A First Look at QUIC in the Wild

Similar documents
Adoption, Human Perception, and Performance of HTTP/2 Server Push

On the use of TCP's Initial Congestion Window in IPv4 and by Content Delivery Networks

AIMMS Function Reference - Date Time Related Identifiers

Traffic Types and Growth in Backbone Networks

No domain left behind

Data Transfers in the Grid: Workload Analysis of Globus GridFTP

Large-Scale Scanning of TCP s Initial Window

This report is based on sampled data. Jun 1 Jul 6 Aug 10 Sep 14 Oct 19 Nov 23 Dec 28 Feb 1 Mar 8 Apr 12 May 17 Ju

Inter-Domain Routing Trends

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS measurements. Design and Analysis of Communication Systems

Routing the Internet in Geoff Huston APNIC March 2007

CIMA Asia. Interactive Timetable Live Online

CIMA Asia. Interactive Timetable Live Online

On the State of ECN and TCP Options on the Internet

Measuring IPv6 Adoption

Understanding the Share of IPv6 Traffic in a Dual-Stack ISP

DATE OF BIRTH SORTING (DBSORT)

CIMA Certificate BA Interactive Timetable

Tracking the Internet s BGP Table

The State of the Raven. Jon Warbrick University of Cambridge Computing Service

Nigerian Telecommunications Sector

Undergraduate Admission File

SME License Order Working Group Update - Webinar #3 Call in number:

INTRODUCING CISCO SECURITY FOR AWS

INFORMATION TECHNOLOGY SPREADSHEETS. Part 1

Nigerian Telecommunications (Services) Sector Report Q2 2016

App Economy Market analysis for Economic Development

Anatomy of a Large European IXP

Advancing the Art of Internet Edge Outage Detection

Back-Office Web Traffic on the Internet. IMC 2014 Vancouver, BC, CANADA November 5-7, 2014

Measurements of traffic in DITL 2008

CS459 Internet Measurements

Internet Threat Detection System Using Bayesian Estimation

INTRODUCING CISCO SECURITY FOR AWS

software.sci.utah.edu (Select Visitors)

MSRS Roadmap. As of January 15, PJM 2019

Assessing IPv6 Adop/on. Michael Bailey, University of Michigan NANOG 57

ACTIVE MICROSOFT CERTIFICATIONS:

NIR February JPNIC Updates. Hiroki Kawabata Japan Network Information Center (JPNIC) Copyright 2016 Japan Network Information Center

Monthly SEO Report. Example Client 16 November 2012 Scott Lawson. Date. Prepared by

Broadband Traffic Report: Download Growth Slows for a Second Year Running

New Concept for Article 36 Networking and Management of the List

Pushing the Limits. ADSM Symposium Sheelagh Treweek September 1999 Oxford University Computing Services 1

Sampling Challenges. Tanja Zseby Competence Center Network Research Fraunhofer Institute FOKUS Berlin. COST TMA September 22, 2008

NETWORK TRAFFIC CHARACTERISATION USING FLOW-BASED STATISTICS

APNIC Update. German Valdez External Relations Program Director, APNIC ARIN XXX 26-October-2012

Some Observations of Internet Stream Lifetimes

ARIN Update. Summer 2011 ESCC/Internet2 Joint Techs Mark Kosters Chief Technology Officer

ICT PROFESSIONAL MICROSOFT OFFICE SCHEDULE MIDRAND

Computer Science 461 Final Exam May 22, :30-3:30pm

Understanding Online Social Network Usage from a Network Perspective

CIDR. The Life Belt of the Internet 2005/03/11. (C) Herbert Haas

SFMap: Inferring Services over Encrypted Web Flows using Dynamical Domain Name Graphs TMA 2015

Polycom Advantage Service Endpoint Utilization Report

Nigerian Telecommunications (Services) Sector Report Q3 2016

Measuring ATR. Joao Damas Geoff March 2018

Section 1.2: What is a Function? y = 4x

Polycom Advantage Service Endpoint Utilization Report

Grade 4 Mathematics Pacing Guide

SCI - software.sci.utah.edu (Select Visitors)

No domain left behind:

Conditional Formatting

Datalink performances

Vodafone Global FACTS

The Power of Prediction: Cloud Bandwidth and Cost Reduction

Characterizing a Meta-CDN

RDAP Implementation. Francisco Arias & Gustavo Lozano 21 October 2015

History. used in early Mac development notable systems in Pascal Skype TeX embedded systems

Characterization and Modeling of Deleted Questions on Stack Overflow

Computer Science 461 Midterm Exam March 14, :00-10:50am

Internet infrastructure as an enabler to the digital economy. Gael Hernandez African IGF 2017, 5 December 2017 Sharm El Sheik, Egypt

September Real Sector Statistics Division. Methodology

Annoyed Users: Ads and Ad-Block Usage in the Wild

Software Systems for Surveying Spoofing Susceptibility

Previous Intranet Initial intranet created in 2002 Created solely by Information Systems Very utilitarian i Created to permit people to access forms r

Scheduling. Scheduling Tasks At Creation Time CHAPTER

2014 Bond Technology Infrastructure Status Report. March 10, 2016

RFC1918 updates on servers near M and F roots C A I D A. Andre Broido, work in progress. CAIDA WIDE Workshop ISI, CAIDA / SDSC / UCSD

Contents:

HPE Security Data Security. HPE SecureData. Product Lifecycle Status. End of Support Dates. Date: April 20, 2017 Version:

Blockstack, a New Internet for Decentralized Apps. Muneeb Ali

Freedom of Information Act 2000 reference number RFI

Aon Hewitt. Facts & Figures. March 2016 Update. Risk. Reinsurance. Human Resources. Empower Results

IP addressing policies: what does this mean? Adam Gosling Senior Policy Specialist, APNIC APT PRF for the Pacific: August 2013


A Path Layer for the Internet

CBERS-2. Attitude Control and its Effects on Image Geometric Correction. Follow up to TCM-06 INPE CBERS TEAM

ASSOCIATION OF CHARTERED CERTIFIED ACCOUNTANTS

IoT - Next Wave of DDoS? IoT Sourced DDoS Attacks A Focus on Mirai Botnet and Best Practices in DDoS Defense

Illegitimate Source IP Addresses At Internet Exchange Points

CS Programming I: Arrays

October Real Sector Statistics Division. Methodology

The rollout of IPv6. Is its usage increasing rapidly? J.W.C. Beusink

Malicious Activity and Risky Behavior in Residential Networks

Your Future with Worldpay. Shane Happach Managing Director, Worldpay ecom

San Joaquin County Emergency Medical Services Agency

APNIC History and Overview

Switching Networks (Fall 2010) EE 586 Communication and. August 27, Lecture 2. (modified by Cheung for EE586; based on K&R original) 1-1

2017 DNSSEC KSK Rollover. DSSEC KSK Rollover

Mobile Broadband and benefits with harmonized UHF spectrum

Transcription:

A First Look at QUIC in the Wild Jan Rüth 1, Ingmar Poese 2, Christoph Dietzel 3, Oliver Hohlfeld 1 1 : RWTH Aachen University 2 : Benocs GmbH 3 : TU Berlin / DE-CIX http://comsys.rwth-aachen.de/ London / IETF-101 Berlin / PAM, March 2018

The Internet is subject to a major change TCP is difficult to extend Only a couple of bytes left to modify Middleboxes ossify the protocol evolution QUIC is UDP + TCP-like CC + loss recovery + TLS 1.3 Everything is encrypted à Goodbye middleboxes QUIC guarantees evolution There is Google QUIC and IETF QUIC gquic evolves to IETF QUIC when standardization progresses How much gquic is already out there? 2

Measuring the QUIC Internet What infrastructures support QUIC? Perform ZMap scans over IPv4 Is it (practically) used by any website? Scan full.com /.net /.org zones Scan Alexa Top 1M for popular domains How much QUIC traffic is there? in a university network in a major European Tier-1 ISP in a major European mobile network in a major European IXP 3 Picture by Seth Stoll (CC BY-SA 2.0): https://www.flickr.com/photos/sethstoll/4079897275

Enumerating QUIC IPs with ZMap QUIC has a version negotiation feature (evolution!) Send version in first Client Hello (CHLO/Initial) If supported, server continues handshake Otherwise, sends version negotiation packet Use ZMap to test for gquic support + version support Send a valid CHLO packet Include an unused version number that the server does not support Module available on github 4

QUIC in IPv4 # Hosts 600K 400K 200K 0.0 Number of QUIC IPs tripled to 617K IPs Classification using AS, certificate data, and reverse DNS 330K (53.53%) IPs can be attributed to Google Akamai: 983 in Aug., 44K in Nov. 2016, 251K (40.71%) October 2017 HTTP via TCP on the remaining IPs reveal many timeouts and further Google and Akamai servers 7.34K using LightSpeed webserver 356 Caddy webservers 20.Aug 2016 16.Sep 2016 14.Oct 2016 11.Nov 2016 09.Dec 2016 06.Jan 2017 03.Feb 2017 03.Mar 2017 31.Mar 2017 28.Apr 2017 26.May2017 30.Jun 2017 28.Jul 2017 25.Aug 2017 22.Sep 2017 20.Aug 2016 16.Sep 2016 14.Oct 2016 11.Nov 2016 09.Dec 2016 06.Jan 2017 03.Feb 2017 03.Mar 2017 31.Mar 2017 28.Apr 2017 26.May2017 30.Jun 2017 28.Jul 2017 25.Aug 2017 22.Sep 2017 35..30 QUIC 35..34 36..31 36..32 36..34 37..34 37..35 38..34 38..35 39..35 39..37,35 40..37,35 Other 5

QUIC in IPv4 # Hosts 600K 400K 200K 0.0 Number of QUIC IPs tripled to 617K IPs Classification using AS, certificate data, and reverse DNS 330K (53.53%) IPs can be attributed to Google Akamai: 983 in Aug., 44K in Nov. 2016, 251K (40.71%) October 2017 HTTP via TCP on Weekly the remaining raw data available IPs reveal on https://quic.netray.io many timeouts and further Google and Akamai servers 7.34K using LightSpeed webserver 356 Caddy webservers 20.Aug 2016 16.Sep 2016 14.Oct 2016 11.Nov 2016 09.Dec 2016 06.Jan 2017 03.Feb 2017 03.Mar 2017 31.Mar 2017 28.Apr 2017 26.May2017 30.Jun 2017 28.Jul 2017 25.Aug 2017 22.Sep 2017 20.Aug 2016 16.Sep 2016 14.Oct 2016 11.Nov 2016 09.Dec 2016 06.Jan 2017 03.Feb 2017 03.Mar 2017 31.Mar 2017 28.Apr 2017 26.May2017 30.Jun 2017 28.Jul 2017 25.Aug 2017 22.Sep 2017 35..30 QUIC 35..34 36..31 36..32 36..34 37..34 37..35 38..34 38..35 39..35 39..37,35 40..37,35 Other 6

QUIC website support There are ~150M domains in.com/.net/.org There are no tools to investigate QUIC We build upon quic-go to build a scanner We modify the library to trace the whole handshake We enable to dump all connection parameters that are exchanged ¾ Certificates, server config, buffer settings, Also available on github We can efficiently scan TLDs for QUIC support We can further analyze the connection parameters ¾ Certificates valid? 7

QUIC in TLDs 06. Oct 2017 03. Oct 2017 04. Oct 2017 08. Oct 2017.com.net.org Alexa 1M # Domains 129.36 M (100.0%) 14.75 M (100.0%) 10.37 M (100.0%) 999.94 K (100.0%) QUIC-enabled 133.63 K (0.1%) 8.73 K (0.06%) 6.51 K (0.06%) 11.97 K (1.2%) Valid Certificate 2.14 K (0.0%) 181 (0.0%) 159 (0.0%) 342 (0.03%) Timeout 114.63 M (88.61%) 10.80 M (73.23%) 8.09 M (78.06%) 826.67 K (82.67%) Version-failed 29 (0.0%) 6 (0.0%) 1 (0.0%) 5 (0.0%) Protocol-error 606 (0.0%) 222 (0.0%) 0 (0.0%) 1 (0.0%) Invalid-IP 322.24 K (0.25%) 59.24 K (0.4%) 40.15 K (0.39%) 15.42 K (1.54%) DNS-failure 13.76 M (10.64%) 2.40 M (16.26%) 1.18 M (11.41%) 49.34 K (4.93%) Table Timeout 1. à No QUIC support In total: 161K domains 10% do not deliver any data 2.8K with valid certificate Only a fraction presents QUIC discovery headers via HTTP(s) Is there any QUIC traffic in the Internet then? 8

QUIC Traffic Shares Classification Classifying QUIC traffic Detecting QUIC on sampled (header) data is hard We rely on a port-based classification UDP Port 443 à QUIC TCP Port 443 à HTTPS TCP Port 80 à HTTP Depending on the data source we have AS-level information available 9

QUIC Traffic Shares Mawi Backbone Mawi: University uplink to ISP Open dataset: http://mawi.nezu.wide.ad.jp/mawi/ (samplepoint-f) Capped packet dumps of 15 minutes at 14h each day Source and destination have been anonymized Traffic Share [%] 100 80 60 40 20 0 01.01 01.02 01.03 01.04 01.05 01.06 01.07 01.08 01.09 Month in 2017 No QUIC traffic in January last year ¾ Google said activation in January for most customers QUIC HTTPS HTTP Other MAWI 6.7% 5.2% QUIC in March, 6.7% in September 10

QUIC Traffic Shares Mawi Backbone Mawi: University uplink to ISP Traffic Share [%] Open dataset: http://mawi.nezu.wide.ad.jp/mawi/ End of paper (samplepoint-f) Capped packet dumps of 15 minutes at 14h each day Source and destination have been anonymized 100 80 60 40 20 0 01.01 01.02 01.03 01.04 01.05 01.06 01.07 01.08 01.09 Month in 2017 No QUIC traffic in January last year ¾ Google said activation in January for most customers 5.2% QUIC in March, 6.7% in September data Daily updates available on https://quic.netray.io QUIC HTTPS HTTP Other MAWI 6.7% 11

QUIC Traffic Shares European Tier-1 ISP Anonymized Netflows of all boarder routers 1 full day in August 2017 (a Friday to Saturday) Netflows aggregated to 5 minute bins Upstream and Downstream IPs have been replaced by AS numbers Contains: edge (DSL,..), cellular, and transit backbone traffic 12 bit/s 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 00 01 Time of day on a Fri to Sat in Aug 2017 [h] Akamai QUIC Google QUIC Other QUIC Akamai HTTPS Google HTTPS Other HTTPS Akamai HTTP Google HTTP Other HTTP Other Tra c

QUIC Traffic Shares European Tier-1 ISP [%] 100 80 60 40 20 0 Akamai QUIC Google QUIC Other QUIC Akamai HTTPS 03 05 07 09 11 13 15 17 19 21 23 01 Google HTTPS Other HTTPS bit/s Time of day on a Fri to Sat in Aug 2017 [h] Akamai HTTP Google HTTP Other HTTP Other Traffic 03 05 07 09 11 13 15 17 19 21 23 01 QUIC share is stable over the day QUIC at around 7.8% (±1%) HTTP (~38%) and HTTPS (40%) dominate the shares 98% of the QUIC traffic is from/to Google AS Of all Google traffic QUIC accounts for ~39% peaking at ~42% Almost no QUIC traffic to Akamai (0.1%) Still Akamai causes ~15% of all traffic à Potential QUIC traffic 13 MAWI 6.7% ISP 7.8%

[%] QUIC Traffic Shares Mobile ISP 100 80 60 40 20 0 Akamai QUIC Google QUIC Other QUIC Akamai HTTPS 03 05 07 09 11 13 15 17 19 21 23 01 03 05 07 09 11 13 15 17 19 21 23 01 Time of day on a Fri to Sat in Aug 2017 [h] ISP told us how to extract mobile traffic from trace Mobile traffic pattern differs from classic daily pattern QUIC share slightly larger 9.1% (±1.4%) Google dominates again 34% of their traffic via QUIC Google HTTPS Other HTTPS bit/s Akamai HTTP Google HTTP Other HTTP Other Traffic MAWI 6.7% ISP 7.8% MOBILE 9.1% 14

QUIC Traffic Shares European IXP Sampled flow data for the same day in August Flows annotated by customer port Aggregated to 5 minute bins [%] 100 80 60 40 20 0 Akamai QUIC Google QUIC Other QUIC Akamai HTTPS Google HTTPS Other HTTPS bit/s Akamai HTTP Google HTTP Other HTTP Other Traffic 03 05 07 09 11 13 15 17 19 21 23 03 05 07 09 11 13 15 17 19 21 23 Time of day on a Fri in Aug 2017 [h] 15 QUIC only 2.6% overall Akamai accounts for ~60% of the QUIC traffic 33% by Google Different traffic engineering strategies? MAWI 6.7% ISP 7.8% MOBILE 9.1% IXP 2.6%

Summary QUIC is on the rise! A zoo of versions exist! Future compatibility? More and more infrastructure is enabled Some domains map to this infrastructure, only few can actually use it Non-negligible fraction of Internet traffic is QUIC Hard to detect in sampled data Very vantage point dependent Single companies have potential to drastically increase QUIC share How does QUIC impact Internet traffic? e.g., Fairness? 16

We provide our tools and measurement data, visit https://quic.netray.io Thank you! Any questions? PAM paper on arxiv: https://arxiv.org/abs/1801.05168 Thanks to RWTH Aachen ITC for enabling our measurements This research is funded by the DFG SPP 1914 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback