6.7NIJun 1
Waiting at the front door: Continuous monitoring of latency in the host network stackSimon Sundberg, Anna Brunstrom, Simone Ferlin-Reiter et al.
With networking moving into the sub-millisecond latency domain, latency in the end host itself can become a significant barrier to achieving consistently low application latency. Both the physical interconnect between the network card and the CPU, the kernel network stack, and the scheduling of applications themselves can be considerable sources of latency. Previous work has studied host latency at various levels, yet there remains a lack of methods and tools to continuously monitor host latency in production. To remedy this, we present netstacklat, a monitoring tool that captures latency at several points in the host network, from the early parts of the Linux kernel network stack all the way until the application reads the data. We evaluate netstacklat in a testbed, demonstrating its ability to capture host latency across 144 variations of HTTP workloads for Nginx and Apache, while also showing how the low monitoring overhead does not inflate tail latency by more than 6%, where previous monitoring solutions increase it by over 100%. Furthermore, we share our initial findings from deploying netstacklat in Cloudflare's global CDN network.
CRJun 22, 2018
Aggregation-Based Certificate Transparency GossipRasmus Dahlberg, Tobias Pulls, Jonathan Vestin et al.
Certificate Transparency (CT) requires that every CA-issued TLS certificate must be publicly logged. While a CT log need not be trusted in theory, it relies on the assumption that every client observes and cryptographically verifies the same log. As such, some form of gossip mechanism is needed in practice. Despite CT being adopted by several major browser vendors, no gossip mechanism is widely deployed. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plaintext, aggregating at packet processors (such as routers and switches) to periodically verify log consistency off-path. In other words, gossip is provided as-a-service by the network. Based on 20 days of RIPE Atlas measurements that represent clients from 3500 autonomous systems and 40% of the IPv4 space, our proposal can be deployed incrementally for a realistic threat model with significant protection against split-viewing CT logs. We also show that aggregation-based gossip can be implemented for a variety of packet processors using P4 and XDP, running at 10 Gbps line-speed.