Middleboxes & Network Appliances EE122 TAs Past and Present.
Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · -...
Transcript of Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · -...
![Page 1: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/1.jpg)
Utkarsh Goel, Moritz Steiner, Mike P. Wittie, Martin Flack, Stephen Ludin
Passive and Active Measurements Conference 2016
Heraklion, Crete, Greece
Detecting Cellular Middleboxes Using Passive Measurement Techniques
![Page 2: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/2.jpg)
TCP Terminating Proxies in Cellular Networks
Split TCP Proxy
End-to-End TCP Connection
2
![Page 3: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/3.jpg)
Motivation• CDN providers interested in detecting TCP terminating Web proxies deployed by
cellular carriers.- Optimize TCP connections for proxies, instead of mobile devices.- Monitor Web performance with proxies.
• Active measurement techniques allow for detection of Web proxies.- Require access to clients’ devices- Time consuming and data-intensive
3
![Page 4: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/4.jpg)
Motivation
• CDN providers do not have access to client devices to run active experiments.- Access to HTTP logs recorded by CDN servers.- TCP logs containing connection characteristics.- User requested JavaScript code.
• Could proxies be detected by only Passive network measurements?- using any of the above data- Would the results be as accurate as active measurements?
4
![Page 5: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/5.jpg)
Turns out that,
• Yes, we can.
• Three passive measurement techniques:
- Latency
- Packet Loss
- Parameters in TCP SYN (ICW, MSS, TCP Timestamp)
5
![Page 6: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/6.jpg)
Data Collection Methodology• Client-side
- Akamai’s Real User Monitoring (RUM) system- Injects JavaScript into requested webpage HTML- Measures TCP connection setup time- Reports back to Akamai RUM servers
• Server-side- Akamai’s CDN servers also estimate TCP latency- Report data back to Akamai RUM servers- Log HTTP and TCP connection details, including loss.
6
![Page 7: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/7.jpg)
Client vs Server Estimated Latency
Split TCP Proxy
7
![Page 8: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/8.jpg)
Client vs Server Estimated Latency
Comparison of Client and Server side latencies indicate presence of proxies8
![Page 9: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/9.jpg)
E2E vs Server-side Latency
Split TCP Proxy
End-to-End TCP Connection
9
Latency?
![Page 10: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/10.jpg)
HTTP vs HTTPS Latency on Server
Server-side latency differences for HTTP and HTTPS traffic could detect proxies10
![Page 11: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/11.jpg)
Close look into T-Mobile’s data
11
![Page 12: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/12.jpg)
Domain and Location Specific Latency
Monitor use of cellular proxies specific to domain and locations12
![Page 13: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/13.jpg)
Web proxies for IPv6 Traffic
Monitor use of proxies for IPv4 and IPv6 infrastructure
13
![Page 14: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/14.jpg)
TCP Split for HTTPS Traffic
Detect proxies to monitor whether HTTPS traffic is split
14
![Page 15: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/15.jpg)
Packet Loss - HTTP vs HTTPS
0 10 20 30 40 50 60 70
0.6
0.7
0.8
0.9
1.0
Packet Loss (%)
CD
F of
TC
P C
onne
ctio
nsHTTP - AT&THTTPS - AT&THTTP - VerizonHTTPS - VerizonHTTP - SprintHTTPS - SprintHTTP - T-MobileHTTPS - T-Mobile
15
![Page 16: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/16.jpg)
Packet Loss – France Telecom
0 10 20 30 40 50 60 70
0.6
0.7
0.8
0.9
1.0
Packet Loss (%)
CD
F of
TC
P C
onne
ctio
nsHTTP - BouyguesHTTPS - BouyguesHTTP - France TelecomHTTPS - France TelecomHTTP - SFRHTTPS - SFR
16
![Page 17: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/17.jpg)
Parameters in TCP SYN• TCP SYN Characteristics of Cellular Proxies differ from mobile devices
- Initial Congestion Window- Maximum Segment Size- TCP Timestamp in TCP Options header
• All TCP SYN packets for HTTP (Port 80) had same TCP SYN parameters
• TCP SYN parameters varied for HTTPS (Port 443)- HTTP and HTTPS packets were sent from two different machines
17
![Page 18: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/18.jpg)
What about accuracy?Sdf
DH: Delayed Handshake
Comparison with Xu et al.’s work “Investigating Transparent Web Proxies in Cellular Networks” [PAM 2015]
18
![Page 19: Detecting Cellular Middleboxes Using Passive Measurement ...utkarsh.goel/docs/Goel_PAM16.pdf · - Akamai’s Real User Monitoring (RUM) system - Injects JavaScript into requested](https://reader033.fdocuments.net/reader033/viewer/2022042306/5ed182427ccbff5d266f2b1c/html5/thumbnails/19.jpg)
Takeaways
• Passive network measurements techniques offer the same level of accuracy as expensive active network experiments.
• Server operators could accurately use their HTTP and TCP logs to detect the presence of TCP terminating proxies in cellular networks
• Our work offers a peek into performance analysis of cellular networks worldwide from Akamai’s perspective.
19