Skip to main content

Measurement and Architecture for a Middleboxed Internet

Periodic Reporting for period 3 - MAMI (Measurement and Architecture for a Middleboxed Internet)

Reporting period: 2017-07-01 to 2018-12-31

Revelations about large-scale pervasive surveillance of Internet traffic have led to a rapidly expanding deployment of encryption in order to protect end-user privacy. At the same time, network operators rely increasingly on the use of in-network functionality provided by middleboxes and network function virtualization (NFV) approaches to improve network operations and management, and to provide additional value for their customers. Middleboxes providing these performance enhancements as well as security functions rely on information that is available today in protocol headers in clear. E.g. monitoring functions for troubleshooting heavily reply on TCP header information for the estimation of basic metrics such as loss and Round-Trip Time (RTT). However, using this information has led to ossification which makes it difficult to deploy new protocols or protocol extension at each layer and as such hinders evolution and innovation in the Internet.

Indeed, one side effect of a future Internet that seeks to enable large-scale encryption is the restoration of the end-to-end nature of the Internet. Middleboxes cannot use or even modify what they cannot see. While this restores our ability to innovate at the transport layer, it would do so at the expense of the utility of the great variety of middleboxes deployed in the Internet: network address translators (NATs), firewalls and intrusion-prevention systems, cryptographic and TCP accelerators, caching proxies, content filters, load balancers, application-layer gateways (ALGs) and so on. Simply disabling these is not an option: they were deployed to solve real problems, and in many cases solving these problems within the network leads to significant advantages in ease of deployment and administration, reduction in cost, or other advantages over an endpoint-only solution.

The MAMI project seeks to restore balance among end-user privacy concerns in the face of pervasive surveillance, innovation in network protocols in the face of increasing ossification, and the provision of in-network functionality in a cooperative way. To achieve these goals, the MAMI project developed explicit mechanisms for Middlebox Cooperation. The project mainly focused on three important use cases: support of network monitoring by providing traffic metrics for e.g. latency and loss, such as the Spin Bit for QUIC, mechanisms for MTU discovery in different protocol and layers, such as based on UDP options or IPv6 Hop-by-hop options, and low latency support as well as throughput guidance in mobile networks. The approach taken by the MAMI project is is data-driven based on measurements of middlebox behavior in the public Internet. To detect middlebox impairments, the MAMI project developed and maintains several measurement tools, such as PATHspider and tracebox. Further, the Path Transparency Observatory (PTO) provides access to an easy to consume view of the observed conditions that were derived from of this measurement data, aiming to enable a meaningful view of today's ossification to protocol developers and operators.
The project has developed PATHspider, an active measurement tool for A/B testing of path transparency. Measurement data collected with PATHspider as well as other tools such as tracebox are stored in the Path Transparency Observatory (PTO). Findings on middlebox impairments formed the basis for the development of a middlebox policy taxonomy and an VPP-based middlebox simulator for experimentation and testing of middlebox cooperation schemes. Further, the large set of measurements that where performed continuously during the project's run time, also provided input to the design and development process for various middlebox cooperation schemes, such as the Spin Bit, UDP Options, or LoLa tradeoff signalling.

The MAMI project is very active in standardisation with a focus on transport protocol work in the IETF. E.g. the project proposed and evaluated the Spin Bit which is now part of the specification of the new IETF QUIC transport protocol. In addition other middlebox cooperation schemes such as based on UDP option have been evaluated by the project providing valuable contributions to standardization and industry in various fora. In addition, the project work on managebility and security analysis of such schemes lead to the publication of a series of three white papers for industry dissemination of project results and finding during and beyond the project's run time.

In additional, the project essentially contributed to a new, protocol-independent socket API, that is under standarisation in the IETF, which enables the transport stack to support the selection of an appropriate protocol stack that has most chances to successfully connect to the other end at a time. This supports not only deployment of completely new and encrypted protocols such as QUIC but also speeds up incremental deployment of middlebox cooperation mechanisms in existing protocols and as such development and deployment of transport mechanisms that make the transport stack more flexible and scalable.
Interactions with industry and standardization groups, e.g. through the M3S workshop organized by the project, identified the importance of operational support for in-network measurement in the face of Internet traffic using ubiquitous encryption. Respectively, the MAMI project provided input to relevant work in different standardization bodies such as the IETF (quic, taps, tavwg, tcpm, acme, tls), ETSI (NFV ISG, TC CYBER), GSMA, IEEE (ETI WG), as well as the IRTF (establishment and chairing of maprg and panrg). A large part of the project's standardization efforts is focused on on-going work in the IETF in order to support in-network measurement (in QUIC but also in tcpm and tsvwg), the development of new schemes for MTU discovery using UDP options (tsvwg) and IPv6 HBH option (6man), mechanisms to support low latency (tsvwg), support of short-term certificates (acme), and in-network state management e.g using a DTLS connection ID (tls). Further, the industrial partners have identified NFV and cloud-based services that can apply the project's results and finding on middlebox cooperation approaches. MAMI results are being considered for application to mobile edge and core as well as Software Defined Networking (SDN)-based network management approaches. The collaboration with industry associations like GSMA is an important argument for these activities, and the partners keep leveraging dissemination activities at industrial events, dissemination in form of white papers targeted at an industry audience, as well as social media to increase internal impact in business units as well as external impact in cooperation with other industry partners.

The project has also contributed to the wider research community through continuous publications, participation in conferences, workshops, an other events, as well as organization of multiple of such events, e.g. two MNM workshops, the RCM SIGCOMM tutorial, and a summer school. The academic partners have incorporated MAMI results in their research portfolios, used these results for advanced teaching, and involved students in the research work conducted in the project. The measurement tools developed by the project will be maintained beyond the end of the project, supporting the research community as a whole.