SlideShare a Scribd company logo

Presentazione-Prelaurea_Alessandro-Nuzzi.pptx

Download as PPTX, PDF
A
AlessandroNuzzi1

Presentazione prelaurea magistrale Ingegneria Elettronica e Informatica pptx, Alessandro Nuzzi

Engineering
1 of 28
Performance assessment of the MASQUE extension for proxying scenarios in the QUIC transport protocol Anno accademico 2022-2023 DIPARTIMENTO DI INGEGNERIA E ARCHITETTURA Corso di Laurea in Ingegneria Elettronica e Informatica Curriculum Reti & IoT Laureando Alessandro Nuzzi Relatori Prof. Alberto Bartoli Prof. Martino Trevisan
Context • The web relies on many protocols to enable communication and information sharing across the Internet • HTTP and TCP are the predominant protocols driving today's web infrastructure • The new QUIC (Quick UDP Internet Connections) transport protocol is on the rise across the world for many applications
QUIC vs TCP • Reduced connection establishment latency • Connection migration support • Header encryption • No head-of-line blocking
QUIC: Usage • More than 40% of traffic for big applications requiring high efficiency • Facebook, Netflix, YouTube, Instagram • High traffic around the world • 46% in Latin America, 42% in Europe and 32% in the United States • Widely supported by providers • Akamai, Cloudflare, Fastly
Proxies • Act as intermediaries between clients and servers • Provide several features • Network optimization • Privacy enhancement • Content filtering
Problem introduction • QUIC encrypts almost all of its packet header fields • Difficult for proxies to inspect traffic and apply policy rules • Proxies might treat QUIC traffic as malicious or unknown • Traffic delayed or dropped • Need for new proxying technologies that allow HTTP to create tunnels for proxying any non-TCP-based protocols, such as QUIC
MASQUE Multiplexed Application Substrate over QUIC Encryption • Working group formed in June 2020 • Supports proxying UDP and IP over HTTP • Using QUIC DATAGRAMS with HTTP/3 (RFC 9297) • CONNECT-UDP (RFC 9298) • Provides privacy guarantees • Hiding client IP address from the target server • Obfuscating traffic destination from client network provider • Can perform network translation or DNS resolution
CONNECT-UDP • Uses new DATAGRAM frame • Unreliable • Congestion-controlled • ACK-eliciting, not retransmitted • Creates and connects a UDP socket to a target server • Creates an end-to-end flow of unreliable messages between client and server
Thesis objectives • Evaluate the performance of the MASQUE proposal in proxying scenarios • Several network conditions • Comparison with traditional HTTP/TCP proxies • Scenarios in which MASQUE usage could be beneficial
Tools used Hard to find stable implementations of MASQUE and QUIC • Cloudflare QUIC server • Google QUIC client • Google MASQUE client and MASQUE proxy • curl command-line tool • Squid proxy • Twisted HTTPS server
Testing environment • Docker-based emulation • Client, server and proxy containers • Traffic control and network conditions with tc • Additional delay, bandwidth limit, packet loss • Automation with Bash scripts • Execution of repetitive or complex operations
Methodology • Client requesting a constant-sized file via HTTP GET • File requested to target server, either through proxy or not • Transfer time measured • Different file sizes • Four categories • Without proxy: TCP with TLS and QUIC • With proxy: TCP with TLS and MASQUE • Simulated network conditions • Bandwidth limit, additional delay, packet loss
Network conditions • Additional delay • Results in additional RTT • Without proxy: doubled delay applied to client interface • With proxy: single delays applied to client and server interfaces • Packet loss • Without proxy: loss divided by two on all interfaces • With proxy: loss divided by four on all interfaces • Bandwidth limit • Limit applied to client and server interfaces
Experiments • A full test is made of four experiments, one for each category • MASQUE, TCP+TLS with proxy, QUIC, TCP+TLS without proxy • Each experiment is made of 21 measurements • Delay increased in every new measurement, from 0ms to 200ms • Each measurement is made of 100 iterations • Each iteration is a file request • Fixed network conditions: delay, bandwidth, packet loss • Data summary based on the iterations measured times
Data • Collected data for each request • Real time: elapsed time from client command start to finish • CPU time: processing time used by client command on user and kernel mode • Data summary for each measurement • Collected real times used to calculate measurement summary • Mean, standard deviation, median, quartiles... • In case of error, time is discarded and error is logged
Experimental campaigns • Three scenarios • Low bandwidth: 10Mbps, no packet loss, variable delay • Medium bandwidth: 100Mbps, no packet loss, variable delay • High bandwidth: 1Gbps, no packet loss, variable delay • In each scenario, 1MB and 10MB download • Other scenarios • Medium bandwidth, 1MB file download, 10ms delay, 0%, 1%, 2%, 5% packet loss
Low bandwidth 1MB file • TCP+TLS with proxy has best performance • Gap between QUIC, MASQUE and TCP+TLS at the beginning • QUIC similar to TCP+TLS without proxy • QUIC has worst performance between 140ms and 170ms • QUIC outperforms MASQUE and TCP+TLS without proxy after • Internal tuning mechanisms
Medium bandwidth 1MB file • Same considerations about TCP+TLS without proxy and performance gap • QUIC performs better than MASQUE, except at 30ms • QUIC outperforms TCP+TLS without proxy starting from 80ms, MASQUE from 190ms • QUIC and MASQUE less variable than TCP+TLS
High bandwidth 1MB file • Similar as previous scenario • QUIC and MASQUE start performing better than TCP+TLS without proxy earlier, at 40ms and 140ms
All bandwidth 10MB file • Same considerations about TCP+TLS without proxy and performance gap • MASQUE and QUIC never reach TCP+TLS • MASQUE perform worse than QUIC before a certain time, better after
Medium bandwidth, 1MB, 10ms, loss • Measured time of each box increases as loss increases • MASQUE performs the worst • QUIC keeps its median below the TCP+TLS counterpart when the loss is the highest
CPU time VS Real time • QUIC has equal CPU time and Real time • The process actively executes instructions on the CPU • TCP+TLS cases have constant CPU time • Waiting time is not considered in the CPU time • MASQUE has almost constant CPU time, except at the beginning Lines overlap!
Results • TCP+TLS with proxy has the best performance • In presence of a proxy, TCP+TLS uses two end-to-end independent connections • Retransmissions happen independently in the two connections • Higher throughput • In MASQUE, only one connection is established • End-to-end retransmissions • Using a proxy does not provide advantages
Results (II) • Small files: MASQUE performs similarly or worse than QUIC • Bigger files: MASQUE outperforms QUIC in medium and high bandwidth and high latency links • Low bandwidth and high latency: QUIC has very good performance • Lossy links: QUIC has better performance than equivalent TCP+TLS and than MASQUE • QUIC and MASQUE have different retransmission mechanism
Results (III) • Higher bandwidth is beneficial for QUIC and MASQUE with small files • The higher the bandwidth, the sooner QUIC and MASQUE outperform TCP+TLS without proxy • With little to no added delay, performance gap between QUIC and MASQUE and QUIC and TCP+TLS • Up to 30% and 40% respectively • After this time interval, QUIC and MASQUE have small difference • At most 8% with 1MB file size, 13% with 10MB file size
Limitations and future work • MASQUE early development stage • Existing implementations are not yet stable • Need for analysing new or enhanced MASQUE implementations • Experiments only with single HTTP requests • Need to evaluate performance of complex web pages • And other applications: video streaming, mail, etc. • Need for finding root causes reason of the performance gaps • Possibility of using more sophisticated network conditions • Correlated packet loss • Unevenly distributed delay
Conclusions • Overall modest performance cost associated with the employment of MASQUE in proxying scenarios that already use QUIC • Adopting MASQUE to achieve its privacy guarantees comes at a reasonable performance expense • MASQUE can be a good choice in several contexts • IoT devices • Companies handling sensitive data • Developing protocols with encryption and privacy promises involves a performance trade-off
Thank you for your attention

Recommended

Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxAlessandroNuzzi1
 
Presentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptxPresentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptxAlessandroNuzzi1
 
AusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUICAusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUICAPNIC
 
Network
NetworkNetwork
NetworkYnon Perek
 
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2Adam Dunkels
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUICAPNIC
 
network basics
network basicsnetwork basics
network basicsAvin Ash
 

Recommended

Presentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxPresentazione-Prelaurea_Alessandro-Nuzzi.pptx
Presentazione-Prelaurea_Alessandro-Nuzzi.pptxAlessandroNuzzi1
 
Presentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptxPresentazione Laurea Nuzzi Alessandro.pptx
Presentazione Laurea Nuzzi Alessandro.pptxAlessandroNuzzi1
 
AusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUICAusNOG 2023: A quick look at QUIC
AusNOG 2023: A quick look at QUICAPNIC
 
Network
NetworkNetwork
NetworkYnon Perek
 
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2Building the Internet of Things with Thingsquare and Contiki - day 2 part 2
Building the Internet of Things with Thingsquare and Contiki - day 2 part 2Adam Dunkels
 
Network protocols and vulnerabilities
Network protocols and vulnerabilitiesNetwork protocols and vulnerabilities
Network protocols and vulnerabilitiesG Prachi
 
40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUIC40th TWNIC Open Policy Meeting: A quick look at QUIC
40th TWNIC Open Policy Meeting: A quick look at QUICAPNIC
 
network basics
network basicsnetwork basics
network basicsAvin Ash
 
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)PeterNiblett
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7Karel Zikmund
 
UDP accelerated file transfer - introducing an FTP replacement and its benefits
UDP accelerated file transfer - introducing an FTP replacement and its benefitsUDP accelerated file transfer - introducing an FTP replacement and its benefits
UDP accelerated file transfer - introducing an FTP replacement and its benefitsFileCatalyst
 
WebRTC DataChannels demystified
WebRTC DataChannels demystifiedWebRTC DataChannels demystified
WebRTC DataChannels demystifiedVictor Pascual Ávila
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3Seung-Bum Lee
 
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfA Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfAPNIC
 
Chapter02
Chapter02Chapter02
Chapter02Muhammad Ahad
 
CoAP Talk
CoAP TalkCoAP Talk
CoAP TalkBasuke Suzuki
 
how_internet_works.ppt
how_internet_works.ppthow_internet_works.ppt
how_internet_works.pptsinghssukhdev65
 
Chapter11
Chapter11Chapter11
Chapter11Muhammad Ahad
 
Network-Internet
Network-InternetNetwork-Internet
Network-InternetJunaidRamzan4
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptFaltuJiii
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptUnitechComputers2
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptKabindra Koirala
 
Network-Internet and network topology.ppt
Network-Internet and network topology.pptNetwork-Internet and network topology.ppt
Network-Internet and network topology.pptoyebanjibenedict
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptssuserc8c26a
 
TelecommunicationsThe Internet Basic Telecom Model
TelecommunicationsThe Internet Basic Telecom ModelTelecommunicationsThe Internet Basic Telecom Model
TelecommunicationsThe Internet Basic Telecom Modeljeronimored
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptsunilcomputer
 
Messaging for IoT
Messaging for IoTMessaging for IoT
Messaging for IoTdejanb
 
Google QUIC
Google QUICGoogle QUIC
Google QUICFelipe Rayel
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 

More Related Content

Similar to Presentazione-Prelaurea_Alessandro-Nuzzi.pptx

IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)PeterNiblett
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7Karel Zikmund
 
UDP accelerated file transfer - introducing an FTP replacement and its benefits
UDP accelerated file transfer - introducing an FTP replacement and its benefitsUDP accelerated file transfer - introducing an FTP replacement and its benefits
UDP accelerated file transfer - introducing an FTP replacement and its benefitsFileCatalyst
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3Seung-Bum Lee
 
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfA Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfAPNIC
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptFaltuJiii
 
Network-Internet and network topology.ppt
Network-Internet and network topology.pptNetwork-Internet and network topology.ppt
Network-Internet and network topology.pptoyebanjibenedict
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptssuserc8c26a
 
TelecommunicationsThe Internet Basic Telecom Model
TelecommunicationsThe Internet Basic Telecom ModelTelecommunicationsThe Internet Basic Telecom Model
TelecommunicationsThe Internet Basic Telecom Modeljeronimored
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.pptsunilcomputer
 
Messaging for IoT
Messaging for IoTMessaging for IoT
Messaging for IoTdejanb
 

Similar to Presentazione-Prelaurea_Alessandro-Nuzzi.pptx (20)

IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
 
UDP accelerated file transfer - introducing an FTP replacement and its benefits
UDP accelerated file transfer - introducing an FTP replacement and its benefitsUDP accelerated file transfer - introducing an FTP replacement and its benefits
UDP accelerated file transfer - introducing an FTP replacement and its benefits
 
WebRTC DataChannels demystified
WebRTC DataChannels demystifiedWebRTC DataChannels demystified
WebRTC DataChannels demystified
 
High performance browser networking ch1,2,3
High performance browser networking ch1,2,3High performance browser networking ch1,2,3
High performance browser networking ch1,2,3
 
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdfA Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
A Quick Look at QUIC, presentation for RIPE 85 by Geoff Huston.pdf
 
Chapter02
Chapter02Chapter02
Chapter02
 
CoAP Talk
CoAP TalkCoAP Talk
CoAP Talk
 
how_internet_works.ppt
how_internet_works.ppthow_internet_works.ppt
how_internet_works.ppt
 
Chapter11
Chapter11Chapter11
Chapter11
 
Network-Internet
Network-InternetNetwork-Internet
Network-Internet
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.ppt
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.ppt
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.ppt
 
Network-Internet and network topology.ppt
Network-Internet and network topology.pptNetwork-Internet and network topology.ppt
Network-Internet and network topology.ppt
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.ppt
 
TelecommunicationsThe Internet Basic Telecom Model
TelecommunicationsThe Internet Basic Telecom ModelTelecommunicationsThe Internet Basic Telecom Model
TelecommunicationsThe Internet Basic Telecom Model
 
Network-Internet.ppt
Network-Internet.pptNetwork-Internet.ppt
Network-Internet.ppt
 
Messaging for IoT
Messaging for IoTMessaging for IoT
Messaging for IoT
 
Google QUIC
Google QUICGoogle QUIC
Google QUIC
 

Recently uploaded

Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningmisbanausheenparvam
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 

Recently uploaded (20)

Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
chaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learningchaitra-1.pptx fake news detection using machine learning
chaitra-1.pptx fake news detection using machine learning
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 

Presentazione-Prelaurea_Alessandro-Nuzzi.pptx

  • 1. Performance assessment of the MASQUE extension for proxying scenarios in the QUIC transport protocol Anno accademico 2022-2023 DIPARTIMENTO DI INGEGNERIA E ARCHITETTURA Corso di Laurea in Ingegneria Elettronica e Informatica Curriculum Reti & IoT Laureando Alessandro Nuzzi Relatori Prof. Alberto Bartoli Prof. Martino Trevisan
  • 2. Context • The web relies on many protocols to enable communication and information sharing across the Internet • HTTP and TCP are the predominant protocols driving today's web infrastructure • The new QUIC (Quick UDP Internet Connections) transport protocol is on the rise across the world for many applications
  • 3. QUIC vs TCP • Reduced connection establishment latency • Connection migration support • Header encryption • No head-of-line blocking
  • 4. QUIC: Usage • More than 40% of traffic for big applications requiring high efficiency • Facebook, Netflix, YouTube, Instagram • High traffic around the world • 46% in Latin America, 42% in Europe and 32% in the United States • Widely supported by providers • Akamai, Cloudflare, Fastly
  • 5. Proxies • Act as intermediaries between clients and servers • Provide several features • Network optimization • Privacy enhancement • Content filtering
  • 6. Problem introduction • QUIC encrypts almost all of its packet header fields • Difficult for proxies to inspect traffic and apply policy rules • Proxies might treat QUIC traffic as malicious or unknown • Traffic delayed or dropped • Need for new proxying technologies that allow HTTP to create tunnels for proxying any non-TCP-based protocols, such as QUIC
  • 7. MASQUE Multiplexed Application Substrate over QUIC Encryption • Working group formed in June 2020 • Supports proxying UDP and IP over HTTP • Using QUIC DATAGRAMS with HTTP/3 (RFC 9297) • CONNECT-UDP (RFC 9298) • Provides privacy guarantees • Hiding client IP address from the target server • Obfuscating traffic destination from client network provider • Can perform network translation or DNS resolution
  • 8. CONNECT-UDP • Uses new DATAGRAM frame • Unreliable • Congestion-controlled • ACK-eliciting, not retransmitted • Creates and connects a UDP socket to a target server • Creates an end-to-end flow of unreliable messages between client and server
  • 9. Thesis objectives • Evaluate the performance of the MASQUE proposal in proxying scenarios • Several network conditions • Comparison with traditional HTTP/TCP proxies • Scenarios in which MASQUE usage could be beneficial
  • 10. Tools used Hard to find stable implementations of MASQUE and QUIC • Cloudflare QUIC server • Google QUIC client • Google MASQUE client and MASQUE proxy • curl command-line tool • Squid proxy • Twisted HTTPS server
  • 11. Testing environment • Docker-based emulation • Client, server and proxy containers • Traffic control and network conditions with tc • Additional delay, bandwidth limit, packet loss • Automation with Bash scripts • Execution of repetitive or complex operations
  • 12. Methodology • Client requesting a constant-sized file via HTTP GET • File requested to target server, either through proxy or not • Transfer time measured • Different file sizes • Four categories • Without proxy: TCP with TLS and QUIC • With proxy: TCP with TLS and MASQUE • Simulated network conditions • Bandwidth limit, additional delay, packet loss
  • 13. Network conditions • Additional delay • Results in additional RTT • Without proxy: doubled delay applied to client interface • With proxy: single delays applied to client and server interfaces • Packet loss • Without proxy: loss divided by two on all interfaces • With proxy: loss divided by four on all interfaces • Bandwidth limit • Limit applied to client and server interfaces
  • 14. Experiments • A full test is made of four experiments, one for each category • MASQUE, TCP+TLS with proxy, QUIC, TCP+TLS without proxy • Each experiment is made of 21 measurements • Delay increased in every new measurement, from 0ms to 200ms • Each measurement is made of 100 iterations • Each iteration is a file request • Fixed network conditions: delay, bandwidth, packet loss • Data summary based on the iterations measured times
  • 15. Data • Collected data for each request • Real time: elapsed time from client command start to finish • CPU time: processing time used by client command on user and kernel mode • Data summary for each measurement • Collected real times used to calculate measurement summary • Mean, standard deviation, median, quartiles... • In case of error, time is discarded and error is logged
  • 16. Experimental campaigns • Three scenarios • Low bandwidth: 10Mbps, no packet loss, variable delay • Medium bandwidth: 100Mbps, no packet loss, variable delay • High bandwidth: 1Gbps, no packet loss, variable delay • In each scenario, 1MB and 10MB download • Other scenarios • Medium bandwidth, 1MB file download, 10ms delay, 0%, 1%, 2%, 5% packet loss
  • 17. Low bandwidth 1MB file • TCP+TLS with proxy has best performance • Gap between QUIC, MASQUE and TCP+TLS at the beginning • QUIC similar to TCP+TLS without proxy • QUIC has worst performance between 140ms and 170ms • QUIC outperforms MASQUE and TCP+TLS without proxy after • Internal tuning mechanisms
  • 18. Medium bandwidth 1MB file • Same considerations about TCP+TLS without proxy and performance gap • QUIC performs better than MASQUE, except at 30ms • QUIC outperforms TCP+TLS without proxy starting from 80ms, MASQUE from 190ms • QUIC and MASQUE less variable than TCP+TLS
  • 19. High bandwidth 1MB file • Similar as previous scenario • QUIC and MASQUE start performing better than TCP+TLS without proxy earlier, at 40ms and 140ms
  • 20. All bandwidth 10MB file • Same considerations about TCP+TLS without proxy and performance gap • MASQUE and QUIC never reach TCP+TLS • MASQUE perform worse than QUIC before a certain time, better after
  • 21. Medium bandwidth, 1MB, 10ms, loss • Measured time of each box increases as loss increases • MASQUE performs the worst • QUIC keeps its median below the TCP+TLS counterpart when the loss is the highest
  • 22. CPU time VS Real time • QUIC has equal CPU time and Real time • The process actively executes instructions on the CPU • TCP+TLS cases have constant CPU time • Waiting time is not considered in the CPU time • MASQUE has almost constant CPU time, except at the beginning Lines overlap!
  • 23. Results • TCP+TLS with proxy has the best performance • In presence of a proxy, TCP+TLS uses two end-to-end independent connections • Retransmissions happen independently in the two connections • Higher throughput • In MASQUE, only one connection is established • End-to-end retransmissions • Using a proxy does not provide advantages
  • 24. Results (II) • Small files: MASQUE performs similarly or worse than QUIC • Bigger files: MASQUE outperforms QUIC in medium and high bandwidth and high latency links • Low bandwidth and high latency: QUIC has very good performance • Lossy links: QUIC has better performance than equivalent TCP+TLS and than MASQUE • QUIC and MASQUE have different retransmission mechanism
  • 25. Results (III) • Higher bandwidth is beneficial for QUIC and MASQUE with small files • The higher the bandwidth, the sooner QUIC and MASQUE outperform TCP+TLS without proxy • With little to no added delay, performance gap between QUIC and MASQUE and QUIC and TCP+TLS • Up to 30% and 40% respectively • After this time interval, QUIC and MASQUE have small difference • At most 8% with 1MB file size, 13% with 10MB file size
  • 26. Limitations and future work • MASQUE early development stage • Existing implementations are not yet stable • Need for analysing new or enhanced MASQUE implementations • Experiments only with single HTTP requests • Need to evaluate performance of complex web pages • And other applications: video streaming, mail, etc. • Need for finding root causes reason of the performance gaps • Possibility of using more sophisticated network conditions • Correlated packet loss • Unevenly distributed delay
  • 27. Conclusions • Overall modest performance cost associated with the employment of MASQUE in proxying scenarios that already use QUIC • Adopting MASQUE to achieve its privacy guarantees comes at a reasonable performance expense • MASQUE can be a good choice in several contexts • IoT devices • Companies handling sensitive data • Developing protocols with encryption and privacy promises involves a performance trade-off
  • 28. Thank you for your attention