Welcome to the June 2021 edition of the Networking Notes newsletter.

This newsletter gathers the most recent news about the evolution of the networking field. Its main objective is to inform the students who have read the Computer Networking: Principles, Protocols and Practice ebook about the evolution of the field.

You can subscribe to receive this newsletter in your mailbox every month.

Generic networking

There are few documents on how to build backbone networks. This is mainly an art which is mastered by skilled network architects. At recent blog post By Johan Gustawsson on the Telia Carrier blog sheds the light on the evolution of the architecture of large backbone networks.

For many years, research networks have been the first to deploy high-speed networking technologies. Nowadays, large cloud providers tend to have higher bandwidth requirements and deploy the fastest networking products. In parallel, research networks continue to evolve and Internet2 has recently demonstrated their ability to carry 400 Gbps of traffic between the two US coasts.

Today’s commercial Internet is built on a fragile model where most of the content is funded by the advertisements that are displayed to visitors. This model relies on a variety of tracking techniques that are used by the companies that control web advertisements to target advertisements to specific users. This has led to scandals like Cambridge analytics. A recent post on the signal blog clearly shows the type of information that tracking companies collect about visitors. You’d be surprised or frightened …

Clouds are part of the infrastructure that we use everyday. In an interesting study, Lorenzo Corneo and his colleagues used RIPE Atlas to measure the latency between more than 8000 locations and 189 datacenters. Unsurprisingly, some parts of the world have low-latency access to more datacenters than others.

What are the important skills for future network engineers ? A recent Cisco blog post lists git, JSON, Linux, Ansible, YAML in addition to standard network protocols.

We often learn from Internet attacks provided that they are analysed and documented. Earlier examples include the analyse of the Internet worm or The Cuckoo’s egg. In a recent article published in Wired, Andy Greenberg documents an attack that affected the RSA company a decade ago.

IoT devices provide a growing number of services. However, their permanent connection to cloud services also means that some of them share information with their vendors. Researchers have analysed the privacy of different types of IoT devices. In a blog post, Anna Maria Mandalari and her colleagues summarise some recent results on the privacy of IoT devices.

Amazon has deployed various types of IoT devices. These devices need Internet access to be useful. Usually, Internet access is provided by the owner of the device who attaches it to his/her Wi-Fi network and then forgets about this connection. According to an article written by Dan Goodin, Amazon wants to go one step further. Amazon seems to be building an experimental wireless mesh network that will enable the IoT devices that its customers have deployed to serve as access points in this mesh network. Amazon claims that this mesh service will be capped at 80 Kbps and that the monthly data consumed by the devices will not exceed 500 MBytes per month. Amazon describes in a whitepaper the privacy and security aspects of this new service. However, they do not yet explain the real services that will be deployed on this network. If you use Amazon IoT devices, it might be interesting to capture the packets that they exchange among themselves.

Network protocols

Application layer

DNS

The servers that manage the DNS root are a key component of the Internet infrastructure. The EU is currently preparing new directives on “measures for high common level of cybersecurity” that would apply to critical infrastructure, including the DNS root. In a blog post, Bert Hubert a DNS expert, analyzes the possible impact of such a directive.

HTTP

HTTP performance remains an important objective in many environments. Marc Richards describes in a blog post how he tuned the configuration of his servers to serve 1.2 M requests per second instead of the 224k with the default configuration.

ssh

ssh is now the default protocol for remote access to servers. ssh provides lots of security features, but it can sometimes be difficult to deploy them correctly, as many security features. Andy Gill provides interesting guidelines on how to correctly configure ssh servers to minimize the risk of attacks.

Transport layer

QUIC

According to the layered model, protocols should be confined to one layer and implement the functions within this layer to provide services to the layer above. In the transport layer, TCP provides reliable delivery and congestion control. TLS runs above TCP and secures the data that is reliably exchanged using TCP. HTTPS uses TLS and TCP to exchange web objects. These three protocols are independent. QUIC is a new protocol that breaks this layering principle.

QUIC started as an experiment at Google to improve the performance of web transfers. To ease experimentation, QUIC was initially designed to run above UDP. Compared to a new transport protocol that would have its own protocol number, using UDP brings one important benefit: QUIC can be implement as a library inside existing applications. In contrast with TCP, it does not need to be implemented inside the operating system kernel and does not need special capabilities to directly send IP packets. For large content providers, the main benefit of QUIC is that they can ship their own QUIC implementation and change it whenever they need to do so. They do not need to wait for operating system vendors to add new features or correct bugs and can use frequent updates in contrast with operating systems that are typically updated on a yearly basis.

The QUIC protocol includes a wide range of features and mechanisms. Like TCP, QUIC includes retransmissions, flow and congestion control mechanisms. While TCP exposes a single bytestream to the application, QUIC allows the application to create multiple bytestreams as with the SCTP protocol. These streams are intended to support the HTTP/2 streams. A new version of HTTP, HTTP/3, has been designed to support these new features. TCP uses a single segment format. All the control information is placed inside the TCP header (possibly with TCP options) and the data is carried in the payload. QUIC uses a very small header and places all the control information and the data inside frames that are encrypted and authenticated. QUIC includes TLS and uses it during the handshake to negotiate the security keys and the encryption techniques that are used to secure the data transfer.

The IETF has recently published the main RFCs defining the QUIC protocol:

• RFC8999: Version-Independent Properties of QUIC
• RFC9000: QUIC: A UDP-Based Multiplexed and Secure Transport
• RFC9001: Using TLS to Secure QUIC
• RFC9002: QUIC Loss Detection and Congestion Control

Other documents are still being discussed within the IETF QUIC working group.

QUIC deployment has started before the publication of these documents. This deployment has mainly been driven by large cloud vendors. Google uses QUIC for Google search and youtube. Facebook uses QUIC for many services and applications. Cloudflare estimates that 12% of its traffic is managed by QUIC.

Some of the QUIC designers gave a long tutorial on QUIC during SIGCOMM’20. You can follow it on youtube.

TCP

Amplifications attacks are a pain on the Internet. With some protocols, an attacker can send a small spoofed packet to a powerful server to elicit a large response from the server. The response is sent to the source address of the spoofed packets which usually the victim. TCP prevents these attacks by using short SYN and SYN+ACK packets to establish connections. A TCP server only sends data packets after having received a confirmation from the client. This prevents most amplification attacks if TCP was only an end-to-end protocol. Unfortunately, middleboxes such as firewalls, NATs, (transparent) proxies, or load balancers have been deployed. These middleboxes also implement TCP (or parts of TCP). A recent article by Kevin Block et al. shows that attackers could exploit some of these middleboxes to launch attacks with large amplification factors.

Networking layer

IP

IP addresses identify interfaces. This implies that a laptop attached to an Ethernet and a Wi-Fi network can be reached via two different IP addresses. This creates practical problems that most Internet users have already observed. In a blog post, Ivan Pepelnjak explains this design choice and compares it with CLNP.

Large routers can divide their routing tables in different and isolated VPN Routing and Forwarding Tables (VRFs). These VRFs are heavily used by network operators to provide carrier-grade VPN services but also to isolate different types of customers in a single network. Linux also supports VRFs as explained in detailed in a blog post written by Jon Langemak.

Interdomain routing (BGP)

BGP is supposed to be an interdomain routing protocol that is used by different ISPs to exchange routes. In contrast, OSPF and IS-IS are the standard intradomain routing protocols. Since datacenters are part of enterprise, one could think that they would use OSPF or IS-IS. Some do, but very large datacenters have started to use BGP as their intradomain routing protocol. A recent facebook blog post describes this deployment. If your datacenter is comparable to facebook’s datacenters, you might want to follow their advice. If your datacenter is much smaller, you might want to think about all the implications of such a change.

Researchers explore alternatives to the current Internet architecture. Many of these proposals are published in scientific papers that are unfortunately never deployed or tested. SCION is different. This new architecture has been proposed a few years ago and is implemented and deployed step by step with testbeds. In a recent blog post, David Hausheer, Cedric Meury and Adrian Perrig provide an overview of SCION.

Datalink layer

Ethernet

Ethernet was born on May 22, 1973 at Xerox PARC in Palo Alto. It ran at 2.94 Mbps using CSMA/CD on coaxial cables. It took some years before Digital, intel and Xerox published the original specification known as the Blue book. Bob Metcalfe shared recently a drobox folder with these historical documents.

Switches are part of most networks. Cloud vendors use a large number of network switches and can analyze them from different viewpoints. In a recent article published in SIGCOMM CCR, Rachee Singh et al. analyze the failures of 180,000 network switches used by Microsoft. This number alone gives an idea of size of the network infrastructure that has been deployed in datacenters… They show that 2% of the switches fail during the first three months and provide other types of statistics.

Physical layer

Elon Musk has put satellite-based Internet access on the front page of many newspapers with Starlink. The satellite service continues its deployment and some users have started to report about the service it provides. In a recent article on ars.Technica, Jon Brodkin discusses the possible limitations of the Starlink service and argues that it might not be able to solve all rural broadband problems in the US and elsewhere. Nilay Patel reports in an article published by The Verge on his experience with the service.

If you believe that all US citizens have very high speed Internet access, read This is a map of America’s broadband problem written by Russell Brandom and William Joel. Given the importance of broadband access, governments should probably reconsider their deployment policies and encourage or require ISPs to provide better coverage in rural areas.

Securing Wi-Fi networks is a difficult problem. The first Wi-Fi networks where completely open. Some network administrators had to verify MAC addresses to control the usage of their networks. Solutions such as WEP, WPA, WPA2, WPA3 improved the security of the Wi-Fi networks, but many of these solutions were broken. Mathy Van Hoef played an important role in identifying and fixing many of these problems. He did it again recently with a new type of fragmentation attack on Wi-Fi networks.

Software and tools

curl is a powerful command line tool that implements many network protocols. Mehedi Hasan provides 50 examples showing different usages of curl.

XDP is a new technique to manipulate packets on Linux hosts. It leverages eBPF and allows to perform various manipulations on the packets that are received by a network interface. Handbin Liu provides an interesting tutorial on how to get started with XDP. Although eBPF remains a Linux centric solution, there is ongoing effort within Microsoft to support eBPF on Windows as well.