Community Research and Development Information Service - CORDIS

H2020

MAMI Report Summary

Project ID: 688421
Funded under: H2020-EU.2.1.1.

Periodic Reporting for period 1 - MAMI (Measurement and Architecture for a Middleboxed Internet)

Reporting period: 2016-01-01 to 2016-06-30

Summary of the context and overall objectives of the project

Recent revelations about large-scale pervasive surveillance of Internet traffic have led to a rapidly expanding deployment of encryption in order to protect end-user privacy. At the same time, network operators and access providers rely on increasing use of in-network functionality provided by middleboxes and network function virtualization (NFV) approaches to improve network operations and management, and to provide additional value for their customers. In addition, new applications such as interactive video make new demands on the transport layer, requiring the deployment of new protocols and extensions, the deployment of which is impaired by the proliferation of middleboxes that cause them to fail. These three trends are on a collision course.
Middleboxes providing in-network functionality for performance enhancements and/or security often must make assumptions about the end-to-end protocols running through them leading to ossification of the protocol stack that we run today. This ossification makes it difficult to deploy new protocols at each layer which hinders evolution and innovation of new services: building and deploying new transport and application protocols and protocol extensions (such as the Stream Control Transmission Protocol (SCTP) [RFC 4960], the Datagram Congestion Control Protocol (DCCP) [RFC 4340], Multipath TCP [RFC 6824], or the addition of Explicit Congestion Notification (ECN) to TCP/IP [RFC 3168] now requires not just changes at the endpoints, as originally envisioned by the Internet architecture, but also requires replacement or reconfiguration of middleboxes.
Indeed, one side effect of a Future Internet that seeks to enable large-scale encryption is the restoration of the end-to-end nature of the Internet by returning complex processing to the endpoints. Middleboxes cannot modify what they cannot see. While this would restore our ability to innovate at the transport layer, it would do so at the expense of the utility of the great variety of middleboxes deployed in the Internet: network address translators (NATs), firewalls and intrusion-prevention systems, cryptographic and TCP accelerators, caching proxies, content filters, load balancers, application-layer gateways (ALGs) and so on. Simply disabling these is not an option: they were deployed to solve real problems, and in many cases solving these problems within the network leads to significant advantages in ease of deployment and administration, reduction in cost, or other advantages over an endpoint-only solution. Some form of processing in the network by a middlebox is therefore an essential component for operators in any future Internet architecture.

However, accepting the ossification that we see today and work around it as we did so far is not an option either as innovation in new transport and application protocols is necessary due to emerging applications such as streaming video, videoconferencing, and the widespread deployment of services in the cloud. Existing protocols cannot efficiently provide many of the features these new applications need, and they cannot provide some required features at all.
The MAMI project seeks to restore balance among end-user privacy concerns in the face of pervasive surveillance, innovation in network protocols in the face of increasing ossification, and the provision of in-network functionality in a cooperative way.
Therefore, the goal of the MAMI project is to develop an incrementally-deployable Middlebox Cooperation Protocol (MCP) to restore innovation in the Internet by enabling the use of new protocols and protocol extensions together with ubiquitously deployed encryption based on a background of middlebox behaviour models, derived from large-scale measurements of middlebox impairments in the public Internet conducted on top of the FIRE+ MONROE testbed to provide a meaningful view of today’s ossification.
In summary, the MAMI project has three main objectives:
1. Large-scale Measurements of Deployed Middleboxes:
The MAMI project performs path transparency measurements in the Internet based on various testbeds including the FIRE+ MONROE testbed and will makes this data available for research and network operations purposes via Path Transparency Observatory operated by the project, with public access after the project’s first year. Further, the projects evaluates the collected measurement data to build maps of path impairments and ossification in the Internet, from which models of middlebox manipulation can be drawn.
2. An Architecture for Middlebox Cooperation:
Based on these middlebox models and selected use cases the MAMI project develops the design and specification of the MCP by which endpoints can expose intentions to middleboxes along a path and vice versa, to reduce the mismatched-assumption that leads to ossification. The MAMI project will focus on new methods that allow incremental deployment even in the presence of uncooperative middleboxes enabled by the embedding of the MCP into a Flexible Transport Layer (FTL).
3. Experimental Evaluation of Use Case Applicability and Deployability:
MAMI project will evaluate the deployability and benefits of the proposed solution(s) based on selected use cases by experimentally-driven research, again utilizing the FIRE+ MONROE testbed facilities. Experimentation with the mechanisms and protocol developed in the MAMI project is essential for successful deployment in the Internet. The use of the FIRE+ MONROE testbed allows MAMI to use a unified infrastructure both to measure middlebox impairments along paths in the Internet, as well as to experimentally verify the operation of our approaches to middlebox cooperation.
These three objectives complement each other, as measurement data on middlebox behaviour forms a basis for research into architectural approaches for middlebox cooperation as well as for testbed-based experimentation of its deployability.
The MAMI project is very active in standardization by providing input to current relevant work in different standardization bodies by driving new work related to the MCP mainly in the IETF, in existing working groups such as taps, tsvwg, and tcpm as well as potential new working groups, see acitivty on PLUS, and contributing to next generation standards by providing guidelines for middlebox vendors and operators deploying middleboxes, e.g. in the ETSI NFV Forum.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

During the reporting period (M1-M6), the technical work focused on measurement tool development and initial measurements of middlebox impairments to later inform middlebox modelling and protocol development as well as use case, requirements and an initial security analysis as a basis or the MCP design. As the measurement data will be made publicly available the project also already started to develop the data model for the Path Transparency Observatory and setup the needed infrastructure
More specifically, the MAMI project further developed the PATHspider active measurement tool for controlled experiments of path impairment, readying it for a public beta release in July 2016, and adding initial support for testing TCP Fast Open (TFO) usability along with ECN. A PATHspider measurement campaign for ECN negotiation and connectivity dependency was detailed in a MAMI blog post (see https://mami-project.eu/index.php/2016/06/13/70-of-popular-web-sites-support-ecn/) and a measurement campaign to evaluate TFO support and potential impairment is currently running.
The project also developed the Copycat tool for measuring differential treatment between UDP and TCP, key to understanding potential performance problems with MCP, and performed a large-scale measurement campaign on multiple testbeds such as PlantLab as well as utilizing cloud-based resources from commercial providers. These measurement were compared to measurement data retrieved from existing and new data from the RIPE Atlas platform and lead to a paper currently under submission.
Further, the project is continuing a large-scale survey of middlebox manipulation of IP and transport layer headers using Tracebox. Tracebox is a traceroute-based tool that allows the user to detect middleboxes on the path by identifying change in the packet utilizing the ICMP reply. Measurements were performed from a set of PlanetLab vantage points to a wide variety of destinations in the Internet.
Data from all three campaigns is being fed into observatory development. Partners generating data already have access to the observatory for data upload and analysis development. A public web frontend to query the observatory is currently under development and will be released by the end of the year.
To detect the presence of a specific type of middleboxes, namely Carrier Grade NATs (CGNs), which allow Internet providers to share the same public IPv4 address across multiple end users, a novel methodology, called NAT Revelio, was developed by the project. NAT Revelio determines from the end-user perspective the type of upstream network address translation, namely simple NAT at the Internet gateway in the home network (customer-grade NAT) or NAT inside the access network of the Internet service provider (Carrie Grade NAT). NAT Revelio implies a series of active measurements from the end-user home that the project performed using platform like BISmark, RIPE Atlas or FCC's Measuring Broadband America platform operated by SamKnows Ltd.
Further, the project selected a set of use cases as a basis for the MCP development. These use cases are Low Latency Support in Mobile Access Networks, Throughput Guidance for Congestion Management in Mobile Networks, Web Identity Translation (WIT) as a Network Service, and Multipath Bonding of Mobile and Fixed Network Capacity. Further details about these use cases as well as their analysis to derive functional requirements are published in deliverable D3.1. D3.1 also includes an initial threat analysis by identifying an attacker model and discusses different trust models in the relationships between the cooperating parties.
In addition to this work, the project analyzed features implemented by current transport protocols which provide input for the design of a new transport API that would be need with the use of the MCP as well as a more Flexible Transport Layer (FTL) design.
This work provided direct input in IETF standardization in the Transport Services (TAPS) working group and the organization of a Path Layer UDP Substrate (PLUS) Birth of a Feather (BoF) meeting.

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

The MAMI project has two major areas of impact: First, the development of a Middlebox Cooperation Protocol (MCP) as well as complementary protocols and protocol extensions to ensure middlebox traversal, which will increase the innovation potential in the Internet by enabling new services with social and commercial impact. Second, the creation of an open middlebox observatory and repository of information about the impact of middleboxes on traffic on a wide variety of paths through the Internet will provide a new source of data to guide transport protocol engineering decisions for the Internet community, as well as for network research and operations.
The deployment of a signaling protocol among diverse entities in the Internet can only be successful if the protocol specification is standardised in the Internet Engineering Task Force (IETF). The MAMI partner have been active in the IETF and Internet Research Task Force (IRTF) before and during this initial reporting period by chairing and contributing to the newly formed Measurement and Analysis for Protocols Research Group (MAPRG) as well as chairing and contributing to working groups relevant to the objectives of the MAMI project. This includes the Transport Services (taps), the TCP Maintenance and Minor Extensions (tcpm), and the Transport Area Working Group (tsvwg).
The results of the MAMI activities directly connected with NFV will constitute a valuable input to the standardization effort of the ETSI NFV ISG. The MAMI consortium is in a good position in this respect, as representatives of TID are currently chairing the ETSI NFV ISG Technical Steering Committee, and the Working Group on Testing, Experimentation and Open Source. In the other hand, some groups related to software-based networks, like the Mobile Edge Cloud (MEC) ISG at ETSI, are also targets for the standardization activities.
The Protocol Optimisation Project (POP) is a newly formed GSM Association (GSMA) working group. It is tasked to identify differences and possible impacts between mobile network implementations and IETF protocols. POP will look at the interaction between IETF protocols and 3rd Generation Partnership Project (3GPP) protocols in real deployments, defining and running a set of specific experiments. The collected data are of great importance for the definition of MCP. Nokia and TID are contributors to this working group.
Beside these standardization activities dissemination and communication with an industry audience are key for deployment and industry impact of the MCP. In this respect, measurement results of the MAMI project and the potential of the MCP to support transport-transparent measurements in future were presented at RIPE72, NetFutures, and conferences and workshop with high industrial participation such as ICIN’16 and the Cisco - Ecole Polytechnique Networking Innovation and Research Symposium.
Scientific publications and presentations of the MAMI project currently focus on measurements and measurement results. This dissemination activities mainly support MAMI’s second area of impact to generate and collect data on middlebox impairments found in the Internet and make these data publicly accessible via the Path Transparency Observatory. Several papers are currently under submission and parts of the data have already been presented at the IRTF MAPRG at IETF95, the RIPE MAT WG at RIP72 and the ACM, IRTF & ISOC Applied Networking Research Workshop (ANRW) 2016. These events are also used to engage with other projects and activities that perform Internet measurement that could be included into MAMI’s Path Transparency Observatory.
The MAMI project is engaging with the open source community by making information and code available over a MAMI GitHub and websites for specific tools and activities beyond the MAMI website. These include Tracebox, PATHspider, as well as ECN measurement results on the ecn.ethz.ch webpage. Current activities including announcements on twitter and blog posts on the MAMI webpage are focused on raising awareness. Future activities will also foster on more actively integrating other communities, e.g. by contributing code such as own PATHspider measurement plug-ins.

Related information

Record Number: 193072 / Last updated on: 2016-12-13