-
uTNT: Unikernels for Efficient and Flexible Internet Probing
Authors:
Maxime Letemple,
Gaulthier Gain,
Sami Ben Mariem,
Laurent Mathy,
Benoit Donnet
Abstract:
The last twenty years have seen the development and popularity of network measurement infrastructures. Internet measurement platforms have become common and have demonstrated their relevance in Internet understanding and security observation. However, despite their popularity, those platforms lack of flexibility and reactivity, as they are usually used for longitudinal measurements. As a consequen…
▽ More
The last twenty years have seen the development and popularity of network measurement infrastructures. Internet measurement platforms have become common and have demonstrated their relevance in Internet understanding and security observation. However, despite their popularity, those platforms lack of flexibility and reactivity, as they are usually used for longitudinal measurements. As a consequence, they may miss detecting events that are security or Internet-related. During the same period, operating systems have evolved to virtual machines (VMs) as self-contained units for running applications, with the recent rise of unikernels, ultra-lightweight VMs tailored for specific applications, eliminating the need for a host OS. In this paper, we advocate that measurement infrastructures could take advantage of unikernels to become more flexible and efficient. We propose uTNT, a proof-of-concept unikernel-based implementation of TNT, a traceroute extension able to reveal MPLS tunnels. This paper documents the full toolchain for porting TNT into a unikernel and evaluates uTNT performance with respect to more traditional approaches. The paper also discusses a use case in which uTNT could find a suitable usage. uTNT source code is publicly available on Gitlab.
△ Less
Submitted 7 May, 2024;
originally announced May 2024.
-
MSTG: A Flexible and Scalable Microservices Infrastructure Generator
Authors:
Emilien Wansart,
Maxime Goffart,
Justin Iurman,
Benoit Donnet
Abstract:
The last few years in the software engineering field has seen a paradigm shift from monolithic application towards architectures in which the application is split in various smaller entities (i.e., microservices) fueled by the improved availability and ease of use of containers technologies such as Docker and Kubernetes. Those microservices communicate between each other using networking technolog…
▽ More
The last few years in the software engineering field has seen a paradigm shift from monolithic application towards architectures in which the application is split in various smaller entities (i.e., microservices) fueled by the improved availability and ease of use of containers technologies such as Docker and Kubernetes. Those microservices communicate between each other using networking technologies in place of function calls in traditional monolithic software. In order to be able to evaluate the potential, the modularity, and the scalability of this new approach, many tools, such as microservices benchmarking, have been developed with that objective in mind. Unfortunately, many of these tend to focus only on the application layer while not taking the underlying networking infrastructure into consideration.
In this paper, we introduce and evaluate the performance of a new modular and scalable tool, MicroServices Topology Generator (MSTG), that allows to simulate both the application and networking layers of a microservices architecture. Based on a topology described in YAML format, MSTG generates the configuration file(s) for deploying the architecture on either Docker Composer or Kubernetes. Furthermore, MSTG encompasses telemetry tools, such as Application Performance Monitoring (APM) relying on OpenTelemetry. This paper fully describes MSTG, evaluates its performance, and demonstrates its potential through several use cases.
△ Less
Submitted 21 April, 2024;
originally announced April 2024.
-
Training Students' Abstraction Skills Around a CAFÉ 2.0
Authors:
Géraldine Brieven,
Lev Malcev,
Benoit Donnet
Abstract:
Shaping first year students' mind to help them master abstraction skills is as crucial as it is challenging. Although abstraction is a key competence in problem-solving (in particular in STEM disciplines), students are often found to rush that process because they find it hard and do not get any direct outcome out of it. They prefer to invest their efforts directly in a concrete ground, rather tha…
▽ More
Shaping first year students' mind to help them master abstraction skills is as crucial as it is challenging. Although abstraction is a key competence in problem-solving (in particular in STEM disciplines), students are often found to rush that process because they find it hard and do not get any direct outcome out of it. They prefer to invest their efforts directly in a concrete ground, rather than using abstraction to create a solution.
To overcome that situation, in the context of our CS1 course, we implemented a tool called CAFÉ 2.0. It allows students to actively and regularly practice (thanks to a longitudinal activity) their abstraction skills through a graphical programming methodology. Moreover, further than reviewing students' final implementation, CAFÉ 2.0 produces a personalized feedback on how students modeled their solution, and on how consistent it is with their final code. This paper describes CAFÉ 2.0 in a general setting and also provides a concrete example in our CS1 course context. This paper also assesses students' interaction with CAFÉ 2.0 through perception and participation data. Finally, we explain how CAFÉ 2.0 could extended in another context than a CS1 course.
△ Less
Submitted 18 September, 2023;
originally announced September 2023.
-
All that Glitters is not Bitcoin -- Unveiling the Centralized Nature of the BTC (IP) Network
Authors:
Sami Ben Mariem,
Pedro Casas,
Matteo Romiti,
Benoit Donnet,
Rainer Stütz,
Bernhard Haslhofer
Abstract:
Blockchains are typically managed by peer-to-peer (P2P) networks providing the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure, geographically spread across multiple nodes. The Bitcoin (BTC) blockchain is by far the most well known DLT, used to record transactions among peers, based on the BTC digital currency. In this paper, w…
▽ More
Blockchains are typically managed by peer-to-peer (P2P) networks providing the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure, geographically spread across multiple nodes. The Bitcoin (BTC) blockchain is by far the most well known DLT, used to record transactions among peers, based on the BTC digital currency. In this paper, we focus on the network side of the BTC P2P network, analyzing its nodes from a purely network measurements-based approach. We present a BTC crawler able to discover and track the BTC P2P network through active measurements, and use it to analyze its main properties. Through the combined analysis of multiple snapshots of the BTC network as well as by using other publicly available data sources on the BTC network and DLT, we unveil the BTC P2P network, locate its active nodes, study their performance, and track the evolution of the network over the past two years. Among other relevant findings, we show that (i) the size of the BTC network has remained almost constant during the last 12 months - since the major BTC price drop in early 2018, (ii) most of the BTC P2P network resides in US and EU countries, and (iii) despite this western network locality, most of the mining activity and corresponding revenue is controlled by major mining pools located in China. By additionally analyzing the distribution of BTC coins among independent BTC entities (i.e., single BTC addresses or groups of BTC addresses controlled by the same actor), we also conclude that (iv) BTC is very far from being the decentralized and uncontrolled system it is so much advertised to be, with only 4.5% of all the BTC entities holding about 85% of all circulating BTC coins.
△ Less
Submitted 19 February, 2020; v1 submitted 24 January, 2020;
originally announced January 2020.
-
Implementation of IOAM for IPv6 in the Linux Kernel
Authors:
Justin Iurman,
Benoit Donnet,
Frank Brockners
Abstract:
In-situ Operations, Administration, and Maintenance (IOAM) is currently under standardization at the IETF. It allows for collecting telemetry and operational information along a path, within the data packet, as part of an existing (possibly additional) header. This paper discusses the very first implementation of IOAM for the Linux kernel with IPv6 as encapsulation protocol. We also propose a firs…
▽ More
In-situ Operations, Administration, and Maintenance (IOAM) is currently under standardization at the IETF. It allows for collecting telemetry and operational information along a path, within the data packet, as part of an existing (possibly additional) header. This paper discusses the very first implementation of IOAM for the Linux kernel with IPv6 as encapsulation protocol. We also propose a first preliminary evaluation of our implementation under a controlled environment. Our IOAM implementation is available as open source.
△ Less
Submitted 20 August, 2019;
originally announced August 2019.
-
mmb: Flexible High-Speed Userspace Middleboxes
Authors:
Korian Edeline,
Justin Iurman,
Cyril Soldani,
Benoit Donnet
Abstract:
Nowadays, Internet actors have to deal with a strong increase in Internet traffic at many levels. One of their main challenge is building high-speed and efficient networking solutions. In such a context, kernel-bypass I/O frameworks have become their preferred answer to the increasing bandwidth demands. Many works have been achieved, so far, all of them claiming to have succeeded in reaching line-…
▽ More
Nowadays, Internet actors have to deal with a strong increase in Internet traffic at many levels. One of their main challenge is building high-speed and efficient networking solutions. In such a context, kernel-bypass I/O frameworks have become their preferred answer to the increasing bandwidth demands. Many works have been achieved, so far, all of them claiming to have succeeded in reaching line-rate for traffic forwarding. However, this claim does not hold for more complex packet processing. In addition, all those solutions share common drawbacks on either deployment flexibility or configurability and user-friendliness.
This is exactly what we tackle in this paper by introducing mmb, a VPP middlebox plugin. mmb allows, through an intuitive command-line interface, to easily build stateless and stateful classification and rewriting middleboxes. mmb makes a careful use of instruction caching and memory prefetching, in addition to other techniques used by other high-performance I/O frameworks. We compare mmb performance with other performance-enhancing middlebox solutions, such as kernel-bypass framework, kernel-level optimized approach and other state-of-the-art solutions for enforcing middleboxes policies (firewall, NAT, transport-level engineering). We demonstrate that mmb performs, generally, better than existing solutions, sustaining a line-rate processing while performing large numbers of complex policies.
△ Less
Submitted 25 April, 2019;
originally announced April 2019.
-
TNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Authors:
Yves Vanaubel,
Jean-Romain Luttringer,
Pascal Mérindol,
Jean-Jacques Pansiot,
Benoit Donnet
Abstract:
Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect topological data in order to infer the Internet topology at a given scale (e.g., at the router or the AS level). However, traceroute comes with multiple limitations, in particular with layer-2 clouds suc…
▽ More
Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect topological data in order to infer the Internet topology at a given scale (e.g., at the router or the AS level). However, traceroute comes with multiple limitations, in particular with layer-2 clouds such as MPLS that might hide their content to traceroute exploration. Thus, the resulting Internet topology data and models are incomplete and inaccurate.
In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing most (if not all) MPLS tunnels along a path. TNT works in two basic stages. First, along with traceroute probes, it looks for evidences of the potential presence of hidden tunnels. Those evidences are surprising patterns in the traceroute output, e.g., abrupt and significant TTL shifts. Second, if alarms are triggered due to the presence of such evidences, TNT launches additional and dedicated probing for possibly revealing the content of the hidden tunnel. We validate TNT through emulation with GNS3 and tune its parameters through a dedicated measurement campaign. We also largely deploy TNT on the Archipelago platform and provide a quantification of tunnels, updating so the state of the art vision of MPLS tunnels. Finally, TNT and its validation platform are fully and publicly available, as well as the collected data and scripts used for processing data.
△ Less
Submitted 22 February, 2019; v1 submitted 29 January, 2019;
originally announced January 2019.
-
Using UDP for Internet Transport Evolution
Authors:
Korian Edeline,
Mirja Kühlewind,
Brian Trammell,
Emile Aben,
Benoit Donnet
Abstract:
The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's Q…
▽ More
The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's QUIC and the WebRTC data channel. The common assumption made by these approaches is that encapsulation over UDP works in the present Internet. This paper presents a measurement study to examine this assumption, and provides guidance for protocol design based on our measurements.
The key question is "can we run new transport protocols for the Internet over UDP?" We find that the answer is largely "yes": UDP works on most networks, and impairments are generally confined to access networks. This allows relatively simple fallback strategies to work around it. Our answer is based on a twofold methodology. First, we use the RIPE Atlas platform to basically check UDP connectivity and first-packet latency. Second, we deploy copycat, a new tool for comparing TCP loss, latency, and throughput with UDP by generating TCP-shaped traffic with UDP headers.
△ Less
Submitted 22 December, 2016;
originally announced December 2016.
-
Retouched Bloom Filters: Allowing Networked Applications to Flexibly Trade Off False Positives Against False Negatives
Authors:
Benoit Donnet,
Bruno Baynat,
Timur Friedman
Abstract:
Where distributed agents must share voluminous set membership information, Bloom filters provide a compact, though lossy, way for them to do so. Numerous recent networking papers have examined the trade-offs between the bandwidth consumed by the transmission of Bloom filters, and the error rate, which takes the form of false positives, and which rises the more the filters are compressed. In this…
▽ More
Where distributed agents must share voluminous set membership information, Bloom filters provide a compact, though lossy, way for them to do so. Numerous recent networking papers have examined the trade-offs between the bandwidth consumed by the transmission of Bloom filters, and the error rate, which takes the form of false positives, and which rises the more the filters are compressed. In this paper, we introduce the retouched Bloom filter (RBF), an extension that makes the Bloom filter more flexible by permitting the removal of selected false positives at the expense of generating random false negatives. We analytically show that RBFs created through a random process maintain an overall error rate, expressed as a combination of the false positive rate and the false negative rate, that is equal to the false positive rate of the corresponding Bloom filters. We further provide some simple heuristics and improved algorithms that decrease the false positive rate more than than the corresponding increase in the false negative rate, when creating RBFs. Finally, we demonstrate the advantages of an RBF over a Bloom filter in a distributed network topology measurement application, where information about large stop sets must be shared among route tracing monitors.
△ Less
Submitted 1 December, 2006; v1 submitted 9 July, 2006;
originally announced July 2006.
-
Implementation and Deployment of a Distributed Network Topology Discovery Algorithm
Authors:
Benoit Donnet,
Bradley Huffaker,
Timur Friedman,
kc claffy
Abstract:
In the past few years, the network measurement community has been interested in the problem of internet topology discovery using a large number (hundreds or thousands) of measurement monitors. The standard way to obtain information about the internet topology is to use the traceroute tool from a small number of monitors. Recent papers have made the case that increasing the number of monitors wil…
▽ More
In the past few years, the network measurement community has been interested in the problem of internet topology discovery using a large number (hundreds or thousands) of measurement monitors. The standard way to obtain information about the internet topology is to use the traceroute tool from a small number of monitors. Recent papers have made the case that increasing the number of monitors will give a more accurate view of the topology. However, scaling up the number of monitors is not a trivial process. Duplication of effort close to the monitors wastes time by reexploring well-known parts of the network, and close to destinations might appear to be a distributed denial-of-service (DDoS) attack as the probes converge from a set of sources towards a given destination. In prior work, authors of this report proposed Doubletree, an algorithm for cooperative topology discovery, that reduces the load on the network, i.e., router IP interfaces and end-hosts, while discovering almost as many nodes and links as standard approaches based on traceroute. This report presents our open-source and freely downloadable implementation of Doubletree in a tool we call traceroute@home. We describe the deployment and validation of traceroute@home on the PlanetLab testbed and we report on the lessons learned from this experience. We discuss how traceroute@home can be developed further and discuss ideas for future improvements.
△ Less
Submitted 21 March, 2006; v1 submitted 16 March, 2006;
originally announced March 2006.
-
Efficient Algorithms for Large-Scale Topology Discovery
Authors:
Benoit Donnet,
Philippe Raoult,
Timur Friedman,
Mark Crovella
Abstract:
There is a growing interest in discovery of internet topology at the interface level. A new generation of highly distributed measurement systems is currently being deployed. Unfortunately, the research community has not examined the problem of how to perform such measurements efficiently and in a network-friendly manner. In this paper we make two contributions toward that end. First, we show tha…
▽ More
There is a growing interest in discovery of internet topology at the interface level. A new generation of highly distributed measurement systems is currently being deployed. Unfortunately, the research community has not examined the problem of how to perform such measurements efficiently and in a network-friendly manner. In this paper we make two contributions toward that end. First, we show that standard topology discovery methods (e.g., skitter) are quite inefficient, repeatedly probing the same interfaces. This is a concern, because when scaled up, such methods will generate so much traffic that they will begin to resemble DDoS attacks. We measure two kinds of redundancy in probing (intra- and inter-monitor) and show that both kinds are important. We show that straightforward approaches to addressing these two kinds of redundancy must take opposite tacks, and are thus fundamentally in conflict. Our second contribution is to propose and evaluate Doubletree, an algorithm that reduces both types of redundancy simultaneously on routers and end systems. The key ideas are to exploit the tree-like structure of routes to and from a single point in order to guide when to stop probing, and to probe each path by starting near its midpoint. Our results show that Doubletree can reduce both types of measurement load on the network dramatically, while permitting discovery of nearly the same set of nodes and links. We then show how to enable efficient communication between monitors through the use of Bloom filters.
△ Less
Submitted 7 November, 2004;
originally announced November 2004.