Networking Notes - February 2021

Welcome to the February 2021 edition of the Networking Notes newsletter.

This newsletter gathers the most recent news about the evolution of the networking field. Its main objective is to inform the students who have read the Computer Networking: Principles, Protocols and Practice ebook about the evolution of the field.

You can subscribe to this newsletter.

You can contribute to this newsletter by adding a one paragraph news item as a pull request for next month’s newsletter

The CNP3 ebook

The third edition of the Computer Networking: Principles, Protocols and Practice ebook will be revised during the coming months. Given the covid situation, we plan to rely more on the ebook for the networking courses taught at UCLouvain. In particular, our plan is to add new interactive exercises on https://beta.computer-networking.info to enable students to verify their understandings of the ebook while reading it.

Network protocols

Application layer

Application developers who create servers using UDP need to take into account the risk of denial of service attacks in their design. There is a long list of UDP-based services that can be used by attackers to amplify a denial of service attack by sending a specifically crafted UDP message to a vulnerable server. After earlier attacks on DNS, NTP, Memcached, a recent report indicates that Windows RDP servers running on UDP port 3389 can be vulnerable as well.

The IETF finally published the set of specifications for Web-RTC. These protocols are heavily used by web-based videoconferencing applications and leverage many different protocols.

DNS

  • The debate on Do53 (DNS using UDP on port 53), DoT (DNS over TLS/TCP) and DoH (DNS over HTTPS) continues. Do53 is the default solution, but it does not always cope well with losses and DNS requests are sent in plaintext. The IETF has developed two alternatives to Do53 : DoT and DoH. DoH is heavily pushed by cloud companies that encourage the utilization of their DNS resolvers. A recent document published by the NSA informs the enterprises of the risks associated to the utilization of DoH in enterprise networks.

HTTP

124 people have contributed to the 2020 Web Almanac on httparchive that provides a broad view on the current state of the web with various interesting statistics.

TLS

The Server Name Indication (SNI) is a TLS extension that allows to indicate the name of the target server in the ClientHello message that initiates a TLS session. This TLS extension is important for CDN and large web servers. Since the SNI is unencrypted, it leaks privacy sensitive information and some firewalls use it to block access to specific web sites or domains. ESNI solves this problem by encrypting the SNI that is sent in the ClientHello. Mozilla recently announced that Firefox 85 will support the new ESNI variant.

Wireshark can decrypt TLS sessions provided that the client/server have extracted the TLS keys in a special format. This [blog post] describes how to do this in practice.

Transport layer

Network layer

Every year, Geoff Huston analyses the evolution of the IPv4 and IPv6 addressing spaces. The recent statistics and his predictions are available in a blog post.

IPv4

Given the scarcity of IPv4 addresses, some organisations use strange methods to acquire IPv4 addresses. Today, the price of an IPv4 address is roughly 25 US$ and there is a market for large IPv4 address blocks. Since Africa has fewer IPv4 addresses than other continents, the African registry got a larger block of IPv4 addresses than other registries in developed countries. Unfortunately, as shown by a recent audit, more than 2 millions of these addresses were assigned to organisations outside Africa…

IPv6

There are many ways to write IP addresses in text format. A blog post discusses the different textual representations of IP addresses.

Intradomain routing (RIP, OSPF, IS-IS, …)

When a link fails in an IP network, several events occur. A blog post describes the different steps taken by an OSPF process on commercial routers.

The IETF is developing new routing protocols targeted at datacenter networks. A recent book provides a detailed description of the Routing in Fat Tree (RIFT) protocol and how it can be configured.

Interdomain routing (BGP)

In two recent blog posts, Geoff Huston analyses the evolution of BGP in 2020. The first post focuses on the evolution of the size of the IPv4 and IPv6 BGP routing tables. The second blog post analyses the stability of the interdomain routing system by looking at the BGP churn.

Datalink layer

Physical layer

Software and tools

  • Internet protocols are sometimes used in strange ways. DNSKV is a distributed key-value store that runs above the DNS service. It was designed to let hackers exfiltrate information, but could be a nice tool to analyse unexpected utilizations of DNS.

  • Wireshark is a popular software to analyse packet traces. It comes with a GUI and a command-line interface: tshark. In some cases, e.g. when debugging problems on a remote server or in a virtual network like ipmininet, it can be useful to use a tool like wireshark in the terminal. This is possible with termshark.

  • Sometimes, network engineers need to generate a lot of TCP/UDP packets or benchmark new servers. A new open-source network performance measurement tool has been released : ethr. This tool is written in go and its main advantage is that it runs on Windows, Linux and other Unix variants.

  • In many countries, the network neutrality principle requires different applications to be treated fairly by the network. This means that a public network should not throttle some applications while leaving more bandwidth for others. ARCEP and researchers from Northeastern University have recently released a smartphone application called Wehe that enables you to check whether your network is neutral. It tests a variety of applications that provides an interesting report.

Written on February 1, 2021