The Internet is a dynamic system that continuously evolves. This evolution can be observed from several vantage points. A recent article, entitled Five Years at the Edge: Watching Internet from the ISP Network and co-authored by Martino Trevisan and his colleagues from Politechnico di Torino provides an unusual and very interesting perpective on the evolution of Internet traffic. This paper was presented last week at the Conext’2018 and can be downloaded from the conference program page
Networking students can learn a lot about Internet protocols by analyzing how they are actually deployed. For several years, Computer Science students at UCLouvain have analyzed different websites within their introductory networking course. This project considers several key Internet protocols, DNS, HTTP, TLS and TCP. In this post, we briefly analyze how TCP is used on some web sites as a starting point for these students.
Networking students can learn a lot about Internet protocols by analyzing how they are actually deployed. For several years, Computer Science students at UCLouvain have analyzed different websites within their introductory networking course. This project considers several key Internet protocols, DNS, HTTP, TLS and TCP. In this post, we briefly analyze how TLS is used on some websites as a starting point for these students.
Networking students can learn a lot about Internet protocols by analyzing how they are actually deployed. For several years, Computer Science students at UCLouvain have analyzed different websites within their introductory networking course. This project considers several key Internet protocols, DNS, HTTP, TLS and TCP. In this post, we briefly analyze how HTTP is used on some websites as a starting point for these students.
The Border Gateway Protocol (BGP) is an important protocol in today’s
Internet. As such, it is part of the standard networking textbooks. At
UCLouvain, timing constraints force me to
explain BGP in two different courses. The students learn the basics
of external BGP within the introductory networking course that is
mandatory for all CS students. We mainly cover routing policies
(customer provider and shared-cost peerings) and the basics of eBGP
with the utilisation of the AS-Path and the
attribute. Some students register for the advanced networking
course that covers BGP in more details, MPLS, VPNs, multicast and
other advanced topics.
During the last summer, we brainstormed about new types of exercises that could help students to better understand different networking topics. For these new exercices, we wanted to leverage the INGINIOUS code grading platform that is being developed at UCLouvain. The UDP socket and TCP socket exercises are good examples of the benefits of a flexible code grading platform like INGINIOUS.
During their first networking course, each CS student at UCLouvain writes a four-pages report that analyses the organisation of a popular web site and the optimisations or sometimes the errors that the maintainers of this website have made when configuring their DNS, HTTP, TLS or protocols TCP. This project lasts one month and the students receive every week guidelines and suggestions on how to carry their analysis. Here are a few examples which can be used to bootstrap the DNS analysis of such a website.
A growing fraction of our webservers are now reachable via
https instead of
http. With the
http scheme, all the information is transported in plain, including the HTTP headers, cookies, web pages and other sensitive information. For many years,
https, which combines
http with Transport Layer Security, has been restricted to sensitive web sites such as those that require a password or e-commerce. During the last five years, the deployment of
https changed significantly. Today, Mozilla’s telemetry reports that roughly 80% of the webpages downloaded by firefox users are served over
The TCP Timestamp option was proposed in RFC1323 in 1992 at the same time as the Window Scale option. There were two motivations for the initial TCP Timestamp option : improving round-trip-time estimation and protecting agains wrapped sequence numbers (PAWS). By adding timestamps to each packets, it becomes easier to estimate round-trip-times, especially when packets are lost because retransmissions of a packet carry different timestamps. The PAWS mechanism is less well understood. It is a direct consequence of the utilisation of 32 bits sequence numbers in TCP. TCP RFC793 was designed under the assumption that the IP layer guarantees that a packet will not live in the network for more than 2 minutes (the Maximum Segment Lifetime). TCP’s reliable transmission can be guaranteed provided that it does not use the same sequence number for different packets within MSL seconds. In 1981, with 32 bits sequence numbers, nobody thought that reusing the same sequence number over 2 minutes would become a problem. Today, this is a reality, even in wide area networks. PAWS RFC7323 solves this problem by using timestamps to detects spurious packets and prevent from problems where old packets are delayed within MSL seconds. It took more than a decade to reach a significant deployment of RFC1323.
In a previous post, we have described a first INGINIOUS exercise that enables students to check their understanding of the utilisation of the socket API with UDP. This API is more frequently used to interact with TCP. Interacting correctly with TCP is more challenging than interacting correctly with UDP. As TCP provides a reliable, connection-oriented, bystream service, there are several subtleties that the students need to consider to write code that interacts correctly with the TCP socket API.
Created in the early days of the TCP/IP protocol suite, the socket API remains the standard low-level API to interact with the underlying networking stack. Despite its age, it remains widely used and most networking students are exposed to it during their studies. Although more recent languages and higher-level APIs can simplify the interactions between applications and the networking stack, it remains important for students to understand its operation. At UCLouvain, we aks the students to write a simple transport protocol in C over UDP. This enables them to understand how to parse packets, but also how to manage timers and how to interact with the socket API.
Dropbox is a very popular file sharing service. Many users rely on its infrastructure to store large files, perform backups or share files. Like other commercial services such as Apple’s iCloud or Microsoft’s OneDrive, Dropbox uses a proprietary protocol to exchange information between client applications and its servers. The most detailed description of Dropbox’s protocol was published in Inside Dropbox: Understanding Personal Cloud Storage Services. This paper appeared in 2012 and it is unfortunately very likely that Dropbox’s protocols and architecture have evolved since then.
Various types of carreers are possible in the networking business. Some develop new applications, others deploy network services or manage enterprise networks. Most of the people who are active in the field work in established organisations that already have a running network. Some decide to create their own business or their own company. The same happens when considering Internet Service Providers. Most of the existing ISPs were created almost twenty years ago. While it is more difficult to launch an ISP business today that when the Internet was booming, there are still new ISPs that are created from scratch. In a series of two blog posts, Chris Hacken discusses many of the technical bareers that exist in this type of businesses. There are very few documents that describe those business, practical and operational issues.
A recent post on twitter shared a Swedish website that briefly describes how to disable IPv4 on Windows (see below), Linux and MacOS.
When IP routers forward packets, they inspect their destination address to determine the outgoing interface or the next step router towards the packet’s destination. Given this, a simple router does not need to look at the source address of the packets. The source address is mainly used by the destination to send the return packets or by intermediate routers to generate ICMP messages when problems are detected. This assumption was true in the the early days of the Internet and most routers only looked at destination addresses.
Internet protocols continue to be used in a variety of scenarios that go beyond the initial objectives of the TCP/IP protocol suite. Two recent scientific articles provide an insight at the performance of TCP/IP in challenging environments.
The Domain Name System is one on the venerable Internet protocols like IP or TCP. For performance reasons, the DNS protocol is usually used on top of UDP. This enables clients to send their DNS request in a single message to which the servers reply in a single message as well. Both the request and the response are sent in plain text, which raises obvious security and privacy concerns. Many of these are documented in RFC7626. In a recent Usenix Security article, B. Liu et al. revealed that 259 of the 3,047 ASes where they could perform measurements used some form of DNS interception. The IETF has explored several solutions to secure the information exchanged between DNS clients and servers. RFC7858 and [RFC8310] have specified solutions to transport DNS over TLS and DTLS. Some public resolvers already support these extensions. Apparently, Android P also supports it. Geoff Huston published an interesting blog post that compares different DNS securisation techniques.
There are many ways to wire Ethernet networks. When students create simple labs with a few cables and a few switches and a few hosts, they simply plug any suitable cable and run their experiment. In real networks, a good wiring strategy can help to avoid lots of problems and lost time debugging those problems.
Networks are composed of cables and equipment whose normal utilisation is sometimes disrupted by animals that view them from a different angle than humans. Fiber optic cables that are laid under the sea to connect continents attract a variety of animals. Sharks can be attracted by the shape of the cable or the magnetic fields that they emit. One of these cable biting sharks has even been stopped by under the sea surveillance cameras…
Internet protocols have traditionally been clear-text protocols and many protocols like SMTP or HTTP could be tested by using a simple telnet session. This feature was very handy when testing or debugging protocol implementations. However, it is difficult to implement a correct parser for plaintext protocols and many of these parsers have suffered from bugs. Binary protocols have a more precise syntax and are thus easier to parse at least if they do not contain lots of extensibility. All Internet security protocols including IPSec, TLS or ssh are binary protocols. With the Snowden revelations, the IETF has strongly encouraged the utilisation of security protocols to counter pervasive monitoring as explained in RFC7258.
Despite its age, TCP continues to evolve and the existing TCP implementations continue to be improved. Some recent blog posts provide useful information about the evolution of TCP in the wild.
There is a wide variety of file systems that store files on remote servers. NFS is very popular in the Unix world while Samba allows Windows clients to store files on Unix servers. Besides those regular file systems, some networkers have developed special file systems that use or abuse popular Internet protocols. A first example is pingfs, a filesystem that relies on ICMP request/response packets sent by the popular ping software to “store” information inside the network itself. To store a file, pingfs needs to split it in packets that are sent on a regular basis to remote hosts that return ICMP messages. This file is then “stored” as packets that are flying through the network but the entire file does not reside on a disk somewhere.
Students have sometimes difficulties to understand how IPv6 static routes work. A typical exam question to check their ability at understanding IPv6 static routes is to prepare a simple network containing static routes that have been incorrectly specified. Here is a simple IPMininet example network with four routers and two hosts:
IPMininet supports various routing protocols. In this post, we use it to study how the Border Gateway Protocol operates in a simple network containing only BGP routers. Our virtual lab contains four routers and four hosts:
Ethernet remains the mostly widely used LAN technology. Since the invention of Ethernet in the early 1970s, the only part of the specification that remains unchanged is the format of the addresses. Ethernet was the first Local Area Network technology to introduce 48 bits long addresses. These addresses, sometimes called MAC addresses, are divided in two parts. The high order bits contain an Organisation Unique Identifier which identifies a company or organisation. Any organisation can register a OUI from which it can allocate Ethernet addresses. Most OUIs identify companies selling networking equipment, but there are a few exceptions.
In this post, we continue our exploration of using IPMininet to prepare exercises that enable students to discover IPv6 routing. Our focus is now on OSPFv3 defined in RFC5340. We consider a simple network that contains four routers and two hosts. The network is created by the ospfv3_example.py script from the Routing Examples project.
In a previous post we have shown that IPMininet can be used to develop exercises that enable students to explore how IPv6 routers forward packets. We used a simple example with only three routers and very simple static routes. In this post, we build a larger network and introduce different static routes on the main routers. Our IPMininet network contains two hosts and five routers.
Link local addresses play an important role in IPv6 since they enable hosts that are attached to the same subnet to directly exchange packets without requiring any configuration. When an IPv6 host or router boots, the first thing that it tries to do is to create a link-local address for each of its interfaces. It is interesting to observe how those link-local addresses are used in a very simple network.
When I discovered Unix as a student, one of its most impressive features was
the availability of the entire documentation through the
man command. Compared with the other computers that I had use before, this online and searchable
documentation was a major change. These Unix computers were also connected to
the Internet, but the entire university had a few tens of kilobits per second of bandwidth and the Internet was not as interactive as it is today.
When students discover IPv6, they usually start playing with static routes to understand how routing tables are built. At UCL, we’ve used a variety of techniques to let the students understand routing tables. A first approach is to simply use the blackboard and let the students analyse routing tables and explain how packets will be forwarded in a given network. This works well, but students often ask for additional exercises to practice before the exam. Another approach is to use netkit. netkit was designed by researchers at Roma3 University as an experimental learning tool. It relies on User Mode Linux to run a Linux kernels as processes on a virtual machine. Several student labs were provided by the netkit authors. We have used it in the past, but the project does not seem to make progress anymore. A third approach is to use Mininet. Mininet is an emulation framework developed at Stanford University that leverages the namespaces features of recent Linux kernel. With those features, a single Linux kernel can support a variety of routers and hosts interconnected by virtual links. Mininet has been used by various universities as an educational tool, but unfortunately it was designed with IPv4 in mind while Computer Networking : Principles, Protocols and Practice has been focussed on IPv6.
TCP’s initial congestion window is a key performance factor for short TCP connections. For many years, the initial value of the congestion window was set to less than two segments RFC2581. In 2002, RFC3390 proposed to increase this value up to 4 segments. This conservative value was a compromise between a fast startup of the TCP connection and preventing congestion collapse. In 2010, Nandita Dukkipati and her colleagues argued in An Argument for Increasing TCP’s Initial Congestion Window for increasing this initial value and demonstrated its benefits on google servers. After the publication of this article, and a patch to include this modification in the Linux kernel, it took only three years for the IETF to adopt the change in RFC6928.
IPv4 has been a huge success that goes beyond the dreams of its inventors. However, the IPv4 addressing space is far too small to cope with all the needs for Internet connected hosts. IPv6 is slowly replacing IPv4 and deployment continues. The plot below shows the growth in the number of IPv6 browsers worldwide.
TCP is an extensible protocol. Since the publication of RFC793, various TCP extensions have been proposed, specified and eventually deployed. When looking at the deployment of TCP extensions, one needs to distinguish between the extensions that provide benefits once implemented on senders and receivers and the implementations that need to be supported by both client and servers to be actually used.
Fiber optics play a key role in Wide Area Networks. With very small exceptions, most of the links that compose WANs are composed of optical fibers. As the demand for bandwidth continues to grow, network operators and large cloud companies continue to deploy new optical fiber links, both on the ground and accross the oceans. The latest announcement came from Microsoft and Facebook. Together, they have commissioned a new fiber optical link between Virginia Beach, Virginia (USA) and Bilbao, Spain. The landing points chosen for this fiber are a bit unusual since many of the fiber optic cables that cross the Atlantic Ocean land in the UK for obvious geographical reasons. This new cable brings 160 Terabits/sec of capacity and adds diversity to the fiber routes between America and Europe. This diveristy is beneficial against unexpected failures but also against organisations that captures Internet traffic by tapping optical fibers as revealed by Edward Snowden.
Pretty Good Privacy, released in 1991, was probably one of the first software packages to make public-key cryptography available for regular users. Until then, crytography was mainly used by banks, soldiers and researchers. Public-key cryptography is a very powerful technique that plays a key role in securing the Internet. Despite of its importance, we still face issues to deploy it to all Internet users. The recent release of Adobe security team’s private key on a public web page is one example of this difficulty, but by far not the only one.
Networking education has changed a lot during the last twenty years. When a was still a student, before the invention of the web, students learned most from the explanations of their professors and teachning assistants. Additional information was available in scientific librairies, but few students could access it. Today’s students live in a completely different world. Computer networks and the Internet in particular have completely changed our society. Students have access to much more information that I could imagine when I was a student. Wikipedia provides lots of useful information, Internet drafts, RFCs and many scientific articles and open-source software are within the reach of all students provided that they understand the basics that enable them to navigate through this deluge of information.
The web was designed in the 20th century as a decentralised technique to freely share information. The initial audience for the web protocols were scientific researchers who needed to share scientific documents. HTTP was designed as a stateless protocol and Netscape added HTTP cookies to ease e-commerce. These cookies play a crucial role in today’s ad-supported Internet. They have also enabled companies like Google or Facebook to collect huge amount of data about the browsing habits of almost all Internet users in order to deliver targeted advertisements.
A recent study released by Adobe provides many data points about the utilisation of mobile devices (smartphones, tablets) to access websites.
IPv6 is used for a variety of services. Wireless mesh networks are networks were routers use wireless links between themselves. This blog post describes such a large mesh network and provides several experiments conducted over it.