Client-IP EDNS Option Concerns

Similar documents
OHIM SEARCH TOOLS: TMVIEW, DSVIEW AND TMCLASS. Making trade mark and design information readily available for users

European Research Council


SESAR. Luftfahrttechnologie - Auftaktveranstaltung zum 7. EU-Forschungsrahmenprogramm Wien, 4 Dezember 2006

European Research Council

Content Delivery and the Natural Evolution of DNS

Our patent and trade mark attorneys are here to help you protect and profit from your ideas, making sure they re working every bit as hard as you do.

John S. Otto Fabián E. Bustamante

Title (fr) SOURCE IONIQUE INTERNE DOUBLE POUR PRODUCTION DE FAISCEAU DE PARTICULES AVEC UN CYCLOTRON

TEPZZ 87_546A T EP A2 (19) (11) EP A2 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G05B 19/05 ( )

egovernment Digital Agenda Scoreboard 2014

EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2012/21


TEPZZ 9 Z5A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

The Transition to Tendering Perspective from the Manufacturing Industry

TEPZZ A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G06F 21/64 ( )

MM, EFES EN. Marc Mathieu

SURVEY ON THE TRAINING OF GENERAL CARE NURSES IN THE EUROPEAN UNION. The current minimum training requirements for general care nurses

TEPZZ 69 49A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G06F 17/30 ( )

EUROPEAN CIVIL RPAS OPERATORS FORUM

Annex A to the MPEG Audio Patent License Agreement Essential Philips, France Telecom and IRT Patents relevant to DVD-Video Player - MPEG Audio

EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2011/37

TEPZZ 65Z79 A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

ERMInE Database. Presentation by Nils Flatabø SINTEF Energy Research. ERMInE Workshop 2 - Northern Europe Oslo, 1. November 2006

Digital Agenda Targets Progress report. Digital Agenda Scoreboard 2014

Milk Market Situation. Brussels, 27 August 2015

Doro PhoneEasy 331ph

ENTERING THE EU BORDERS & VISAS THE SCHENGEN AREA OF FREE MOVEMENT. EU Schengen States. Non-Schengen EU States. Non-EU Schengen States.

The EU s 2030 Effort Sharing Agreement

Online job search in the EU: The potential of web 2.0

The secret life of a DNS query. Igor Sviridov <sia@nest.org>

European developments in VET Quality Assurance

Your first EURES job. Progress Summary 2014Q4. March 2015

TEPZZ 6_Z76 A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.:

DHL Door-To-More UNLOCKING THE POTENTIAL OF DIRECT DISTRIBUTION

Cable Industry Facts: the story behind the numbers

EP A2 (19) (11) EP A2 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2012/35

Czech Universities and the Environment for Innovation. Rudolf Hanka

telephone television internet 3-play (i + t + tv) 2-play 2-play (i+t) (t+tv) 2-play (i+tv)

The ICT workforce and e-leadership demand and supply ( )

Where Do You Tube? Uncovering YouTube Server Selection Strategy

QATAR CENTRAL BANK INTERNATIONAL BANK ACCOUNT NUMBER (IBAN) - QATAR STANDARDS DOCUMENT. E-Banking Instructions IBAN Standard Annex No.

TEPZZ A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: G06Q 40/04 ( )

Social dumping and free movement: Overview of current issues from an economic point of view

SME Instrument statistics

TEPZZ 68575_A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

Mapping the Expansion of Google s Serving Infrastructure

The EU Energy Tax Directive: overview about the proposed reform, impacts on national measures and state of play

Professor Heikki Ervasti University of Turku Department of Social Research

THE FUTURE OF TELEVISION IN EUROPE

Measuring the Web: Part I - - Content Delivery Networks. Prof. Anja Feldmann, Ph.D. Dr. Ramin Khalili Georgios Smaragdakis, PhD

ZTE Blade V Quick Start Guide

Anti-Money Laundering Distributor Due Diligence

TEPZZ 96 A_T EP A1 (19) (11) EP A1. (12) EUROPEAN PATENT APPLICATION published in accordance with Art.

INFORMATION about transfer orders incurring Extra transfer fees for transfer orders with missing or incorrect data

Private Sector Debt Dívida do Sector Privado. dossiers. Economic Outlook Conjuntura Económica. Conjuntura Económica.

TEPZZ 87657ZA_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION

Dublin, March EPSO Network of Experts in the field of Personnel Selection 14th March 2013

BIS CEMLA Roundtable on Fiscal Policy, public debt management and government bond markets: issues for central banks

Export of unemployment benefits

Overview of VoD services in the EU & Future developments. Europa International Athens, 23 rd November 2013

TEPZZ 94Z968A_T EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (51) Int Cl.: H04L 29/08 ( )

Payments to Overseas banks Things to be aware of

How To Study The Small Ruminant Population In The European Land Animals

Implementing the cooperation mechanisms of the RES directive current status and open questions

*EP A1* EP A1 (19) (11) EP A1 (12) EUROPEAN PATENT APPLICATION. (43) Date of publication: Bulletin 2005/14

Market data for Europe-wide location and sales planning

Hotel Industry VAT in EU

B I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F.

ehealth in support of safety, quality and continuity of care within and across borders

State of the Cloud DNS Report

GÉANT for HEAnet clients

Measuring Quality of life in the European Union

State of the Cloud DNS Report

Reliable transport of groupage cargo

The case for a European Social Union. From muddling through to a sense of common purpose. Frank Vandenbroucke EIB Institute Luxembourg, 5 March 2015

The use of EU funds in Member States in partnership with companies (contractors or subcontractors) outside of a given Member State

Common Communication on the Common Practice on the General Indications of the Nice Class Headings v1.1, 20 February 2014

Global Trends in Online Shopping A Nielsen Global Consumer Report. June 2010

GUIDANCE for Administration of the Sunset Clause

OVERVIEW OF RESEARCH PROJECTS IN THE ICT DOMAIN ICT statistical report for annual monitoring (StReAM)

Axioma Risk Monitor Global Developed Markets 29 June 2016

Finnish foreign trade 2014 Figures and diagrams FINNISH CUSTOMS Statistics 1

Taxation of tobacco products in the European Union. Frank Van Driessche DG Taxation and Customs Union May 2006

GDP per capita, consumption per capita and comparative price levels in Europe

TL-PS310U Single USB 2.0 Port MFP and Storage Server

Schengen routing or Schengen encryption?

Integrating 300 GW wind power in European power systems: challenges and recommendations. Frans Van Hulle Technical Advisor

International transfers are not always easy to understand.

Transcription:

Client-IP EDNS Option Concerns RIPE 67, Athens Florian Streibelt <florian@inet.tu-berlin.de> TU-Berlin, Germany - FG INET www.inet.tu-berlin.de October 16th 2013 Preliminary results, full results at IMC 2013 (see last slide)

Disclaimer This talk is not about repeating all the arguments from the IETF dns-ext WG. I don t know if this extension is a good solution or not, but it seems to solve a problem for some people and my hope is that the measurements we did may help in understanding some additional side effects. florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 2

Textbook DNS-Lookup Stub resolver on the client asks a recurser (e.g., at the ISP) Recurser follows the delegation florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 3

Non-ISP (aka public ) DNS usage increases Otto et al. [2]: usage at 8.6% in December 2011 florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 4

Challenge for CDNs/CPs Non-ISP Resolvers are gaining momentum CDNs often rely heavily on dns-tricks for client location Using the DNS request origin for client-location now leads to (more) wrong results Mis-location of clients gives end-users bad performance Some workarounds exist but don t scale well/are inacurate - e.g. check against known list of Google NS IPs and their geolocation 1 1 https://developers.google.com/speed/public-dns/faq#locations florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 5

Introducing: Client IP information in EDNS (ECS) Proposal by Google, OpenDNS and others: http://afasterinternet.com/ EDNS0 extension to transport Client Subnet information: http://tools.ietf.org/html/ draft-vandergaast-edns-client-subnet-02 Recurser adds client IP-information (network prefix) to the query directed at the authoritative NS Performance gain can be observed [2]. florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 6

Protocol: Client IP information in EDNS (ECS) DNS query contains additional section EDNS0 is used to transport Client Subnet Information Answer differs only in one byte The scope returned allows for caching the answer (q-tuple!) We can impose every location using arbitrary Client Subnet information florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 7 Header Header Query Additional EDNS0 ECS DNS Query EDNS Client IP Option Code ECS Query: Option Length (6) Address Family (1=IPv4) Prefix Length (16) Scope Client IP/Prefix 0008 0006 0001 10 00 82 95... ECS Response: 0008 0006 0001 10 18 82 95... # dig www.google.com +client=130.149.0.0/16 @ns1.google.com Query Answer Additional EDNS0 ECS DNS Response

How to enable ECS? Primary nameservers must be ECS enabled (Supported by PowerDNS: yes, Bind: no) If there are e.g., loadbalancers (sic!) in front: these too Nameservers need to be whitelisted (manually) by OpenDNS/Google, etc. Note: We find that roughly 13% of the top 1 million domains (Alexa) may be already ECS enabled. florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 8

Measurements Single vantage point 2 is sufficient to use arbitrary Client IP/prefix We use all network prefixes collected by RIPE RIS (sanity check using Routeviews) Measurements done for: Google, YouTube, MySqueezebox, Edgecast, CacheFly, TorrentFreak Following is a subset of our experiments, using Google In progess: Measurements with traces from an ECS-enabled CDN 2 we checked from four different locations florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 9

Looking at the A-Records of Google Resolving www.google.com via ns1.google.com Using all network prefixes from RIPE RIS as client subnets Different synchronized vantage points (plausibility check) Date IPs Sub ASes Countries (RIPE) nets 2013-03-26 6340 329 166 47 2013-03-30 6495 332 167 47 2013-04-13 6821 331 167 46 2013-04-21 7162 346 169 46 2013-05-16 9762 485 287 55 2013-05-26 9465 471 281 52 2013-06-18 14418 703 454 91 2013-07-13 21321 1040 714 91 2013-08-08 21862 1083 761 123 see also: Calder et al.: Mapping the Expansion of Google s Serving Infrastructure [1] florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 10

Looking at the A-Records of Google Preliminary results from combined experiments: We see GGC (Google Global Cache edge servers) in various ISP networks These ISPs are not allowed to advertise the GGC, but we are Huge increase in the footprint can be observed, also for YouTube Comparing results from different vantage points we observe redirection of clients and prefixes, probably due to load balancing the GGCs We see that most of the time clients indeed are served from caches in their respective AS We see large overlap in the returned A records in the results from the different vantage points, both for Google and YouTube florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 11

RIPE RIS prefix length vs. ECS-scopes Count 0 100000 200000 RIPE Google Edgecast 0 5 10 15 20 25 30 Prefix length/ecs scope Prefix length and scope distribution do not match and differ between adopters, also note the /32s! florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 12

Comparing Google and Edgecast Scopes 30 336875 30 901280 25 269500 25 721024 Prefix length 20 15 10 202125 134750 Count Prefix length 20 15 10 540768 360512 Count 5 67375 5 180256 0 0 5 10 15 20 25 30 ECS scope 0 0 0 5 10 15 20 25 30 ECS scope 0 Edgecast (left) aggregates while Google (right) returns more specific scopes. florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 13

Looking at the CDN side We have access to all dns-requests sent to all authoritative nameservers of a CDN For Google we receive queries from the known backend subnets 3 We can map the client prefixes to these locations and infer data from the Google location DB There will be future work with this dataset... 3 again see: https://developers.google.com/speed/public-dns/faq#locations florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 14

Client subnet: country to DNS-Server mapping 300 Requests received from Google-DNS 74.125.180.0/24 (Berlin, Germany) 250 200 count 150 100 50 0 AM CL ET GE IE LA MA MN NP PT SD TN ZA CY FI MD LB LV PK VN ID PS AL AZ BY GR IQ ES RS US GB BR DK IT BG IR CZ DE AF BH DZ GA GH IN LI ME MT PE SA SG UZ AR EG IL EE LU MK TH CA KZ SI NO BA EU HR NL SE TR SK FR CH AT HU RO UA RU PL florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 15

Conclusion Enabling ECS gives better performance for clients This comes with a tradeoff for DNS providers and CDNs: it also reveals internal information It enables researchers (and competitors) to investigate e.g. global footprint, growth-ate, user-to-server mapping Thus it reveals more information than desired (server and service distribution) This is in fact an experiment running on the public Internet and might not be as harmless as it seemed Future Adopters and the community should be aware florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 16

Bibliography I [1] Matt Calder, Xun Fan, Zi Hu, Ethan Katz-Bassett, John Heidemann, and Ramesh Govindan. Mapping the expansion of Google s serving infrastructure. Technical Report TR 13-935, University of Southern California Computer Science Department, June 2013. [2] John S. Otto, Mario A. Sánchez, John P. Rula, and Fabián E. Bustamante. Content delivery and the natural evolution of dns: remote dns trends, performance issues and alternative solutions. In Proceedings of the 2012 ACM conference on Internet measurement conference, IMC 12, pages 523 536, New York, NY, USA, 2012. ACM. florian@inet.tu-berlin.de (INET@TUB) Client-IP EDNS Option Concerns October 16th 2013 17

Contact: Florian Streibelt <florian@inet.tu-berlin.de> Related publication: Unintended Consequences: Exploring EDNS-Client-Subnet Adopters in your Free Time Internet Measurement Conference, October 2013 http://conferences.sigcomm.org/imc/2013/ Authors: Florian Streibelt, Jan Böttger, Nikolaos Chatzis, Georgios Smaragdakis, Anja Feldmann The paper, software and raw data will be published in November 2013. Image sources: own work and http://openclipart.org/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information