References of "Donnet, Benoît"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailRevisiting Subnet Inference WISE-ly
Grailet, Jean-François ULiege; Donnet, Benoît ULiege

in Network Traffic Measurement and Analysis (TMA) Conference 2019 (2019, June 19)

Since the late 90’s, the Internet topology discovery has been an attractive and important research topic, leading, among others, to multiple probing and data analysis tools developed by the research ... [more ▼]

Since the late 90’s, the Internet topology discovery has been an attractive and important research topic, leading, among others, to multiple probing and data analysis tools developed by the research community. This paper looks at the particular problem of discovering subnets (i.e., a set of devices that are located on the same connection medium and that can communicate directly with each other at the link layer). In this paper, we first show that the use of traffic engineering policies may increase the difficulty of subnet inference. We carefully characterize those difficulties and quantify their prevalence in the wild. Next, we introduce WISE (Wide and lInear Subnet inferencE), a novel tool for subnet inference designed to deal with those issues and able to discover subnets on wide ranges of IP addresses in a linear time. Using two groundtruth networks, we demonstrate that WISE performs better than state-of-the-art tools while being competitive in terms of subnet accuracy. We also show, through large-scale measurements, that the selection of vantage point with WISE does not matter in terms of subnet accuracy. Finally, all our code (WISE, data processing, results plotting) and collected data are freely available. [less ▲]

Detailed reference viewed: 28 (12 ULiège)
Full Text
Peer Reviewed
See detailA Bottom-Up Investigation of the Transport-Layer Ossification
Edeline, Korian ULiege; Donnet, Benoît ULiege

in Network Traffic Measurement and Analysis (TMA) Conference 2019 (2019, June)

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, and are now extensively deployed in various ... [more ▼]

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, and are now extensively deployed in various networks including corporate networks, Tier-1 ASes, cellular networks, and WiFi hot-spots. Unfortunately, despite the added value that they bring to networks, they radically change the transport paradigm from the legacy end-to-end principle, and drive increasing complexity in the path. The consequences of these changes are a wide variety of simple to subtle impairments to protocols and features, that in turn lead to the ossification of the network infrastructure. While the latter is now a well-known problem, its causes are not that much understood. To fill this gap, we provide a more detailed explanation of the factors of the transport-level ossification, and we give insights on their prevalence in the wild. We extract path conditions by processing a large collection of observations of middlebox in-path packet manipulations, and we categorize the observed transport impairments based on the complications that they engender. We show that more than one third of network paths are crossing at least one middlebox, and a substantial percentage are affected by feature or protocol-breaking policies. Finally, we show that the majority of the devices that implements them are located in edge networks. [less ▲]

Detailed reference viewed: 50 (18 ULiège)
Full Text
Peer Reviewed
See detailTNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Vanaubel, Yves ULiege; Luttringer, Jean-Romain; Mérindol, Pascal et al

in Network Traffic Measurement and Analysis (TMA) Conference 2019 (2019, June)

Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute ... [more ▼]

Internet topology discovery aims at analyzing one of the most complex distributed system currently deployed. Usually, it relies on measurement campaigns using hop-limited probes sent with traceroute. However, this probing tool comes with several limits. In particular, some MPLS clouds might obfuscate collected traces. Thus, the resulting Internet maps, the inferred properties, and the graph models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing, or at least detect, all MPLS tunnels along a path. First, along with traceroute and ping probes, TNTlooks for hints indicating the presence of hidden tunnels. Those hints are peculiar patterns in the resulting output, e.g., significant TTL shifts or duplicate IP addresses. Second, if those hints trigger alarms, TNT launches additional dedicated probing for possibly revealing hidden tunnels. We use GNS3 to reproduce, verify, and understand the limits and capabilities of TNT in a controlled environment. We also calibrate the thresholds at which alarms are triggered through a dedicated measurement campaign. Finally, we deploy TNT on the Archipelago platform and provide a quantified classification of MPLS usage. All our results, including the data, the code, and the emulation configurations, are fully and publicly available [less ▲]

Detailed reference viewed: 14 (1 ULiège)
Full Text
See detailmmb: Flexible High-Speed Userspace Middleboxes
Edeline, Korian ULiege; Iurman, Justin ULiege; Soldani, Cyril ULiege et al

Report (2019)

Detailed reference viewed: 25 (2 ULiège)
Full Text
See detailTNT, Watch me Explode: A Light in the Dark for Revealing MPLS Tunnels
Vanaubel, Yves ULiege; Luttringer, Jean-Romain; Mérindol, Pascal et al

Report (2019)

Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect ... [more ▼]

Internet topology discovery has been a recurrent research topic for nearly 20 years now. Usually, it works by sending hop-limited probes (i.e., traceroute) towards a set of destinations to collect topological data in order to infer the Internet topology at a given scale (e.g., at the router or the AS level). However, traceroute comes with multiple limitations, in particular with layer-2 clouds such as MPLS that might hide their content to traceroute exploration. Thus, the resulting Internet topology data and models are incomplete and inaccurate. In this paper, we introduce TNT (Trace the Naughty Tunnels), an extension to Paris traceroute for revealing most (if not all) MPLS tunnels along a path. TNT works in two basic stages. First, along with traceroute probes, it looks for evidences of the potential presence of hidden tunnels. Those evidences are surprising patterns in the traceroute output, e.g., abrupt and significant TTL shifts. Second, if alarms are triggered due to the presence of such evidences, TNT launches additional and dedicated probing for possibly revealing the content of the hidden tunnel. We validate TNT through emulation with GNS3 and tune its parameters through a dedicated measurement campaign. We also largely deploy TNT on the Archipelago platform and provide a quantification of tunnels, updating so the state of the art vision of MPLS tunnels. Finally, TNT and its validation platform are fully and publicly available, as well as the collected data and scripts used for processing data. [less ▲]

Detailed reference viewed: 31 (6 ULiège)
Full Text
Peer Reviewed
See detailVivisecting Blockchain P2P Networks: Unveiling the Bitcoin IP Network
Ben Mariem, Sami ULiege; Casas, Pedro; Donnet, Benoît ULiege

in ACM CoNEXT Student Workshop (2018, December)

Blockchains are typically managed by peer-to-peer (P2P) networks, which provide the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure ... [more ▼]

Blockchains are typically managed by peer-to-peer (P2P) networks, which provide the support and substrate to the so-called distributed ledger (DLT), a replicated, shared, and synchronized data structure, geographically spread across multiple nodes. The Bitcoin (BTC) blockchain is by far the most well-known DLT, used to record transactions among peers, based on the BTC digital currency. In this paper we focus on the network side of blockchain P2P networks, characterizing their topology and main properties from a purely network measurements-based approach. We present a BTC crawler able to discover and track all the active nodes of the BTC P2P network through active measurements, and use it to analyze its main properties. We additionally discuss a passive measurements-based approach to reconstruct the topology of a blockchain P2P network, which can unveil the most important nodes of the blockchain, namely the miners. [less ▲]

Detailed reference viewed: 119 (32 ULiège)
Full Text
Peer Reviewed
See detailImplementation of LISP/MN under ns-3
Li, Yue; Iannone, Luigi; Agbodjan, Lionel et al

Poster (2018, June)

The Locator/Identifier Separation Protocol (LISP), due to its map-and-encap approach, can bring benefits to mobility. LISP Mobile Node (LISP-MN) is based on the basic LISP functionality to provide the ... [more ▼]

The Locator/Identifier Separation Protocol (LISP), due to its map-and-encap approach, can bring benefits to mobility. LISP Mobile Node (LISP-MN) is based on the basic LISP functionality to provide the terminal mobility across networks. Assessing the LISP mobility and improving its performance are of paramount importance. However, there exist no open source simulator supporting LISP. Thus, we fill this gap by implementing the basic LISP function as well as LISP-MN on ns-3. In this paper, we describe how these implementations are realized in details. [less ▲]

Detailed reference viewed: 42 (6 ULiège)
Full Text
Peer Reviewed
See detailCAFE: an automatic and on-line learning system to guide freshmen towards the meeting of Higher Education requirements
Liénardy, Simon ULiege; Leduc, Laurent ULiege; Donnet, Benoît ULiege

Conference (2018, June)

This communication focuses on CAFE, an original Assessment for Learning based, automatic and on-line learning system. One of CAFE key point is to help students to work on a regular basis on problems with ... [more ▼]

This communication focuses on CAFE, an original Assessment for Learning based, automatic and on-line learning system. One of CAFE key point is to help students to work on a regular basis on problems with increasing difficulties and cumulative expected learning outcomes. Further, CAFE provides a high quality and automatic feedback to students. [less ▲]

Detailed reference viewed: 91 (32 ULiège)
Full Text
Peer Reviewed
See detailDiscovering Routers in Load-balanced Paths
Grailet, Jean-François ULiege; Donnet, Benoît ULiege

in ACM CoNEXT Student Workshop (2017, December 12)

Usually, a set of Traceroute measurements collected for a large amount of target IPs contain one or several route hops at which the IP interfaces vary from one measurement to another. These variations ... [more ▼]

Usually, a set of Traceroute measurements collected for a large amount of target IPs contain one or several route hops at which the IP interfaces vary from one measurement to another. These variations occur even if several measurements share the same length and the same last hops. This is likely a consequence of load balancing, a traffic engineering policy which aims at sharing the load to ensure quality of service. In this paper, we consider the problem of conducting alias resolution on IP interfaces discovered via Traceroute and which are involved in load balancing. By conducting alias resolution in such a context, we want to verify if the IP interfaces involved in load balancing belong to unique routers, and more broadly, how relevant is alias resolution in this context. To do so, we use a slightly edited version of TreeNET, a topology discovery tool which relies on a tree-like structure based on Traceroute measurements to map a target domain. The upgraded TreeNET along the measurements described in this paper are both freely available online. [less ▲]

Detailed reference viewed: 88 (26 ULiège)
Full Text
Peer Reviewed
See detailAn Observation-Based Middlebox Policy Taxonomy
Edeline, Korian ULiege; Donnet, Benoît ULiege

in ACM CoNEXT 2017 Student Workshop (2017, December 12)

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, including enterprise networks and cellular ... [more ▼]

Recent years have seen the rise of middleboxes, such as NATs, firewalls, or TCP accelerators. Those middleboxes play an important role in today's Internet, including enterprise networks and cellular networks. However, despite their undisputable success in modern network architecture, their actual impact on packets, traffic, and network performance is not that much understood. In this paper, we propose a path impairment oriented middlebox classification that aims at categorizing the initial purpose of a middlebox policy as well as its potential complications. [less ▲]

Detailed reference viewed: 76 (12 ULiège)
Full Text
Peer Reviewed
See detailThrough the Wormhole: Tracking Invisible MPLS Tunnels
Vanaubel, Yves ULiege; Mérindol, Pascal; Pansiot, Jean-Jacques et al

in ACM Internet Measurement Conference (2017, November)

For years, Internet topology research has been conducted through active measurement. For instance, CAIDA builds router level topologies on top of IP level traces obtained with traceroute. The resulting ... [more ▼]

For years, Internet topology research has been conducted through active measurement. For instance, CAIDA builds router level topologies on top of IP level traces obtained with traceroute. The resulting graphs contain a significant amount of nodes with a very large degree, often exceeding the actual number of interfaces of a router. Although this property may result from inaccurate alias resolution, we believe that opaque MPLS clouds made of invisible tunnels are the main cause. Using Layer-2 technologies such as MPLS, routers can be configured to hide internal IP hops from traceroute. Consequently, an entry point of an MPLS network appears as the neighbor of all exit points and the whole Layer-3 network turns into a dense mesh of high degree nodes. This paper tackles three problems: the revelation of IP hops hidden by MPLS tunnels, the MPLS deployment underestimation, and the overestimation of high degree nodes. We develop new measurement techniques able to reveal the presence and content of invisible MPLS tunnels. We assess them through emulation and cross-validation and perform a large-scale measurement campaign targeting suspicious networks on which we apply statistical analysis. Finally, based on our dataset, we look at basic graph properties impacted by invisible tunnels. [less ▲]

Detailed reference viewed: 107 (15 ULiège)
Full Text
Peer Reviewed
See detailA First Look at the Prevalence and Persistence of Middleboxes in the Wild
Edeline, Korian ULiege; Donnet, Benoît ULiege

in International Teletraffic Congress (2017, September)

Recent years have seen an uprise in the development of middleboxes functionalities (CGNATs, proxies, accelerators, etc), participating so in the ossification of the Internet. In parallel, various ... [more ▼]

Recent years have seen an uprise in the development of middleboxes functionalities (CGNATs, proxies, accelerators, etc), participating so in the ossification of the Internet. In parallel, various solutions have been developed to detect or circumvent unwanted middleboxes interferences such as UDP-based middlebox-proof transports (Google's QUIC, PLUS), middlebox-proof extensions to TCP (HICCUPS, TCPcrypt), and middlebox traversal mechanisms (STUN, ICE, PLUS). All those solutions make the assumption of ubiquitous middleboxes. However, a view of their actual deployment in the wild, in IPv4 wired networks, is missing. In particular, knowing how autonomous systems (ASes) deploy middleboxes in terms of prevalence and persistence would provide additional relevant information to Internet topology models. In this paper, we aim at filling this gap. Based on a large-scale measurement campaign, we highlight different characteristics of middlebox deployment within ASes to elicit middleboxes profiles. [less ▲]

Detailed reference viewed: 96 (27 ULiège)
Full Text
Peer Reviewed
See detailNETPerfTrace – Predicting Internet Path Dynamics and Performance with Machine Learning
Wassermann, Sarah ULiege; Casas, Pedro; Cuvelier, Thibaut ULiege et al

in Proceedings of Big-DAMA ’17 (2017, August)

We study the problem of predicting Internet path changes and path performance using traceroute measurements and machine learning models. Path changes are frequently linked to path inflation and ... [more ▼]

We study the problem of predicting Internet path changes and path performance using traceroute measurements and machine learning models. Path changes are frequently linked to path inflation and performance degradation, therefore the relevance of the problem. We introduce NETPerfTrace, an Internet Path Tracking system to forecast path changes and path latency variations. By relying on decision trees and using empirical distribution-based input features, we show that NETPerfTrace can predict (i) the remaining life time of a path before it actually changes and (ii) the number of path changes in a certain time period with relatively high accuracy. Through extensive evaluation, we demonstrate that NETPerfTrace highly outperforms DTRACK, a previous system with the same prediction targets. NETPerfTrace also offers path performance forecasting capabilities. In particular, our tool can predict path latency metrics, providing a system which can not only predict path changes, but also forecast their impact in terms of performance variations. We release NETPerfTrace as open software to the networking community, as well as all evaluation datasets. [less ▲]

Detailed reference viewed: 431 (23 ULiège)
Full Text
Peer Reviewed
See detailcopycat: Testing Differential Treatment of New Transport Protocols in the Wild
Edeline, Korian ULiege; Kühlewind, Mirja; Trammell, Brian et al

in Applied Networking Research Workshop (2017, July)

Recent years have seen the development of multiple transport solutions to address the ossification of TCP in the Internet, and to ease transport-layer extensibility and deployability. Recent approaches ... [more ▼]

Recent years have seen the development of multiple transport solutions to address the ossification of TCP in the Internet, and to ease transport-layer extensibility and deployability. Recent approaches, such as PLUS and Google's QUIC, introduce an upper transport layer atop UDP; their deployment therefore relies on UDP not being disadvantaged with respect to TCP by the Internet. This paper introduces copycat, a generic transport protocol testing tool that highlights differential treatment by the path in terms of connectivity and QoS between TCP and a non-TCP transport protocol. copycat generates TCP-shaped traffic with custom headers, and compares its performance in terms of loss and delay with TCP. We present a proof-of-concept case study (UDP vs. TCP) in order to answer questions about the deployability of current transport evolution approaches, and demonstrate the extent of copycat's capabilities and possible applications. While the vast majority of UDP impairments are found to be access-network linked, and subtle impairment is rare, middleboxes might adapt to new protocols that would then perform differently in the wild compared to early deployments or controlled environment testing. [less ▲]

Detailed reference viewed: 60 (10 ULiège)
Full Text
Peer Reviewed
See detailHic Sunt NATs: Uncovering Address Translation with a Smart Traceroute
Zullo, Raffaele; Pescapé, Antonio; Edeline, Korian ULiege et al

in IEEE/IFIP Workshop on Mobile Network Measurement (MNM) (2017, June)

Middleboxes are pervasive in today's Internet as they are deployed for an increasing number of reasons. An example is the network address translation (NAT), one of the first task to be performed to cope ... [more ▼]

Middleboxes are pervasive in today's Internet as they are deployed for an increasing number of reasons. An example is the network address translation (NAT), one of the first task to be performed to cope with the lack of IPv4 addresses. Recently the landscape for NATs has become even more crowded, especially in mobile networks, mainly due to the impossibility of IPv6 to be a large-scale solution to addressing issues. In this paper, we present a novel methodology for detecting NATs embodied in Mobile Tracebox, a measurement tool for Android smart devices that detects a wide range of middleboxes. It analyzes ICMP time-exceeded messages received during \traceroute and points at IP and transport checksum inconsistencies in the embedded packets to uncover address translation along a path. We deployed Mobile Tracebox through a crowdsourcing approach and used the collected dataset to validate our methodology. Results showed that, in absence of middleboxes breaking \traceroute, it can help to detect and locate NATs in the majority of the cases. [less ▲]

Detailed reference viewed: 62 (8 ULiège)
Full Text
Peer Reviewed
See detailTowards a Renewed Alias Resolution with Space Search Reduction and IP Fingerprinting
Grailet, Jean-François ULiege; Donnet, Benoît ULiege

in Network Traffic Measurement and Analysis Conference (TMA) (2017, June)

Since the early 2000's, the Internet Topology has been frequently described and modeled from the perspective of routers. To this end, alias resolution mechanisms have been developed in order to aggregate ... [more ▼]

Since the early 2000's, the Internet Topology has been frequently described and modeled from the perspective of routers. To this end, alias resolution mechanisms have been developed in order to aggregate all IP interfaces of a router, collected with traceroute, into a single identifier. So far, many active measurement techniques have been considered, often taking advantage of specific features from network protocols. However, a lot of these methods have seen their efficiency decrease over time due to security reinforcements across the Internet. In this paper, we introduce a generic methodology to conduct efficient and scalable alias resolution. It combines the space search reduction of TreeNET (a tool for efficiently discovering subnets) with a fingerprinting process used to assess the feasibility of several state-of-the-art alias resolution methods, using a small, fixed amount of probes. We validate our method along MIDAR on an academic groundtruth and demonstrate that our methodology can achieve similar accuracy while using less probes and discovering subnets in the process. We further evaluate our method with measurements made on PlanetLab towards several distinct ASes of varying sizes and roles in the Internet. The collected data shows that some properties of our fingerprints correlate with each other, hinting some observed profiles could be linked with equipment vendors. Both TreeNET (which implements our methodology) and our dataset are freely available. [less ▲]

Detailed reference viewed: 125 (20 ULiège)
Full Text
See detailPredicting Internet Path Dynamics and Performance with Machine Learning
Wassermann, Sarah ULiege; Casas, Pedro; Cuvelier, Thibaut ULiege et al

Report (2017)

In this paper, we study the problem of predicting Internet path changes and path performance using traceroute measurements and machine learning models. Path changes are frequently linked to path inflation ... [more ▼]

In this paper, we study the problem of predicting Internet path changes and path performance using traceroute measurements and machine learning models. Path changes are frequently linked to path inflation and performance degradation; therefore, predicting their occurrence is highly relevant for performance monitoring and dynamic traffic engineering. We introduce NETPerfTrace, an Internet Path Tracking system capable of forecasting path changes and path latency variations. By relying on decision trees and using empirical distribution based input features, we show that NETPerfTrace can predict (i) the remaining life time of a path before it actually changes and (ii) the number of path changes in a certain time-slot with high accuracy. Through extensive evaluation, we demonstrate that NETPerfTrace highly outperforms DTRACK, a previous system with the same prediction targets. NETPerfTrace also offers path performance forecasting capabilities. In particular, it can predict path latency metrics, providing a system which could not only predict path changes but also forecast their impact in terms of performance variations. As an additional contribution, we release NETPerfTrace as open software to the networking community. [less ▲]

Detailed reference viewed: 131 (16 ULiège)
Full Text
Peer Reviewed
See detailStability and Consistency of the LISP Pull Routing Architecture
Li, Yue; Saucez, Damien; Iannone, Luigi et al

in Proc. IEEE Workshop on Network Measurements (WNM) (2017)

Future Internet has been a hot topic for the last decade. One of the approaches put forward in order to revise the Internet architecture is LISP~--~Locator/ID Separation Protocol, which leverages the ... [more ▼]

Future Internet has been a hot topic for the last decade. One of the approaches put forward in order to revise the Internet architecture is LISP~--~Locator/ID Separation Protocol, which leverages the separation of the identifier and the locator roles of IP addresses. Contrary to the classical push model used by the BGP-based routing architecture, LISP relies on a pull model. In particular, routing information is pulled from a new network element, the Mapping System, to provide the association between the identifier (i.e., the address used to identify a host inside a domain) and a list of locators (i.e., the addresses to locate an attachment point) upon an explicit query. In this paper, we evaluate a LISP Mapping System deployment in the public LISP Beta Network from two standpoints: Stability and Consistency. Our measurements show that the mapping information is stable over time and consistent between the different mapping entities and the vantage points. Our analysis shows that there are cases where the Mapping System is unstable and/or inconsistent, hence, beside proposing a taxonomy in order to classify them, we carry out an in-depth investigation of such cases so to provide hints on how to improve the performance of LISP. [less ▲]

Detailed reference viewed: 94 (4 ULiège)
Full Text
See detailUsing UDP for Internet Transport Evolution
Edeline, Korian ULiege; Külhewind, Mirja; Trammell, Brian et al

Report (2016)

The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work ... [more ▼]

The increasing use of middleboxes (e.g., NATs, firewalls) in the Internet has made it harder and harder to deploy new transport or higher layer protocols, or even extensions to existing ones. Current work to address this Internet transport ossification has led to renewed interest in UDP as an encapsulation for making novel transport protocols deployable in the Internet. Examples include Google's QUIC and the WebRTC data channel. The common assumption made by these approaches is that encapsulation over UDP works in the present Internet. This paper presents a measurement study to examine this assumption, and provides guidance for protocol design based on our measurements. The key question is "can we run new transport protocols for the Internet over UDP?" We find that the answer is largely "yes": UDP works on most networks, and impairments are generally confined to access networks. This allows relatively simple fallback strategies to work around it. Our answer is based on a twofold methodology. First, we use the RIPE Atlas platform to basically check UDP connectivity and first-packet latency. Second, we deploy copycat, a new tool for comparing TCP loss, latency, and throughput with UDP by generating TCP-shaped traffic with UDP headers. [less ▲]

Detailed reference viewed: 32 (0 ULiège)