diff options
Diffstat (limited to 'doc/rfc/rfc9075.txt')
| -rw-r--r-- | doc/rfc/rfc9075.txt | 1142 |
1 files changed, 1142 insertions, 0 deletions
diff --git a/doc/rfc/rfc9075.txt b/doc/rfc/rfc9075.txt new file mode 100644 index 0000000..6ebcd8c --- /dev/null +++ b/doc/rfc/rfc9075.txt @@ -0,0 +1,1142 @@ + + + + +Internet Architecture Board (IAB) J. Arkko +Request for Comments: 9075 S. Farrell +Category: Informational M. Kühlewind +ISSN: 2070-1721 C. Perkins + July 2021 + + + Report from the IAB COVID-19 Network Impacts Workshop 2020 + +Abstract + + The Coronavirus disease (COVID-19) pandemic caused changes in + Internet user behavior, particularly during the introduction of + initial quarantine and work-from-home arrangements. These behavior + changes drove changes in Internet traffic. + + The Internet Architecture Board (IAB) held a workshop to discuss + network impacts of the pandemic on November 9-13, 2020. The workshop + was held to convene interested researchers, network operators, + network management experts, and Internet technologists to share their + experiences. The meeting was held online given the ongoing travel + and contact restrictions at that time. + + Note that this document is a report on the proceedings of the + workshop. The views and positions documented in this report are + those of the workshop participants and do not necessarily reflect IAB + views and positions. + +Status of This Memo + + This document is not an Internet Standards Track specification; it is + published for informational purposes. + + This document is a product of the Internet Architecture Board (IAB) + and represents information that the IAB has deemed valuable to + provide for permanent record. It represents the consensus of the + Internet Architecture Board (IAB). Documents approved for + publication by the IAB are not candidates for any level of Internet + Standard; see Section 2 of RFC 7841. + + Information about the current status of this document, any errata, + and how to provide feedback on it may be obtained at + https://www.rfc-editor.org/info/rfc9075. + +Copyright Notice + + Copyright (c) 2021 IETF Trust and the persons identified as the + document authors. All rights reserved. + + This document is subject to BCP 78 and the IETF Trust's Legal + Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info) in effect on the date of + publication of this document. Please review these documents + carefully, as they describe your rights and restrictions with respect + to this document. + +Table of Contents + + 1. Introduction + 2. Scope + 3. Workshop Topics and Discussion + 3.1. Measurement-Based Observations on Network Traffic Dynamics + 3.1.1. Overall Traffic Growth + 3.1.2. Changes in Application Use + 3.1.3. Mobile Networks and Mobility + 3.1.4. A Deeper Look at Interconnections + 3.1.5. Cloud Platforms + 3.1.6. Last-Mile Congestion + 3.1.7. User Behavior + 3.2. Operational Practices and Architectural Considerations + 3.2.1. Digital Divide + 3.2.2. Applications + 3.2.3. Observability + 3.2.4. Security + 3.2.5. Discussion + 3.3. Conclusions + 4. Feedback on Meeting Format + 5. Position Papers + 6. Program Committee + 7. Informative References + Appendix A. Workshop Participants + IAB Members at the Time of Approval + Acknowledgments + Authors' Addresses + +1. Introduction + + The Internet Architecture Board (IAB) held a workshop to discuss + network impacts of the COVID-19 pandemic on November 9-13, 2020. The + workshop was held to convene interested researchers, network + operators, network management experts, and Internet technologists to + share their experiences. The meeting was held online given the + ongoing travel and contact restrictions at that time. + + COVID-19 has caused changes in user behavior, which in turn drove + changes in Internet traffic. These changes in user behavior appeared + rather abruptly and were significant, in particular during the + introduction of initial quarantine and work-from-home arrangements. + This caused changes in Internet traffic in terms of volume and + location, as well as shifts in the types of applications used. This + shift in traffic and user behavior also created a shift in security + practices as well as attack patterns that made use of the attack + surface, resulting from the shift to working from home in a global + crisis. + + An announcement for the workshop was sent out in July 2020 requesting + that interested parties submit position papers to the workshop + program committee. A total of 15 position papers were received from + 33 authors in total. The papers are listed in Section 5. In + addition, several other types of contributions and pointers to + existing work were provided. A number of position papers referred to + parallel work being published in measurement-related academic + conferences. + + Invitations for the workshop were sent out based on the position + papers and other expressions of interest. On the workshop conference + calls were 46 participants, listed in Appendix A. + + The workshop was held over the course of one week and hosted three + sessions covering i) measurements and observations, ii) operational + and security issues, and iii) future consideration and conclusions. + As these three sessions were scheduled on Monday, Wednesday, and + Friday, a positive side effect was that the time in between the + sessions could be used for mailing list discussion and compilation of + additional workshop material. + +2. Scope + + The COVID-19 pandemic has had a tremendous impact on people's lives + as well as societies and economies around the globe. But it also had + a big impact on networking. With large numbers of people working + from home or otherwise depending on the network for their daily + lives, network traffic volume has surged. Internet service providers + and operators have reported 20% or more traffic growth in a matter of + weeks. Traffic at Internet Exchange Points (IXPs) is similarly on + the rise. Most forms of network traffic have seen an increase, with + conversational multimedia traffic growing, in some cases, by more + than 200%. And user time spent on conferencing services has risen by + an order of magnitude on some conferencing platforms. + + In general, the Internet has coped relatively well with this traffic + growth. The situation is not perfect: there have also been some + outages, video quality reduction, and other issues. Nevertheless, it + is interesting to see how the technology, operators, and service + providers have been able to respond to large changes in traffic + patterns. + + Understanding what actually happened with Internet traffic is, of + course, interesting in its own right. How that impacted the user + experience or the intended function of the services is equally + interesting. Measurements of and reports on Internet traffic in 2020 + are therefore valuable. But it would also be interesting to + understand what types of network management and capacity expansion + actions were taken in general. Anecdotal evidence points to Internet + and service providers tracking how their services are used and, in + many cases, adjusting services to accommodate the new traffic + patterns, from dynamic allocation of computing resources to more + complex changes. + + The impacts of this crisis are also a potential opportunity to + understand the impact of traffic shifts and growth more generally to + prepare for future situations -- crises or otherwise -- that impact + networking, or to allow us to adjust the technology to be even better + suited to respond to changes. + + The scope of this workshop, based on the call for contributions, + included: + + * measurements of traffic changes, user experience and problems, + service performance, and other relevant aspects + + * discussion about the behind-the-scenes network management and + expansion activities + + * sharing experiences in the fields of general Internet + connectivity, conferencing, media/entertainment, and Internet + infrastructure + + * lessons learned on preparedness and operations + + * lessons learned on Internet technology and architecture + +3. Workshop Topics and Discussion + +3.1. Measurement-Based Observations on Network Traffic Dynamics + + The workshop started with a focus on measurements. A large portion + of the submitted papers presented and discussed measurement data, and + these submissions provided a good basis for a better understanding of + the situation, covering different angles and aspects of network + traffic and different kinds of networks. + + Changes in Internet traffic due to the COVID-19 pandemic affected + different networks in various ways. Yet all networks saw some form + of change, be it a reduction in traffic, an increase in traffic, a + change in workday and weekend diurnal patterns, or a change in + traffic classes. Traffic volume, directionality ratios, and traffic + origins and destinations were radically different than from before + COVID-19. + + At a high level, while traffic from home networks increased + significantly, for the traffic in mobile networks different trends + were observed. Either the traffic increased as well -- for instance, + in locations where use of residential ISP services is less common -- + traffic decreased as a result of reduced population mobility. This + observed traffic decrease in mobile networks reflected rather the + opposite trend than what was observed in residential ISPs. + + While diurnal congestion at interconnect points as well in certain + last-mile networks was reported, mainly in March, no persistent + congestion was observed. Further, a downward trend in download + throughput to certain cloud regions was measured, which can probably + be explained by the increased use of cloud services. This gives + another indication that the scaling of shared resources in the + Internet is working reasonably well enough to handle even larger + changes in traffic as experienced during the first nearly global + lockdown of the COVID-19 pandemic. + +3.1.1. Overall Traffic Growth + + The global pandemic has significantly accelerated the growth of data + traffic worldwide. Based on the measurement data of one ISP, three + IXPs, a metropolitan educational network, and a mobile operator, it + was observed at the beginning of the workshop [Feldmann2020] that, + overall, the network was able to handle the situation well despite a + significant and sudden increase in the traffic growth rate in March + and April. That is, after the lockdown was implemented in March, a + traffic increase of 15-20% was observed at the ISP as well as at the + three IXPs. This traffic growth, which would typically occur over a + year, took place over a few weeks -- a substantial increase. At DE- + CIX Frankfurt, the world's largest Internet Exchange Point in terms + of data throughput, the year 2020 saw the largest increase in peak + traffic within a single year since the IXP was founded in 1995. + Additionally, mobile traffic has slightly receded. In access + networks, the growth rate of upstream traffic also exceeded the + growth in downstream traffic, reflecting increased adoption and use + of videoconferencing and other remote work and school applications. + + Most traffic increases happened outside of pre-pandemic peak hours. + Before the first COVID-19 lockdowns, the main time of use was in the + evening hours during the week, whereas, since March, it has been + spread more equally across the day. That is, the increase in usage + has mainly occurred outside the previous peak usage times (e.g., + during the day while working from home). This means that, for the + first time, network utilization on weekdays resembled that on + weekends. The effects of the increased traffic volume could easily + be absorbed, either by using existing reserve capacity or by quickly + switching additional bandwidth. This is one reason why the Internet + was able to cope well with the pandemic during the first lockdown + period. + + Some of the lockdowns were lifted or relaxed around May 2020. As + people were allowed to resume some of their daily activities outside + of their home again, as expected, there was a decrease in the traffic + observed at the IXPs and the ISP; instead, mobile traffic began to + grow again. + +3.1.2. Changes in Application Use + + The composition of data traffic has changed since the beginning of + the pandemic: the use of videoconferencing services and virtual + private networks (VPNs) for access to company resources from the home + environment has risen sharply. In ISP and IXP networks, it was + observed [Feldmann2020] that traffic associated with web + conferencing, video, and gaming increased significantly in March 2020 + as a result of the increasing user demand for solutions like Zoom or + Microsoft Teams. For example, the relative traffic share of many + "essential" applications like VPN and conferencing tools increased by + more than 200%. + + Also, as people spent more hours at home, they tended to watch videos + or play games, thus increasing entertainment traffic demands. At the + same time, the traffic share for other traffic classes decreased + substantially, e.g., traffic related to education, social media, and, + for some periods, content delivery networks (CDNs). In April and + June, web conferencing traffic was still high compared to the pre- + pandemic scenario, while a slight decrease in CDN and social media + traffic was observed. During these months, many people were still + working from home, but restrictions had been lifted or relaxed, which + likely led to an increase in in-person social activities and a + decrease in online social activities. + +3.1.2.1. Example Campus Networks + + Changes in traffic have been observed at university campus networks + as well, especially due to the necessary adoption of remote teaching. + The Politecnico di Torino (Italy) deployed its in-house solution for + remote teaching, which caused the outgoing traffic to grow by 2.5 + times, driven by more than 600 daily online classes. Incoming + traffic instead decreased by a factor of 10 due to the cessation of + any in-person activity. Based on their measurements, this change in + traffic and network usage did not, however, lead to noticeable + performance impairments, nor has significantly poor performance been + observed in students in remote regions of Italy. Outgoing traffic + also increased due to other remote working solutions, such as + collaboration platforms, VPNs, and remote desktops. + + Similar changes were observed by measuring REDIMadrid [Feldmann2020], + a European educational and research network that connects 16 + independent universities and research centers in the metropolitan + region of Madrid. A drop of up to 55% in traffic volume on working + days during the pandemic was observed. Similar to findings for ISP/ + IXP networks, it was observed that working days and weekend days are + becoming more similar in terms of total traffic. The hourly traffic + patterns reveal a traffic increase between 9 pm and 7 am. This could + be due to users working more frequently at unusual times but could + also potentially be caused by overseas students (mainly from Latin + America and East Asia as suggested by the Autonomous System (AS) + numbers from which these connections came) who accessed university + network resources from their home countries. + + Given the fact that the users of the academic network (e.g., students + and research staff) had to leave campus as a response to lockdown + measures, the traffic in-and-out (i.e., ingress and egress) ratio + also changed drastically. Prior to the lockdown, the incoming + traffic volume was much larger than the outgoing traffic volume. + This changed to a more balanced ratio. This change of traffic + asymmetry can be explained by the nature of remote work. On the one + hand, users connected to the network services mainly to access + resources, hence the increase in outgoing traffic. On the other + hand, all external (i.e., Internet-based) resources requested during + work were no longer accessed from the educational network but from + the users' homes. + +3.1.3. Mobile Networks and Mobility + + Mobile network data usage appeared to decline following the + imposition of localized lockdown measures as these reduced typical + levels of mobility and roaming. + + [Lutu2020] measured the cellular network of O2 UK to evaluate how the + changes in people's mobility impacted traffic patterns. By analyzing + cellular network signaling information regarding users' device + mobility activity, they observed a decrease of 50% in mobility + (according to different mobility metrics) in the UK during the + lockdown period. As they found no correlation between this reduction + in mobility and the number of confirmed COVID-19 cases, only the + enforced government order was effective in significantly reducing + mobility, and this reduction was more significant in densely + populated urban areas than in rural areas. For London specifically, + it could be observed from the mobile network data that approximately + 10% of residents temporarily relocated during the lockdown. + + These mobility changes had immediate implications in the traffic + patterns of the cellular network. The downlink data traffic volume + aggregated for all bearers (including conversational voice) decreased + for the entire UK by up to 25% during the lockdown period. This + correlates with the reduction in mobility that was observed + countrywide, which likely resulted in people relying more on + residential broadband Internet access to run download-intensive + applications such as video streaming. The observed decrease in the + radio cell load, with a reduction of approximately 15% across the UK + after the stay-at-home order was enacted, further corroborates the + drop in cellular connectivity usage. + + The total uplink data traffic volume, on the other hand, experienced + little change (between -7% and +1.5%) during lockdown. This was + mainly due to the increase of 4G voice traffic (i.e., Voice over LTE + (VoLTE)) across the UK that peaked at 150% after the lockdown + compared to the national median value before the pandemic, thus + compensating for the decrease in data traffic in the uplink. + + Finally, it was also observed that mobility changes have a different + impact on network usage in geodemographic area clusters. In densely + populated urban areas, a significantly higher decrease of mobile + network usage (i.e., downlink and uplink traffic volume, radio load, + and active users) was observed compared to rural areas. In the case + of London, this was likely due to the geodemographics of the central + districts, which include many seasonal residents (e.g., tourists) and + business and commercial areas. + +3.1.4. A Deeper Look at Interconnections + + Traffic at points of network interconnection noticeably increased, + but most operators reacted quickly by rapidly adding additional + capacity [Feldmann2020]. The amount of increase varied, with some + networks that hosted popular applications such as videoconferencing + experiencing traffic growth of several hundred to several thousand + percent. At the IXP level, it was observed that port utilization + increased. This phenomenon is mostly explained by higher traffic + demand from residential users. + + Measurements of interconnection links at major US ISPs by the Center + for Applied Internet Data Analysis (CAIDA) and the Massachusetts + Institute of Technology (MIT) found some evidence of diurnal + congestion around the March 2020 time frame [Clark2020], but most of + this congestion disappeared in a few weeks, which suggests that + operators indeed took steps to add capacity or otherwise mitigate the + congestion. + +3.1.5. Cloud Platforms + + Cloud infrastructure played a key role in supporting bandwidth- + intensive videoconferencing and remote learning tools to practice + social distancing during the COVID-19 pandemic. Network congestion + between cloud platforms and access networks could impact the quality + of experience of these cloud-based applications. CAIDA leveraged + web-based speed test servers to take download and upload throughput + measurements from virtual machines in public cloud platforms to + various access ISPs in the United States [Mok2020]. + + The key findings included the following: + + * Persistent congestion events were not widely observed between + cloud platforms and these networks, particular for large-scale + ISPs, but we could observe large diurnal download throughput + variations in peak hours from some locations to the cloud. + + * There was evidence of persistent congestion in the egress + direction to regional ISPs serving suburban areas in the US. + Their users could have suffered from poor video streaming or file + download performance from the cloud. + + * The macroscopic analysis over 3 months (June-August 2020) revealed + downward trends in download throughput from ISPs and educational + networks to certain cloud regions. We believe that increased use + of the cloud in the pandemic could be one of the factors that + contributed to the decreased performance. + +3.1.6. Last-Mile Congestion + + The last mile is the centerpiece of broadband connectivity, where + poor last-mile performance generally translates to poor quality of + experience. In a recent Internet Measurement Conference (IMC '20) + research paper, Fontugne et al. investigated last-mile latency using + traceroute data from Reseaux IP Europeens (RIPE) Atlas probes located + in 646 ASes and looked for recurrent performance degradation + [Fontugne2020-1]. They found that, in normal times, Atlas probes + experience persistent last-mile congestion in only 10% of ASes, but + they recorded 55% more congested ASes during the COVID-19 outbreak. + This deterioration caused by stay-at-home measures is particularly + marked in networks with a very large number of users and in certain + parts of the world. They found Japan to be the most impacted country + in their study, looking specifically at the Nippon Telegraph and + Telephone (NTT) Corporation Open Computer Network (OCN) but noting + similar observations for several Japanese networks, including + Internet Initiative Japan (IIJ) (AS2497). + + From mid-2020 onward, however, they observed better performance than + before the pandemic. In Japan, this was partly due to the + deployments originally planned for accommodating the Tokyo Olympics, + and, more generally, it reflects the efforts of network operators to + cope with these exceptional circumstances. The pandemic has + demonstrated that its adaptive design and proficient community can + keep the Internet operational during such unprecedented events. + Also, from the numerous research and operational reports recently + published, the pandemic is apparently shaping a more resilient + Internet; as Nietzsche wrote, "What does not kill me makes me + stronger". + +3.1.7. User Behavior + + The type of traffic needed by the users also changed in 2020. + Upstream traffic increased due the use of videoconferences, remote + schooling, and similar applications. The National Cable & + Telecommunications Association (NCTA) and Comcast reported that while + downstream traffic grew 20%, upstream traffic grew by as much as + 30-37% [NCTA2020] [Comcast2020]. Vodafone reported that upstream + traffic grew by 100% in some markets [Vodafone2020]. + + Ericsson's ConsumerLab surveyed users regarding their usage and + experiences during the crisis. Some of the key findings in + [ConsumerlabReport2020] were as follows: + + * 9 in 10 users increased Internet activities, and time spent + connected increased. In addition, 1 in 5 started new online + activities; many in the older generation felt that they were + helped by video calling; parents felt that their children's + education was helped; and so on. + + * Network performance was, in general, found satisfactory. 6 in 10 + were very satisfied with fixed broadband, and 3 in 4 felt that + mobile broadband was the same or better compared to before the + crisis. Consumers valued resilience and quality of service as the + most important responsibility for network operators. + + * Smartphone application usage changed, with the fastest growth in + apps related to COVID-19 tracking and information, remote working, + e-learning, wellness, education, remote health consultation, and + social shared experience applications. The biggest decreases were + in travel and booking, ride hailing, location, and parking + applications. + + Some of the behaviors are likely permanent changes + [ConsumerlabReport2020]. The adoption of video calls and other new + services by many consumers, such as the older generation, is likely + going to have a long-lasting effect. Surveys in various + organizations point to a likely long-term increase in the number of + people interested in remote work [WorkplaceAnalytics2020] + [McKinsey2020]. + +3.2. Operational Practices and Architectural Considerations + + The second and third days of the workshop focused on open discussions + of arising operational and architectural issues and the conclusions + that could be reached from previous discussions and other issues + raised in the position papers. + +3.2.1. Digital Divide + + Measurements from Fastly confirmed that Internet traffic volume in + multiple countries rose rapidly while COVID cases were increasing and + lockdown policies were coming into effect. Download speeds also + decreased but in a much less dramatic fashion than when overall + bandwidth usage increased. School closures led to a dramatic + increase in traffic volume in many regions, and other public policy + announcements triggered large traffic shifts. This suggests that + governments should coordinate with operators to allow time for + preemptive operational changes in some cases. + + Measurements from the US showed that download rates correlate with + income levels. However, download rates in the lowest income zip + codes increased as the pandemic progressed, closing the divide with + higher income areas. One possible reason for this in the data is + decisions by some ISPs, such as Comcast and Cox, that increased + speeds for users on certain lower-cost plans and in certain areas. + This suggests that network capacity was available and that the + correlation between income and download rates was not necessarily due + to differences in the deployed infrastructure in different regions, + although it was noted that certain access link technologies provide + more flexibility than others in this regard. + +3.2.2. Applications + + Web conferencing systems (e.g., Microsoft Teams, Zoom, Webex) saw + incredible growth, with overnight traffic increases of 15-20% in + response to public policy changes, such as lockdowns. This required + significant and rapid changes in infrastructure provisioning. + + Major video providers (YouTube, etc.) reduced bandwidth by 25% in + some regions. It was suggested that this had a huge impact on the + quality of videoconferencing systems until networks could scale to + handle the full bit rate, but other operators of some other services + saw limited impact. + + Updates to popular games have a significant impact on network load. + Some discussions were reported between ISPs, CDNs, and the gaming + industry on possibly coordinating various high-bandwidth update + events, similar to what was done for entertainment/video download + speeds. There was an apparently difficult interplay between bulk + download and interactive real-time applications, potentially due to + buffer bloat and queuing delays. + + It was noted that operators have experience with rapid growth of + Internet traffic. New applications with exponential growth are not + that unusual in the network, and the traffic spike due to the + lockdown was not that unprecedented for many. Many operators have + tools and mechanisms to deal with this. Ensuring that knowledge is + shared is a challenge. + + Following these observations, traffic prioritization was discussed, + starting from Differentiated Services Code Point (DSCP) marking. The + question arose as to whether a minimal priority-marking scheme would + have helped during the pandemic, e.g., by allowing marking of less- + than-best-effort traffic. That discussion quickly devolved into a + more general QoS and observability discussion and, as such, also + touched on the effects of increased encryption. The group was not, + unsurprisingly, able to resolve the different perspectives and + interests involved, but the discussion demonstrated that progress was + made. + +3.2.3. Observability + + It is clear that there is a contrast in experience. Many operators + reported few problems in terms of metrics, such as measured download + bandwidth, while videoconferencing applications experienced + significant usability problems running on those networks. The + interaction between application providers and network providers + worked very smoothly to resolve these issues, supported by strong + personal contacts and relationships. But it seems clear that the + metrics used by many operators to understand their network + performance don't fully capture the impact on certain applications, + and there is an observability gap. Do we need more tools to figure + out the various impacts on user experience? + + These types of applications use surprising amounts of Forward Error + Correction (FEC). Applications hide lots of loss to ensure a good + user experience. This makes it harder to observe problems. The + network can be behaving poorly, but the experience can be good + enough. Resiliency measures can improve the user experience but hide + severe problems. There may be a missing feedback loop between + application developers and operators. + + It's clear that it's difficult for application providers and + operators to isolate problems. Is a problem due to the local Wi-Fi, + the access network, the cloud network, etc.? Metrics from access + points would help, but in general, lack of observability into the + network as a whole is a real concern when it comes to debugging + performance issues. + + Further, it's clear that it can be difficult to route problem reports + to the person who can fix them, especially if the reported + information needs to be shared across multiple networks in the + Internet. COVID-enhanced cooperation made it easier to debug + problems; lines of communication are important. + +3.2.4. Security + + The increased threats and network security impacts arising from + COVID-19 fall into two areas: (1) the agility of malicious actors to + spin up new campaigns using COVID-19 as a lure, and (2) the increased + threat surface from a rapid shift towards working from home. + + During 2020, there was a shift to home working generally, and in the + way in which people used the network. IT departments rolled out new + equipment quickly and used technologies like VPNs for the first time, + while others put existing solutions under much greater load. As VPN + technology became more widespread and more widely used, it arguably + became a more valuable target; one Advanced Persistent Threat group + (APT29) was successful in using recently published exploits in a + range of VPN software to gain initial footholds [Kirsty2020]. + + Of all scams detected by the United Kingdom National Cyber Security + Centre (UK NCSC) that purported to originate from the UK Government, + more related to COVID-19 than any other subject. There are other + reports of a strong rise in phishing, fraud, and scams related to + COVID [Kirsty2020]. Although the overall levels of cybercrime have + not increased from the data seen to date, there was certainly a shift + in activity as both the NCSC and the Department of Homeland Security + Cybersecurity and Infrastructure Security Agency (DHS CISA) saw + growing use of COVID-19-related themes by malicious cyber actors as a + lure. Attackers used COVID-19-related scams and phishing emails to + target individuals, small and medium businesses, large organizations, + and organizations involved in both national and international + COVID-19 responses (healthcare bodies, pharmaceutical companies, + academia, and medical research organizations). New targets (for + example, organizations involved in COVID-19 vaccine development) were + attacked using VPN exploits, highlighting the potential consequences + of vulnerable infrastructure. + + It's unclear how to effectively detect and counter these attacks at + scale. Approaches such as using Indicators of Compromise and + crowdsourced flagging of suspicious emails were found to be effective + in response to COVID-19-related scams [Kirsty2020], and observing the + DNS to detect malicious use is widespread and effective. The use of + DNS over HTTPS offers privacy benefits, but current deployment models + can bypass these existing protective DNS measures. + + It was also noted that when everyone moves to performing their job + online, lack of understanding of security becomes a bigger issue. Is + it reasonable to expect every user of the Internet to have password + training? Or is there a fundamental problem with a technical + solution? Modern advice advocates a layered approach to security + defenses, with user education forming just one of those layers. + + Communication platforms such as Zoom are not new: many people have + used them for years, but as COVID-19 saw an increasing number of + organizations and individuals turning to these technologies, they + became an attractive target due to increased usage. In turn, there + was an increase in malicious cyber actor activity, either through + hijacking online meetings that were not secured with passwords or + leveraging unpatched software as an attack vector. How can new or + existing measures protect users from the attacks levied against the + next vulnerable service? + + Overall, it may be that there were fewer security challenges than + expected arising from many people suddenly working from home. + However, the agility of attackers, the importance of robust and + scalable defense mechanisms, and some existing security problems and + challenges may have become even more obvious and acute with an + increased use of Internet-based services, particularly in a pandemic + situation and in times of uncertainty, where users can be more + vulnerable to social engineering techniques and attacks. + +3.2.5. Discussion + + There is a concern that we're missing observability for the network + as a whole. Each application provider and operator has their own + little lens. No one has the big-picture view of the network. + + How much of a safety margin do we need? Some of the resiliency comes + from us not running the network too close to its limit. This allows + traffic to shift and gives headroom for the network to cope. The + best-effort nature of the network may help here. Using techniques to + run the network closer to its limits usually improves performance, + but highly optimized networks may be less robust. + + Finally, it was observed that we get what we measure. There may be + an argument for operators to perhaps shift their measurement focus + away from pure capacity to instead measure Quality of Experience + (QoE) or resilience. The Internet is a critical infrastructure, and + people are realizing that now. We should use this as a wake-up call + to improve resilience, both in protocol design and operational + practice, not necessarily to optimize for absolute performance or + quality of experience. + +3.3. Conclusions + + There is a wealth of data about the performance of the Internet + during the COVID-19 crisis. The main conclusion from the various + measurements is that fairly large shifts occurred. And those shifts + were not merely about exchanging one application for another; they + actually impacted traffic flows and directions and caused, in many + cases, a significant traffic increase. Early reports also seem to + indicate that the shifts have gone relatively smoothly from the point + of view of overall consumer experience. + + An important but not so visible factor that led to running smoothly + was that many people and organizations were highly motivated to + ensure good user experience. A lot of collaboration happened in the + background, problems were corrected, many providers significantly + increased their capacity, and so on. + + On the security front, the COVID-19 crisis showcased the agility with + which malicious actors can move in response to a shift in user + Internet usage and the vast potential of the disruption and damage + that they can inflict. Equally, it showed the agility of defenders + when they have access to the tools and information they need to + protect users and networks, and it showcased the power of Indicators + of Compromise when defenders around the world are working together + against the same problem. + + In general, the Internet also seems well suited for adapting to new + situations, at least within some bounds. The Internet is designed + for flexibility and extensibility, rather than being optimized for + today's particular traffic types. This makes it possible to use it + for many applications and in many deployment situations and to make + changes as needed. The generality is present in many parts of the + overall system, from basic Internet technology to browsers and from + name servers to content delivery networks and cloud platforms. When + usage changes, what is needed is often merely different services, + perhaps some reallocation of resources as well as consequent + application and continuation of existing security defenses, but not + fundamental technology or hardware changes. + + On the other hand, this is not to say that no improvements are + needed: + + * We need a better understanding of the health of the Internet. + Going forward, the critical nature that the Internet plays in our + lives means that the health of the Internet needs to receive + significant attention. Understanding how well networks work is + not just a technical matter; it is also of crucial importance to + the people and economies of the societies using it. Projects and + research that monitor Internet and services performance on a broad + scale and across different networks are therefore important. + + * We need to maintain defensive mechanisms to be used in times of + crisis. Malicious cyber actors are continually adjusting their + tactics to take advantage of new situations, and the COVID-19 + pandemic is no exception. Malicious actors used the strong + appetite for COVID-19-related information as an opportunity to + deliver malware and ransomware and to steal user credentials. + Against the landscape of a shift to working from home and an + increase in users vulnerable to attack, and as IT departments were + often overwhelmed by rolling out new infrastructure and devices, + sharing Indicators of Compromise (IoC) was a vital part of the + response to COVID-19-related scams and attacks. + + * We need to ensure that broadband is available to all and that + Internet services equally serve different groups. The pandemic + has shown how the effects of the digital divide can be amplified + during a crisis and has further highlighted the importance of + equitable Internet access. + + * We need to continue to work on all the other improvements that are + seen as necessary anyway, such as further improvements in + security, the ability for networks and applications to collaborate + better, etc. + + * We need to ensure that informal collaboration between different + parties involved in the operation of the network continues and is + strengthened to ensure continued operational resilience. + +4. Feedback on Meeting Format + + While there are frequently virtual participants in IAB workshops, the + IAB had no experience running workshops entirely virtually. + + Feedback on this event format was largely positive, however. It was + particularly useful that as the three sessions were scheduled on + Monday, Wednesday, and Friday, the time in between the sessions could + be used for mailing list discussion and compilation of additional + workshop material. The positive feedback was likely at least partly + due to the fact that many of the workshop participants knew one + another from previous face-to-face events (primarily IETF meetings). + + The process for sending invitations to the workshop should be + improved for next time, however, as a few invitations were initially + lost. In a virtual meeting, it may be more reasonable to invite not + just one person but all coauthors of a paper, for instance. At least + for this workshop, we did not appear to suffer from having too many + participants, and in many cases, there may be some days when a + particular participant may not be able to attend a session. + +5. Position Papers + + The following position papers were received, in alphabetical order: + + * Afanasyev, A., Wang, L., Yeh, E., Zhang, B., and Zhang, L.: + Identifying the Disease from the Symptoms: Lessons for Networking + in the COVID-19 Era [Afxanasyev2020] + + * Arkko, J.: Observations on Network User Behaviour During COVID-19 + [Arkko2020] + + * Bronzino, F., Culley, E., Feamster, N., Liu, S., Livingood, J., + and Schmitt, P.: IAB COVID-19 Workshop: Interconnection Changes in + the United States [Bronzino2020] + + * Campling, A. and Lazanski, D.: Will the Internet Still Be + Resilient During the Next Black Swan Event? [Campling2020] + + * Cho, K.: On the COVID-19 Impact to broadband traffic in Japan + [Cho2020] + + * Clark, D.: Measurement of congestion on ISP interconnection links + [Clark2020] + + * Favale, T., Soro, F., Trevisan, M., Drago, I., and Mellia, M.: + Campus traffic and e-Learning during COVID-19 pandemic + [Favale2020] + + * Feldmann, A., Gasser, O., Lichtblau, F., Pujol, E., Poese, I., + Dietzel, C., Wagner, D., Wichtlhuber, M., Tapiador, J., Vallina- + Rodriguez, N., Hohlfeld, O., and Smaragdakis, G.: A view of + Internet Traffic Shifts at ISP and IXPs during the COVID-19 + Pandemic [Feldmann2020] + + * Fontugne, R., Shah, A., and Cho, K.: The Impact of COVID-19 on + Last-mile Latency [Fontugne2020] + + * Gillmor, D.: Vaccines, Privacy, Software Updates, and Trust + [Gillmor2020] + + * Gu, Y. and Li, Z.: Covid 19 Impact on China ISP's Network Traffic + Pattern and Solution Discussion [Gu2020] + + * Jennings, C. and Kozanian, P.: WebEx Scaling During Covid + [Jennings2020] + + * Lutu, A., Perino, D., Bagnulo, M., Frias-Martinez, E., and + Khangosstar, J.: A Characterization of the COVID-19 Pandemic + Impact on a Mobile Network Operator Traffic [Lutu2020] + + * Mok, R., and claffy, kc: Measuring the impact of COVID-19 on cloud + network performance [Mok2020] + + * Paine, K.: IAB COVID-19 Network Impacts [Kirsty2020] + +6. Program Committee + + The workshop program committee members were Jari Arkko, Stephen + Farrell, Cullen Jennings, Colin Perkins, Ben Campbell, and Mirja + Kühlewind. + +7. Informative References + + [Afxanasyev2020] + Afanasyev, A., Wang, L., Yeh, E., Zhang, B., and L. Zhang, + "Identifying the Disease from the Symptoms: Lessons for + Networking in the COVID-19 Era", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/12/IAB- + COVID-19-WS_102820.pdf>. + + [Arkko2020] + Arkko, J., "Observations on Network User Behaviour During + COVID-19", October 2020, <https://www.iab.org/wp-content/ + IAB-uploads/2020/10/covid19-arkko.pdf>. + + [Bronzino2020] + Bronzino, F., Culley, E., Feamster, N., Liu, S., + Livingood, J., and P. Schmitt, "IAB COVID-19 Workshop: + Interconnection Changes in the United States", Work in + Progress, Internet-Draft, draft-feamster-livingood-iab- + covid19-workshop-01, 28 October 2020, + <https://datatracker.ietf.org/doc/html/draft-feamster- + livingood-iab-covid19-workshop-01>. + + [Campling2020] + Campling, A. and D. Lazanski, "Will the Internet Still Be + Resilient During the Next Black Swan Event?", October + 2020, <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-campling.pdf>. + + [Cho2020] Cho, K., "On the COVID-19 Impact to broadband traffic in + Japan", October 2020, <https://www.iab.org/wp-content/IAB- + uploads/2020/10/covid19-cho.pdf>. + + [Clark2020] + Clark, D., "Measurement of congestion on ISP + interconnection links", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-clark.pdf>. + + [Comcast2020] + Comcast, "COVID-19 Network Update", May 2020, + <https://corporate.comcast.com/covid-19/network/may- + 20-2020>. + + [ConsumerlabReport2020] + Ericsson ConsumerLab, "Connectivity in a COVID-19 world: + Keeping consumers connected in a global crisis", + <https://www.ericsson.com/en/reports-and- + papers/consumerlab/reports/keeping-consumers-connected- + during-the-covid-19-crisis>. + + [Favale2020] + Favale, T., Soro, F., Trevisan, M., Drago, I., and M. + Mellia, "Campus traffic and e-Learning during COVID-19 + pandemic", DOI 10.1016/j.comnet.2020.107290, October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-favale.pdf>. + + [Feldmann2020] + Feldmann, A., Gasser, O., Lichtblau, F., Pujol, E., Poese, + I., Dietzel, C., Wagner, D., Wichtlhuber, M., Tapiador, + J., Vallina-Rodriguez, N., Hohlfeld, O., and G. + Smaragdakis, "A view of Internet Traffic Shifts at ISP and + IXPs during the COVID-19 Pandemic", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-feldmann.pdf>. + + [Fontugne2020] + Fontugne, R., Shah, A., and K. Cho, "The Impact of + COVID-19 on Last-mile Latency", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-fontugne.pdf>. + + [Fontugne2020-1] + Fontugne, R., Shah, A., and K. Cho, "Persistent Last-mile + Congestion: Not so Uncommon", Proceedings of the ACM + Internet Measurement Conference (IMC '20), + DOI 10.1145/3419394.3423648, October 2020, + <https://doi.org/10.1145/3419394.3423648>. + + [Gillmor2020] + Gillmor, D., "Vaccines, Privacy, Software Updates, and + Trust", October 2020, <https://www.iab.org/wp-content/IAB- + uploads/2020/10/covid19-gillmor.pdf>. + + [Gu2020] Gu, Y. and Z. Li, "Covid 19 Impact on China ISP's Network + Traffic Pattern and Solution Discussion", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-gu.pdf>. + + [Jennings2020] + Jennings, C. and P. Kozanian, "WebEx Scaling During + Covid", October 2020, <https://www.iab.org/wp-content/IAB- + uploads/2020/10/covid19-jennings.pdf>. + + [Kirsty2020] + Paine, K., "IAB COVID-19 Network Impacts", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-kirstyp.pdf>. + + [Lutu2020] Lutu, A., Perino, D., Bagnulo, M., Frias-Martinez, E., and + J. Khangosstar, "A Characterization of the COVID-19 + Pandemic Impact on a Mobile Network Operator Traffic", + DOI 10.1145/3419394.3423655, October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-lutu.pdf>. + + [McKinsey2020] + Boland, B., De Smet, A., Palter, R., and A. Sanghvi, + "Reimagining the office and work life after COVID-19", + June 2020, <https://www.mckinsey.com/~/media/McKinsey/Busi + ness%20Functions/Organization/Our%20Insights/Reimagining%2 + 0the%20office%20and%20work%20life%20after%20COVID%2019/ + Reimagining-the-office-and-work-life-after-COVID- + 19-final.pdf>. + + [Mok2020] Mok, R. and kc. claffy, "Measuring the impact of COVID-19 + on cloud network performance", October 2020, + <https://www.iab.org/wp-content/IAB-uploads/2020/10/ + covid19-mok.pdf>. + + [NCTA2020] NCTA, "COVID-19: How Cable's Internet Networks Are + Performing: Metrics, Trends & Observations", + <https://www.ncta.com/COVIDdashboard>. + + [Vodafone2020] + Vodafone, "An update on Vodafone's networks", April 2020, + <https://www.vodafone.com/covid19/news/update-on-vodafone- + networks>. + + [WorkplaceAnalytics2020] + Lister, K., "Work-at-Home After Covid-19--Our Forecast", + March 2020, <https://globalworkplaceanalytics.com/work-at- + home-after-covid-19-our-forecast>. + +Appendix A. Workshop Participants + + The following is an alphabetical list of participants in the + workshop. + + * Jari Arkko (Ericsson/IAB) + + * Ben Campbell (Independent/IAB) + + * Andrew Campling (419 Consulting) + + * Kenjiro Cho (IIJ) + + * kc claffy (CAIDA) + + * David Clark (MIT CSAIL) + + * Chris Dietzel (DE-CIX) + + * Idilio Drago (University of Turin) + + * Stephen Farrell (Trinity College Dublin/IAB) + + * Nick Feamster (University of Chicago) + + * Anja Feldmann (Max Planck Institute for Informatics) + + * Romain Fontugne (IIJ Research Lab) + + * Oliver Gasser (Max Planck Institute for Informatics) + + * Daniel Kahn Gillmor (ACLU) + + * Yunan Gu (Huawei) + + * Oliver Hohlfeld (Brandenburg University of Technology (BTU)) + + * Jana Iyengar (Fastly) + + * Cullen Jennings (Cisco/IAB) + + * Mirja Kühlewind (Ericsson/IAB) + + * Dominique Lazanski + + * Zhenbin Li (Huawei/IAB) + + * Franziska Lichtblau (Max Planck Institute for Informatics) + + * Jason Livingood (Comcast) + + * Andra Lutu (Telefonica Research) + + * Vesna Manojlovic (RIPE NCC) + + * Rüdiger Martin (EC) + + * Larry Masinter (Retired) + + * Matt Matthis (Google) + + * Jared Mauch (Akamai/IAB) + + * Deep Medhi (NSF) + + * Marco Mellia (Politecnico di Torino) + + * Ricky Mok (CAIDA) + + * Karen O'Donoghue (Internet Society) + + * Kirsty Paine (NCSC) + + * Diego Perino (Telefonica Research) + + * Colin Perkins (University of Glasgow/IRTF/IAB) + + * Enric Pujol (Benocs) + + * Anant Shah (Verizon Media Platform) + + * Francesca Soro (Politecnico di Torino) + + * Brian Trammell (Google) + + * Martino Trevisan + + * Georgios Tselentis (European Commission) + + * Lan Wang (University of Memphis) + + * Rob Wilton (Cisco) + + * Jiankang Yao (CNNIC) + + * Lixia Zhang (UCLA) + +IAB Members at the Time of Approval + + Internet Architecture Board members at the time this document was + approved for publication were: + + Jari Arkko + Deborah Brungard + Ben Campbell + Lars Eggert + Wes Hardaker + Cullen Jennings + Mirja Kühlewind + Zhenbin Li + Jared Mauch + Tommy Pauly + David Schinazi + Russ White + Jiankang Yao + +Acknowledgments + + The authors would like to thank the workshop participants, the + members of the IAB, the program committee, the participants in the + architecture discussion list for the interesting discussions, and + Cindy Morgan for the practical arrangements. + + Further special thanks to those participants who also contributed to + this report: Romain Fontugne provided text based on his blog post at + <https://eng-blog.iij.ad.jp/archives/7722>; Ricky Mok for text on + cloud platforms; Martino Trevisan for text on campus networks; David + Clark on congestion measurements at interconnects; Oliver Hohlfeld + for the text on traffic growth, changes in traffic shifts, campus + networks, and interconnections; Andra Lutu on mobile networks; and + Kirsty Paine for text on security impacts. Thanks to Jason Livingood + for his review and additions. + +Authors' Addresses + + Jari Arkko + Ericsson + + Email: jari.arkko@ericsson.com + + + Stephen Farrell + Trinity College Dublin + + Email: stephen.farrell@cs.tcd.ie + + + Mirja Kühlewind + Ericsson + + Email: mirja.kuehlewind@ericsson.com + + + Colin Perkins + University of Glasgow + + Email: csp@csperkins.org |