Recent revelations about large-scale pervasive surveillance of Internet traffic have led to a rapidly expanding deployment of encryption in order to protect end-user privacy. At the same time, network operators rely increasingly on the use of in-network functionality provided...
Recent revelations about large-scale pervasive surveillance of Internet traffic have led to a rapidly expanding deployment of encryption in order to protect end-user privacy. At the same time, network operators rely increasingly on the use of in-network functionality provided by middleboxes and network function virtualization (NFV) approaches to improve network operations and management, and to provide additional value for their customers. The Middleboxes providing these performance enhancements as well as security functions rely on information that is available today in protocol headers in clear. E.g. monitoring functions for troubleshooting heavily reply on TCP header information for the estimation of basic metrics such as loss and Round-Trip Time (RTT).
However, this information was never meant to be exposed for the purpose of in-network support. Subsequently, middleboxes often make assumptions based on the information accessible in clear about the properties of the end-to-end protocol running through them that might not hold anymore with the stack that we run today. Using this information has led to an ossification makes it difficult to deploy new protocols or protocol extension at each layer and as such hinders evolution and innovation in the Internet that is demanded by new applications such as interactive video. One prominent example is the encapsulation of new transports like QUIC or also SCTP in UDP that contradicts the assumption of some operators that most UDP traffic is spam leading to blocking of UDP traffic and as such these of new protocols as well.
However, indeed, one side effect of a Future Internet that seeks to enable large-scale encryption is the restoration of the end-to-end nature of the Internet. Middleboxes cannot use or even modify what they cannot see. While this restores our ability to innovate at the transport layer, it would do so at the expense of the utility of the great variety of middleboxes deployed in the Internet: network address translators (NATs), firewalls and intrusion-prevention systems, cryptographic and TCP accelerators, caching proxies, content filters, load balancers, application-layer gateways (ALGs) and so on. Simply disabling these is not an option: they were deployed to solve real problems, and in many cases solving these problems within the network leads to significant advantages in ease of deployment and administration, reduction in cost, or other advantages over an endpoint-only solution.
The MAMI project seeks to restore balance among end-user privacy concerns in the face of pervasive surveillance, innovation in network protocols in the face of increasing ossification, and the provision of in-network functionality in a cooperative way. To achieve these goals, the MAMI project develops an incrementally-deployable Middlebox Cooperation Protocol (MCP) that enables explicit communication with middleboxes for encrypted traffic.
The MCP is developed based from large-scale measurements of middlebox behavior in the public Internet conducted on top existing testbeds including the FIRE+ MONROE testbed. To detect middlebox impairments, the MAMI project develops and maintains several measurement tools, such as PATHspider and tracebox. Further, the project provides public access to observed conditions that were derived from of this measurement data and are preserved in a Path Transparency Observatory (PTO), aiming to enable a meaningful view of today’s ossification for protocol developer and operators.
The project is further working on making the transport layer more flexible in selecting the appropriate protocol stack that has most chances to successfully connect to the other end at a time, supporting incremental of the MCP and other new protocols. Currently, the project evaluates the developed mechanisms in the transport layer and for middlebox cooperation based on experimentation and a middlebox behavioral model of known middlebox modifications and actions. The current foc
The project is continuously working on the PATHspider active measurement tool for controlled experiments of path impairment, improving its extensibility and performance. PATHspider was integrated with MONROE and the project also built a system enabling an automated way to run continuous measurement. The project performed various measures using PATHspider as well as other measurement tools such as tracebox and copycat and also ran larger campaigns with tracebox and NAT Revelio as input for middlebox classification and a path-impairment-oriented middlebox policy taxonomy. This taxonomy is providing input for a middlebox model that in turn provides the basis for a middlebox simulator/emulator that is currently under development.
To store and provide public access to the collected measurement data, a first version of the Path Transparency Observatory (PTO) was released. The project is currently working on a new release, as decisions on the selected tooling and data base systems were revised based on initial testing detecting performance problem and leading to a chance in the expected usage pattern.
Further, the MAMI project is continuously working on the specification of the Middlebox Cooperation Protocol (MCP). Its design will enable endpoints to expose their intentions to middleboxes and can be extended to provide signalling from the path to the endpoints. In addition, the project is working on a fd.io based MCP-aware middlebox implementation supporting network diagnostics. In parallel, the project is working on the enhancement to new and existing transport protocols as well as a new transport API (“post socketâ€) to support the needs of modern applications and as a basis for enhanced path signaling.
The MAMI project is very active in standardization providing input to current relevant work in different standardization bodies such as the IETF (quic, taps, tavwg, tcpm, acme, tls), ETSI (NFV ISG, TC CYBER), GSMA, IEEE (ETI WG), as well as the IRTF (maprg, pan(p)rg). It has also contributed to the wider research community through publications and participation in workshops. Interactions with these groups identified the importance of operational support for in-network measurement in the face of Internet traffic using ubiquitous encryption. Support for in-network measurement has therefore contributed an additional thread to the MCP development work and the project seized an opportunity to impact the emergent work of the IETF QUIC working group.
The industrial partners have identified NFV and cloud-based services that can apply the project’s measurement results and MCP approaches. MAMI results are being considered for application to mobile edge and core, Software Defined Networking (SDN), and IP video. The collaboration with industry associations like GSMA is an important argument for these activities, and the partners keep leveraging dissemination activities at industrial events and social media to increase internal impact in business units as well as external impact in cooperation with other industry partners. The academic partners have incorporated MAMI results in their research portfolios, used these results for advanced teaching, and involved students in the research work conducted in the project.
More info: https://mami-project.eu/.