[en] Over the past two decades, network measure- ment infrastructures have witnessed significant development and widespread adoption. Internet measurement platforms have become common and have demonstrated their relevance in Internet understanding and security observation. However, despite their popularity, those platforms lack of flexibility and reactivity, as they are usually used for longitudinal measurements. Consequently, critical security and Internet-related events may evade detection. Concurrently, the evolution of operating systems towards virtual machines (VMs) has been notable, particularly with the emergence of unikernels—ultra-lightweight VMs tailored for specific applications by including only the essential components.
This paper advocates for the integration of unikernels into measurement infrastructures to enhance their flexibility and efficiency. We introduce υTNT, a proof-of-concept unikernel- based implementation of TNT, a traceroute extension capable of discovering MPLS tunnels. This paper documents the full toolchain for porting TNT into a unikernel and evaluates υTNT’s performance in comparison to conventional methodologies. Additionally, we explore a practical use case scenario demonstrating the utility of υTNT. The source code for υTNT is publicly available on Gitlab.
Disciplines :
Sciences informatiques
Auteur, co-auteur :
Letemple, Maxime
Gain, Gaulthier ; Université de Liège - ULiège > Département d'électricité, électronique et informatique (Institut Montefiore) > Systèmes informatiques répartis et sécurité
Ben Mariem, Sami ; Université de Liège - ULiège > Montefiore Institute of Electrical Engineering and Computer Science
Mathy, Laurent ; Université de Liège - ULiège > Département d'électricité, électronique et informatique (Institut Montefiore) > Systèmes informatiques répartis et sécurité
Donnet, Benoît ; Université de Liège - ULiège > Département d'électricité, électronique et informatique (Institut Montefiore) > Algorithmique des grands systèmes
Langue du document :
Anglais
Titre :
uTNT: Unikernels for Efficient and Flexible Internet Probing
Date de publication/diffusion :
avril 2024
Nom de la manifestation :
IFIP Network Traffic Measurement and Analysis Conference (TMA)
Lieu de la manifestation :
Dresden, Allemagne
Date de la manifestation :
Du 21 mai 2024 au 24 mai 2024
Manifestation à portée :
International
Titre de l'ouvrage principal :
IFIP Network Traffic Measurement and Analysis Conference (TMA)
Micro-libraries (micro-libs, for short) are software components whichimplement one of the core Unikraft APIs.
V. Bajpai and J. Schonwalder, "A survey on Internet performance measurement platforms and related standardization efforts," IEEE Com-munications Surveys & Tutorials, vol. 17, no. 3, pp. 1313-1341, April 2015.
B. Huffaker, D. Plummer, D. Moore, and k. claffy, "Topology discovery by active probing," in Proc. Symposium on Applications and the Internet (SAINT), January 2002.
k. claffy, Y. Hyun, K. Keys, M. Fomenkov, and D. Krioukov, "Internet mapping: from art to science," in Proc. IEEE Cybersecurity Application and Technologies Conference for Homeland Security (CATCH), March 2009.
RIPE Network Coordination Center, "Atlas," 2010, see https://atlas.ripe. net.
P. Gill, C. Diot, L. Y. Ohlsen, M. Mathis, and S. Soltesz, "M-lab: User initiated internet data for the research community," ACM SIGCOMM Computer Communication Review, vol. 1, no. 52, January 2022.
H. V. Madhyastha, T. Isdal, M. Piatek, C. Dixon, T. Anderson, A. Kr-ishnamurthy, and A. Venkataramani, "iPlane: An information plane for distributed services," in Proc. USENIX Symposium on Operating Systems Design and Implementation (OSDI), November 2006.
PlanetLab Consortium, "PlanetLab project," 2002, see http://www. planet-lab.org.
G. Aceto, A. Botta, P. Marchetta, V. Persico, and A. Pescapé, "A comprehensive survey on Internet outages," Journal of Network and Computer Applications, vol. 113, pp. 36-63, July 2018.
M. Safaei Pour, C. Nader, K. Friday, and E. Bou-Harb, "A compre-hensive survey of recent internet measurement techniques for cyber security," Computers & Security, vol. 128, May 2023.
B. Donnet, "Incentvies for BGP guided IP-level topology discovery," in Proc. Traffic and Measurement Analysis Workshop (TMA), May 2009.
B. Donnet and T. Friedman, "Internet topology discovery: A survey," IEEE Communications Surveys and Tutorials, vol. 9, no. 4, December 2007.
Hykes, S. et al, "Docker," https://docker.com/, 2018, [Last Accessed: October 26th, 2023].
E. Kovacs, "Docker fixes vulnerabilities, shares plans for making platform safer," http://www.securityweek.com/ docker-fixes-vulnerabilities-shares-plans-making-platform-safer, 2014, [Last Accessed: October 26th, 2023].
A. Grattafiori, "Understanding and hardening linux containers," https://research.nccgroup.com/2016/05/05/ understanding-and-hardening-linux-containers/, 2016, [Last Accessed: October 26th, 2023].
A. Madhavapeddy and D. J. Scott, "Unikernels: The rise of the virtual library operating systems," Communications of the ACM, vol. 57, no. 1, pp. 61-69, January 2014.
A. Kantee, "Flexible operating systems internals: The design and imple-mentation of the anykernel and rump kernels," Ph.D. dissertation, Aalto University, 2012.
A. Kivity, D. Laor, G. Costa, P. Enberg, N. Har'El, D. Marti, and Z. V., "OSv-optimizing the operating system for virtual machines," in Proc. USENIX Annual Technical Conference, June 2014.
S. Kuenzer, V.-A. Badoiu, H. Lefeuvre, S. Santhanam, A. Jung, G. Gain, C. Soldani, C. Lupu, c. Teodorescu, C. Raducanu, C. Banu, L. Mathy, R. Deaconescu, C. Raiciu, and F. Huici, "Unikraft: fast, specialized unikernels the easy way," in Proceedings of the Sixteenth European Conference on Computer Systems, ser. EuroSys '21. New York, NY, USA: Association for Computing Machinery, 2021, p. 376-394. [Online]. Available: https://doi.org/10.1145/3447786.3456248
H.-C. Kuo, D. Williams, R. Koller, and S. Mohan, "A Linux in unikernel clothing," in Proc. European Conference on Computer Systems (EuroSys), April 2020.
N. Xia, C. Tian, Y. Luo, H. Liu, and X. Wang, "UKSM: Swift memory deduplication via hierarchical and adaptive memory region distilling," in Proc. USENIX Conference on File and Storage Technologies (FAST), February 2018.
K. Miller, F. Franz, T. Groeninger, M. Rittinghaus, M. Hillenbrand, and F. Bellosa, "KSM++: Using I/O-based hints to make memory-deduplication scanners more efficient," in Proc. ASPLOS Workshop on Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE), March 2012.
G. Gain, C. Soldani, F. Huici, and L. Mathy, "Want more uniker-nels inflate them!" in Proc. Symposium on Cloud Computing (SoCC), November 2022.
A. Arcangeli, I. Eidus, and C. Wright, "Increasing memory density by using KSM," in Proc. Linux Symposium, January 2009.
G. Gain, "Unikraft Tools," 2019, [Last Accessed: October 24th, 2023]. [Online]. Available: https://github.com/gaulthiergain/tools
H. Lefeuvre, G. Gain, V.-A. Badoiu, D. Dinca, V.-R. Schiller, C. Raiciu, F. Huici, and P. Olivier, "Loupe: Driving the development of OS compatibility layers," in Proc. ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), May 2024.
B. Donnet, M. Luckie, P. Mérindol, and J.-J. Pansiot, "Revealing MPLS tunnels obscured from traceroute," ACM SIGCOMM Computer Communication Review, vol. 42, no. 2, pp. 87-93, April 2012.
Y. Vanaubel, J.-R. Luttringer, P. Mérindol, J.-J. Pansiot, and B. Donnet, "TNT, watch me explode: A light in the dark for revealing MPLS tunnels," in Proc. IFIP Network Traffic Measurement and Analysis Conference (TMA), June 2019.
J.-R. Luttringer, Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet, "Let there be light: Revealing hidden MPLS tunnels with TNT," IEEE Transactions on Network and Service Management (TNSM), vol. 17, no. 2, pp. 1239-1253, June 2020.
M. Letemple, G. Gain, S. B. Mariem, L. Mathy, and B. Donnet, "utnt: Unikernels for efficient and flexible internet probing," 2024.
V. Jacobson et al., "traceroute," UNIX, man page, 1989, see source code: ftp://ftp.ee.lbl.gov/traceroute.tar.gz.
M. Luckie, "Scamper: A scalable and extensible packet prober for active measurement of the Internet," in Proc. ACM Internet Measurement Conference (IMC), November 2010.
Y. Vanaubel, P. Mérindol, J.-J. Pansiot, and B. Donnet, "Through the wormhole: Tracking invisible MPLS tunnels," in Proc. ACM Internet Measurement Conference (IMC), November 2017.
Y. Vanaubel, J.-J. Pansiot, P. Mérindol, and B. Donnet, "Network fingerprinting: TTL-based router signature," in Proc. ACM Internet Measurement Conference (IMC), October 2013.
Dunkels, A. et al., "lwip: Lightweith IP," [Last Accessed: October 24th, 2023]. [Online]. Available: https://savannah.nongnu.org/projects/lwip/
Felker, R. et al., "musl," [Last Accessed: October 24th, 2023]. [Online]. Available: https://musl.libc.org
Al Danial, "cloc: Count lines of code," [Last Accessed: October 30th, 2023]. [Online]. Available: https://github.com/AlDanial/cloc
G. Gain, "utnt," [Last Accessed: May 6th, 2024]. [Online]. Available: https://gitlab.uliege.be/Gaulthier.Gain/utnt
A. Agache, M. Brooker, A. Iordache, A. Liguori, R. Neugebauer, P. Piwonka, and D.-M. Popa, "Firecracker: Lightweight virtualization for serverless applications," in Proc. USENIX Symposium on Networked Systems Design and Implementation (NSDI), February 2020.
OVH, "Global cloud service provider | ovhcloud," [Last Accessed: October 24th, 2023]. [Online]. Available: https://us.ovhcloud.com
P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neuge-bauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proc. ACM symposium on Operating systems principles (SOSP), October 2003.
