1 / 33

Revealing Middleboxes Interference with Tracebox

Revealing Middleboxes Interference with Tracebox. Gregory Detal *, Benjamin Hesmans *, Olivier Bonaventure*, Yves Vanaubel ° and Benoit Donnet °. *Université catholique de Louvain °Université de Liège. http:// www.tracebox.org. Outline. Middleboxes interference

lana
Download Presentation

Revealing Middleboxes Interference with Tracebox

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Revealing Middleboxes Interference with Tracebox Gregory Detal*, Benjamin Hesmans*, Olivier Bonaventure*, Yves Vanaubel° and Benoit Donnet°. *Université catholique de Louvain °Université de Liège http://www.tracebox.org

  2. Outline • Middleboxesinterference • Detectpacketmodification with ICMP • Tracebox • Measurementsresults

  3. The end-to-end principle …

  4. … does not hold

  5. In reality Sherry, Justine, et al. "Makingmiddleboxessomeoneelse'sproblem: Network processing as a cloud service." Proceedings of the ACM SIGCOMM 2012 conference. ACM, 2012.

  6. TCP Segment processed by a router Ver IHL ToS Ver IHL ToS Total length Total length IP Identification Identification Flags Frag. Offset Flags Frag. Offset Checksum Checksum TTL Protocol TTL Protocol Source IP address Source IP address Destination IP address Destination IP address Source port Source port Destination port Destination port Sequence number Sequence number TCP Acknowledgment number Acknowledgment number THL Reserved Flags THL Reserved Flags Window Window Urgent pointer Urgent pointer Checksum Checksum Options Options Payload Payload

  7. How transparent is the Internet ? • 25th September 2010 to 30th April 2011 • 142 access networks • 24 countries • Craft TCP segments using custom scripts • Sent specific TCP segments from client to a server in Japan Honda, Michio, et al. "Is itstill possible to extend TCP?" Proceedings of the 2011 ACM SIGCOMM conference on Internet measurementconference. ACM, 2011.

  8. TCP Segments on the today’s Internet Ver IHL ToS Ver IHL ToS Total length Total length IP Identification Identification Flags Frag. Offset Flags Frag. Offset Checksum Checksum TTL Protocol TTL Protocol Source IP address Source IP address Destination IP address Destination IP address Source port Source port Destination port Destination port Sequence number Sequence number TCP Acknowledgment number Acknowledgment number THL Reserved Flags THL Reserved Flags Window Window Urgent pointer Urgent pointer Checksum Checksum Options Options Payload Payload

  9. Potentially miss a lot of middleboxes

  10. Outline • Middleboxesinterference • Detectpacket modificationwith ICMP • Tracebox • Measurementsresults

  11. Traceroutewith ICMP in a nutshell Ver IHL ToS Total length Identification Flags Frag. Offset IP/TCP Checksum TTL Protocol Source IP address Destination IP address Source port Destination port TTL=1 TTL=2 Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum

  12. Traceroutewith ICMP in a nutshell Ver IHL ToS Total length Identification Flags Frag. Offset Checksum 1Protocol IP/ICMP Source IP address Destination IP address IP Use the IP source to identify routers Source port Destination port type = 11 code = 0 checksum Sequence number 0 (unused)

  13. Middleboxdetectionwith ICMP Ver IHL ToS Ver IHL ToS Total length Total length Identification Identification Flags Frag. Offset Flags Frag. Offset Checksum Checksum 1Protocol 2 Protocol Source IP address Source IP address Destination IP address Destination IP address Source port Source port Destination port Destination port Sequence number Sequence number Acknowledgment number Compare THL Reserved Flags Window Urgent pointer Checksum

  14. ICMP-based modification detection • RFC792 requires ICMP to includeonly the first 8 bytes of the transport header. • In 1995 RFC1812 and in 2007 RFC4884 requiresthatroutersshouldquote the complete original packet. • By default on Linux, Cisco IOX, HP routers, Alcatel routers, PaloAlto Firewall, etc. Ver IHL ToS Total length Identification Flags Frag. Offset Checksum TTL Protocol Source IP address Destination IP address Source port Destination port Sequence number Acknowledgment number THL Reserved Flags Window Urgent pointer Checksum Options Payload

  15. 80 % of Internet pathscontainsat least one RFC1812-capable router

  16. ICMP detection limitations • Similar to traceroute: • Filtering of ICMP • Routersthrottle or does not send ICMP • To detectmiddlebox in front of server, the latter shouldgenerate an ICMP.

  17. Outline • Middleboxesinterference • Detectpacket modification with ICMP • Tracebox • Measurementsresults

  18. Tracebox • Uses the previousmechanism to detectmiddleboxes. • Implemented in C++ withLuaembedded. • Libcrafterallows to efficientlydescribe probes as Scapy. • Open source and availableathttp://www.tracebox.org • Supports Linux and Mac OSX

  19. Tracebox Usage: tracebox[ OPTIONS ] host Options are: -h Display this help and exit -n Do not resolve IP addresses -6 Use IPv6 for static probe generated -u Use UDP for static probe generated -d port Use the specified port for static probe generated. Default is 80. -i device Specify a network interface to operate with -m hops_max Set the max number of hops (max TTL to be reached). Default is 30 -p probe Specify the probe to send. -s script Run a script.

  20. Probe definition • SYN probe thatcontains the windowscale option • ip{} / tcp{flags=0x2,dst=80} / WSCALE • IP / TCP / wscale(9) / NOP • IPv6/UDP probe withpayload • IPv6 / udp{dst=5678} / raw(‘thisis a payload’) • Multiple options: • ip{} / RR(8) / tcp{dst=80} / mss(1400) / WSCALE / TS

  21. Output example # tracebox -n -p “IP/TCP/MSS/MPCAPABLE/WSCALE” bahn.de traceboxto 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize –TCPOptionMPTCPCapable-TCPOptionWindowScale

  22. Output example # tracebox -n -p IP/TCP/MSS/MPCAPABLE/WSCALE bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize –TCPOptionMPTCPCapable -TCPOptionWindowScale

  23. Output example # tracebox -n -p IP/TCP/MSS/MPCAPABLE/WSCALE bahn.de tracebox to 81.200.198.6 (bahn.de): 64 hops max 1: 130.104.228.126 IP::CheckSum 2: 130.104.254.229 IP::TTL IP::CheckSum 3: 193.191.3.85 IP::TTL IP::CheckSum 4: 193.191.16.21 IP::TTL IP::CheckSum 5: 195.69.144.123 IP::TTL IP::CheckSum 6: 145.254.5.158 IP::TTL IP::CheckSum 7: 88.79.13.62 IP::TTL IP::CheckSum 8: 81.200.194.234 IP::TTL IP::CheckSum 9: 81.200.197.9 IP::TTL IP::CheckSum 10: 81.200.198.6 TCP::CheckSum IP::TTL IP::CheckSum TCPOptionMaxSegSize::MaxSegSize –TCPOptionMPTCPCapable -TCPOptionWindowScale

  24. Outline • Middleboxesinterference • Detectpacket modification with ICMP • Tracebox • Measurementsresults

  25. Measurements • UsedPlanetLab to performexperiments • PlanetLabnodes are supposed to bedirectlyconnected to the Internet. • Sources: 70 vantagepoints • Destinations: Top 5000 Alexa

  26. Somemiddleboxesrandomize the TCP sequencenumber …

  27. … but doesnot modifythe SACK blocks Missmatch

  28. Evaluation of the impact Seq’ = Seq + Δ TCP Seq Modification Ack’ = Ack - Δ 1 % Discard Click

  29. Linux performance significantly drops

  30. Firewall at source modified the MSS

  31. Core network also look at the MSS option and modifies it

  32. Lessons learned • There exists middleboxes that affect performances and network operators are not always aware of them. • Tracebox can detect some middleboxes. • Tracebox could help network operators to debug their network even better with more routers that are RFC1812-capable.

  33. Thank you. Questions ? gregory.detal@uclouvain.be http://www.tracebox.org

More Related