An insipid fact of running a large system where users can choose when
to upgrade is that not everyone is running the same version. One of
the problems we found with our original deployments was that about
13 percent of the remote coordinates received during gossip were at the
origin; that is, . After much discussion (Is that incredible
churn rate possible? Do nodes behind firewalls never update their
coordinates?), we realized that this problem was due to a portion of
the network running an old code version. In fact, during one crawl of
the Azureus network, we found only about 44 percent of the approximately 9000
clients crawled were using the current version. While not very
exciting, realizing this fact allowed us to compensate for it both in
the coordinate update process and in active statistics collection
through the explicit handling of different versions within the code.
Kaafar et al. have begun investigating the more interesting side
of the problem of coordinate corruption: malicious
behavior . They divide attacks into four
classes: disorder, isolation, free-riding, and landmark control.
While we did not see any evidence of intentionally corrupt messages,
it would be trivial to install a client, or a set of clients, that
responded with random values, for example (just as the MPAA runs
clients with spurious content advertisements to squelch piracy). As
Internet-scale coordinate systems come into wider use, they will need
to grapple with both oblivious and malicious corruption.