Nick Feamster

Alternative Trust Sources: Reducing DNSSEC Signature Verification Operations with TLS

By: 
Sean Donovan, Nick Feamster
Appears in: 
CCR August 2015

DNSSEC has been in development for 20 years. It provides for provable security when retrieving domain names through the use of a public key infrastructure (PKI). Unfortunately, there is also significant overhead involved with DNSSEC: verifying certificate chains of signed DNS messages involves extra computation, queries to remote resolvers, additional transfers, and introduces added latency into the DNS query path.

ASwatch: An AS Reputation System to Expose Bulletproof Hosting ASes

By: 
Maria Konte, Roberto Perdisci, Nick Feamster
Appears in: 
CCR August 2015

Bulletproof hosting Autonomous Systems (ASes)--malicious ASes fully dedicated to supporting cybercrime--provide freedom and resources for a cyber-criminal to operate. Their services include hosting a wide range of illegal content, botnet C&C servers, and other malicious resources. Thousands of new ASes are registered every year, many of which are often used exclusively to facilitate cybercrime.

Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests

By: 
Sam Burnett, Nick Feamster
Appears in: 
CCR August 2015

Despite the pervasiveness of Internet censorship, we have scant data on its extent, mechanisms, and evolution. Measuring censorship is challenging: it requires continual measurement of reachability to many target sites from diverse vantage points. Amassing suitable vantage points for longitudinal measurement is difficult; existing systems have achieved only small, short-lived deployments.

Locating throughput bottlenecks in home networks

By: 
Srikanth Sundaresan, Nick Feamster, Renata Teixeira
Appears in: 
CCR August 2014

We present a demonstration of WTF (Where’s The Fault?), a system that localizes performance problems in home and access networks. We implement WTF as custom firmware that runs in an off-the-shelf home router. WTF uses timing and buffering information from passively monitored traffic at home routers to detect both access link and wireless network bottlenecks.

SDX: a software defined internet exchange

By: 
Arpit Gupta, Laurent Vanbever, Muhammad Shahbaz, Sean P. Donovan, Brandon Schlinker, Nick Feamster, Jennifer Rexford, Scott Shenker, Russ Clark, Ethan Katz-Bassett
Appears in: 
CCR August 2014

BGP severely constrains how networks can deliver traffic over the Internet. Today’s networks can only forward traffic based on the destination IP prefix, by selecting among routes offered by their immediate neighbors. We believe Software Defined Networking (SDN) could revolutionize wide-area traffic delivery, by offering direct control over packet-processing rules that match on multiple header fields and perform a variety of actions.

SDX: a software defined internet exchange

By: 
Arpit Gupta, Laurent Vanbever, Muhammad Shahbaz, Sean Patrick Donovan, Brandon Schlinker, Nick Feamster, Jennifer Rexford, Scott Shenker, Russ Clark, Ethan Katz-Bassett
Appears in: 
CCR August 2014

BGP severely constrains how networks can deliver traffic over the Internet. Today’s networks can only forward traffic based on the destination IP prefix, by selecting among routes offered by their immediate neighbors. We believe Software Defined Networking (SDN) could revolutionize wide-area traffic delivery, by offering direct control over packet-processing rules that match on multiple header fields and perform a variety of actions.

NetAssay: providing new monitoring primitives for network operators

By: 
Sean Donovan, Nick Feamster
Appears in: 
CCR August 2014

Home and business network operators have limited network statistics available over which management decisions can be made. Similarly, there are few triggered behaviors, such as usage or bandwidths cap for individual users, that are available. By looking at sources of traffic, based on Domain Name System (DNS) cues for content of particular web addresses or source Autonomous System (AS) of the traffic, network operators could create new and interesting rules for their network. NetAssay is a Software-Defined Networking (SDN)-based, network-wide monitoring and reaction framework.

Making sense of internet censorship: a new frontier for internet measurement

By: 
Sam Burnett, Nick Feamster
Appears in: 
CCR July 2013

Free and open access to information on the Internet is at risk: more than 60 countries around the world practice some form of Internet censorship, and both the number of countries practicing censorship and the proportion of Internet users who are subject to it are likely to increase. We posit that, although it may not always be feasible to guarantee free and open access to information, citizens have the right to know when their access has been obstructed, restricted, or tampered with, so that they can make informed decisions on information access.

Refactoring network infrastructure to improve manageability: a case study of home networking

By: 
Marshini Chetty, Nick Feamster
Appears in: 
CCR July 2012

Managing a home network is challenging because the underlying infrastructure is so complex. Existing interfaces either hide or expose the network's underlying complexity, but in both cases, the information that is shown does not necessarily allow a user to complete desired tasks. Recent advances in software defined networking, however, permit a redesign of the underlying network and protocols, potentially allowing designers to move complexity further from the user and, in some cases, eliminating it entirely.

Towards a cost model for network traffic

By: 
Murtaza Motiwala, Amogh Dhamdhere, Nick Feamster, Anukool Lakhina
Appears in: 
CCR January 2012

We develop a holistic cost model that operators can use to help evaluate the costs of various routing and peering decisions. Using real traffic data from a large carrier network, we show how network operators can use this cost model to significantly reduce the cost of carrying traffic in their networks. We find that adjusting the routing for a small fraction of total flows (and total traffic volume) significantly reduces cost in many cases. We also show how operators can use the cost model both to evaluate potential peering arrangements and for other network operations problems.

Public Review By: 
Augustin Chaintreau

Signal is not information, and however hard we try our networked life is not 100% efficient. In some extreme cases, one might ever wonder if some of these online conversations are worth taking place. One reasurring thought is that, if the value of communication is subject to debate, its cost on the other hand can probably be assessed objectively. No matter how boring is your train neighbor’s cellphone conversation, you can probably infer how much he or she will eventually pay for it. This paper may (or not) surprise you as it asks the apparently simple question “what is the real cost of carrying a given traffic flow?” and it tells that, well, it's perhaps more complicated than we think. As several reviewers pointed out, this is perhaps even more complicated than what a 6 page paper can tell. There are many good reasons (much better than the one I gave above) to compute this cost, primarily for an operator to optimize key decisions like the establishment of peering links. This is where the paper focus and it establishes that it is likely that the cost can be greatly reduce by modifying routes for a small portion of the traffic. Where it differs from traditional traffic engineering is that it does not aim at a previously agreed performance goals, but it uses the same means to minimize the overall cost. Not surprisingly, the cost model turns out to be an essential piece: for substantially the same gain, the fraction of traffic to reroute varies from 10% (for linear cost) to 30% (when a cooperative game theory following Shapley’s fairness axioms are used). This result more generally establishes that cost models matter, and also that they can be useful. One clear merit of this work is to make all of us aware that perhaps our community should be engaging in understanding which cost model can and should be used. Major questions remaining to answer are (1) the impact of the congestion and feedback loop, (2) the roles that content providers and CDNs play in the cost value chain, and (3) how would the rerouting proposed in this article be actually implemented without terribly impacting performances or previously agreed terms of service. This paper will not answer these entirely, but it provides some elements and hopefully you'll think differently about them after you read it.

Syndicate content