-
Challenges in Network Management of Encrypted Traffic
Authors:
Mirja Kühlewind,
Brian Trammell,
Tobias Bühler,
Gorry Fairhurst,
Vijay Gurbani
Abstract:
This paper summarizes the challenges identified at the MAMI Management and Measurement Summit (M3S) for network management with the increased deployment of encrypted traffic based on a set of use cases and deployed techniques (for network monitoring, performance enhancing proxies, firewalling as well as network-supported DDoS protection and migration), and provides recommendations for future use c…
▽ More
This paper summarizes the challenges identified at the MAMI Management and Measurement Summit (M3S) for network management with the increased deployment of encrypted traffic based on a set of use cases and deployed techniques (for network monitoring, performance enhancing proxies, firewalling as well as network-supported DDoS protection and migration), and provides recommendations for future use cases and the development of new protocols and mechanisms. In summary, network architecture and protocol design efforts should 1) provide for independent measurability when observations may be contested, 2) support different security associations at different layers, and 3) replace transparent middleboxes with middlebox transparency in order to increase visibility, rebalance control and enable cooperation.
△ Less
Submitted 22 October, 2018;
originally announced October 2018.
-
TCP SIAD: Congestion Control supporting High Speed and Low Latency
Authors:
Mirja Kuehlewind
Abstract:
Congestion control has been an open research issue for more than two decades. More and more applications with narrow latency requirements are emerging which are not well addressed by existing proposals. In this paper we present TCP Scalable Increase Adaptive Decrease (SIAD), a new congestion control scheme supporting both high speed and low latency. More precisely, our algorithm aims to provide hi…
▽ More
Congestion control has been an open research issue for more than two decades. More and more applications with narrow latency requirements are emerging which are not well addressed by existing proposals. In this paper we present TCP Scalable Increase Adaptive Decrease (SIAD), a new congestion control scheme supporting both high speed and low latency. More precisely, our algorithm aims to provide high utilization under various networking conditions, and therefore would allow operators to configure small buffers for low latency support. To provide full scalability with high speed networks, we designed TCP SIAD based on a new approach that aims for a fixed feedback rate independent of the available bandwidth. Further, our approach provides a configuration knob for the feedback rate. This can be used by a higher layer control loop to impact the capacity share, potentially at the cost of higher congestion, e.g. for applications that need a minimum rate.
We evaluated TCP SIAD against well-known high-speed congestion control schemes, such as Scalable TCP and High Speed TCP, as well as H-TCP that among other goals targets small buffers. We show that only SIAD is able to utilize the bottleneck with arbitrary buffer sizes while avoiding a standing queue. Moreover, we demonstrate the capacity sharing of SIAD depending on the configured feedback rate and a high robustness of TCP SIAD to non-congestion related loss.
△ Less
Submitted 23 December, 2016;
originally announced December 2016.
-
Using UDP for Internet Transport Evolution
Authors:
Korian Edeline,
Mirja Kühlewind,
Brian Trammell,
Emile Aben,
Benoit Donnet
Abstract:
The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's Q…
▽ More
The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's QUIC and the WebRTC data channel. The common assumption made by these approaches is that encapsulation over UDP works in the present Internet. This paper presents a measurement study to examine this assumption, and provides guidance for protocol design based on our measurements.
The key question is "can we run new transport protocols for the Internet over UDP?" We find that the answer is largely "yes": UDP works on most networks, and impairments are generally confined to access networks. This allows relatively simple fallback strategies to work around it. Our answer is based on a twofold methodology. First, we use the RIPE Atlas platform to basically check UDP connectivity and first-packet latency. Second, we deploy copycat, a new tool for comparing TCP loss, latency, and throughput with UDP by generating TCP-shaped traffic with UDP headers.
△ Less
Submitted 22 December, 2016;
originally announced December 2016.
