Sebastian Zander

Increasing use of online backup services, as well as the popularity of user-generated content, has increased the demand for bandwidth. However, traffic generated by these applications can impact on the responsiveness of delay-sensitive applications if they receive a 'fair-share' of the available bandwidth. Less-than-Best-Effort TCP congestion control mechanisms aim to allow lower-priority applications to utilise excess bandwidth with minimum impact to regular TCP traffic. We evaluated the performance of six Less-than-Best-Effort congestion control algorithms in different scenarios in a Linux testbed, only three of which had existing implementations for modern operating systems. The findings of this study suggest that Nice provides background throughput comparable to that of regular TCP, while maintaining low queuing delay, while CAIA Delay-Gradient (CDG) has the least impact on regular TCP traffic, at the expense of reduced throughput.

A number of recently proposed Active Queue Management (AQM) mechanisms instantiate shallow buffers with burst tolerance to minimise the time that packets spend enqueued at a bottleneck. However, shallow buffering causes noticeable TCP performance degradation as a path's underlying round trip time (RTT) heads above typical intra-country levels. Using less-aggressive multiplicative backoffs in TCP can compensate for shallow bottleneck buffering. AQM mechanisms may either drop packets or mark them using Explicit Congestion Notification (ECN), depending on whether the sender marked packets as ECN-capable. While a drop may therefore stem from any type of queue, an ECN-mark indicates that an AQM mechanism has done its job, and therefore the queue is likely to be shallow. We propose ABE: “Alternative Backoff with ECN”, which consists of enabling ECN and letting individual TCP senders back off less aggressively in reaction to ECN-marks from AQM-enabled bottlenecks. Using controlled testbed experiments with standard NewReno and CUBIC flows, we show significant performance gains in lightly-multiplexed scenarios, without losing the delay-reduction benefits of deploying AQM. ABE is a sender-side-only modification that can be deployed across networks incrementally (requiring no flag-day) and offers a compelling reason to deploy and enable ECN across the Internet.

Network Address Translation (NAT) allows multiple devices with private addresses to share one public address. NAT was mainly confined to home gateways, but with the exhaustion of the IPv4 address space, large-scale NATs have been deployed. Other technologies causing large-scale address sharing are on the rise as well (e.g. VPNs). Large-scale address sharing is problematic, since it limits the number of concurrent TCP connections and severely limits geolocation and geoblocking. We investigate the presence of large-scale address sharing in the Internet, including how frequently it occurs, in which types of organisations it occurs, where it occurs geographically, how many users share addresses, and whether its presence is linked to IPv4 address shortage. Our results show that there are thousands of addresses with significant large-scale sharing with up to a few thousand users sharing a single address. Most of this sharing occurs within ISPs, many of which are located in countries with IPv4 address shortage, indicating that large-scale NATs may be a consequence of IPv4 shortages.

Studies on the composition and nature of Internet protocols are crucial for continued research and innovation. This study used three different methods to investigate the presence and level of support for various Internet protocols. Internet traffic entering and exiting a university network was passively captured, anonymised and analysed to test protocol usage. Active tests probed the Internet's most popular websites and experiments on the default behaviour of popular client, server and mobile operating systems were performed to reconcile the findings of the passive data collection. These results are valuable to research areas, such as those using emulations and simulations, where realism is dependent on the accuracy of the underlying assumptions about Internet traffic. Prior work is leveraged to explore changes and protocol adoption trends. This study shows that the majority of Internet traffic is now encrypted. There has also been an increase in large UDP frames, which we attribute to the Google QUIC protocol. Support for TCP options such as Selective Acknowledgements (SACK) and Maximum Segment Size (MSS) can now be assumed. Explicit Congestion Notification (ECN) usage is still marginal, yet active measurement shows that many servers will support the protocol if requested. Recent IETF standards such as Multipath TCP and TCP Fast Open have small but measurable levels of adoption.

The majority of Internet traffic now involves wireless devices. Increasing use of online backup services and the popularity of user-generated content have increased the demand for bandwidth and may impact on delay-sensitive applications. Less-than-Best-Effort TCP congestion control mechanisms aim to minimise the impact of lower-priority applications on regular TCP traffic, but their performance over wireless networks is not well understood. We evaluate the performance of six Less-than-Best-Effort congestion control algorithms over 802.11n in a Linux testbed. We also consider the effect of high fixed-path delay on the performance of LBE mechanisms. The findings of this study suggest that Nice and CAIA Delay-Gradient (CDG) have the lowest impact on regular TCP traffic at low-delay settings, at the expense of reduced throughput. However, while CDG experiences even greater reductions to throughput in high-delay settings, Nice has a greater impact on regular traffic.

Encryption is often not sufficient to secure communication, since it does not hide that communication takes place or who is communicating with whom. Covert channels hide the very existence of communication enabling individuals to communicate secretly. Previous work proposed a covert channel hidden inside multi-player first person shooter online game traffic (FPSCC). FPSCC has a low bit rate, but it is practically impossible to eliminate other than by blocking the overt game traffic. This paper shows that with knowledge of the channel's encoding and using machine learning techniques, FPSCC can be detected with an accuracy of 95% or higher.

CoDel and PIE are recently proposed Active Queue Management (AQM) mechanisms that minimize the time packets spend enqueued at a bottleneck, instantiating shallow, 5 ms to 20 ms buffers with short-term packet burst tolerance. However, shallow buffering causes noticeable TCP performance degradation when a path’s underlying round trip time (RTT) heads above 60 ms to 80 ms (not uncommon with cross-continental and inter-continental traffic). Using less-aggressive multiplicative backoffs is known to compensate for shallow bottleneck buffering. We propose ABE: “Alternative Backoff with ECN”, which consists of enabling Explicit Congestion Notification (ECN) and letting individual TCP senders use a larger multiplicative decrease factor in reaction to ECN-marks from AQMenabled bottlenecks. Using a mix of experiments, theory and simulations with standard NewReno and CUBIC flows, we show significant performance gains in lightlymultiplexed scenarios, without losing the delay-reduction benefits of deploying CoDel or PIE. ABE is a senderside- only modification that can be deployed incrementally (requiring no flag-day) and offers a compelling reason to deploy and enable ECN across the Internet.

The pool of unused routable IPv4 prefixes is dwindling, with less than 4% remaining for allocation at the end of June 2014. Yet the adoption of IPv6 remains slow. We demonstrate a new capture-recapture technique for improved estimation of the size of "IPv4 reserves" (allocated yet unused IPv4 addresses or routable prefixes) from multiple incomplete data sources. A key contribution of our approach is the plausible estimation of both observed and unobserved-yet-active (ghost) IPv4 address space. This significantly improves our community's understanding of IPv4 address space exhaustion and likely pressure for IPv6 adoption. Using "ping scans", network traces and server logs we estimate that 6.3 million /24 subnets and 1.2 billion IPv4 addresses are currently in use (roughly 60% and 45% of the publicly routed space respectively). We also show how utilisation has changed over the last 2--3 years and provide an up-to-date estimate of potentially-usable remaining IPv4 space.

As of April 2013 almost 95% of the IPv4 address space has been allocated. Yet, the transition to IPv6 is still relatively slow. One reason could be existing “IPv4 reserves” – allocated but unused IPv4 addresses. Knowing how many addresses are actively used is important to predict a potential IPv4 address market, predict the IPv6 deployment time frame, and measure progressive exhaustion after the IPv4 space is fully allocated. Unfortunately, only a fraction of hosts respond to active probes, such as “ping”. We propose a capture-recapture method to estimate the actively used IPv4 addresses from multiple incomplete data sources, including “ping” censuses, network traces and server logs. We estimate that at least 950–1090 million IPv4 addresses are used, which is 36–41% of the publicly routed space. We analyse how the utilisation depends on various factors, such as region, country and allocation prefix length.

Accurate and frequent round trip time (RTT) measurements are important in testbeds and operational networks. Active measurement techniques inject probe packets that may modify the behaviour of the observed network and may produce misleading RTT estimates if the network handles probe packets differently to regular packets. Previous passive measurement techniques address these issues, but require precise time synchronisation or are limited to certain traffic types. We introduce Synthetic Packet-Pairs (SPP), a novel passive technique for RTT measurement. SPP provides frequently updated RTT measurements using any network traffic already present in the network without the need for time synchronisation. SPP accurately measures the RTT experienced by any application's traffic, even applications that do not exhibit symmetric client-server packet exchanges. We experimentally demonstrate the advantages of SPP.