Agenda interim-2020-maprg-01: Wed 15:00
agenda-interim-2020-maprg-01-sessa-01

Joint RIPE MATWG / IRTF MAPRG online interim meeting agenda after IETF-108

Date: August 5, 1:00 - 3:30pm UTC
Webex link: https://ietf.webex.com/ietf/j.php?MTID=m8506f91d53fc769f2afaaa81c917c0ef

Overview & Status - Nina (MATWG) & Dave (MAPRG) (10 min)

Mechanism and Performance Evaluation of RIPE IPmap Active Geolocation - Massimo Candela (15-20 min)

Internet Measurements of the COVID-19 pandemic - Emile Aben, Vesna Manojloivic, Lai Yi Ohlsen (15-20 min)

RIPE NCC Tools Update - Robert Kisteleki (10-15 min)

IRTF Note-well applies for this part

Textual Analysis Methodology for Security Considerations Sections - Mark McFadden (10 mins)

See also https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-textual-research/

Latency & AQM Observations on the Internet - Jake Holland (15 min)

Behavior of TCP CUBIC in Low-Latency Mobile Radio Networks - Philipp Bruhn (15 min)

MUST, SHOULD, DON’T CARE: TCP conformance in the wild - Mike Kosek (10 min)

This paper was presented at PAM'20 and the video available is available here:
https://www.youtube.com/watch?v=45qWYQRlAak

This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!

"Debogonising 2a10::/12" - Stephen Strowes (15 min)

This paper was presented at TMA'20 and the video available is available here:
https://vimeo.com/425663114

This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!

Abstracts

draft-mcfadden-smart-rfc3552-textual-research - Mark McFadden, Alan Mills

See also https://datatracker.ietf.org/doc/draft-mcfadden-smart-rfc3552-textual-research/

RFC3552 provides guidance to authors in crafting RFC text on
Security Considerations. The RFC is more than fifteen years old.
With the threat landscape and security ecosystem significantly
changed since the RFC was published, RFC3552 is a candidate for
update. This draft proposes that, prior to drafting an update to
RFC3552, an examination of recent, published Security Considerations
sections be carried out as a baseline for how to improve RFC3552. It
suggests a methodology for examining Security Considerations
sections in published RFCs and the extraction of both quantitative
and qualitative information that could inform a revision of the
older guidance. It also reports on a recent experiment on textual
analysis of sixteen years of RFC Security Consideration sections.

Latency & AQM Observations on the Internet - Jake Holland

We'll present early results of an observational study of round-trip times on the internet.

We focused on the RTT variation observed within a day for several million datacenter+client
IP pairs, as measured during the 3-way handshake while establishing TCP connections.

We also examine the scope of CE-marking AQM deployment and the aggregated latency
differences between paths with vs. without such AQMs.

These are early observations from an analysis work in progress, and we're interested in
feedback, insights, and suggestions from maprg.

Packet Latencies in Mobile Network - Maciej Muehleisen, Philipp Bruhn

Due to Content Delivery Networks and Edge Computing, the end-to-end latency
of today's mobile radio networks becomes increasingly dominated by the effects
of the Media Access Control (MEC) layer and the variances resulting from it. We
evaluated the performance of TCP Cubic in what we consider a perfect LTE lab
environment with one user and perfect radio conditions. We expected some variance
in file up- and download times, resulting from latency variances from the MEC layer,
but we were surprised about their magnitude and causes.

We saw a large variance of the Slow Start Phase (called HyStart in TCP Cubic)
duration of the TCP Cubic implementation used (default Linux Kernel implementation).
We continued to further investigate that within a Master Thesis and realized that the
performance of the current implementation is almost random in the sense that minimal
variations in packet latencies can have large impact on when the TCP Cubic
implementation leaves the Slow Start Phase triggered by a detected change of latency.
In some cases we even saw an unintended behavior where samples with reduced, not
increased latency, caused the end of Slow Start.

We would like to share our findings with the community, especially latency statistics
of the different packets within the Slow Start Phase and possible impacts it has on the
behavior of TCP Cubic HyStart.

MUST, SHOULD, DON’T CARE: TCP conformance in the wild - Mike Kosek

Published at PAM2020: https://arxiv.org/pdf/2002.05400.pdf

Standards govern the SHOULD and MUST requirements for protocol
implementers for interoperability. In case of TCP that carries the bulk
of the Internets’ traffic, these requirements are defined in RFCs. While
it is known that not all additional features are implemented and
non-conformance exists, one would assume that TCP implementations at
least conform to the minimum set of MUST requirements. In this paper, we
utilize Internet-wide scans to establish how Internet hosts and paths
conform to these basic requirements. We uncover a non-negligible set of
Internet hosts and paths that do not adhere to even basic requirements.
For example, we observe hosts that do not correctly handle checksums and
cases of middlebox interference for TCP options. We identify hosts that
drop packets when the urgent pointer is set or simply crash. Our results
highlight that conformance to even fundamental protocol requirements
should not be taken for granted but instead checked regularly.

Video available from PAM: https://www.youtube.com/watch?v=45qWYQRlAak

This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!

"Debogonising 2a10::/12" - Stephen Strowes

Published at TMA2020: https://sdstrowes.co.uk/publications/strowes-2020-2a10.pdf

During one week in January 2020, the RIPE NCC advertised a previously unallocated
IPv6 /12 in an effort to "debogonise" the space prior to allocation to members. To help
+us identify unintended or undesirable activity in this address space, we collected all
network traffic that the advertisement attracted. We also ran RIPE Atlas measurements
to investigate reachability, and we analysed RIS routing data to investigate BGP visibility.

This talk will cover the results from each of these three data sources. The captured traffic
is the first significant IPv6 darknet study since 2013. Discounting the RIPE Atlas
measurement traffic, this address space attracted 6.2M packets carrying various
payloads over the course of the week, and provides fresh inside into IPv6 "background
noise" in 2020.

Video available from TMA: https://vimeo.com/425663114

This talk contains only a short summary and some updates. If you would like to see the full talk, please watch the video in advance!

Other talks from IETF-107 that will not be presented but are available on video in the meantime:

QUIC over satellite with and without packet loss on the remote side WiFi link - John Border <John.Border@hughes.com>

We have been testing Google QUIC over geosynchronous satellite, focused on high throughput. Specifically, we need to know how much throughput degrades (as compared to spoofed TCP) with the latency. And, how much it degrades further in the presence of packet loss. In particular, packet loss on the WiFi links on the satellite terminal side are a common problem for Internet over satellite users. The presentation is about our results. (Ultimately, of course, we want to motivate changes to IETF QUIC in version 2 to close the gap.)

Presented in PANRG: https://www.youtube.com/watch?v=6wtai03QNKE

Cache Me If You Can: Effects of DNS Time-to-Live - Giovane Moura <giovane.moura@sidn.nl>

Published at IMC2019: https://www.isi.edu/~johnh/PAPERS/Moura19a.pdf

Why is it interesting for MAPRG: well, it turns out that no one knows
how to choose TTL values for DNS. The Root zone have TTLs values of 2
days, while cloud services have 5 seconds.

This paper carefully examines pros and cons of shorter and longer TTLs,
in terms of user experience and query volume. We carry tons of
experiments and carefully control variables to help ops to choose values.

Presented at RIPE: https://ripe80.ripe.net/archives/video/322
Slides PDF: https://ripe80.ripe.net/presentations/15-20200512-Counterfighting-Counterfeit-RIPE80.pdf

Counterfighting Counterfeit: detecting and taking down fraudulent webshops at a ccTLD - Giovane Moura <giovane.moura@sidn.nl>

Published at PAM2020

Free preview: https://www.semanticscholar.org/paper/Counterfighting-Counterfeit%3A-Detecting-and-Taking-a-Wabeke-Moura/93e87ff998a5683c9a1e20354367999f48aeecdf

Why is it interesting for MAPRG: this one is about abuse on DNS. Luxury
goods are the number one confiscated goods at EU and US customs. Their
sales have moved online too. We show how crooks have employing thousand
of websites to lure users to their shops, which ultimately get scammed
-- thinking they are buying a real product, only to receive a cheap, low
quality knock-off.
This paper shows the 2 year effort we carried at .nl to take down 4k+ of
this domains, which ultimately were causing losses to real folks.
We show that most of them seem to come from China, and how they attemtp
to evade detection. We partner with registrars and a credit card issuer
to carry out and validate the results.

Presented at RIPE: https://ripe79.ripe.net/archives/video/184
Slides PDF: https://ripe79.ripe.net/presentations/47-presentation.pdf