revealing middleboxes interference with tracebox
play

REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: - PowerPoint PPT Presentation

31st NMRG Meeting REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchne* Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel and Benoit Donnet. *Universit Catholique de Louvain Universit


  1. 31st NMRG Meeting REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Presented by: Fabien Duchêne* Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel° and Benoit Donnet°. *Université Catholique de Louvain °Université de Liège http://www.tracebox.org lundi 14 octobre 13

  2. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Outline • Middleboxes interference • Detect packet modifications with ICMP • Measurements results • Tracebox lundi 14 octobre 13

  3. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX The end-to-end principle … lundi 14 octobre 13

  4. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX The end-to-end principle … Application Application Transport Transport Network Network Data link Data link Physical Physical lundi 14 octobre 13

  5. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX The end-to-end principle … Application Application Transport Transport Network Network Network Data link Data link Data link Data link Physical Physical Physical Physical lundi 14 octobre 13

  6. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX The end-to-end principle … Application Application Transport Transport Network Network Network Data link Data link Data link Data link Physical Physical Physical Physical lundi 14 octobre 13

  7. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX … does not hold  Application Application Transport Transport Network Network Data link Data link Data link Physical Physical Physical lundi 14 octobre 13

  8. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX … does not hold  Application Application Application Transport Transport Transport Network Network Network Data link Data link Data link Data link Physical Physical Physical Physical lundi 14 octobre 13

  9. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX … does not hold  Application Application Application Transport Transport Transport Network Network Network Data link Data link Data link Data link Physical Physical Physical Physical lundi 14 octobre 13

  10. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX How transparent is the Internet ? • 25th September 2010 to 30th April 2011 • 142 access networks • 24 countries • Craft TCP segments using custom scripts • Sent specific TCP segments from client to a server in Japan Honda, Michio, et al. " Is it still possible to extend TCP? " Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference. ACM, 2011. lundi 14 octobre 13

  11. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX TCP Segments on the today’s Internet Ver IHL ToS Total length Identification Flags Frag. Offset IP Checksum TTL Protocol Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number TCP THL Reserved Flags Window Urgent pointer Checksum Options Payload lundi 14 octobre 13

  12. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX TCP Segments on the today’s Internet Ver IHL ToS Total length Ver IHL ToS Total length Identification Flags Frag. Offset Identification Flags Frag. Offset IP Checksum TTL Protocol Checksum TTL Protocol Source IP address Source IP address Destination IP address Destination IP address Source port Destination port Source port Destination port Sequence number Sequence number Acknowledgment number Acknowledgment number TCP THL Reserved Flags Window THL Reserved Flags Window Urgent pointer Checksum Urgent pointer Checksum Options Options Payload Payload lundi 14 octobre 13

  13. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Controlling a server allows to detect middleboxes on one path Controlled server lundi 14 octobre 13

  14. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Controlling a server allows to detect middleboxes on one path Controlled server lundi 14 octobre 13

  15. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Controlling a server allows to detect middleboxes on one path Controlled server lundi 14 octobre 13

  16. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Controlling a server allows to detect middleboxes on one path Controlled server lundi 14 octobre 13

  17. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Potentially miss a lot of middleboxes ? ? Uncontrolled server lundi 14 octobre 13

  18. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation lundi 14 octobre 13

  19. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation • Detecting middleboxes can help: • Understanding performances • Validate new protocols • … lundi 14 octobre 13

  20. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation • Detecting middleboxes can help: • Understanding performances • Validate new protocols • …  Debug the network ! lundi 14 octobre 13

  21. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation • Detecting middleboxes can help: • Understanding performances • Validate new protocols • …  Debug the network ! lundi 14 octobre 13

  22. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation • Detecting middleboxes can help: • Understanding performances • Validate new protocols • …  Debug the network ! • How can we detect middleboxes interference without server collaboration ? lundi 14 octobre 13

  23. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation • Detecting middleboxes can help: • Understanding performances • Validate new protocols • …  Debug the network ! • How can we detect middleboxes interference without server collaboration ? lundi 14 octobre 13

  24. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Motivation • Detecting middleboxes can help: • Understanding performances • Validate new protocols • …  Debug the network ! • How can we detect middleboxes interference without server collaboration ? • How can we localize the middleboxes ? lundi 14 octobre 13

  25. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Outline • Middleboxes interference • Detect packet modifications with ICMP • Measurements results • Tracebox lundi 14 octobre 13

  26. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq lundi 14 octobre 13

  27. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP lundi 14 octobre 13

  28. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

  29. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol TTL=1 Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

  30. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol TTL=1 Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

  31. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol TTL=1 Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

  32. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol TTL=1 TTL=2 Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

  33. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol TTL=1 TTL=2 Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

  34. REVEALING MIDDLEBOXES INTERFERENCE WITH TRACEBOX Middlebox detection using ICMP Randomize TCP seq IP/TCP Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol TTL=1 TTL=2 Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum lundi 14 octobre 13

Recommend


More recommend