Measurement and Analysis for Protocols Research Group (maprg) Agenda at IETF-105 (Montreal)

Date: Friday July 26, 10:00-12:00 (Morning session I)
Room: Place du Canada

Overview & Status

Dave Plonka & Mirja Kühlewind
10 min

Understanding Evolution and Adoption of Top Level Domains and DNSSEC

Yo-Der Song (remote)
20 min

TLS 1.3 Client Measurements

Tommy Pauly
10 min

Measuring QUIC Dynamics over a High Delay Path

Gorry Fairhurst
10 mins

Trials and tribulations of migrating to IETF QUIC

Ian Swett
10 mins

Packet Loss Signaling for Encrypted Protocols

Alexandre Ferrieux
20 min

The RPKI Wayback Machine

Roland Van Rijswijk
20 min

Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane

Jan Rüth
10 min

Hackathon Report

Dave Plonka
time permitting [YouTube] (3 minute summary from Hackathon, Sunday, 21 July 2019)


Understanding Evolution and Adoption of Top Level Domains and DNSSEC (Yo-Der Song, Aniket Mahanti and Soorya Ravichandran (University of Auckland, New Zealand))

The Domain Name System (DNS) is a hierarchical distributed database that serves as the directory of the Internet by mapping fully qualified domain names to IP addresses. The top level domain (TLD) is the highest level in the DNS hierarchy and until 2012, there had only been 22 of these domains for generic uses (gTLD). ICANN’s New gTLD Program has since opened up the domain names to public registration, leading to the creation of thousands of new gTLDs over the last six years. The rapid increase in the number of gTLDs give registrants a wider choice of domain names but it also offers malicious actors more opportunities of attacks. By mirroring the DNS hierarchy, DNSSEC authenticates DNS responses and prevents modified or forged DNS records. We present a longitudinal analysis on the adoption of the new gTLDs and deployment of DNSSEC using data from a large campus network and a national-level authoritative name server. Although the popularity of new gTLDs is rapidly growing across a large number of domains, we find the proportion of queries to new gTLDs overall to remain very low. None of the top-10 queried TLDs were new gTLDs. We find DNSSEC deployment at the national level to be improving but still weaker than global averages. Efforts need to be made to ensure correct DS records are uploaded to the registry to complete the DNSSEC chain of trust.

Paper: To appear in proceedings of IEEE M&N 2019 (

TLS 1.3 Client Measurements (Tommy Pauly)

A look at how much TLS 1.3 support is being rolled out from a client perspective on Apple devices, and some insights into the relative performance of different versions and correlation with other factors like IPv6.

Measuring QUIC Dynamics over a High Delay Path (Tom Jones, Ana Custura and Gorry Fairhurst, University of Aberdeen)

This will present a set of transport performance measurements from using IETF QUIC over a path with high delay. This will seek to understand if the dynamics of a recent QUIC implementation. Our data is drawn from measuring Quicly over an operational geostationary satellite service. We compare performance of a satellite QUIC stream and the same tests over emulated links with small path delays, geostationary orbit delays and consideration of the impact of delay added from radio resource management.

Trials and tribulations of migrating to IETF QUIC (Ian Swett)

Though Google QUIC and IETF QUIC have the same goals and a very similar featureset, they share 0 bits on the wire, and there were many changes, both small and large. This talk will discuss some of the more challenging changes from a deployment perspective.

Packet Loss Signaling for Encrypted Protocols (Alexandre Ferrieux (Orange), Isabelle Hamchaoui (Orange), Igor Lubashev (Akamai))

Encrypted protocols present network operators with numerous challenges described in draft-ietf-tsvwg-transport-encrypt. There has been research on unencrypted “latency spin bit” in the protocol header (draft-trammell-quic-spin) to exposing connection round trip latency. We explore using two unencrypted "loss bits" (draft-ferrieuxhamchaoui-tsvwg-lossbits) to expose the amount of loss on a path and allow on-path devices to localize the source of the loss.

We present the results of a deployment of the mechanism in production networks serving real QUIC traffic to actual end users in multiple countries. We describe capabilities of the measurement signal, present our analysis methods and discuss how the measurements fare in the presence of real-life network conditions (no simulations!). Since the loss signaling technique is protocol-agnostic, we will also quickly compare its performance to the traditional sequence number analysis techniques used for tcp.

The RPKI Wayback Machine (Roland Van Rijswijk)

We recently analysed a unique dataset, collected by the good folks at RIPE NCC, that covers the entire history of RPKI repositories. The dataset runs from when the first RIRs started with an experimental RPKI service in 2011 until the present day. We analysed this dataset, with custom scripting we dubbed Ziggy (after the eponymous computer that took Sam back in time in good ole' 1980s Quantum Leap). Ziggy takes care of recreating the relevant RPKI repository structure from the archived data, reconstructs TALs, and then uses NLnet Labs' Routinator RPKI Relying Party software to validate the RPKI data.

In the talk, we show how this data can give insight into the development of RPKI as an ecosystem, from humble beginnings to accelerating deployment in the present day. We touch on some of the challenges of analysing historic data, and - if time permits - will provide insight into deeper details of how RPKI use has changed over time.

Recycling Large-Scale Internet Measurements to Study the Internet's Control Plane (Jan Rüth)

Internet-wide scans are a common active measurement approach to study the Internet, e.g., studying security properties or protocol adoption. They involve probing large address ranges (IPv4 or parts of IPv6) for specific ports or protocols. Besides their primary use for probing (e.g., studying protocol adoption), we show that - at the same time - they provide valuable insights into the Internet control plane informed by ICMP responses to these probes - a currently unexplored secondary use. We collect one week of ICMP responses (637.50M messages) to several Internet-wide ZMap scans covering multiple TCP and UDP ports as well as DNS-based scans covering > 50% of the domain name space. This perspective enables us to study the Internet's control plane as a by-product of Internet measurements. We receive ICMP messages from ~171M different IPs in roughly 53K different autonomous systems. Additionally, we uncover multiple control plane problems, e.g., we detect a plethora of outdated and misconfigured routers and uncover the presence of large-scale persistent routing loops in IPv4.