idnits 2.17.1 draft-iab-covid19-workshop-03.txt: -(6): Line appears to be too long, but this could be caused by non-ascii characters in UTF-8 encoding Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == There are 3 instances of lines with non-ascii characters in the document. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (5 May 2021) is 1085 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Arkko 3 Internet-Draft Ericsson 4 Intended status: Informational S. Farrell 5 Expires: 6 November 2021 Trinity College Dublin 6 M. Kühlewind 7 Ericsson 8 C. Perkins 9 University of Glasgow 10 5 May 2021 12 Report from the IAB COVID-19 Network Impacts Workshop 2020 13 draft-iab-covid19-workshop-03 15 Abstract 17 The COVID-19 pandemic caused changes in Internet user behavior, 18 particularly during the introduction of the initial quarantine and 19 work-from-home arrangements. These behavior changes drove changes in 20 Internet traffic. 22 The Internet Architecture Board (IAB) held a workshop to discuss 23 network impacts of the pandemic on November 9-13, 2020. The workshop 24 was held to convene interested researchers, network operators, 25 network management experts, and Internet technologists to share their 26 experiences. The meeting was held online given the on-going travel 27 and contact restrictions at that time. 29 Discussion Venues 31 This note is to be removed before publishing as an RFC. 33 Source for this draft and an issue tracker can be found at 34 https://github.com/intarchboard/covid19-workshop. 36 Status of This Memo 38 This Internet-Draft is submitted in full conformance with the 39 provisions of BCP 78 and BCP 79. 41 Internet-Drafts are working documents of the Internet Engineering 42 Task Force (IETF). Note that other groups may also distribute 43 working documents as Internet-Drafts. The list of current Internet- 44 Drafts is at https://datatracker.ietf.org/drafts/current/. 46 Internet-Drafts are draft documents valid for a maximum of six months 47 and may be updated, replaced, or obsoleted by other documents at any 48 time. It is inappropriate to use Internet-Drafts as reference 49 material or to cite them other than as "work in progress." 51 This Internet-Draft will expire on 6 November 2021. 53 Copyright Notice 55 Copyright (c) 2021 IETF Trust and the persons identified as the 56 document authors. All rights reserved. 58 This document is subject to BCP 78 and the IETF Trust's Legal 59 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 60 license-info) in effect on the date of publication of this document. 61 Please review these documents carefully, as they describe your rights 62 and restrictions with respect to this document. Code Components 63 extracted from this document must include Simplified BSD License text 64 as described in Section 4.e of the Trust Legal Provisions and are 65 provided without warranty as described in the Simplified BSD License. 67 Table of Contents 69 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 70 2. Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 71 3. Workshop Topics and Discussion . . . . . . . . . . . . . . . 5 72 3.1. Measurement-based Observations on Network Traffic 73 Dynamics . . . . . . . . . . . . . . . . . . . . . . . . 5 74 3.1.1. Overall Traffic Growth . . . . . . . . . . . . . . . 6 75 3.1.2. Changes in Application Use . . . . . . . . . . . . . 6 76 3.1.3. Mobile Networks and Mobility . . . . . . . . . . . . 8 77 3.1.4. A Deeper Look at Interconnections . . . . . . . . . . 9 78 3.1.5. Cloud Platforms . . . . . . . . . . . . . . . . . . . 9 79 3.1.6. Last-Mile Congestion . . . . . . . . . . . . . . . . 10 80 3.1.7. User Behaviour . . . . . . . . . . . . . . . . . . . 10 81 3.2. Operational Practices and Architectural Considerations . 11 82 3.2.1. Digital Divide . . . . . . . . . . . . . . . . . . . 11 83 3.2.2. Applications . . . . . . . . . . . . . . . . . . . . 12 84 3.2.3. Observability . . . . . . . . . . . . . . . . . . . . 13 85 3.2.4. Security . . . . . . . . . . . . . . . . . . . . . . 13 86 3.2.5. Discussion . . . . . . . . . . . . . . . . . . . . . 15 87 3.3. Conclusions . . . . . . . . . . . . . . . . . . . . . . . 15 88 4. Feedback on Meeting Format . . . . . . . . . . . . . . . . . 17 89 5. Position Papers . . . . . . . . . . . . . . . . . . . . . . . 17 90 6. Workshop participants . . . . . . . . . . . . . . . . . . . . 19 91 7. Program Committee . . . . . . . . . . . . . . . . . . . . . . 21 92 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 93 9. Informative References . . . . . . . . . . . . . . . . . . . 21 94 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 96 1. Introduction 98 The Internet Architecture Board (IAB) held a workshop to discuss 99 network impacts of the COVID-19 pandemic, on November 9-13, 2020. 100 The workshop was held to convene interested researchers, network 101 operators, network management experts, and Internet technologists to 102 share their experiences. The meeting was held online given the on- 103 going travel and contact restrictions at that time. 105 COVID-19 has caused changes in user behavior, which in turn drove 106 change to Internet traffic. These changes in user behavior appeared 107 rather abruptly and were significant, in particular during the 108 introduction of the initial quarantine and work-from-home 109 arrangements. This caused changes to Internet traffic in terms of 110 volumes, location, as well as shifts in the type of applications 111 used. This shift in traffic as well as user behavior created also a 112 shift in security partices as well as attack patterns that made use 113 of the attack surface resulting from the shift to home-working in a 114 global crisis. 116 Announcement for the workshop was sent out in July 2020, requesting 117 interested parties to submit position papers for the workshop program 118 committee. A total of 15 position papers were received from 119 altogether 33 authors. The papers are listed in Section 5. In 120 addition, several other types of contributions and pointers to 121 existing work were provided. A number of position papers referred to 122 parallel work being published in measurement-related academic 123 conferences. 125 Invitations for the workshop were sent out based on the position 126 papers and other expressions of interest. On the workshop conference 127 calls were 45 participants, listed in Section 6. 129 The workshop was held over one week hosting three sessions covering 130 i) measurements and observations, ii) operational and security 131 issues, and iii) future consideration and conclusions. As these 132 three sessions were scheduled Monday, Wednesday, and Friday a 133 positive side effect was that the time in between could be used for 134 mailing list discussion and compilation of additional workshop 135 material. 137 2. Scope 139 The COVID-19 pandemic has had a tremendous impact on people's lives 140 and the societies and economies around the globe. But it also had a 141 big impact on networking. With large numbers of people working from 142 home or otherwise depending on the network for their daily lives, 143 network traffic volume has surged. Internet service providers and 144 operators have reported a 20% traffic growth or more in a matter of 145 weeks. Traffic at Internet Exchange Points (IXPs) is similarly on 146 the rise. Most forms of network traffic have seen an increase, with 147 conversational multimedia traffic growing in some cases more than 148 200%. And user time spent on conferencing services has risen by an 149 order of magnitude on some conferencing platforms. 151 In general, the Internet has coped relatively well with this traffic 152 growth. The situation is not perfect: there has also been some 153 outages, video quality reduction, and other issues. Nevertheless, it 154 is interesting to see how the technology, operators and service 155 providers have been able to respond to large changes in traffic 156 patterns. 158 Understanding what actually happened with Internet traffic is of 159 course interesting by its own right. How that impacted user 160 experience or the intended function of the services is equally 161 interesting. Measurements of and reports on Internet traffic in 2020 162 are therefore valuable. But it would also be interesting to 163 understand what types of network management and capacity expansion 164 actions were taken in general. Anecdotal evidence points to Internet 165 and service providers tracking how their services are used, and in 166 many cases adjusting services to accommodate the new traffic 167 patterns, from dynamic allocation of compute resources to more 168 complex changes. 170 The impacts of this crisis are also a potential opportunity to 171 understand the impact of traffic shifts and growth more generally, or 172 to prepare for future situations -- crises or otherwise - that impact 173 networking. Or even allow us to adjust the technology to be even 174 better suited to respond to changes. 176 The scope of this workshop, based on the call for contributions, 177 included: 179 * measurements about traffic changes, user experience and problems, 180 service performance, and other relevant aspects 182 * discussion about the behind the scenes network management and 183 expansion activities 185 * experiences in the fields of general Internet connectivity, 186 conferencing, media/entertainment, and Internet infrastructure 188 * lessons learned for preparedness and operations 190 * lessons learned for Internet technology and architecture 192 3. Workshop Topics and Discussion 194 3.1. Measurement-based Observations on Network Traffic Dynamics 196 The workshop started with a focus on measurements. A large portion 197 of the submitted papers presented and discussed measurement data and 198 these submissions provided a good basis get a better understanding of 199 the situation, covering different angles and aspects of network 200 traffic and kind of networks. 202 Changes in Internet traffic due to the COVID-19 pandemic affected 203 different networks in various ways. Yet all networks observed some 204 form of change, be it a reduction in traffic, an increase in traffic, 205 a change in working days and weekend days patterns, or a change in 206 traffic classes. Traffic volume, directionality ratios, and its 207 source and destination are radically different than from before 208 COVID-19. 210 At a high level, while traffic from home networks increased 211 significantly, the traffic in mobile networks decreased as a result 212 of reduced population mobility. The observed behavior in mobile 213 networks is antagonistic, yet complementary, to the one observed in 214 residential ISPs. In residential networks there was a strong 215 increase in video conferencing and remote learning application 216 traffic due to the shift for working and learning at home. With that 217 shift, the typical diurnal usage patterns in network traffic also 218 changed, with peak times occuring earlier in the day and lasting 219 longer over the day - reflecting the start of the work or school day 220 from home. This behavior is antagonistic, yet complementary, to the 221 one observed in residential ISPs. 223 While diurnal congestion at interconnect point as well in certain 224 last mile network was reported, mainly in March, no persitent 225 congestion was observed. Further, a downward trends in download 226 throughput to certain cloud regions was measured, which can probably 227 explained with the increase use of cloud services. This gives 228 another indication that the scalng of shared resources in the 229 Internet is working reasonably well enough to handle even larger 230 changes in traffic as experience during the first nearly global 231 lockdown of the COVID-19 pandemic. 233 3.1.1. Overall Traffic Growth 235 The global pandemic has significantly accelerated the growth of data 236 traffic worldwide. Based on the measurement data of one ISP, three 237 IXPs, a metropolitan educational network, and a mobile operator, it 238 was observed at the beginning of the workshop [Feldmann2020] that 239 overall the network was able to handle the situation well, despite a 240 significant and sudden increase in traffic growth rate in March and 241 April. That is, after the lockdown was implemented in March, a 242 traffic increase of 15-20% at the ISP as well as the three IXPs was 243 observed. That represents the traffic growth expected in a typical 244 year which now took place in the matter of a few weeks only---a 245 substantial increase. At DE-CIX Frankfurt, the world's largest 246 Internet Exchange Point in terms of data throughput, the year 2020 247 has seen the largest increase in peak traffic within a single year 248 since the IXP was founded in 1995. Additionally, mobile traffic has 249 slightly receded. In access networks, the growth rate of upstream 250 traffic also exceeded the growth in downstream traffic, reflecting 251 increased adoption and use of video conferencing and other remote 252 work and school applications. 254 Most traffic increases happened during non-traditional peak hours: 255 Before the first COVID-19 lockdowns, the main time of use was in the 256 evening hours during the week, whereas since March it has been spread 257 more equally across the day. That is, the increase in usage has 258 mainly occurred outside the previous peak usage times (e.g. during 259 the day while working from home). This means that, for the first 260 time, network utilization on weekdays resembled that on weekends. 261 The effects of the increased traffic volume could easily be absorbed: 262 either by using existing reserve capacity, or by quickly switching 263 additional bandwidth. This is one reason why the Internet was able 264 to cope well with the pandemic during the first lockdown period. 266 Some of the lockdowns were lifted or relaxed around May 2020. As 267 people were allowed to perform some of their daily habits outside of 268 their home again, as expected, there was a decrease of the traffic 269 observed at the IXPs and the ISP; instead mobile traffic began to 270 grow again. 272 3.1.2. Changes in Application Use 274 The composition of data traffic has changed since the beginning of 275 the pandemic: the use of videoconferencing services and virtual 276 private networks (VPNs) for access to company resources from the home 277 environment has risen sharply. In ISP and IXP network it was 278 observed [Feldmann2020] that traffic associated with web 279 conferencing, video, and gaming increased largely in March 2020 as a 280 result of the increasing user demand for solutions like Zoom or 281 Microsoft Teams. For example, the relative traffic share of many 282 "essential" applications like VPN and conferencing tools increased by 283 more than 200%. 285 Also, as people spent more hours at home, they tended to watch videos 286 or play games, thus increasing entertainment traffic demands. At the 287 same time, the traffic share for other traffic classes decreased 288 substantially, e.g., traffic related to education, social media, and 289 ---for some periods---CDNs. In April and June, web conferencing 290 traffic was still high compared to the pre-pandemic scenario, while a 291 slight decrease in CDN and social media traffic was observed. During 292 these months many people were still working from home, but 293 restrictions had been lifted or relaxed, which likely led to an 294 increase in in-person social activities and a decrease in online 295 ones. 297 3.1.2.1. Example Campus Networks 299 Changes in traffic have been observed at University campus networks 300 as well, especially due to the necessary adoption of remote teaching. 301 The Politecnico di Torino University (Italy) deployed its in-house 302 solution for remote teaching, which caused the outgoing traffic to 303 grow by 2.5 times, driven by more than 600 daily online classes. 304 Incoming traffic, instead, decreased by a factor of 10 due to the 305 cessation of any in-person activity. Based on their measurements, 306 this change in traffic and network usage did however not lead to 307 noticeable performance impairments, nor have significantly poor 308 performance been observed for students in remote regions of Italy. 309 Outgoing traffic also increased due to other remote working 310 solutions, such as collaboration platforms, VPNs, and remote 311 desktops. 313 Similar changes were observed by measuring REDIMadrid [Feldmann2020], 314 a European educational and research network, which connects 16 315 independent universities and research centers in the metropolitan 316 region of Madrid. A drop of up to 55% in traffic volume on working 317 days during the pandemic was observed. Similar to findings for ISP/ 318 IXP networks, it was observed that working days and weekend days are 319 becoming more similar in terms of total traffic. The hourly traffic 320 patterns reveal a traffic increase between 9 pm and 7 am. This could 321 be due to users working more frequently at unusual times, but also 322 potentially caused by overseas students (mainly from Latin America 323 and East Asia as suggested by the AS numbers from which these 324 connections came from) who accessed university network resources from 325 their home countries. 327 Given the fact that the users of the academic network (e.g., students 328 and research staff) had to leave the campus as a response to lockdown 329 measures, also the traffic in and out (i.e., ingress and egress) 330 ratio changed drastically. Prior to the lockdown, the incoming 331 traffic was much larger then the outgoing traffic. This changed to a 332 more balanced ratio. This change of traffic asymmetry can be 333 explained by the nature of remote work. On the one end, users 334 connected to the network services mainly to access resources, hence 335 the increase in outgoing traffic. On the other end, all external 336 (i.e., Internet-based) resources requested during work were no longer 337 accessed from the educational network but from the users' homes. 339 3.1.3. Mobile Networks and Mobility 341 Mobile network data usage appeared to decline following the 342 imposition of localized lockdown measures, as these reduced typical 343 levels of mobility and roaming. 345 [Lutu2020] measured the cellular network of O2 UK to evaluate how the 346 changes in people's mobility impacted traffic patterns. By analyzing 347 cellular network signalling information regarding users' device 348 mobility activity, they observed a decrease of 50% in mobility 349 (according to different mobility metrics) in the UK during the 350 lockdown period. As they found no correlation between this reduction 351 in mobility and the number of confirmed COVID-19 cases, only the 352 enforced government order was effective in significantly reducing 353 mobility and this reduction was more significant in densely populated 354 urban areas than in rural areas. For London, specifically, it could 355 be observed from the mobile network data that approximately 10% of 356 the residents temporarily relocated during the lockdown. 358 These mobility changes had immediate implications in traffic patterns 359 of the cellular network. The downlink data traffic volume aggregated 360 for all bearers (including conversational voice) decreased for all UK 361 by up to 25% during the lockdown period. This correlates with the 362 reduction in mobility that was observed country-wide, which likely 363 resulted in people relying more on broadband residential Internet 364 access to run download intensive applications such as video 365 streaming. The observed decrease in the radio cell load, with a 366 reduction of approximately 15% across the UK after the stay-at-home 367 order, further corroborates the drop in cellular connectivity usage. 369 The total uplink data traffic volume, on the other hand, experienced 370 little changes (between -7% and +1,5%) during lockdown. This was 371 mainly due to the increase of 4G voice traffic (i.e., VoLTE) across 372 the UK that peaked at 150% after the lockdown compared to the 373 national medial value before the pandemic, thus compensating for the 374 decrease in data traffic in the uplink. 376 Finally, it was also observed that mobility changes have a different 377 impact on network usage in geodemographic area clusters. In densely 378 populated urban areas, a significantly higher decrease of mobile 379 network usage (i.e., downlink and uplink traffic volumes, radio load 380 and active users) was observed than in rural areas. In the case of 381 London, this was likely due to geodemographics of the central 382 districts, which include many seasonal residents (e.g., tourists), 383 business and commercial areas. 385 3.1.4. A Deeper Look at Interconnections 387 Traffic at points of network interconnection noticeably increased, 388 but most operators reacted quickly by rapidly adding additional 389 capacity [Feldmann2020]. The amount of increases varied, with some 390 networks that hosted popular applications such as video conferencing 391 experiencing traffic growth of several hundred to several thousand 392 percent. At the IXP-level, it was observed that port utilization 393 increased. This phenomenon is mostly explained by a higher traffic 394 demand from residential users. 396 Measurements of interconnection links at major US ISPs by CAIDA and 397 MIT found some evidence of diurnal congestion around the March 2020 398 timeframe [Clark2020], but most of this congestion disappeared in a 399 few weeks, which suggests that operators indeed took steps to add 400 capacity or otherwise mitigate the congestion. 402 3.1.5. Cloud Platforms 404 Cloud infrastructure played a key role in supporting bandwidth- 405 intensive video conferencing and remote learning tools to practise 406 social distancing during the COVID-19 pandemic. Network congestion 407 between cloud platforms and access networks could impact the quality 408 of experience of these cloud-based applications. CAIDA leveraged 409 web-based speed test servers to perform download and upload 410 throughput measurements from virtual machines in public cloud 411 platforms to various access ISPs in the United States [Mok2020]. 413 The key findings included: 415 * Persistent congestion events were not widely observed between 416 cloud platforms and these networks, particular for large-scale 417 ISPs, but we could observe large diurnal download throughput 418 variations in peak hours from some locations to the cloud. 420 * There was evidence of persistent congestion in the egress 421 direction to regional ISPs serving suburban areas in the U.S. 422 Their users could have suffered from poor video streaming or file 423 download performance from the cloud. 425 * The macroscopic analysis over 3 months (June-August, 2020) 426 revealed downward trends in download throughput from ISPs and 427 educational networks to certain cloud regions. We believe that 428 increased use of the cloud in the pandemic could be one of the 429 factors that contributed to the decreased performance. 431 3.1.6. Last-Mile Congestion 433 The last mile is the centerpiece of broadband connectivity, where 434 poor last-mile performance generally translates to poor quality of 435 experience. In a recent IMC'20 research paper Fontugne et al. 436 investigated last-mile latency using traceroute data from RIPE Atlas 437 probes located in 646 ASes and looked for recurrent performance 438 degradation [Fontugne2020-1]. They found that in normal times Atlas 439 probes in only 10% ASes experience persistent last-mile congestion, 440 but they recorded 55% more congested ASes during the COVID-19 441 outbreak. This deterioration caused by stay-at-home measures is 442 particularly marked in networks with a very large number of users and 443 certain parts of the world. They found Japan to be the most impacted 444 country in their study looking specifically at NTT OCN, but noting 445 similar observations for several Japanese networks, including IIJ 446 (AS2497). 448 From mid-2020 onwards, they however observed better performance than 449 before the pandemic. In Japan, this was partly due to the 450 deployments originally planned for accommodating the Tokyo Olympics, 451 and more generally, it reflects the efforts of network operators to 452 cope with these exceptional circumstances. The pandemic has 453 demonstrated that its adaptive design and proficient community can 454 keep the Internet operational during such unprecedented events. 455 Also, from the numerous research and operational reports recently 456 published, the pandemic is apparently shaping a more resilient 457 Internet, as Nietzsche wrote, "What does not kill me makes me 458 stronger". 460 3.1.7. User Behaviour 462 The type of traffic needed by the users also changed in 2020. 463 Upstream traffic increased due the use of video conferences, remote 464 schooling, and similar applications. The NCTA and Comcast reported 465 that while downstream traffic grew 20%, upstream traffic grew as much 466 as 30% to 37% [NCTA2020] [Comcast2020]. Vodafone reported that 467 upstream traffic grew 100% in some markets [Vodafone2020]. 469 Ericsson's Consumer Lab surveyed users for their usage and 470 experiences during the crisis. Some of the key findings in 471 [ConsumerlabReport2020] were: 473 * 9 in 10 users increased Internet activities, and time spent 474 connected increased. In addition, 1 in 5 started new online 475 activities, many in the older generation felt that they were 476 helped by video calling, parents felt that their children's 477 education was helped, and so on. 479 * Network performance was, in general, found satisfactory. 6 in 10 480 were very satisfied with fixed broadband, and 3 in 4 felt that 481 mobile broadband was the same or better compared to before the 482 crisis. Consumers valued resilience and quality of service as the 483 most important task for network operators. 485 * Smartphone application usage changed, with fastest growth in apps 486 related to COVID-19 tracking and information, remote working, 487 e-learning, wellness, education, remote health consultation, and 488 social shared experience applications. Biggest decreases were in 489 travel and booking, ride hailing, location, and parking 490 applications. 492 Some of the behaviours are likely permanent changes 493 [ConsumerlabReport2020]. The adoption of video calls and other new 494 services by many consumers, such as the older generation, is likely 495 going to have a long-lasting effect. Surveys in various 496 organizations point to a likely long-term increase in the number of 497 people interested in remote work [WorkplaceAnalytics2020] 498 [McKinsey2020]. 500 3.2. Operational Practices and Architectural Considerations 502 The second and third day of the workshop were held based on more open 503 discussions focussed on operational issues and the architectural 504 issues arising or other conclusions that could be reached. 506 3.2.1. Digital Divide 508 Measurements from Fastly confirmed that Internet traffic volume, in 509 multiple countries, rose rapidly at the same time as COVID cases 510 increased and lockdown policies came into effect. Download speeds 511 also decreased, but in a much less dramatic fashion than overall 512 bandwidth usage increased. School closures led to a dramatic 513 increase in traffic volume in many regions, and other public policy 514 announcements triggered large traffic shifts. This suggests that 515 governments might usefully coordinate with operators to allow time 516 for pre-emptive operational changes, in some cases. 518 Measurements from the US showed that download rates correlate with 519 income levels. However, download rates in the lowest income zip 520 codes increased as the pandemic progressed, closing the divide with 521 higher income areas. One possible reason for this in the data is 522 decisions by some ISPs, such as Comcast and Cox, that increased 523 speeds for users on lower-cost certain plans and in certain areas. 524 This suggests that network capacity was available, and that the 525 correlation between income and download rates was not necessarily due 526 to differences in the deployed infrastructure in different regions; 527 although it was noted that certain access link technologies provide 528 more flexibility than others in this regard. 530 3.2.2. Applications 532 The web conferencing systems (e.g., Microsoft Teams, Zoom, Webex) saw 533 incredible growth, with overnight traffic increases of 15-20% in 534 response to public policy changes, such as lockdowns. This required 535 significant and rapid changes in infrastructure provisioning. 537 Major video providers (YouTube, etc.) reduced bandwidth by 25% in 538 some regions. It was suggested that this had a huge impact on 539 quality of videoconferencing systems until networks could scale to 540 handle full bit-rate, but other operators of some other services saw 541 limited impact. 543 Updates to popular games has a significant impact on network load. 544 Some discussions were reported between ISPs, CDNs, and the gaming 545 industry on possibly coordinating various high-bandwidth update 546 events, similar to what was done for entertainment/video download 547 speeds. There was an apparently difficult interplay between bulk 548 download and interactive real-time applications, potentially due to 549 buffer bloat and queuing delays. 551 It was noted that operators have experience of rapid growth of 552 Internet traffic. New applications with exponential growth are not 553 that unusual in the network, and the traffic spike due to the 554 lockdown was not that unprecedented for many. Many operators have 555 tools and mechanisms to deal with this. Ensuring that knowledge if 556 shared is a challenge. 558 Following these observations traffic prioritisation was discussed, 559 starting from DSCP marking, basically wondering if a minimal priority 560 marking scheme would have helped during the pandemic, e.g. by 561 allowing marking of less-than-best-effort traffic. That discussion 562 quickly devolved into a more general QoS and observability 563 discussion, and as such also touching on the effects of increased 564 encryption. The group was not, unsurprisingly, able to resolve the 565 different perspectives and interests involved in that, but the 566 discussion demonstrated that progress is made (and being less 567 heated). 569 3.2.3. Observability 571 It is clear that there is a contrast in experience. Many operators 572 reported few problems, in terms of metrics such as measured download 573 bandwidth, while video conferencing applications experienced 574 significant usability problems running on those networks. The 575 interaction between application providers and network providers 576 worked very smoothly to resolve these issues, supported by strong 577 personal contacts and relationships. But it seems clear that the 578 metrics used by many operators to understand their network 579 performance don't fully capture the impact on certain applications, 580 and there is an observability gap. Do we need more tools to figure 581 out the various impacts on user experience? 583 These types of applications use surprising amounts of Forward Error 584 Correction (FEC). Applications hide lots of loss to ensure a good 585 user experience. This makes it harder to observe problems. The 586 network can be behaving poorly, but experience can be good enough. 587 Resiliency measures can improve the user experience but hide severe 588 problems. There may be a missing feedback loop between application 589 developers and operators. 591 It's clear that it's difficult for application providers and 592 operators to isolate problems. Is a problem due to the local WiFi, 593 the access network, cloud network, etc.? Metrics from access points 594 would help, but in general lack of observability into the network as 595 a whole is a real concern when it comes to debugging performance 596 issues. 598 Further, it's clear that it can be difficult to route problem reports 599 to the person who can fix them, across multiple networks in the 600 Internet. COVID-enhanced cooperation made it easier to debug 601 problems; lines of communication are important. 603 3.2.4. Security 605 The increased threats and network security impacts arising from 606 COVID-19 fall into two areas: (1) the agility of malicious actors to 607 spin up new campaigns using COVID-19 as a lure, and (2) the increased 608 threat surface from a rapid shift towards home working. 610 During 2020, there was a shift to home working generally, and in the 611 way in which people use the network, with IT departments rolling out 612 new equipment quickly and using technologies like VPNs for the first 613 time, while others put existing solutions under much greater load. 614 As VPN technology became more widespread and more used, it arguably 615 became a more valuable target; one Advanced (APT29) was successful in 616 using recently published exploits in a range of VPN software to gain 617 initial footholds[Kirsty2020]. 619 Of all scams detected by the UK NCSC (United Kingdom National Cyber 620 Security Centre) that purported to originate from UK Government, more 621 related to COVID-19 than any other subject. There are other reports 622 of a strong rise in phishing, fraud, and scams related to COVID 623 [Kirsty2020]. Although, from the data seen to date, the overall 624 levels of cyber crime have not increased, there was certainly a shift 625 in activity - as both the NCSC and CISA (DHS Cybersecurity and 626 Infrastructure Security Agency) saw a growing use of COVID-19 related 627 themes by malicious cyber actors as a lure. Attackers used COVID-19 628 related scams and phishing emails to target: individuals, small and 629 medium businesses, large organisations, and organisations involved in 630 both national and international COVID-19 responses (healthcare 631 bodies, pharmaceutical companies, academia and medical research 632 organisations). New targets, for example organisations involved in 633 COVID-19 vaccine development were attacked using VPN exploits, 634 highlighting the potential consequences of vulnerable infrastructure. 636 It's unclear how to effectively detect and counter these attacks at 637 scale. Approaches such as using Indicators of Compromise and crowd- 638 sourced flagging of suspicious emails were found to be effective in 639 the response to COVID-19-related scams[Kirsty2020], and observing DNS 640 to detect malicious use is widespread and effective. The use of DNS 641 over HTTPS offers privacy benefits but current deployment models can 642 bypass these existing protective DNS measures. 644 It was also noted that when everyone moves to performing their job 645 online, lack of understanding of security becomes a bigger issue. Is 646 it reasonable to expect every user of the Internet to take password 647 training? Or is there a fundamental problem with a technical 648 solution? Modern advice advocates a layered approach to security 649 defences, with user education forming just one of those layers. 651 Communication platforms such as Zoom are not new: many people have 652 used them for years, but as COVID-19 saw an increasing number of 653 organisations and individuals turning to these technologies, they 654 became an attractive target, due to increased usage. In turn, there 655 was an increase in malicious cyber actor activity, either hijacking 656 online meetings that were not secured with passwords or leveraging 657 unpatched software as an attack vector. How can new or existing 658 measures protect users from the attacks levied against the next 659 vulnerable service? 661 Overall, it may be that there were fewer security challenges than 662 expected arising from many people suddenly working from home. 663 However, the agility of attackers, the importance of robust and 664 scalable defence mechanisms, and some existing security problems and 665 challenges may have become even more obvious and acute with an 666 increased use of Internet-based services, particularly in a pandemic 667 situation and times of uncertainty, where users can be more 668 vulnerable to social engineering techniques and attacks. 670 3.2.5. Discussion 672 There is a concern that we're missing observability for the network 673 as a whole. Each application provider and operator has their own 674 little lens. No-one has the big-picture view of the network. 676 How much of a safety margin do we need? Some of the resiliency comes 677 from us not running the network too close to its limit. This allows 678 traffic to shift, and gives headroom for the network to cope. The 679 best effort nature of the network may help here. Techniques to run 680 the network closer to its limits improve performance in the usual 681 case, but highly optimised networks may be less robust. 683 Finally, it was observed that we get what we measure. There may be 684 an argument for operators to shift their measurement focus perhaps 685 away from pure capacity, to rather measure QoE or resilience. The 686 Internet is a critical infrastructure, and people are realising that 687 now. We should use this as a wake-up-call to improve resilience, 688 both in protocol design and operational practice, not necessarily to 689 optimise for absolute performance or quality of experience. 691 3.3. Conclusions 693 There is a wealth of data about the performance of the Internet 694 during the crisis. The main conclusion from the various measurements 695 is that fairly large shifts occurred. And those shifts were not 696 merely about changing one application for another, they actually 697 impacted traffic flows and directions, and caused in many cases a 698 significant traffic increase. Early reports also seem to indicate 699 that the shifts have gone relatively smoothly from the point of view 700 of overall consumer experience. 702 An important but not so visible factor that led to this was that many 703 people and organizations where highly motivated to ensure good 704 experience. A lot of collaboration happened in the background, 705 problems were corrected, many providers significantly increased their 706 capacity, and so on. 708 On the security front, the COVID-19 crisis showcased the agility with 709 which malicious actors can move in response to a shift in user 710 Internet usage, and the vast potential of the disruption and damage 711 that they can inflict. Equally, it showed the agility of defenders, 712 when they have access to the tools and information they need to 713 protect users and networks, and showcased the power of Indicators of 714 Compromise when defenders around the world are working together 715 against the same problem. 717 In general, the Internet also seems well suited for adapting to new 718 situations, at least within some bounds. The Internet is designed 719 for flexibility and extensibility, rather than optimized for today's 720 particular traffic. This makes it possible to use it for many 721 applications, in many deployment situations, and make changes as 722 needed. The generality is present in many parts of the overall 723 system, from basic Internet technology to browsers, from name servers 724 to content delivery networks and cloud platforms. When usage 725 changes, what is needed is often merely different services, perhaps 726 some re-allocation of resources, as well as consequent application 727 and continuation of existing security defences, but not fundamental 728 technology or hardware changes. 730 On the other hand, this is not to say that no improvements are 731 needed: 733 * We need a better understanding of the health of the Internet. 734 Going forward, the critical nature that the Internet plays in our 735 lives means that the health of the Internet needs to receive 736 significant attention. Understanding how well networks work is 737 not just a technical matter, it is also of crucial importance to 738 the people and economy of the societies using it. Projects and 739 research that monitor Internet and services performance in a broad 740 scale and across different networks are therefore important. 742 * We need to maintain defensive mechanisms to be used in times of 743 crisis. Malicious cyber actors are continually adjusting their 744 tactics to take advantage of new situations, and the COVID-19 745 pandemic is no exception. Malicious actors used the high appetite 746 for COVID-19 related information as an opportunity to deliver 747 malware and ransomware, and to steal user credentials. Against 748 the landscape of a shift to working from home and an increase in 749 users vulnerable to attack, and as IT departments were often 750 overwhelmed by rolling out new infrastructure and devices, IoC 751 sharing was a vital part of the response to COVID-19 related scams 752 and attacks. 754 * We need to ensure that broadband is available to all, and that 755 Internet services equally serve different groups. The pandemic 756 has shown how the effects of the digital divide can be amplified 757 during a crisis, and has further highlighted the importance of 758 equitable Internet access. 760 * We need to continue to work on all the other improvements that are 761 seen as necessary anyway, such as further improvements in 762 security, ability for networks and applications to collaborate 763 better, etc. 765 * We need to ensure that informal collaboration between different 766 parties involved in the operation of the network continues and is 767 strengthened, to ensure continued operational resilience. 769 4. Feedback on Meeting Format 771 While there are frequently virtual participants in IAB workshops, the 772 IAB had no experience running workshops entirely virtually. 774 Feedback on this event format was largely positive, however. It was 775 particularly useful that as the three sessions were scheduled Monday, 776 Wednesday, and Friday, the time in between could be used for mailing 777 list discussion and compilation of additional workshop material. The 778 positive feedback was likely at least partly due to the fact that 779 many of the workshop participants knew one another from previous 780 face-to-face events (primarily IETF meetings). 782 The process for sending invitations to the workshop should be 783 improved for next time, however, as a few invitations were initially 784 lost, and in a virtual meeting it may be more reasonable to invite 785 not just one person but all co-authors of a paper, for instance. At 786 least for this workshop, we did not appear to suffer from too many 787 participants, and in many cases there may be some days when a 788 particular participant may not be able to attend a session. 790 5. Position Papers 792 The following position papers were received, in alphabetical order: 794 * Afxanasyev, A., Wang, L., Yeh, E., Zhang, B., and Zhang, L.: 795 Identifying the Disease from the Symptoms: Lessons for Networking 796 in the COVID-19 Era [Afxanasyev2020] 798 * Arkko, Jari: Observations on Network User Behaviour During 799 COVID-19 [Arkko2020] 801 * Bronzino, F., Culley, E., Feamster, N. Liu. S., Livingood. J., 802 and Schmitt, P.: IAB COVID-19 Workshop: Interconnection Changes in 803 the United States [Bronzino2020] 805 * Campling, Andrew and Lazanski, Dominique: Will the Internet Still 806 Be Resilient During the Next Black Swan Event? [Campling2020] 808 * Cho, Kenjiro: On the COVID-19 Impact to broadband traffic in Japan 809 [Cho2020] 811 * Clark, D.: Measurement of congestion on ISP interconnection links 812 [Clark2020] 814 * Favale, T., Soro, F., Trevisan, M., Drago, I., and Mellia, M.: 815 Campus traffic and e-Learning during COVID-19 pandemic 816 [Favale2020] 818 * Feldmann, A., Gasser, O., Lichtblau, F., Pujol, E., Poese, I., 819 Dietzel, C., Wagner, D., Wichtlhuber, M., Tapiador, J., Vallina- 820 Rodriguez, N., Hohlfeld, O., and Smaragdakis, G.: A view of 821 Internet Traffic Shifts at ISP and IXPs during the COVID-19 822 Pandemic [Feldmann2020] 824 * Fontugne, R., Shah, A., and Cho, K.: The Impact of COVID-19 on 825 Last-mile Latency [Fontugne2020] 827 * Gillmor, D.: Vaccines, Privacy, Software Updates, and Trust 828 [Gillmor2020] 830 * Gu, Y. and Li, Z. Covid 19 Impact on China ISP's Network Traffic 831 Pattern and Solution Discussion [Gu2020] 833 * Jennings, C. and Kozanian, P.: WebEx Scaling During Covid 834 [Jennings2020] 836 * Lutu, A., Perino, D., Bagnulo, M., Frias-Martinez, E., and 837 Khangosstar, J.: A Characterization of the COVID-19 Pandemic 838 Impact on a Mobile Network Operator Traffic [Lutu2020] 840 * Mok, Ricky, and claffy, kc: Measuring the impact of COVID-19 on 841 cloud network performance [Mok2020] 843 * Kirsty P: IAB COVID-19 Network Impacts [Kirsty2020] 845 6. Workshop participants 847 The following is an alphabetical list of participants in the 848 workshop. 850 * Jari Arkko (Ericsson/IAB) 852 * Ben Campbell (Independent/IAB) 854 * Andrew Campling (419 Consulting) 856 * Kenjiro Cho (IIJ) 858 * kc Claffy (CAIDA) 860 * David Clark (MIT CSAIL) 862 * Chris Dietzel (DE-CIX) 864 * Idilio Drago (University of Turin) 866 * Stephen Farrell (Trinity College Dublin/IAB) 868 * Nick Feamster (University of Chicago) 870 * Anja Feldmann (Max Planck Institute for Informatics) 872 * Romain Fontugne (IIJ Research Lab) 874 * Oliver Gasser (Max Planck Institute for Informatics) 876 * Daniel Kahn Gillmor (ACLU) 878 * Yunan Gu (Huawei) 880 * Oliver Hohlfeld (Brandenburg University of Technology, BTU) 882 * Jana Iyengar (Fastly) 884 * Cullen Jennings (Cisco/IAB) 886 * Mirja Kuhlewind (Ericsson/IAB) 888 * Franziska Lichtblau (Max Planck Institute for Informatics) 890 * Dominique Lazanski 891 * Zhenbin Li (Huawei/IAB) 893 * Jason Livingood (Comcast) 895 * Andra Lutu (Telefonica Research) 897 * Vesna Manojlovic (RIPE NCC) 899 * R Martin EC (?) 901 * Matt Matthis (Google) 903 * Larry Masinter (Retired) 905 * Jared Mauch (Akamai/IAB) 907 * Deep Medhi (NSF) 909 * Marco Mellia (Politecnico di Torino) 911 * Ricky Mok (CAIDA) 913 * Karen O'Donoghue (Internet Society) 915 * Kirsty P (NCSC) 917 * Diego Perino (Telefonica Research) 919 * Colin Perkins (University of Glasgow/IRTF/IAB) 921 * Enric Pujol (Benocs) 923 * Anant Shah (Verizon Media Platform) 925 * Francesca Soro (Politecnico di Torino) 927 * Brian Trammell (Google) 929 * Gergios Tselentis (European Commission) 931 * Martino Trevisan 933 * Lan Wang (University of Memphis) 935 * Rob Wilton (Cisco) 937 * Jiankang Yao (CNNIC) 938 * Lixia Zhang (UCLA) 940 7. Program Committee 942 The workshop Program Committee members were Jari Arkko, Stephen 943 Farrell, Cullen Jennings, Colin Perkins, Ben Campbell, and Mirja 944 Kuehlewind. 946 8. Acknowledgments 948 The authors would like to thank the workshop participants, the 949 members of the IAB, the program committee, the participants in the 950 architecture discussion list for interesting discussions, and Cindy 951 Morgan for the practical arrangements. 953 Further special thanks to those participants who also contributed to 954 this report: Romain Fontugne provided text based on his blog post at 955 https://eng-blog.iij.ad.jp/archives/7722; Ricky Mok for text on cloud 956 platform; Martino Trevisan for text on campus networks; David Clark 957 on congestion measurements at interconnects; Oliver Hohlfeld for the 958 text on traffic growth, changes in traffic shifts, campus networks, 959 and interconnections; Andra Lutu on mobile networks; Kirsty Paine for 960 text on security impacts; and thanks to Jason Livingood for his 961 review and additions. 963 9. Informative References 965 [Afxanasyev2020] 966 Afxanasyev, A., Wang, L., Yeh, E., Zhang, B., and L. 967 Zhang, "Identifying the Disease from the Symptoms: Lessons 968 for Networking in the COVID-19 Era", https://www.iab.org/ 969 wp-content/IAB-uploads/2020/12/IAB-COVID- 970 19-WS_102820.pdf , October 2020. 972 [Arkko2020] 973 Arkko, J., "Observations on Network User Behaviour During 974 COVID-19", https://www.iab.org/wp-content/IAB- 975 uploads/2020/10/covid19-arkko.pdf , October 2020. 977 [Bronzino2020] 978 Bronzino, F., Culley, E., Feamster, N., Liu, S., 979 Livingood, J., and P. Schmitt, "IAB COVID-19 Workshop: 980 Interconnection Changes in the United States", 981 https://www.iab.org/wp-content/IAB-uploads/2020/10/ 982 covid19-feamster.pdf , October 2020. 984 [Campling2020] 985 Campling, A. and D. Lazanski, "Will the Internet Still Be 986 Resilient During the Next Black Swan Event?", 987 https://www.iab.org/wp-content/IAB-uploads/2020/10/ 988 covid19-campling.pdf , October 2020. 990 [Cho2020] Cho, K., "On the COVID-19 Impact to broadband traffic in 991 Japan", https://www.iab.org/wp-content/IAB- 992 uploads/2020/10/covid19-cho.pdf , October 2020. 994 [Clark2020] 995 Clark, D., "Measurement of congestion on ISP 996 interconnection links", https://www.iab.org/wp-content/ 997 IAB-uploads/2020/10/covid19-clark.pdf , October 2020. 999 [Comcast2020] 1000 Comcast, ., "COVID-19 Network Update", 1001 https://corporate.comcast.com/covid-19/network/may-20-2020 1002 , May 2020. 1004 [ConsumerlabReport2020] 1005 Ericsson Consumer & IndustryLab, ., "Keeping consumers 1006 connected in a COVID-19 context", 1007 https://www.ericsson.com/en/reports-and- 1008 papers/consumerlab/reports/keeping-consumers-connected- 1009 during-the-covid-19-crisis , June 2020. 1011 [Favale2020] 1012 Favale, T., Soro, F., Trevisan, M., Drago, I., and M. 1013 Mellia, "Campus traffic and e-Learning during COVID-19 1014 pandemic", https://www.iab.org/wp-content/IAB- 1015 uploads/2020/10/covid19-favale.pdf , October 2020. 1017 [Feldmann2020] 1018 Feldmann, A., Gasser, O., Lichtblau, F., Pujol, E., Poese, 1019 I., Dietzel, C., Wagner, D., Wichtlhuber, M., Tapiador, 1020 J., N Vallina-Rodriguez, ., Hohlfeld, O., and G. 1021 Smaragdakis, "A view of Internet Traffic Shifts at ISP and 1022 IXPs during the COVID-19 Pandemic", https://www.iab.org/ 1023 wp-content/IAB-uploads/2020/10/covid19-feldmann.pdf , 1024 October 2020. 1026 [Fontugne2020] 1027 Fontugne, R., Shah, A., and K. Cho, "The Impact of 1028 COVID-19 on Last-mile Latency", https://www.iab.org/wp- 1029 content/IAB-uploads/2020/10/covid19-fontugne.pdf , October 1030 2020. 1032 [Fontugne2020-1] 1033 Fontugne, R., Shah, A., and K. Cho, "Persistent Last-mile 1034 Congestion: Not so Uncommon", Proceedings of the ACM 1035 Internet Measurement Conference (IMC '20) , October 2020. 1037 [Gillmor2020] 1038 Gillmor, D., "Vaccines, Privacy, Software Updates, and 1039 Trust", https://www.iab.org/wp-content/IAB- 1040 uploads/2020/10/covid19-gillmor.pdf , October 2020. 1042 [Gu2020] Gu, Y. and Z. Li, "Covid 19 Impact on China ISP's Network 1043 Traffic Pattern and Solution Discussion", 1044 https://www.iab.org/wp-content/IAB-uploads/2020/10/ 1045 covid19-gu.pdf , October 2020. 1047 [Jennings2020] 1048 Jennings, C. and P. Kozanian, "WebEx Scaling During 1049 Covid", https://www.iab.org/wp-content/IAB- 1050 uploads/2020/10/covid19-jennings.pdf , October 2020. 1052 [Kirsty2020] 1053 Kirsty P, ., "IAB COVID-19 Network Impacts", 1054 https://www.iab.org/wp-content/IAB-uploads/2020/10/ 1055 covid19-kirstyp.pdf , October 2020. 1057 [Lutu2020] Lutu, A., Perino, D., Bagnulo, M., Frias-Martinez, E., and 1058 J. Khangosstar, "A Characterization of the COVID-19 1059 Pandemic Impact on a Mobile Network Operator Traffic", 1060 https://www.iab.org/wp-content/IAB-uploads/2020/10/ 1061 covid19-lutu.pdf , October 2020. 1063 [McKinsey2020] 1064 Boland, B., De Smet, A., Palter, R., and A. Sanghvi, 1065 "Reimagining the office and work life after COVID-19", htt 1066 ps://www.mckinsey.com/~/media/McKinsey/Business%20Function 1067 s/Organization/Our%20Insights/Reimagining%20the%20office%2 1068 0and%20work%20life%20after%20COVID%2019/Reimagining-the- 1069 office-and-work-life-after-COVID-19-final.pdf , June 2020. 1071 [Mok2020] Mok, R. and . kc claffy, "Measuring the impact of COVID-19 1072 on cloud network performance", https://www.iab.org/wp- 1073 content/IAB-uploads/2020/10/covid19-mok.pdf , October 1074 2020. 1076 [NCTA2020] NCTA, ., "COVID-19: How Cable's Internet Networks Are 1077 Performing: Metrics, Trends & Observations", 1078 https://www.ncta.com/COVIDdashboard , 2020. 1080 [Vodafone2020] 1081 Vodafone, ., "An update on Vodafone's networks", 1082 https://www.vodafone.com/covid19/news/update-on-vodafone- 1083 networks , April 2020. 1085 [WorkplaceAnalytics2020] 1086 Lister, K., "Work-At-Home After Covid-19—Our Forecast", 1087 https://globalworkplaceanalytics.com/work-at-home-after- 1088 covid-19-our-forecast , 2020. 1090 Authors' Addresses 1092 Jari Arkko 1093 Ericsson 1095 Email: jari.arkko@ericsson.com 1097 Stephen Farrell 1098 Trinity College Dublin 1100 Email: stephen.farrell@cs.tcd.ie 1102 Mirja Kühlewind 1103 Ericsson 1105 Email: mirja.kuehlewind@ericsson.com 1107 Colin Perkins 1108 University of Glasgow 1110 Email: csp@csperkins.org