Projects
NorNet

Having stable and uninterrupted Internet connectivity is becoming increasingly important, particularly with regard to applications like cloud computing, service as a platform and many others. Connectivity problems could e.g. be caused by a hardware failure or a natural disaster. In order to improve the robustness of Internet connectivity, it is obvious to connect endpoints to multiple Internet service providers (ISP) simultaneously. This property is denoted as multi-homing. For example, Transport Layer protocols like the Stream Control Transmission Protocol (SCTP) or Session Layer frameworks like Reliable Server Pooling (RSerPool) make use of multi-homing to support availability-critical applications.
However, while in theory a failure of one ISP should be independent of other ISPs, it is not really known what happens in practise in today’s commercial networks. It is evident that there are hidden dependencies among ISPs. Also, what about connectivity problems due to intentional malicious behaviour, i.e. targeted attacks on such systems? How can multi-path transport – e.g. with Multi-Path TCP (MPTCP) or Concurrent Multipath Transfer for SCTP (CMT-SCTP) – efficiently and fairly make use of multi-homing? Research in realistic Internet setups is clearly necessary, in order to answer these open questions. For that purpose, the NorNet project is building up a multi-homed testbed distributed all over the country of Norway. This programmable testbed is to be used for measurements and experimental networking research. It is built and operated by the Simula Research Laboratory and financed by Forskningsrådet (the Research Council of Norway) through their INFRASTRUKTUR program (project number 208798/F50).
NorNet has two main components: NorNet Core and NorNet Edge. NorNet Core consists of more than tvelve programmable sites, each multi-homed to several network providers. NorNet Edge consists of several hundreds of smaller nodes that are connected to all mobile broadband providers in Norway. Together, these two components offer a unique platform for experimental networking research. NorNet is made available to the Norwegian and international networking research community.
NorNet builds up a large-scale, real-world Internet testbed with multi-homing capability and provides it to the network research community. The final goal is to allow for research (and also to contribute to such research) that improves the Internet of today to provide the best possible performance to network users, regardless where they are, what kind of applications they run and when they use the network.
Funding source:
Forskningsrådet (the Research Council of Norway), INFRASTRUKTUR program (project number 208798/F50).
Partners:
Simula is the only research partner, but all interested researchers can use the testbed. We have cooperations with multiple universities and other projects.
Publications for NorNet
Journal Article
Towards a Lightweight Task Scheduling Framework for Cloud and Edge Platform
Internet of Things; Engineering Cyber Physical Human Systems (2023).Status: Accepted
Towards a Lightweight Task Scheduling Framework for Cloud and Edge Platform
Mobile devices are becoming ubiquitous in our daily lives, but they have limited computational capacity. Thanks to the advancement in the network infrastructure, task offloading from resource-constrained devices to the near edge and the cloud becomes possible and advantageous. Complete task offloading is now possible to almost limitless computing resources of public cloud platforms. Generally, the edge computing resources support latency-sensitive applications with limited computing resources, while the cloud supports latency-tolerant applications. This paper proposes one lightweight task-scheduling framework from cloud service provider perspective, for applications using both cloud and edge platforms. Here, the challenge is using edge and cloud resources efficiently when necessary. Such decisions have to be made quickly, with a small management overhead. Our framework aims at solving two research questions. They are: i) How to distribute tasks to the edge resource pools and multi-clouds? ii) How to manage these resource pools effectively with low overheads? To answer these two questions, we examine the performance of our proposed framework based on Reliable Server Pooling (RSerPool). We have shown via simulations that RSerPool, with the correct usage and configuration of pool member selection policies, can accomplish the cloud/edge setup resource selection task with a small overhead.
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, NorNet, SMIL: SimulaMet Interoperability Lab |
Publication Type | Journal Article |
Year of Publication | 2023 |
Journal | Internet of Things; Engineering Cyber Physical Human Systems |
Publisher | Elsevier |
Keywords | Cloud computing, Edge Computing, Reliable Server Pooling (RSerPool), Resource Pools, Task Scheduling |
Proceedings, refereed
Proactive Resource Orchestration Framework for Cloud/Fog Platform
In Proceedings of the 28th IEEE Symposium on Computers and Communications (ISCC). Tunis/Tunisia: IEEE, 2023.Status: Accepted
Proactive Resource Orchestration Framework for Cloud/Fog Platform
Cloud computing makes complex computing an off-premise activity by offering software- and hardware-based services using standard security protocols over the Internet. It has been seen that the cloud is not ideal for latency-sensitive applications. Thanks to the current growth of network communication and infrastructure, fog adds a computing resource delegation layer between the user and the cloud. Fog aims to improve latency-sensitive applications support. Here, we propose one unified, proactive resource orchestration framework from a cloud/fog service provider perspective. The framework consists of a predictor and a resource allocator module. Users subscribe to these resources to execute their applications. The framework does not require application-specific information and is modular, meaning a service provider can customise each module. We have presented the framework prototype by showing each module's simulated performance results using the parameters of our cloud/fog research test bed.
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications, NorNet, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, SMIL: SimulaMet Interoperability Lab, MELODIC: Multi-cloud Execution-ware for Large-scale Optimised Data-Intensive Computing |
Publication Type | Proceedings, refereed |
Year of Publication | 2023 |
Conference Name | Proceedings of the 28th IEEE Symposium on Computers and Communications (ISCC) |
Publisher | IEEE |
Place Published | Tunis/Tunisia |
Keywords | Cloud, Fog, Orchestration, Prediction, Resource Allocation |
A Scalable Data Collection System for Continuous State of Polarisation Monitoring
In Proceedings of the 23rd International Conference on Transparent Optical Networks (ICTON). Bucharest/Romania, 2023.Status: Accepted
A Scalable Data Collection System for Continuous State of Polarisation Monitoring
Our dependency on the telecommunication infrastructure is continuously increasing, as different infrastructures – such as energy and telecommunication – now have mutual dependencies. This calls for increased monitoring of the fibre network, which is a highly critical part of the infrastructure. State of Polarisation (SoP) of light propagating through fibre transmission systems is impacted by any vibrations and mechanical impacts on the fibre. By continuously monitoring the SoP, any unexpected movements of a fibre along a fibre-path may be traced. Movements may be caused by e.g. work in node-rooms impacting patch-cords, trawlers or other types of sub-sea equipment touching or hooking into sub-sea fibre cables, digging close to a fibre-cable, or geophysical phenomena like earthquakes. In this paper, we describe a low-cost, scalable system for SoP monitoring and give examples of patterns monitored in different types of fibre infrastructures. The monitoring system consists of single-unit rack-mount instruments connected to taps from live optical transmission signals. Each instrument has local storage for 1-2 years of data, and is periodically automatically uploading data to a server for backup and data-access purposes. Examples of observed patterns are impact from a thunderstorm on a Fibre-To-The-Home (FTTH) cable, 50 Hz on a fibre-cable spun around a high-voltage power air-cable, as well as animal impact on a patch-cord.
Afilliation | Communication Systems |
Project(s) | NorNet, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, GAIA, SMIL: SimulaMet Interoperability Lab |
Publication Type | Proceedings, refereed |
Year of Publication | 2023 |
Conference Name | Proceedings of the 23rd International Conference on Transparent Optical Networks (ICTON) |
Date Published | 07/2023 |
Place Published | Bucharest/Romania |
Journal Article
Secure Embedded Living: Towards a Self-contained User Data Preserving Framework
IEEE Communications Magazine 60, no. 11 (2022): 74-80.Status: Published
Secure Embedded Living: Towards a Self-contained User Data Preserving Framework
Smart living represents the hardware-software co-inhabiting with humans for better living standards and improved well-being. Here, hardware monitors human activities (by collecting data) specific to a context. Such data can be processed to offer context-specific valuable insights. Such insights can be used for optimising the well-being, living experience and energy cost of smart homes. This paper proposes a Secure Embedded Living Framework (SELF) that enforces a privacy-preserving data control mechanism by integrating multiple technologies, such as Internet-of-thing, cloud/fog platform, machine learning and blockchain. The primary aim of the SELF is to allow the user to retain more control of its data.
Afilliation | Communication Systems |
Project(s) | Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, NorNet, SMIL: SimulaMet Interoperability Lab, GAIA, The Center for Resilient Networks and Applications |
Publication Type | Journal Article |
Year of Publication | 2022 |
Journal | IEEE Communications Magazine |
Volume | 60 |
Issue | 11 |
Pagination | 74–80 |
Date Published | 11/2022 |
Publisher | IEEE |
ISSN | 0163-6804 |
Keywords | blockchain, Cloud, Data, IoTs, Security, User |
DOI | 10.1109/MCOM.001.2200165 |
AI Anomaly Detection for Cloudified Mobile Core Architectures
Transactions on Network and Service Management (2022).Status: Published
AI Anomaly Detection for Cloudified Mobile Core Architectures
IT systems monitoring is a crucial process for managing and orchestrating network resources, allowing network providers to rapidly detect and react to most impediment causing network degradation. However, the high growth in size and complexity of current operational networks (2022) demands new solutions to process huge amounts of data (including alarms) reliably and swiftly. Further, as the network becomes progressively more virtualized, the hosting of nfv on cloud environments adds a magnitude of possible bottlenecks outside the control of the service owners. In this paper, we propose two deep learning anomaly detection solutions that leverage service exposure and apply it to automate the detection of service degradation and root cause discovery in a cloudified mobile network that is orchestrated by ETSI OSM. A testbed is built to validate these AI models. The testbed collects monitoring data from the OSM monitoring module, which is then exposed to the external AI anomaly detection modules, tuned to identify the anomalies and the network services causing them. The deep learning solutions are tested using various artificially induced bottlenecks. The AI solutions are shown to correctly detect anomalies and identify the network components involved in the bottlenecks, with certain limitations in a particular type of bottlenecks. A discussion of the right monitoring tools to identify concrete bottlenecks is provided.
Afilliation | Communication Systems |
Project(s) | 5G-VINNI: 5G Verticals INNovation Infrastructure , The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, NorNet, SMIL: SimulaMet Interoperability Lab |
Publication Type | Journal Article |
Year of Publication | 2022 |
Journal | Transactions on Network and Service Management |
Date Published | 08/2022 |
Publisher | IEEE |
Place Published | Los Alamitos, California/U.S.A. |
ISSN | 1932-4537 |
Keywords | 5G, AI, Anomaly detection, Autoencoders, deep learning, Mobile networks, Smart Networks |
DOI | 10.1109/TNSM.2022.3203246 |
Proceedings, refereed
Towards a Privacy Preserving Data Flow Control via Packet Header Marking
In Proceedings of the 24th International Conference on High Performance Computing, Data, and Analytics (HPCC). Chengdu, Sichuan/People's Republic of China: IEEE, 2022.Status: Published
Towards a Privacy Preserving Data Flow Control via Packet Header Marking
{Computing infrastructure is becoming ubiquitous thanks to the advancement in computing and the network domain. Reliable network communication is essential to offer good quality services, but it is not trivial. There are privacy concerns. Metadata may leak user information even if traffic is encrypted. Some countries have data privacy preserving-related regulations, but end-users cannot control through which path, networks, and hardware their data packets should travel. Even worse, the user cannot declare their privacy preferences. This paper presents an approach to tackle such privacy issues through data privacy-aware routing. The user can specify their preferences for packet routing using marking and filtering. Routing can work according to such specifications. It is implemented by P4, allowing a vendor-independent realisation with standard off-the-shelf hardware and open-source software components. We presented the initial experimental results of a proof-of-concept run on a unified cloud/fog research testbed.}
Afilliation | Communication Systems |
Project(s) | NorNet, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, The Center for Resilient Networks and Applications, GAIA |
Publication Type | Proceedings, refereed |
Year of Publication | 2022 |
Conference Name | Proceedings of the 24th International Conference on High Performance Computing, Data, and Analytics (HPCC) |
Publisher | IEEE |
Place Published | Chengdu, Sichuan/People's Republic of China |
Keywords | Cloud, Data, Fog, P4, Packets, Privacy, Routing |
Towards a Blockchain and Fog-Based Proactive Data Distribution Framework for ICN
In Proceedings of the International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT). Sendai/Japan, 2022.Status: Published
Towards a Blockchain and Fog-Based Proactive Data Distribution Framework for ICN
Most of today's IP traffic is cloud traffic. Due to a vast, complex and non-transparent Internet infrastructure, securely accessing and delegating data is not a trivial task. Existing technologies of Information-Centric Networking (ICN) make content distribution and access easy while primarily relying on the existing cloud-based security features. The primary aim of ICN is to make data independent of its storage location and application. ICN builds upon traditional distributed computing, which means ICN platforms also can suffer from similar data security issues as distributed computing platforms. We present our ongoing work to develop a secure, proactive data distribution framework. The framework answers the research question, i.e., How to extend online data protection with a secure data distribution model for the ICN platform? Our framework adds a data protection layer over the content distribution network, using blockchain and relying on the fog to distribute the contents with low latency. Our framework is different from the existing works in multiple aspects, such as i) data are primarily distributed from the fog nodes, ii) blockchain is used to protect data and iii) blockchain allows statistical and other information sharing among stakeholders (such as content creators) following access rights. Sharing statistics about content distribution activity can bring transparency and trustworthiness among the stakeholders, including the subscribers, into the ICN platforms. We showed such a framework is possible by presenting initial performance results and our reflections while implementing it on a cloud/fog research testbed.
Afilliation | Communication Systems |
Project(s) | NorNet, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, GAIA |
Publication Type | Proceedings, refereed |
Year of Publication | 2022 |
Conference Name | Proceedings of the International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT) |
Place Published | Sendai/Japan |
Keywords | blockchain, Data, Distribution, Fog, ICN, Protection |
Find Out: How Do Your Data Packets Travel?
In Proceedings of the 18th IEEE International Conference on Network and Service Management (CNSM). Thessaloniki, Greece: IEEE, 2022.Status: Published
Find Out: How Do Your Data Packets Travel?
In today's communication-centric world, users generate and exchange a huge amount of data. The Internet helps user data to travel from one part of the world to another via a complex setting of network systems. These systems are intelligent, heterogeneous, and non-transparent to users. In this paper, we present an extensive trace-driven study of user data traffic covering five years of observations, six large ISPs, 21 different autonomous systems, and a total of 13 countries. The aim of this work is to make users aware about how their data travels in the Internet, as the data traffic path is majorly influenced by the interests of ISPs. We showed that shortest land distance between the two countries does not impact data path selection, while data traffic prefers to travel even though country do not share land borders.
Afilliation | Communication Systems |
Project(s) | NorNet, GAIA, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering |
Publication Type | Proceedings, refereed |
Year of Publication | 2022 |
Conference Name | Proceedings of the 18th IEEE International Conference on Network and Service Management (CNSM) |
Date Published | 11/2022 |
Publisher | IEEE |
Place Published | Thessaloniki, Greece |
ISBN Number | 978-3-903176-51-5 |
Keywords | connectivity, Data, Internet, Packets, Routing, Traffic Paths |
A Live Demonstration of In-Band Telemetry in OSM-Orchestrated Core Networks
In Proceedings of the 47th IEEE Conference on Local Computer Networks (LCN). Edmonton, Alberta/Canada: IEEE, 2022.Status: Published
A Live Demonstration of In-Band Telemetry in OSM-Orchestrated Core Networks
Network Function Virtualization is a key enabler to building future mobile networks in a flexible and cost-efficient way. Such a network is expected to manage and maintain itself with least human intervention. With early deployments of the fifth generation of mobile technologies – 5G – around the world, setting up 4G/5G experimental infrastructures is necessary to optimally design Self-Organising Networks (SON). In this demo, we present a custom small-scale 4G/5G testbed. As a step towards self-healing, the testbed integrates four Programming Protocol-independent Packet Processors (P4) virtual switches, that are placed along interfaces between different components of transport and core network. This demo not only shows the administration and monitoring of the Evolved Packet Core (EPC) VNF components, using Open Source MANO, but also as a proof of concept for the potential of P4-based telemetry in detecting anomalous behaviour of the mobile network, such as a congestion in the transport part.
Afilliation | Communication Systems |
Project(s) | 5G-VINNI: 5G Verticals INNovation Infrastructure , NorNet, The Center for Resilient Networks and Applications, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering |
Publication Type | Proceedings, refereed |
Year of Publication | 2022 |
Conference Name | Proceedings of the 47th IEEE Conference on Local Computer Networks (LCN) |
Pagination | 245–247 |
Date Published | 09/2022 |
Publisher | IEEE |
Place Published | Edmonton, Alberta/Canada |
ISBN Number | 978-1-6654-8001-7 |
Keywords | Anomaly detection, Network Function Virtualisation (NFV), Open Source MANO (OSM), P4, Telemetry |
Load Distribution for Mobile Edge Computing with Reliable Server Pooling
In Proceedings of the 4th International Workshop on Recent Advances for Multi-Clouds and Mobile Edge Computing (M2EC) in conjunction with the 36th International Conference on Advanced Information Networking and Applications (AINA). Sydney, New South Wales/Australia: Springer, 2022.Status: Published
Load Distribution for Mobile Edge Computing with Reliable Server Pooling
Energy-efficient computing model is a popular choice for high performance as well as throughput oriented computing ecosystems. Mobile (computing) devices are becoming increasingly ubiquitous to our computing domain, but with limited resources (true both for computation as well as for energy). Hence, workload offloading from resource-constrained mobile devices to the Edge and maybe (later) to the cloud become necessary as well as useful. Thanks to the persistent technical breakthroughs in global wireless standards (or in mobile networks) together with the almost limitless amount of resources in public cloud platforms, workload offloading is possible and cheaper. In such scenarios, Mobile Edge Computing (MEC) resources could be provisioned in proximity to the users for supporting latency-sensitive applications. Here, two relevant problems could be: i) How to distribute workload to the resource pools of MEC as well as public (multi-)clouds? ii) How to manage such resource pools effectively? To answer these problems in this paper, we examine the performance of our proposed approach using the Reliable Server Pooling (RSerPool) framework in more detail. We also have outlined the resource pool management policies to effectively use RSerPool for workload offloading from mobile devices into the cloud/MEC ecosystem.
Afilliation | Communication Systems |
Project(s) | 5G-VINNI: 5G Verticals INNovation Infrastructure , NorNet, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering, Simula Metropolitan Center for Digital Engineering, SMIL: SimulaMet Interoperability Lab, MELODIC: Multi-cloud Execution-ware for Large-scale Optimised Data-Intensive Computing |
Publication Type | Proceedings, refereed |
Year of Publication | 2022 |
Conference Name | Proceedings of the 4th International Workshop on Recent Advances for Multi-Clouds and Mobile Edge Computing (M2EC) in conjunction with the 36th International Conference on Advanced Information Networking and Applications (AINA) |
Publisher | Springer |
Place Published | Sydney, New South Wales/Australia |
Keywords | Cloud computing, Load Distribution, Mobile Edge Computing (MEC), Multi-Cloud Computing, Reliable Server Pooling (RSerPool), Serverless Computing |
Antikraak
IP squatting is the hijacking of unallocated IP address space by malicious networks that use this attack to number botnet command and control hosts, and spam relays with temporary addresses, in order to hinder their detectability and trackability. Squatting has been used as an effective cloaking technique because it did not affect legitimate traffic to raise alerts. However, the IPv4 address space depletion makes squatting much harder, leading attackers to resort to more sophisticated techniques. In particular, our preliminary analysis shows increasing abuse against two types of IP ranges, IXP prefixes and transferred IP prefixes, that allow hijacking attacks with similar characteristics to squatting. IXP prefixes are usually not advertised in the global routing system since they are not allocated to end hosts. Therefore, IXP prefix hijacking does not affect existing Internet paths. IP transfers create a window of uncertainty about the legitimate ownership, which adversaries try to exploit. These bogus advertisements are often realized as spear attacks, namely highly targeted bogus advertisements to evade detection. We aim to develop the necessary techniques to enable predictive capabilities in the detection and mitigation of these emerging threats that currently cannot be addressed by the existing tools.
Funding:
RIPE NCC
Partners:
Lancaster University
AMX-IX
Publications for Antikraak
Proceedings, refereed
A first look at the misuse and abuse of the IPv4 Transfer Market
In International Conference on Passive and Active Network Measurement (PAM). Springer, 2020.Status: Published
A first look at the misuse and abuse of the IPv4 Transfer Market
The depletion of the unallocated IPv4 addresses and the slowpace of IPv6 deployment have given rise to the IPv4 transfer market, the trading of allocated IPv4 prefixes between organizations. Despite the policies established by RIRs to regulate the IPv4 transfer market, IPv4 transfers pose an opportunity for malicious networks, such as spammers and bulletproof ASes, to bypass reputational penalties by obtaining“clean” IPv4 address space or by offloading blacklisted addresses. Addi-tionally, IP transfers create a window of uncertainty about the legitimateownership of prefixes, which leads to inconsistencies in WHOIS recordsand routing advertisements. In this paper we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild, by synthesizing an array of longitudinal IP blacklists, honeypot data, and AS reputation lists. Our findings yield evidence that transferred IPv4 addressblocks are used by malicious networks to address botnets and fraudulentsites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicate efforts to evade filtering mechanisms.
Afilliation | Communication Systems |
Project(s) | Antikraak, The Center for Resilient Networks and Applications, GAIA |
Publication Type | Proceedings, refereed |
Year of Publication | 2020 |
Conference Name | International Conference on Passive and Active Network Measurement (PAM) |
Pagination | 88-103 |
Publisher | Springer |
Keywords | BGP, Blacklists., IPv4 transfers, Routing |
DOI | 10.1007/978-3-030-44081-7_6 |
Publications
Proceedings, refereed
Longitudinal Analysis of Inter-City Network Delays
In Network Traffic Measurement and Analysis Conference (TMA). IEEE/IFIP, 2023.Status: Accepted
Longitudinal Analysis of Inter-City Network Delays
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications |
Publication Type | Proceedings, refereed |
Year of Publication | 2023 |
Conference Name | Network Traffic Measurement and Analysis Conference (TMA) |
Publisher | IEEE/IFIP |
Keywords | big network data analysis, Internet measurements, longitudinal analysis, RTT delay |
Poster
A decade of evolution in telecommunications infrastructure
In Poster: A decade of evolution in telecommunications infrastructure. IMC 21: IMC , 2021.Status: Published
A decade of evolution in telecommunications infrastructure
Characterizing countries’ standing in terms of the maturity of their telecommunications infrastructure is paramount to inform policy and investments. Here, we use a broad set of features to group countries according to the state of their infrastructures and track how this has changed between 2010 and 2020. While a few nations continue to dominate, the membership of this club has changed with several European countries leaving
Afilliation | Communication Systems |
Project(s) | GAIA, The Center for Resilient Networks and Applications |
Publication Type | Poster |
Year of Publication | 2021 |
Secondary Title | Poster: A decade of evolution in telecommunications infrastructure |
Date Published | 10/2021 |
Publisher | IMC |
Place Published | IMC 21 |
Type of Work | Internet measurements |
Journal Article
A Multi-Perspective Study of Internet Performance during the COVID-19 Outbreak
Arxiv (2021).Status: Published
A Multi-Perspective Study of Internet Performance during the COVID-19 Outbreak
Afilliation | Communication Systems |
Project(s) | Simula Metropolitan Center for Digital Engineering, GAIA |
Publication Type | Journal Article |
Year of Publication | 2021 |
Journal | Arxiv |
Publisher | Arxiv |
Place Published | Arrxiv.org |
Keywords | COVID, Internet, network |
DOI | 10.48550/arXiv.2101.05030 |
Proceedings, refereed
A first look at the misuse and abuse of the IPv4 Transfer Market
In International Conference on Passive and Active Network Measurement (PAM). Springer, 2020.Status: Published
A first look at the misuse and abuse of the IPv4 Transfer Market
The depletion of the unallocated IPv4 addresses and the slowpace of IPv6 deployment have given rise to the IPv4 transfer market, the trading of allocated IPv4 prefixes between organizations. Despite the policies established by RIRs to regulate the IPv4 transfer market, IPv4 transfers pose an opportunity for malicious networks, such as spammers and bulletproof ASes, to bypass reputational penalties by obtaining“clean” IPv4 address space or by offloading blacklisted addresses. Addi-tionally, IP transfers create a window of uncertainty about the legitimateownership of prefixes, which leads to inconsistencies in WHOIS recordsand routing advertisements. In this paper we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild, by synthesizing an array of longitudinal IP blacklists, honeypot data, and AS reputation lists. Our findings yield evidence that transferred IPv4 addressblocks are used by malicious networks to address botnets and fraudulentsites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicate efforts to evade filtering mechanisms.
Afilliation | Communication Systems |
Project(s) | Antikraak, The Center for Resilient Networks and Applications, GAIA |
Publication Type | Proceedings, refereed |
Year of Publication | 2020 |
Conference Name | International Conference on Passive and Active Network Measurement (PAM) |
Pagination | 88-103 |
Publisher | Springer |
Keywords | BGP, Blacklists., IPv4 transfers, Routing |
DOI | 10.1007/978-3-030-44081-7_6 |
An agent-based model of IPv6 adoption
In IFIP Networking Conference (Networking). IEEE, 2020.Status: Published
An agent-based model of IPv6 adoption
Despite having been proposed more than 20 years ago, IPv6 deployment has been very slow. The imminent depletion of IPv4 address space has recently motivated stakeholders to actively promote IPv6. These efforts, however, have only led to a relatively modest increase in the overall uptake. This outcome is expected given the complexity of the adoption landscape and the involved economic intricacies. Aiming to offer better insights into this process, we present the first data driven computational cost centric model of IPv6 adoption. Our model is grounded in empirical data yet parsimonious that is it focuses only on factors that are key to the modelled transition. We validate our model using historical snapshots of addresses allocations and then use it to explore a set of what if scenarios. Our findings paint a bleak picture for IPv6 adoption, predicting it to be decades away.
Afilliation | Communication Systems |
Project(s) | NorNet, The Center for Resilient Networks and Applications, GAIA |
Publication Type | Proceedings, refereed |
Year of Publication | 2020 |
Conference Name | IFIP Networking Conference (Networking) |
Pagination | 361-369 |
Publisher | IEEE |
URL | https://ieeexplore.ieee.org/document/9142758 |
On the Accuracy of Country-Level IP Geolocation
In Applied Networking Research Workshop (ANRW). Madrid/Spain: ACM, 2020.Status: Published
On the Accuracy of Country-Level IP Geolocation
The proliferation of online services comprised of globally spread microservices has security and performance implications. Understanding the underlying physical paths connecting end points has become important. This paper investigates the accuracy of commonly used IP geolocation approaches in geolocating end-to-end IP paths. To this end, we perform a controlled measurement study to collect IP level paths. We find that existing databases tend to geolocate IPs that belong to networks with global presence and those move between networks erroneously. A small percentage of IP geolocation disagreement between databases results in a significant disagreement when geolocating end-to-end paths. Geolocating one week of RIPE traceroute data validates our observations.
Afilliation | Communication Systems |
Project(s) | GAIA, NorNet, The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
Publication Type | Proceedings, refereed |
Year of Publication | 2020 |
Conference Name | Applied Networking Research Workshop (ANRW) |
Date Published | 07/2020 |
Publisher | ACM |
Place Published | Madrid/Spain |
ISBN Number | 978-1-4503-8039-3 |
Keywords | Geolocation Approaches, Geolocation Databases, IP Geolocation |
DOI | 10.1145/3404868.3406664 |
Miscellaneous
How accurate are IP geolocation services?
APNIC blog, 2020.Status: Published
How accurate are IP geolocation services?
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications, GAIA |
Publication Type | Miscellaneous |
Year of Publication | 2020 |
Publisher | APNIC blog |
URL | https://blog.apnic.net/2020/09/15/how-accurate-are-ip-geolocation-services/ |
PhD Thesis
Monitoring and Understanding Ipv6 Adoption
In The University of Oslo. Vol. PhD. Department of Informatics, University of Oslo, 2019.Status: Published
Monitoring and Understanding Ipv6 Adoption
Afilliation | Communication Systems |
Project(s) | No Simula project |
Publication Type | PhD Thesis |
Year of Publication | 2019 |
Degree awarding institution | The University of Oslo |
Degree | PhD |
Publisher | Department of Informatics, University of Oslo |
Proceedings, refereed
Inferring carrier-grade NAT deployment in the wild
In IEEE Conference on Computer Communications (INFOCOM). IEEE, 2018.Status: Published
Inferring carrier-grade NAT deployment in the wild
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
Publication Type | Proceedings, refereed |
Year of Publication | 2018 |
Conference Name | IEEE Conference on Computer Communications (INFOCOM) |
Publisher | IEEE |
Proceedings, refereed
Measuring IPv6 Adoption in Africa
In International Workshop on Internet Measurements Research in Africa - IMRA 2017 in conjunction with Africomm 2017, 2017.Status: Published
Measuring IPv6 Adoption in Africa
Afilliation | Communication Systems |
Publication Type | Proceedings, refereed |
Year of Publication | 2017 |
Conference Name | International Workshop on Internet Measurements Research in Africa - IMRA 2017 in conjunction with Africomm 2017 |
Date Published | 12/2017 |
Journal Article
On IPv4 transfer markets: Analyzing reported transfers and inferring transfers in the wild
Computer Communications 111 (2017): 105-119.Status: Published
On IPv4 transfer markets: Analyzing reported transfers and inferring transfers in the wild
IPv4 Transfer Markets have recently emerged as a mechanism for prolonging the usability of IPv4 address space. They facilitate the trading of IPv4 address space, which constitutes a radical shift transforming IPv4 addresses from a free resource to a commodity. In this paper, we conduct a comprehensive analysis of all IPv4 transfers that are published by three regional Internet registries. We analyze the overall evolution of transfer markets, whether they lead to a healthy redistribution of IP addresses, and the interplay between transfers and IPv6 adoption. We find that, to a large extent, IPv4 transfers serve their intended purpose by moving IP blocks from those with excess to those in need - transferred address blocks appear to be routed after the transfer, the utilization of transferred blocks is greater after the transfer date and a high percentage of the transferred space comes from legacy space. We have also proposed a methodology for detecting IPv4 transfers in the wild that tracks changes in origins of IP prefixes in the global routing table. This method yields promising results, yet it produces a large number of false positives due to the noisy nature of routing data. We have investigated the cause of these false positives and verified that they can be reduced to a volume analyzable by a human operator.
Afilliation | Communication Systems |
Project(s) | NorNet |
Publication Type | Journal Article |
Year of Publication | 2017 |
Journal | Computer Communications |
Volume | 111 |
Pagination | 105-119 |
Publisher | Elsevier |
DOI | 10.1016/j.comcom.2017.07.012 |
Proceedings, refereed
Characterizing IPv6 control and data plane stability
In IEEE International Conference on Computer Communications (INFOCOM), 2016.Status: Published
Characterizing IPv6 control and data plane stability
Afilliation | Communication Systems |
Publication Type | Proceedings, refereed |
Year of Publication | 2016 |
Conference Name | IEEE International Conference on Computer Communications (INFOCOM) |
Proceedings, refereed
Leveraging the IPv4/IPv6 Identity Duality by using Multi-Path Transport
In Proceedings of the 18th IEEE Global Internet Symposium (GI). Hong Kong/People's Republic of China, 2015.Status: Published
Leveraging the IPv4/IPv6 Identity Duality by using Multi-Path Transport
With the 20th anniversary of IPv6 nearing quickly, a growing number of Internet service providers (ISPs) now offer their customers both IPv6 and IPv4 connectivity. This makes multi-homing with IPv4 and IPv6 increasingly common even with just a single ISP connection. Furthermore, the growing popularity of multi-path transport, especially Multi-path TCP (MPTCP) that is the extension of the well-known Transmission Control Protocol (TCP), leads to the question of whether this identity duality can be utilized for improving application performance in addition to providing resilience. In this paper, we first investigate the AS-level congruency of IPv4 and IPv6 paths in the Internet. We find that more than 60% of the current IPv4 and IPv6 AS-paths are non-congruent at the AS-level, which motivates us to explore how MPTCP can utilize the IPv4/IPv6 identity duality to improve data transfer performance. Our results show that MPTCP, even with a single dual-stack Internet connection, can significantly improve the end-to-end performance when the underlying paths are non-congruent. The extent of the improvement can reach up to the aggregate of the IPv4 and IPv6 bandwidth.
Afilliation | , Communication Systems, Communication Systems |
Project(s) | NorNet, The Center for Resilient Networks and Applications |
Publication Type | Proceedings, refereed |
Year of Publication | 2015 |
Conference Name | Proceedings of the 18th IEEE Global Internet Symposium (GI) |
Date Published | 05/2015 |
Place Published | Hong Kong/People's Republic of China |
Keywords | Identity Duality, Internet Paths, IPv4, IPv6, Routing |
Public outreach
MPTCP Experiences in the NorNet Testbed
https://tools.ietf.org/html/draft-dreibholz-mptcp-nornet-experience-01, 2015.Status: Accepted
MPTCP Experiences in the NorNet Testbed
This document collects some experiences of Multi-Path TCP (MPTCP) evaluations in the NorNet testbed.
Afilliation | , Communication Systems |
Publication Type | Public outreach |
Year of Publication | 2015 |
Place Published | https://tools.ietf.org/html/draft-dreibholz-mptcp-nornet-experience-01 |
Talks, invited
On IPv4 and IPv6 Routing Stability
In Workshop on Active Internet Measurements (AIMS), 2015.Status: Published
On IPv4 and IPv6 Routing Stability
Afilliation | Communication Systems |
Project(s) | NorNet |
Publication Type | Talks, invited |
Year of Publication | 2015 |
Location of Talk | Workshop on Active Internet Measurements (AIMS) |
Talks, invited
Leveraging IPv4 and IPv6 Multi-Connectivity
In Proceedings of the 2nd International NorNet Users Workshop (NNUW-2), 2014.Status: Published
Leveraging IPv4 and IPv6 Multi-Connectivity
Afilliation | , Communication Systems |
Publication Type | Talks, invited |
Year of Publication | 2014 |
Location of Talk | Proceedings of the 2nd International NorNet Users Workshop (NNUW-2) |
Keywords | Workshop |
Proceedings, refereed
A First Look at IPv4 Transfer Markets
In CoNEXT 2013. ACM SIGCOMM, 2013.Status: Published
A First Look at IPv4 Transfer Markets
In February 2011 the Internet Assigned Numbers Authority (IANA) exhausted its free pool of IPv4 addresses, and the regional registries (RIRs) have started to run out of IPv4 addresses as well. As RIRs have started rationing allocations, IPv4 transfer markets have emerged as a new mechanism to acquire IPv4 addresses. Barring a few high-profile exceptions, IPv4 transfers have largely flown under the radar. In this work, we use the lists of transfers published by three RIRs to characterize the transfer market - the types of players involved, the sizes and characteristics of transferred address blocks, and visible effects on the routing table. Next, we take first steps toward detecting address transfers using BGP data from the Routeviews and RIPE repositories from 2004-2013. We identify reasons why legitimate changes in prefix origin could be confused as transfers, and implement a series of 10 filters that remove 86% of candidate transfers. We find the remaining number of inferred transfers is increasing over time. We could confirm few (0.16%) of these transfers using RIR-published transfer lists; while our inference methodology undoubtedly yields false positives, a black market for IPv4 transfers may exist as well.
Afilliation | , Communication Systems |
Publication Type | Proceedings, refereed |
Year of Publication | 2013 |
Conference Name | CoNEXT 2013 |
Pagination | 7-12 |
Date Published | December |
Publisher | ACM SIGCOMM |
ISBN Number | 978-1-4503-2101-3 |
Keywords | Conference |
Proceedings, refereed
Inferring carrier-grade NAT deployment in the wild
In IEEE Conference on Computer Communications (INFOCOM).Status: Published
Inferring carrier-grade NAT deployment in the wild
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
Publication Type | Proceedings, refereed |
Conference Name | IEEE Conference on Computer Communications (INFOCOM) |
Inferring carrier-grade NAT deployment in the wild
In IEEE Conference on Computer Communications (INFOCOM).Status: Published
Inferring carrier-grade NAT deployment in the wild
Afilliation | Communication Systems |
Project(s) | The Center for Resilient Networks and Applications, Simula Metropolitan Center for Digital Engineering |
Publication Type | Proceedings, refereed |
Conference Name | IEEE Conference on Computer Communications (INFOCOM) |