Date: Monday, Nov 15, 15:50-17:20 (Afternoon session II)
Room: Padang
Mirja Kühlewind
10 min
Klaus Nieminen
5 min
Dave Plonka remotely or someone else?
5 min
Brian Trammell
20 min
Roland van Rijswijk
20 min
Giovane C. M. Moura
15 min
Wes Hardaker
15 min
Principles for Measurability in Protocol Design (Mark Allman, Robert Beverly, Brian Trammell)
Paper: https://arxiv.org/pdf/1612.02902.pdfMeasurement has become fundamental to the operation of networks and at-scale services---whether for management, security, diagnostics, optimization, or simply enhancing our collective understanding of the Internet as a complex system. Further, measurements are useful across points of view---from end hosts to enterprise networks and data centers to the wide area Internet. We observe that many measurements are decoupled from the protocols and applications they are designed to illuminate. Worse, current measurement practice often involves the exploitation of side-effects and unintended features of the network, or, in other words, the artful piling of hacks atop one another. This state of affairs is a direct result of the relative paucity of diagnostic and measurement capabilities built into today's network stack.
The Root Canary: measuring the root KSK rollover and beyond (Roland van Rijswijk, Willem Toorop, Moritz Müller)
Hopefully, it has not escaped most people's notice that ICANN is in the
process of replacing the DNSSEC signing key (KSK) for the root zone of
the DNS. This event, which started with the publication of the new key
in July of this year, is unique, as it is the first time ever that the
key for the root is replaced. In this presentation, we discuss the "Root
Canary" project, the goal of which is to monitor and measure this root
key rollover. Using tens of thousands of vantage points worldwide (RIPE
Atlas probes and through the Luminati VPN proxy network), the Root
Canary project measures the impact of the root key rollover and can
function as a proverbial "canary-in-the-coalmine" if resolvers start
exhibiting problems during the key rollover. The presentation will
discuss how the Root Canary project is set up, and shows current
results. In addition to this, we discuss spin-off results, such as the
DNSSEC algorithm support test. We will end by discussing ICANN's recent
decision to "pause" the root key rollover process, and what this means
for our project. For more information, see https://rootcanary.org/
Recursives in the Wild: Engineering Authoritative DNS Servers (Moritz Müller, Giovane C. M. Moura)
Paper: https://www.isi.edu/~johnh/PAPERS/Mueller17b.htmlDNS operators strive for to reduce latency for users of their service. However, because they control only their servers, and not how their clients choose among the servers, it is difficult to insure that that clients will be answered with optimal latency. Knowing how clients (recursive resolvers) choose authoritative servers is a key step to better engineer authoritative servers deployments. In this presentation, we employ active measurements using 9,000+ Ripe Atlas probes to determine, in the wild, how recursive resolvers choose authoritative servers. We found a consistent behavior in seven different geographic configurations of authoritatives: recursives query all available authoritative servers regardless of latency, but the distribution of queries tend to be skewed towards authoritatives with lower latency. We also discuss the implications of these findings for DNS operators in engineering their services.
Verfploeter: Broad and Load-Aware Anycast Mapping (Wouter B. de Vries, Ricardo de O. Schmidt, Wes Haraker, John Heidemann, Pieter-Tjerk de Boer and Aiko Pras)
Paper: https://www.isi.edu/~johnh/PAPERS/Vries17a.htmlIP anycast provides DNS operators and CDNs with automatic fail-over and reduced latency by breaking the Internet into catchments, each served by a different anycast site. Unfortunately, understanding and predicting changes to catchments as anycast sites are added or removed has been challenging. Current tools such as RIPE Atlas or commercial equivalents map from thousands of vantage points (VPs), but their coverage can be inconsistent around the globe. This paper proposes Verfploeter, a new method that maps anycast catchments using active probing. Verfploeter provides around 3.8M passive VPs, $430x the 9k physical VPs in RIPE Atlas, providing coverage of the vast majority of networks around the globe. We then add load information from prior service logs to provide calibrated predictions of anycast changes. Verfploeter has been used to evaluate the new anycast deployment for B-Root, and we also report its use of a nine-site anycast testbed. We show that the greater coverage made possible by Verfploeter's active probing is necessary to see routing differences in regions that have sparse coverage from RIPE Atlas, like South America and China.