriting middleboxes. We analyze a dataset sample to highlight the range of opportunities offered by TraceboxAndroid. We show that TraceboxAndroid can be useful for mobile users as well as for the research community.

Hic sunt NATs: Uncovering address translation with a smart traceroute

Zullo

Pescapè

et al. 2017

Abstract-Middleboxes are pervasive in today's Internet as they are deployed for an increasing number of reasons. An example is the network address translation (NAT), one of the first task to be performed to cope with the lack of IPv4 addresses. Recently the landscape for NATs has become even more crowded, especially in mobile networks, mainly due to the impossibility of IPv6 to be a large-scale solution to addressing issues. In this paper, we present a novel methodology for detecting NATs embodied in Mobile Tracebox, a measurement tool for Android smart devices that detects a wide range of middleboxes. It analyzes ICMP time-exceeded messages received during traceroute and points at IP and transport checksum inconsistencies in the embedded packets to uncover address translation along a path. We deployed Mobile Tracebox through a crowdsourcing approach and used the collected dataset to validate our methodology. Results showed that, in absence of middleboxes breaking traceroute, it can help to detect and locate NATs in the majority of the cases.

Towards an Observatory for Network Transparency Research

Neuhaus

Müntener

et al. 2016

The Internet is full of middleboxes that change packets and flows. In fact, there is probably no IP or TCP header that is not affected by at least one middlebox. Obviously, middleboxes impede path transparency, i.e., the idea that an exchange of messages results in more or less the same packets, no matter what path the packets takes. But no one seems to have a truly global view of what middleboxes do to packets on what Internet paths, which would however be an essential knowledge for new transport protocols to be successfully deployed.We address these concerns in the MAMI project by building an observatory of path transparency measurements. The project hosts an extensive set of path transparency measurements -we believe it to be the first dataset to deal specifically with middlebox involvement.In this paper, we describe that Observatory and a number of questions that we want to address with the data in that Observatory. Eventually, the project will provide public access to that Observatory so that researchers and the interested public can ask their own questions about path transparency issues and middlebox involvement.