At the end of June, Lennart, a software developer from our analytics team, visited the conference on Network Traffic Measurement and Analysis TMA’17 in Dublin, Ireland. The focus of the conference is on improving the practice or application of measurements, across the entire network stack up to the application layer. These are Lennart’s notes from the conference.
Participants from both academia and industry were present, which made a nice mix for discussions on all topics. In total, 54 papers had been submitted for this conference, of which 19 were accepted and presented during the three days. The authors presented measurements of all kinds, ranging from privacy over frameworks, to middle-boxes, cloud, and security. Two topics caught my attention at the conference: IPv6 and HTTP.
IPv6
Probably the biggest concern for attendees were measurements for IPv6. Two papers discussed IPv6 directly, and for many other papers the audience asked questions regarding this topic: how does this look for IPv6, does this also work for IPv6, or are there also results for IPv6, showing a strong interest in the topic. At callstats.io, we see a marginal amount of IPv6 traffic (roughly 4%), hence, it’s an interesting topic even for us.
The first of these papers, by Scheitle et al. titled, Large-Scale Classification of IPv6-IPv4 Siblings with Variable Clock Skew discusses the issue of remotely finding IPv4/IPv6 siblings, i.e. IPv4 and IPv6 addresses of the same host. They showed that the small differences in computer’s clocks: when the timestamps of an IPv4 and an IPv6 address are very similar, then it is likely that they belong to the same host. Their simple measurement technique showed highly reliability in detecting these siblings on RIPE Atlas probes.
The other paper, by Hendricks et al. titled, Threats and Surprises behind IPv6 Extension Headers researched IPv6 extension headers, which control for example packet fragmentation. Many operators assume, that these headers can be used in a malicious way to attack the network infrastructure, especially when an overuse of these headers causes significant computation overhead on the network nodes. Therefore, packets containing extension headers are often silently dropped, and the user might not be able to get the requested content. Their results showed that in the networks that they analysed, only about 0.2% of traffic contains these extension headers, debugging the problem for affected users is very difficult. This paper also makes the point that most of the time these headers are useful or even necessary for packet processing, and often they contain only one extension (almost 100% of the time). The hope is to have operators rethink their strategies concerning IPv6 extension headers to have a better user experience.
HTTP
Viewed from the application, HTTP can be analyzed from a user perspective and from a network perspective. The first paper, by Manzoor et al., titled How HTTP/2 is changing Web traffic and how to detect it, analyzed HTTP from a user perspective. A high usage of HTTP/2 is observed from big content providers (up to 80%), and for most it is still growing. A difficulty for the authors was the rising adoption of underlying transport protocols other than TCP, like QUIC and Facebook’s Zero (accounting to sometimes 30% of the traffic), which often use a non-standard encryption mechanism.
The second paper, by Huang et al., titled Middleboxes in the Internet: a HTTP perspective, investigates HTTP headers and how they are manipulated by the network. All around the world middle-boxes are adding (0.5%) or even modifying/removing (3%) the headers sent by clients’ requests or servers’ responses for different purposes. Sometimes it is just to inform about their presence, or give directions on how data should be cached. In other instances these additional information give more insight into the user (e.g. IP of the user in 5% of cases). The additional information might be offered to third parties, for example, for tracking and advertising.
Open datasets
Measurement studies are most useful if they are reproducible and can be confirmed by other researchers. Additionally, any available data gives an opportunity for further studies. That is why the conference chairs were very happy about any submissions that included an open access to the data used for the submission, and even handed out a Best Dataset Award. Twenty-two out of 54 submissions granted access to their data set, of which 8 were accepted papers. The Best Dataset Award was awarded to Q. Scheitle et. al from TU Munich [PDF]. The Best Paper Award was received by M. Wachs, also of TU Munich [PDF].
Changes at TMA
This was the first time this event was held as a full conference, while before it was a workshop. Consequently, the logo for the conference had not yet been decided, and participants could give their opinion on different designs. The official logo was selected by humming, the IETF tradition of reaching consensus, defined in RFC 7282. The winning design can be seen here.
Interested to work with network measurements and analysis? Apply for our WebRTC Engineer position.
