NET NEUTRALITY OUTLINE - Types of differentiation - Glasnost (Active measurement) - NANO (Passive measurement) - Quality of Service - Traffic shapping in enterprises/campuses WHAT IS NET NEUTRALITY? - "ISPs remain neutral to how they forward user traffic, irrespective of content, application or sender" TRAFFIC DIFFERENTIATION - An ISP treats packets of one flow differently than those of another - How can traffic be differentiated 1) Based on flow types - IP header - src/dst addrs - Transport header - port numbers - Packet payload - use deep packet inspection 2) Independent of flow type - Time of day - Network load - User behavior - differentiate against users with heavy BW usage 3) Traffic manipulation - Block packets; reset connection - Decrease priority - Drop packets - at fixed or variable rate - Modify TCP window size - Do not know what mechanism is being used for discrimination - Glasnot detects only based on flow type using transport hdrs and pkt payload MEASUREMENT - Challenges - Mechanism for discrimination may not be known - Baseline performance is not known - Many factors could give the appearance of differentiation - What factors affect measurements? - End host OS - Network path (src, dst, route) - Cross-traffic - Passive vs. Active - Passive - looks at traffic already being sent; problem is it introduces lots of other factors (OS on end hosts, different routes, etc.) - Active - sends traffic specifically for measurement; this approach is also used by tools like SpeedTest GLASNOST (ACTIVE) - Send all flows to same end host - eliminates all variables except transient noise; also, in theory, your route could change in the middle of the test - Use pairs of flows - Send first flow with payload/ports that expect to be differentiated - Send second flow with random payload/ports - Flows are 20 seconds in duration - enough time to get to stable TCP rate - Analysis - Use data from server and client - Repeat each test twice - Calculate difference between maximum throughput for each flow in pair - If difference is greater than 50%, assume differentiation (false positive rate is 0.7%, false negative rate is 1.7%) - Dealing with noise - Running flows simultaneously is worse than running one after the other - Four patterns of cross-traffic - Consistently low - narrow range of throughput measurements - Mostly low, but occasionally high - only a few high outliers - Highly variable - no consistent pattern and wide range - Mostly high, but occasionally low - only a few low outliers - Discard any tests with second two patterns of cross-traffic NANO (PASSIVE) - Network Access Neutrality Observatory (NANO) - "Tries to establish a causal relationship between an ISP's policy and the observed degradation of performance for a service using only passively collected data." - Causal effect "X causes Y" - X is the "treatment variable" - Y is the "outcome variable" - X is accessing a particular service through an ISP - Y is the observed performance - Only have the outcome; need to find confounding variables - variable that correlates with both X & Y - Use stratification to adjust for confounding variables - Essentially "placing all measurements where everything that could possibly be attributed to performance is equal, except for the ISP" - Normally requires enumerating confounding variables - we don't know these (although later things assume we know a possible set of these) - Create "bins" for each confounding variable - ex. client browser (discrete) and time-of-day (continuous, split in 1 hour bins) - Compute causal effect - Find average throughput for each strata - baseline - Clients with same ISP whose throughput is below baseline indicates discrimination - Use decision-tree based classification to determine discrimination criteria - NANO clients - Gather data using PCAP - Filter out private traffic - Do local stratification - Send results to NANO server via encrypted connection - NANO server - Receives data from clients - Runs stratification & computers causal effect - Use Click, Emulab, and PlanetLab for emulation - show that yes it works EXPERIMENTATION - AT&T DSL - no BitTorrent or flash video traffic shaping - CS Dept - no BitTorrent of flash video traffic shaping - Class results QUALITY OF SERVICE - Positive use of traffic differentiation - What are some factors applications care about? - Throughput (IPTV) - Dropped packets (IPTV, alarm signaling) - Delay (VoIP, vieo chat) - Jitter (VoIP, video chat) - Implementing QoS - Reserve resources ahead of time - Resource Reservation Protocol (RSVP); not scalable - Differentiated services (DiffServe) - mark packets in IP header; need router support (separate queues for different service levels) - Use UDP - avoids being affected by TCP's congestion control CASE STUDY: MARQUETTE UNIVERSITY - BitTorrent is the main issue - Two pipes: 100Mb regular, Internet2 - Regular pipe at MAX except from 4am to 6am - Use a Packeteer middle box at border - at some point bandwidth exceeded Packeteer's ability to process packets - Allow only certain percentage of traffic based on application - primarily determined by port - To evade, use non-standard ports - Added DPI - students started to encrypt traffic; cannot examine encrypted traffic - Three pipes: 100Mb shared, 100Mb for faculty/staff, Internet2 - Pipe is based on user type - determined by building or wireless NW - Limit to maximum daily bandwidth use; placed in slow bin until midnight - based on port or MAC address; lots of accounting overhead - Glasnost tests (on student pipe) - Rate limit uploads on port 6881 (2 Kbps) - Rate limit downloads on port 6881 and by DPI (5 Kbps)