End-to-End Detection of Third-Party Middlebox Interference
- Author(s): Pournaghshband, Vahab;
- Advisor(s): Reiher, Peter;
- Kleinrock, Leonard
- et al.
Currently, every packet sent on the Internet goes through numerous routers and intermediaries until it gets to the intended receiver. While routing the traffic, these intermediaries (referred to as middleboxes) are potentially capable of making significant changes to what happens to a traffic stream on the network. During the past decade, a wide variety of middleboxes have been proposed, implemented and deployed. Examples include traffic shapers, proxies, firewalls, and WAN optimizers. These middleboxes are becoming a common element of various types of networks, making their detection by end-hosts beneficial and in some cases crucial.
One class of intermediaries, defined as "payload-preserving middleboxes", makes no changes to the content of the traffic, giving the appearance that nothing has been done to the stream other than routing it to the destination. This transparency property can make end-to-end detection of such intermediaries very challenging in most cases. The main contribution of this dissertation is to investigate the detectability of such middleboxes by seeking answers to this question: "If they pay attention, can the sender or receiver (or both if they cooperate) determine that something of this kind has been done?''
Another contribution of this dissertation is to view and analyze the universal set of all middlebox interferences on network traffic as a whole. We partition this set of middlebox interferences into detectable and undetectable middleboxes. Within the detectable partition, we introduce the notion of normally detectable middleboxes, denoting that a certain type of middlebox is detectable under normal Internet conditions, with a specific degree of certainty. In this research we developed a general framework to detect network discriminators, which we have defined as middleboxes that delay and/or drop packets in a discriminatory fashion. We achieved this by modeling their interference on the network and proposing a unified solution to the detectability problem, rather than ad hoc approaches that are only applicable to a specific type of middlebox.
To illustrate the implementation feasibility of our generalization idea, we then used our results to detect a number of prevalent and important middleboxes: network compression, traffic prioritization, and traffic shaping/policing. In addition to the analytical approach that we took to solve our detection problem, our results are also supported by extensive network simulations and live Internet experiments using a real middlebox.