Distributed active measurement

Measure the Internet from anywhere. Prove every packet you sent.

Debuglet runs untrusted, programmable measurements across globally distributed vantage points — and cryptographically attributes every probe back to the program that sent it. Open like code, accountable like infrastructure.

live attribution  ·  probe 0x3A1F observed at target 203.0.113.9
attribution key released · t+Δ
probe sent · t0key interval Δverifiable
probe tag
0x3A1F
program
job-7f3a
user
u_8f3a
node
par01
verified origin
AS2200 · Paris
The foundation · ICDCS 2024

Measurement that behaves like real traffic

A debuglet is a small, sandboxed program that runs inside the network, at a precise point on a path, probing with ordinary data packets. The original architecture set out to do what ping and traceroute can't: pinpoint which link or AS is at fault, with results others can trust and reuse.

Segment-by-segment fault localization
AS #1AS #2AS #3A→D · full segmentlink 1–2link 2–3ABCD
full segmentlink 1–2link 2–3● executor at AS border

Real data packets, not probes

Networks forward TCP, UDP, ICMP and raw IP differently — the paper measured it across the globe. So a debuglet sends packets indistinguishable from the traffic it's diagnosing.

Run at the right place

ASes host executors — sandboxed WASM runtimes, typically at their border routers — that run others' debuglets on demand and collect the results.

Two ends, one segment

Each measurement pairs a client and server executor on consecutive ASes, isolating a single inter-domain link so it can be tested on its own, in either direction.

Originally introduced in

Debuglet: Programmable and Verifiable Inter-domain Network Telemetry.Tabaeiaghdaei, Costa, Kwon, Bamert, Hu, Perrig — IEEE ICDCS 2024.Read the paper ↗

What the current work adds

Building on the foundation

The original gave us programmable, verifiable inter-domain measurement. The current work — under review — opens it up further and hardens it for shared, untrusted use: richer programs, per-probe attribution, and coordinated limits.

01 · Programmable

Debuglets, not a probe menu

Measurements are sandboxed WASM programs. Express closed-loop adaptive probing, stateful protocol interaction, and logic a fixed vocabulary can't.

WASM sandbox
02 · Attributable

Every probe carries its origin

Every probe carries a cryptographic tag, so anyone — including the target — can prove which program sent a packet, without trusting us.

verifiable origin
03 · Rate-limited

No target gets overwhelmed

Globally coordinated, per-target limits shared across every debuglet hitting the same destination — so no target ever sees the sum of all of us.

per-target budgets