Networking Notes - August 2021

Welcome to the August 2021 edition of the Networking Notes newsletter.

This newsletter gathers the most recent news about the evolution of the networking field. Its main objective is to inform the students who have read the Computer Networking: Principles, Protocols, and Practice ebook about the evolution of the field.

We will organize a hackathon during SIGCOMM’21 to encourage the development of new exercises for the ebook. See the hackathon page for additional details.

You can subscribe to receive this newsletter in your mailbox every month.

Generic networking

Many users consider that bandwidth is the most important metric to quantify the performance of Internet access networks. Websites such as https://speedtest.net or https://nperf.com can be used to measure network performance. If bandwidth is low, applications will suffer. However, a high bandwidth does not always result in an excellent user experience. In some cases, high bandwidth is achieved with unstable performance or excessive delays. These excessive delays are often caused by large buffers in access routers that queue packets for long periods of time when the network is heavily loaded. Some companies have started to measure delays under load, see e.g. netradar’s blog post and the Internet Architecture Board will organize in late 2021 a workshop on measuring Network Quality for End-Users.

The Internet was designed as a network of networks, i.e. a network that combines networks operated by different organizations. The decentralization of the network has been one of its strengths. No organization completely controls the Internet and its structure requires cooperation between different stakeholders. This cooperation is clearly visible when we consider the allocation of IP addresses or domain names, the DNS root or BGP. However, during the last years, there have been attempts to “centralize” parts of the Internet. Large companies provide open DNS resolvers and some governments attempt to control part of the network. In a recent article, Geoff Huston looks at how this could affect the evolution of the Internet.

Network protocols

Application layer

With the forthcoming release of iOS15, planned for September 2021, Apple has announced a new service to improve user privacy when browsing the web. The Private Relay service looks like a simple version of TOR. In a nutshell, when Private Relay is enabled, Apple devices will use a simplified form of onion routing to anonymously query web servers. Apple devices will interact with two different servers. A private web request will be encrypted with two different keys. The first key will be shared with Apple’s ingress servers. These servers will receive encrypted requests. They will know the origin of the request but not their encrypted content. The ingress server will pass the private request to an egress server, managed by another company, that will decrypt it and retrieve the web object. The egress server knows the request but not the identity of the user who made the request. Additional details about this private relay will appear in the coming months. In the meantime, if you want to explore onion routing, look at https://www.torproject.org/.

DNS

What really happens when a user registers a Domain Name? In a recent post on the AFNIC blog, Stéphane Bortzmeyer describes what happens behind the scenes and explains the procedures and protocols that are used.

The first DNS root servers were located in North America. In 1991, the first DNS root server was installed in Europe at NORDUnet. At that time, NORDUnet was connected using a 56 Kbps satellite link to the Internet. A recent blog post presents the history of this DNS server.

In a NANOG presentation, Geoff Huston looks at DNSSEC, DoH and provides some predictions on the DNS evolution.

Network engineers sometimes place hidden gems in their configuration and sometimes public services. Try dig -t TXT dns.google.be and you’ll receive an answer with a URL that redirects you to a popular xkcd comics on google’s DNS service.

HTTP

Google has recently announced that they started to test a new technique called Federated Learning of Cohorts (FLoC) to expose ads to users without revealing their browsing history to advertisers. Privacy advocates have warned on the limitations of this approach. In a recent blog post, Eric Rescorla discusses the privacy implications of FLoC.

Security

Paul C. van Oorschot has published a new edition of his book Computer Security and the Internet. Pdf versions of the different chapters are available on his homepage.

Transport layer

QUIC

QUIC continues to be deployed by large companies. This month’s entrant is Snapchat that also uses QUIC. The main motivations are:

  • faster connection establishment
  • improved congestion control (snapchat can easily deploy their own congestion control scheme if needed, which could result in a wide range of congestion control schemes that compete in the coming years)
  • multiplexing
  • connection migration to switch from Wi-Fi to cellular

We’ll probably see new use cases for QUIC in the coming months and years.

TCP

IANA allocates port numbers and service names to well-known applications. Although port 80 is officially reserved for HTTP, nothing prevents someone from attaching another service on port 80. Researchers have recently scanned 1% of the IPv4 addressing space to identify the services that were attached to different ports. Their findings show that a wide range of applications ares attached to very different TCP ports.

On the APNIC blog, Otto Moerbeek discusses some of the challenges with TCP Fast Open.

Networking layer

IP

ping and traceroute are widely used by network operators to debug network problems. Despite their age, these tools continue to evolve. A recent NANOG presentation describes the most recent changes to these venerable tools.

A nice traceroute from Holland, try traceroute6 hand.bb0.nl

Interdomain routing (BGP)

The security of interdomain routing remains an important concern. Geoff Huston provides a detailed survey on how to secure BGP on the APNIC blog.

Software and tools

Several companies provide bandwidth measurement services. Unfortunately, many of these services include various types of advertisements and track their users. LibreSpeed is an open-source alternative that can be easily installed and updated. LibreSpeed can store the collected measurements in a SQL database. If you are only interested in the measurement results and want to compare bandwidth measurements in different cities, speedtest.net provides summaries of its measurements as open data.

netcat is a versatile tool that allows to easily exchange data over UDP and TCP sockets. Netcat implementations usually leverage the host TCP and UDP stack. netkat takes a different approach. This variant uses raw sockets and includes its own TCP stack in go. This enables it to bypass most of the operating system routines.

Some network operators have started to deploy optical fibers to end users. In a blog post, Michael Stapelberg discusses his experience in building a Linux-based Internet router that supports 25 Gbps links.

Written on July 31, 2021