research-article

A middlebox-cooperative TCP for a non end-to-end internet

Authors:

Robert Beverly,

Mark AllmanAuthors Info & Claims

ACM SIGCOMM Computer Communication Review, Volume 44, Issue 4

Pages 151 - 162

https://doi.org/10.1145/2740070.2626321

Published: 17 August 2014 Publication History

Abstract

Understanding, measuring, and debugging IP networks, particularly across administrative domains, is challenging. One particularly daunting aspect of the challenge is the presence of transparent middleboxes---which are now common in today's Internet. In-path middleboxes that modify packet headers are typically transparent to a TCP, yet can impact end-to-end performance or cause blackholes. We develop TCP HICCUPS to reveal packet header manipulation to both endpoints of a TCP connection. HICCUPS permits endpoints to cooperate with currently opaque middleboxes without prior knowledge of their behavior. For example, with visibility into end-to-end behavior, a TCP can selectively enable or disable performance enhancing options. This cooperation enables protocol innovation by allowing new IP or TCP functionality (e.g., ECN, SACK, Multipath TCP, Tcpcrypt) to be deployed without fear of such functionality being misconstrued, modified, or blocked along a path. HICCUPS is incrementally deployable and introduces no new options. We implement and deploy TCP HICCUPS across thousands of disparate Internet paths, highlighting the breadth and scope of subtle and hard to detect middlebox behaviors encountered. We then show how path diagnostic capabilities provided by HICCUPS can benefit applications and the network.

References

[1]

ABI. Enterprise network and data security spending shows remarkable resilience, Jan. 2011. http://goo.gl/E5Unmb.

[2]

M. Allman. Comments on Selecting Ephemeral Ports. SIGCOMM Comput. Commun. Rev., 39(2):13--19, Mar. 2009.

Digital Library

[3]

Anonymous. Private communication, 2011.

[4]

A. Appleby. MurmurHash 3.0, 2011.

[5]

F. Baker. Requirements for IPv4 routers. RFC 1812, 1995.

Digital Library

[6]

S. Bauer, R. Beverly, and A. Berger. Measuring the State of ECN Readiness in Servers, Clients, and Routers. In Proceedings of the ACM SIGCOMM IMC, pages 171--180, Nov. 2011.

Digital Library

[7]

P. Biondi. Scapy. http://goo.gl/aTHPX8.

[8]

A. Bittau, M. Hamburg, M. Handley, D. Maziéres, and D. Boneh. The case for ubiquitous transport-level encryption. In Proc. of the USENIX Security Symposium, Aug. 2010.

Digital Library

[9]

B. Carpenter and S. Brim. Middleboxes: Taxonomy and issues. RFC 3234, Feb. 2002.

Digital Library

[10]

P. Chiflier. nfqueue-bindings. http://goo.gl/00mFi9.

[11]

B. Chun, D. Culler, T. Roscoe, A. Bavier, L. Peterson, M. Wawrzoniak, and M. Bowman. PlanetLab: an overlay testbed for broad-coverage services. SIGCOMM Comput. Commun. Rev., 33(3):3--12, July 2003.

Digital Library

[12]

Cisco Systems. Single TCP ow performance on firewall services module (FWSM), Oct. 2011. http://goo.gl/GktT8Z.

[13]

D. Clark. The design philosophy of the DARPA internet protocols. SIGCOMM CCR, 18(4):106--114, Aug. 1988.

Digital Library

[14]

E. Cole. Hiding in Plain Sight: Steganography and the Art of Covert Communication. Wiley Publishing Inc., 2003.

Digital Library

[15]

R. Craven, R. Beverly, and M. Allman. Handshake-based Integrity Check of Critical Underlying Protocol Semantics (HICCUPS), 2014. http://tcphiccups.org.

[16]

R. Craven, R. Beverly, and M. Allman. Techniques for the detection of faulty packet header modifications. Technical Report NPS-CS-14-002, Naval Postgraduate School, Mar. 2014.

[17]

G. Detal, B. Hesmans, O. Bonaventure, Y. Vanaubel, and B. Donnet. Revealing Middlebox Interference with Tracebox. In Proc. of the ACM SIGCOMM IMC, pages 1--8, Oct. 2013.

Digital Library

[18]

M. Dischinger, M. Marcon, S. Guha, P. K. Gummadi, R. Mahajan, and S. Saroiu. Glasnost: Enabling End Users to Detect Traffic Differentiation. In USENIX NSDI, 2010.

Digital Library

[19]

R. Fonseca, G. Porter, R. Katz, S. Shenker, and I. Stoica. IP Options are not an option. Technical Report 2005-24, EECS UC Berkeley, Dec. 2005.

[20]

A. Ford, C. Raiciu, M. Handley, and O. Bonaventure. TCP extensions for multipath operation with multiple addresses. RFC 6824, Jan. 2013.

Digital Library

[21]

A. Freier, P. Karlton, and P. Kocher. The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101, Aug. 2011.

[22]

A. Gember, P. Prabhu, Z. Ghadiyali, and A. Akella. Toward Software-Defined Middlebox Networking. In Proc. of the ACM HotNets Workshop, Oct. 2012.

Digital Library

[23]

Google Inc. chromium code search, 2013. http://goo.gl/8PQrpG.

[24]

B. Hesmans, F. Duchene, C. Paasch, G. Detal, and O. Bonaventure. Are TCP Extensions Middlebox-proof? In Proc. of the HotMiddlebox Workshop, pages 37--42, 2013.

Digital Library

[25]

M. Honda, Y. Nishida, C. Raiciu, A. Greenhalgh, M. Handley, and H. Tokuda. Is it Still Possible to Extend TCP? In Proc. of the ACM SIGCOMM IMC, pages 181--194, 2011.

Digital Library

[26]

Y. Hyun and k. claffy. Archipelago (Ark) measurement infrastructure. CAIDA, 2014. http://goo.gl/HY9AgZ.

[27]

V. Jacobson, R. Braden, and D. Borman. TCP Extensions for High Performance. RFC 1323, May 1992.

Digital Library

[28]

S. Kent. IP authentication header. RFC 4302, Dec. 2005.

[29]

S. Kent and K. Seo. Security architecture for the Internet Protocol. RFC 4301, Dec. 2005.

[30]

A. Knutsen, A. Ramaiah, and A. Ramasamy. TCP option for transparent Middlebox negotiation. Internet draft, Feb. 2013.

[31]

C. Kreibich, N. Weaver, B. Nechaev, and V. Paxson. Netalyzr: Illuminating The Edge Network. In SIGCOMM IMC, 2010.

Digital Library

[32]

A. Langley. Opportunistic Encryption Everywhere. Web 2.0 Security and Privacy (W2SP), May 2009.

[33]

M. Luckie and B. Stasiewicz. Measuring Path MTU Discovery Behaviour. In Proc. of the ACM SIGCOMM IMC, 2010.

Digital Library

[34]

D. Malone and M. Luckie. Analysis of ICMP Quotations. In Proc. of PAM Conference. Apr. 2007.

Digital Library

[35]

M. Mathis and J. Heffner. Packetization layer path MTU discovery. RFC 4821, Mar. 2007.

[36]

A. Medina, M. Allman, and S. Floyd. Measuring the Evolution of Transport Protocols in the Internet. SIGCOMM Comput. Commun. Rev., 35(2):37--52, Apr. 2005.

Digital Library

[37]

K. Nichols, S. Blake, F. Baker, and D. Black. Definition of the differentiated services field (DS field) in the IPv4 and IPv6 headers. RFC 2474, Dec. 1998.

Digital Library

[38]

Z. A. Qazi, C.-C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu. SIMPLE-fying Middlebox Policy Enforcement Using SDN. In Proc. of the ACM SIGCOMM Conference, Aug. 2013.

Digital Library

[39]

S. Radhakrishnan, Y. Cheng, J. Chu, A. Jain, and B. Raghavan. TCP Fast Open. In Proc. of CoNEXT, 2011.

Digital Library

[40]

C. Reis, S. Gribble, T. Kohno, and N. Weaver. Detecting In-Flight Page Changes with Web Tripwires. In Proc. of the USENIX Symposium on NSDI, Apr. 2008.

Digital Library

[41]

V. Sekar, S. Ratnasamy, M. K. Reiter, N. Egi, and G. Shi. The Middlebox Manifesto: Enabling Innovation in Middlebox Deployment. In Proc. of the ACM HotNets Workshop, 2011.

Digital Library

[42]

J. Sherry, S. Hasan, C. Scott, A. Krishnamurthy, S. Ratnasamy, and V. Sekar. Making Middleboxes Someone Else's Problem: Network Processing as a Cloud Service. In Proc. of the ACM SIGCOMM Conference, pages 13--24, Aug. 2012.

Digital Library

[43]

J. Stone and C. Partridge. When the CRC and TCP checksum disagree. SIGCOMM CCR, 30(4):309--319, 2000.

Digital Library

[44]

J. Touch, A. Mankin, and R. Bonica. The TCP authentication option. RFC 5925, June 2010.

[45]

M. Walfish, J. Stribling, M. Krohn, H. Balakrishnan, R. Morris, and S. Shenker. Middleboxes No Longer Considered Harmful. In Proc. of the USENIX Symposium on OSDI, Dec. 2004.

Digital Library

[46]

Z. Wang, Z. Qian, Q. Xu, Z. Mao, and M. Zhang. An Untold Story of Middleboxes in Cellular Networks. In Proc. of the ACM SIGCOMM Conference, pages 374--385, Aug. 2011.

Digital Library

Cited By

Li HDang YSun GWu CZhang PShan DPan THu C(2024)Programming Network Stack for Physical Middleboxes and Virtualized Network FunctionsIEEE/ACM Transactions on Networking10.1109/TNET.2023.330764132:2(971-986)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3307641
Islam SWelzl MHapnes EFeng B(2024)Using the IPv6 Flow Label for Path Consistency: A Large-Scale Measurement StudyICC 2024 - IEEE International Conference on Communications10.1109/ICC51166.2024.10622542(3022-3027)Online publication date: 9-Jun-2024
https://doi.org/10.1109/ICC51166.2024.10622542
Hilal FGasser O(2023)Yarrpbox: Detecting Middleboxes at Internet-ScaleProceedings of the ACM on Networking10.1145/35952901:CoNEXT1(1-23)Online publication date: 5-Jul-2023
https://dl.acm.org/doi/10.1145/3595290
Show More Cited By

Index Terms

A middlebox-cooperative TCP for a non end-to-end internet
1. General and reference
  1. Cross-computing tools and techniques
    1. Measurement
    2. Metrics
2. Networks
  1. Network protocols

Recommendations

A middlebox-cooperative TCP for a non end-to-end internet
SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMM

Understanding, measuring, and debugging IP networks, particularly across administrative domains, is challenging. One particularly daunting aspect of the challenge is the presence of transparent middleboxes---which are now common in today's Internet. In-...
Are TCP extensions middlebox-proof?
HotMiddlebox '13: Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization

Besides the traditional routers and switches, middleboxes such as NATs, firewalls, IDS or proxies have a growing importance in many networks, notably in entreprise and wireless access networks. Many of these middleboxes modify the packets that they ...
The incremental deployability of RTT-based congestion avoidance for high speed TCP Internet connections
SIGMETRICS '00: Proceedings of the 2000 ACM SIGMETRICS international conference on Measurement and modeling of computer systems

Our research focuses on end-to-end congestion avoidance algorithms that use round trip time (RTT) fluctuations as an indicator of the level of network congestion. The algorithms are referred to as delay-based congestion avoidance or DCA. Due to the ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGCOMM Computer Communication Review

ACM SIGCOMM Computer Communication Review Volume 44, Issue 4

SIGCOMM'14

October 2014

672 pages

ISSN:0146-4833

DOI:10.1145/2740070

Editors:
Konstantina Papagiannaki
Telefonica Research, Barcelona, Spain
,
Katerina Argyraki
EPFL, Switzerland
,
Hitesh Ballani
Microsoft Research Cambridge, UK
,
Fabián Bustamante
Northwestern University, USA
,
Joseph Camp
SMU, USA
,
Augustin Chaintreau
Columbia University, USA
,
Phillipa Gill
Stony Brook University, USA
,
Marco Mellia
Politecnico di Torino, Italy
,
Bhaskaran Raman
IIT Bombay, India
,
Joel Sommers
Colgate University, USA
,
Aline Carneiro Viana
INRIA, France

Issue’s Table of Contents

SIGCOMM '14: Proceedings of the 2014 ACM conference on SIGCOMM
August 2014
662 pages
ISBN:9781450328364
DOI:10.1145/2619239
General Chairs:
Fabián E. Bustamante
Northwestern University, USA
,
Y. Charlie Hu
Purdue University, USA
,
Program Chairs:
Arvind Krishnamurthy
University of Washington, USA
,
Sylvia Ratnasamy
University of California, Berkeley, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2014

Published in SIGCOMM-CCR Volume 44, Issue 4

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

30
Total Citations
View Citations
1,768
Total Downloads

Downloads (Last 12 months)114
Downloads (Last 6 weeks)30

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li HDang YSun GWu CZhang PShan DPan THu C(2024)Programming Network Stack for Physical Middleboxes and Virtualized Network FunctionsIEEE/ACM Transactions on Networking10.1109/TNET.2023.330764132:2(971-986)Online publication date: Apr-2024
https://doi.org/10.1109/TNET.2023.3307641
Islam SWelzl MHapnes EFeng B(2024)Using the IPv6 Flow Label for Path Consistency: A Large-Scale Measurement StudyICC 2024 - IEEE International Conference on Communications10.1109/ICC51166.2024.10622542(3022-3027)Online publication date: 9-Jun-2024
https://doi.org/10.1109/ICC51166.2024.10622542
Hilal FGasser O(2023)Yarrpbox: Detecting Middleboxes at Internet-ScaleProceedings of the ACM on Networking10.1145/35952901:CoNEXT1(1-23)Online publication date: 5-Jul-2023
https://dl.acm.org/doi/10.1145/3595290
Kuhlewind MWalter MLearmonth ITrammell B(2018)Tracing Internet Path Transparency2018 Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA.2018.8506532(1-7)Online publication date: Jun-2018
https://doi.org/10.23919/TMA.2018.8506532
Cermak MJirsik TVelan PKomarkova JSpacek SDrasar MPlesnik T(2018)Towards Provable Network Traffic Measurement and Analysis via Semi-Labeled Trace Datasets2018 Network Traffic Measurement and Analysis Conference (TMA)10.23919/TMA.2018.8506498(1-8)Online publication date: Jun-2018
https://doi.org/10.23919/TMA.2018.8506498
Liu YKuang YXiao YXu G(2018)SDN-Based Data Transfer Security for Internet of ThingsIEEE Internet of Things Journal10.1109/JIOT.2017.27791805:1(257-268)Online publication date: Feb-2018
https://doi.org/10.1109/JIOT.2017.2779180
Fortner SXie G(2017)DSSR: Balancing semantics and speed requirements in packet trace replay2017 IEEE International Conference on Communications (ICC)10.1109/ICC.2017.7997257(1-6)Online publication date: May-2017
https://doi.org/10.1109/ICC.2017.7997257
Edeline KDonnet B(2015)Towards a middlebox policy taxonomy: Path impairments2015 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)10.1109/INFCOMW.2015.7179418(402-407)Online publication date: Apr-2015
https://doi.org/10.1109/INFCOMW.2015.7179418
Trammell BKuhlewind MGubser EHildebrand J(2015)A new transport encapsulation for middlebox cooperation2015 IEEE Conference on Standards for Communications and Networking (CSCN)10.1109/CSCN.2015.7390442(187-192)Online publication date: Oct-2015
https://doi.org/10.1109/CSCN.2015.7390442
Beverly RBerger A(2015)Server Siblings: Identifying Shared IPv4/IPv6 Infrastructure Via Active FingerprintingPassive and Active Measurement10.1007/978-3-319-15509-8_12(149-161)Online publication date: 4-Mar-2015
https://doi.org/10.1007/978-3-319-15509-8_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents