Paper
Abstract: The end-to-end principle that limits on-path devices to simple tasks such as for- warding and routing has been one of the backbones of the Internet’s architecture. This is, however, being challenged as Internet paths now contain devices that inspect, filter, modify, or even discard packets. Some of these carry out benign and positive undertakings such as balancing resources and thwarting attacks, while others interfere with packets in unexpected ways leading to broken paths, thus inhibiting the deployment of new protocols or even extensions. While Internet ossification has already been studied in prior work, we propose to address new research questions enabled by recent Internet-scale middlebox mapping techniques. Combining Internet-scale measurements, measurements to- wards popular domains, repeated measurements, and longitudinal measurements, both in IPv6 and IPv4, we provide a multi-dimensional study on path-impairing middleboxes in the Internet. Our findings reveal that six times fewer IPv6 prefixes are affected than IPv4 prefixes by path-impairing middleboxes, and that there is an opportunity to switch between IPv4 and IPv6 to evade path-impairing middleboxes. Looking into the nature of path-impairments, we find that up to 87% relate to the usage of Multipath TCP. We also present the first results about the dynamics of these middleboxes, at both short (over hours), and long (over years) time windows. We show that path-impairing middleboxes have a consistent behavior over hours and that their number has tripled since 2022 for IPv6. We complement our measurements with operator perspectives and outline a service designed to help operators uncover and address unintentional path-impairments in their networks. Finally, we highlight default configurations as one potential contributor to path-impairments.
Authors: Fahad Hilal, Taha Albakour, Oliver Gasser and Kevin Vermeulen.
Download BibTeX
