[Show abstract][Hide abstract] ABSTRACT: Although it performs an increasingly important role in our lives, the home network remains a bit of a mystery when end users wish to know what is “happening on the inside.” This article introduces Homenet3D, an open source project that allows users to view their home network's state as objects in 3D space within a web browser window. Homenet3D maps quantitative state to the shape, size, spin, bounce, and/or color of selected objects to qualitatively communicate what is happening on the network. We describe our Homenet3D implementation for routers running OpenWRT, and discuss the potential for visualizing multirouter/ multi-subnet home networks.
No preview · Article · Dec 2014 · IEEE Communications Magazine
[Show abstract][Hide abstract] ABSTRACT: The pool of unused routable IPv4 prefixes is dwindling, with less than 4% remaining for allocation at the end of June 2014. Yet the adoption of IPv6 remains slow. We demonstrate a new capturerecapture technique for improved estimation of the size of "IPv4 reserves" (allocated yet unused IPv4 addresses or routable prefixes) from multiple incomplete data sources. A key contribution of our approach is the plausible estimation of both observed and unobserved-yet-active (ghost) IPv4 address space. This significantly improves our community's understanding of IPv4 address space exhaustion and likely pressure for IPv6 adoption. Using "ping scans", network traces and server logs we estimate that 6.3 million /24 subnets and 1.2 billion IPv4 addresses are currently in use (roughly 60% and 45% of the publicly routed space respectively). We also show how utilisation has changed over the last 2-3 years and provide an up-to-date estimate of potentially-usable remaining IPv4 space. Copyright
[Show abstract][Hide abstract] ABSTRACT: Networked games in the context of the emerging technologies of cloud and mobile computing facilitate an enhanced gaming experience for consumers. Software engineers will be continually challenged to offer more realistic games in the context of ever more distributed systems, complexity in new game-delivery platforms, and the uncertainty in performance considering uneven computational environments.
Preview · Article · May 2014 · IEEE Internet Computing
[Show abstract][Hide abstract] ABSTRACT: As of April 2013 almost 95% of the IPv4 address space has been allocated. Yet, the transition to IPv6 is still relatively slow. One reason could be existing “IPv4 reserves” - allocated but unused IPv4 addresses. Knowing how many addresses are actively used is important to predict a potential IPv4 address market, predict the IPv6 deployment time frame, and measure progressive exhaustion after the IPv4 space is fully allocated. Unfortunately, only a fraction of hosts respond to active probes, such as “ping”. We propose a capture-recapture method to estimate the actively used IPv4 addresses from multiple incomplete data sources, including “ping” censuses, network traces and server logs. We estimate that at least 950-1090 million IPv4 addresses are used, which is 36-41% of the publicly routed space. We analyse how the utilisation depends on various factors, such as region, country and allocation prefix length.
[Show abstract][Hide abstract] ABSTRACT: Home networks are seeing increased deployment of Wireless LAN (WiFi) links between conventional, gigabit/second wired Ethernet segments. This means an increasing number of internal bottlenecks, even as home networks are also expected to support latency-sensitive applications, regular TCP flows and an emerging class of low-priority, time-insensitive 'background' TCP flows. This paper explores the novel use of CDG v0.1 (a delay-gradient TCP) for such background TCP connections in home networks. We show a CDG flow induces latencies of only tens of milliseconds regardless of the bottleneck's internal buffer size (useful when coexisting with latency-sensitive traffic) while achieving a significant fraction of spare link capacity. We also show CDG does not gratuitously steal capacity from commonly deployed “foreground” TCPs such as CUBIC and NewReno.
[Show abstract][Hide abstract] ABSTRACT: Accurate and frequent round trip time (RTT) measurements are important in testbeds and operational networks. Active measurement techniques inject probe packets that may modify the behaviour of the observed network and may produce misleading RTT estimates if the network handles probe packets differently to regular packets. Previous passive measurement techniques address these issues, but require precise time synchronisation or are limited to certain traffic types. We introduce Synthetic Packet-Pairs (SPP), a novel passive technique for RTT measurement. SPP provides frequently updated RTT measurements using any network traffic already present in the network without the need for time synchronisation. SPP accurately measures the RTT experienced by any application's traffic, even applications that do not exhibit symmetric client-server packet exchanges. We experimentally demonstrate the advantages of SPP.
[Show abstract][Hide abstract] ABSTRACT: Machine Learning (ML) for classifying IP traffic has relied on the analysis of statistics of full flows or their first few packets only. However, automated QoS management for interactive traffic flows requires quick and timely classification well before the flows finish. Also, interactive flows are often long-lived and should be continuously monitored during their lifetime. We propose to achieve this by using statistics derived from sub-flows—a small number of most recent packets taken at any point in a flow's lifetime. Then, the ML classifier must be trained on a set of sub-flows, and we investigate different sub-flow selection strategies. We also propose to augment training datasets so that classification accuracy is maintained even when a classifier mixes up client-to-server and server-to-client directions for applications exhibiting asymmetric traffic characteristics. We demonstrate the effectiveness of our approach with the Naive Bayes and C4.5 Decision Tree ML algorithms, for the identification of first-person-shooter online game and VoIP traffic. Our results show that we can classify both applications with up to 99% Precision and 95% Recall within less than 1 s. Stable results are achieved regardless of where within a flow the classifier captures the packets and the traffic direction.
No preview · Article · Dec 2012 · IEEE/ACM Transactions on Networking
[Show abstract][Hide abstract] ABSTRACT: Despite the predicted exhaustion of unallocated IPv4 addresses between 2012 and 2014, it remains unclear how many current clients can use its successor, IPv6, to access the Internet. We propose a refinement of previous measurement studies that mitigates intrinsic measurement biases, and demonstrate a novel web-based technique using Google ads to perform IPv6 capability testing on a wider range of clients. After applying our sampling error reduction, we find that 6% of world-wide connections are from IPv6-capable clients, but only 1--2% of connections preferred IPv6 in dual-stack (dual-stack failure rates less than 1%). Except for an uptick around IPv6-day 2011 these proportions were relatively constant, while the percentage of connections with IPv6-capable DNS resolvers has increased to nearly 60%. The percentage of connections from clients with native IPv6 using happy eyeballs has risen to over 20%.
[Show abstract][Hide abstract] ABSTRACT: The Teredo auto-tunnelling protocol allows IPv6 hosts behind IPv4 NATs to communicate with other IPv6 hosts. It is enabled by default on Windows Vista and Windows 7. But Windows clients are self-constrained: if their only IPv6 access is Teredo, they are unable to resolve host names to IPv6 addresses. We use web-based measurements to investigate the (latent) Teredo capability of Internet clients, and the delay introduced by Teredo. We compare this with native IPv6 and 6to4 tunnelling capability and delay. We find that only 6-7% of connections are from fully IPv6-capable clients, but an additional 15-16% of connections are from clients that would be IPv6-capable if Windows Teredo was not constrained. However, Teredo increases the median latency to fetch objects by 1-1.5 seconds compared to IPv4 or native IPv6, even with an optimally located Teredo relay. Furthermore, in many cases Teredo fails to establish a tunnel.
No preview · Article · Oct 2012 · ACM SIGCOMM Computer Communication Review
[Show abstract][Hide abstract] ABSTRACT: Machine Learning (ML) classifiers have been shown to provide accurate, timely and continuous IP flow classification when evaluating sub-flows (short moving windows of packets within flows). They can be used to provide automated QoS management for interactive traffic, such as fast-paced multiplayer games or VoIP. As with other ML classification approaches, previous sub-flow techniques have assumed all packets in all flows are being observed and evaluated. This limits scalability and poses a problem for practical deployment in network core or edge routers. In this paper we propose and evaluate subflow packet sampling (SPS) to reduce an ML sub-flow classifier's resource requirements with minimal compromise of accuracy. While random packet sampling increases classification time from
[Show abstract][Hide abstract] ABSTRACT: Online First Person Shooter (FPS) games typically use a client-server communication model, with thousands of enthusiast-hosted game servers active at any time. Traditional FPS server discovery may take minutes, as clients create thousands of short-lived packet flows while probing all available servers to find a selection of game servers with tolerable round trip time (RTT). REED reduces a client's probing time and network traffic to 1% of traditional server discovery. REED game servers participate in a centralized, incremental calculation of their network coordinates, and clients use these coordinates to expedite the discovery of servers with low RTTs.
Preview · Article · May 2012 · ACM Transactions on Multimedia Computing Communications and Applications
[Show abstract][Hide abstract] ABSTRACT: A multi-service Internet requires routers to recognise and prioritise IP flows carrying interactive or multimedia traffic. It is increasingly problematic for legal or administrative reasons to recognise such flows using unique port numbers or deep packet inspection. New work in recent years shows that Machine Learning (ML) techniques can use externally observable statistical characteristics to usefully differentiate such IP traffic. However, most previous work has not addressed the practicality of ML-based traffic classification in terms of CPU and memory usage. Here we describe our design, implementation and performance evaluation of a distributed, ML-based traffic classification and control system for FreeBSD's IP Firewall (IPFW). On an Intel Core i7 2.8 GHz PC our system can classify up to 400 000 packets per second using only one core and our system scales well to up to 100 000 simultaneous flows. Also our implementation allows one classifier PC to control subsequent traffic shaping or blocking at multiple (potentially lower performance) routers or gateways distributed around the network.
[Show abstract][Hide abstract] ABSTRACT: Traditional loss-based TCP congestion control (CC) tends to induce high queuing delays and perform badly across paths containing
links that exhibit packet losses unrelated to congestion. Delay-based TCP CC algorithms infer congestion from delay measurements
and tend to keep queue lengths low. To date most delay-based CC algorithms do not coexist well with loss-based TCP, and require
knowledge of a network path’s RTT characteristics to establish delay thresholds indicative of congestion. We propose and implement
a delay-gradient CC algorithm (CDG) that no longer requires knowledge of path-specific minimum RTT or delay thresholds. Our
FreeBSD implementation is shown to coexist reasonably with loss-based TCP (NewReno) in lightly multiplexed environments, share
capacity fairly between instances of itself and NewReno, and exhibits improved tolerance of non-congestion related losses
(86% better goodput than NewReno in the presence of 1% packet losses).
[Show abstract][Hide abstract] ABSTRACT: Covert channels aim to hide the existence of communication. Recently proposed packet-timing channels encode covert data in
inter-packet times, based on models of inter-packet times of normal traffic. These channels are detectable if normal inter-packet
times are not independent identically-distributed, which we demonstrate is the case for several network applications. We show
that ~80% of channels are detected with a false positive rate of 0.5%. We then propose an improved channel that is much harder
to detect. Only ~9% of our new channels are detected at a false positive rate of 0.5%. Our new channel uses packet content
for synchronisation and works with UDP and TCP traffic. The channel capacity reaches over hundred bits per second depending
on overt traffic and network jitter.
[Show abstract][Hide abstract] ABSTRACT: Studies have found evidence that, after playing violent videogames for 20 min, people experience a mean short-term increase in aggression, hostility, and anger. The current research investigated whether or not players habituate during longer, more realistic lengths of play. Participants (N = 98) were randomly assigned to play the game Quake III Arena for either 20 or 60 min. Participants in the long condition showed a smaller change in state anger (CSA) from pre- to post-gameplay than those in the short condition, although this did not reach significance. Change in scores for gamers (not novice players) showed that short gaming led to a larger increase in anger ratings than long gaming. When the results for violent videogame players were analysed separately, there was no significant increase in anger post-gameplay—irrespective of length of time playing. Results also supported the hypotheses that females would show a significantly larger CSA than males and that participants previously unexposed to violent videogames would show a significantly larger CSA than exposed participants.
Full-text · Article · Apr 2011 · Australian Psychologist
[Show abstract][Hide abstract] ABSTRACT: The Border Gateway Protocol (BGP) is the Internet's inter-domain routing protocol. One of the major concerns related to BGP is its lack of effective security measures, and as a result the routing infrastructure of the Internet is vulnerable to various forms of attack. This paper examines the Internet's routing architecture and the design of BGP in particular, and surveys the work to date on securing BGP. To date no proposal has been seen as offering a combination of adequate security functions, suitable performance overheads and deployable support infrastructure. Some open questions on the next steps in the study of BGP security are posed.