goals of this lecture
play

Goals of this lecture After this lecture you should be able to - PDF document

HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmki, Lic.Sc. (Tech.) Timescales of different events Measuring network with packets: This course focuses Resource allocation primarily on packet delay,loss,


  1. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Timescales of different events Measuring network with packets: • This course focuses Resource allocation primarily on packet delay,loss, bandwidth and other flow classification and flow level network properties measurements and fast phenomena flows bits IP applications packets analysis Lecture slides for S-38.183 bytes TCP slow phenomena connections buffering 23.3.2006 traffic classification - resource based Mika Ilvesmäki packet - user based classification Networking laboratory HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Contents Goals of this lecture • After this lecture you should be able to • Basic network events – Understand the basic phenomena to be • Purpose of packet measurements measured in a network – Understand the difference between active • Passive measurements and passive measurements • Active measurements • And the results they produce – Be able to explain (in detail) various active measurement types (BW, Loss, Delay) – List some of the applications for active and passive measurements with packets •1

  2. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Packet Purpose of packet measurements • (IP) packet is the basic event that all • Develop traffic models measurements (in this course) are based on • Find traffic dynamics and directionality (for routing) – Packet has a header and payload • Detect of various network phenomena (currently – Measurement analysis is (usually) interested in focus is on detecting malicious traffic and network using headers to group packets anomalies) • Done with filters/masks • TCP studies (congestion detection) – Interesting packet measures include: • No additional traffic introduced • #packets (per time unit, per trace, etc.) – However, needs access to the measurement point • Packet sizes (to determine capacity usage, to detect different types of applications) – Choice between collecting statistics on the fly or capturing packet (or parts of it) and analyzing it later • Packet interarrival times (to determine arrival process characteristics) HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Network phenomena to measure Packet data to collect • Networks deliver packets (Paxson) • Arrival time (absolute or relative) or lack – As we asked (bandwidth) thereof (packet loss) – Not at all (packet loss) • Header info – Significantly late (delay), significantly meaning that a – 5-tuple (addresses, proto, ports) retransmission might occur • Remember address sanitation – Out-of-order – Ports present only in protos 6 and 17 (TCP and • Due to routing and queue management problems UDP) resulting in uneven path delays • Others indicated by protocol id. – Replicated • Packet size • Due to bugs/design faults in router/L2 • Packet contents for protocol/content analysis implementations/design • Packet data collected at several points results – Corrupted in traffic matrices • Neglected CRC-checks (core routers?) •2

  3. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Passive measurements Passive measurement objectives • Information determined • Arrival process characterization – Bit/byte/packet rates, bandwidth – Packets, flows, applications – Packet IAT/timing information • Network status & traffic profiles – Queue levels (indicating packet loss/delay) • General measures – Traffic/protocol mixes from packet captures – Utilization, traffic trends etc. • Detecting network anomalies – Malicious traffic characteristics HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Passive measurements in action Passive vs. Active • Capture data, discard unusable • Passive measurements are accurate parts/payload – Based on historical data – Depend upon active users and existing • Sanitize traffic – Preserve as much information as possible • Active measurements • IP address mapping • IP address hierarchy – Measure the network here and now • TCP ports – May disturb the network • Save and archive •3

  4. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Active measurements Active measurement pitfalls • Insert additional traffic, probes, into the • Inserted traffic interferes and disturbes network ”real” traffic – Requires the source and the sink(monitor); – Need to carefully determine probe insertion these can be the same machine rate • Information monitored • To get proper results the probe packets should be similarly classified in the – Bandwidth (current, available, bottleneck) network (and be similar to real traffic – Delay and jitter properties (IAT, packet length etc.) – Packet loss HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Bandwidth measurements Hop capacity • Bottleneck bandwidth is the minimum of • Send probes deeper into the network bandwidths of the links in the route step by step (utilize TTL) – Also known as Path Capacity – Get echo-packets back, measure for RTT • Available Bandwidth is the unused bandwidth • RTT consists of in the link – Propagation delay – May be unused because of bottleneck link – Queuing delay – Aka as Hop Capacity • Bandwidth Asymmetry is the relative – Processing delay difference of the BW within the same path to • ICMP may also be restricted different directions •4

  5. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Path capacity Delay in the network • Packet pair –technique • Delay is caused by – Send two packets back-to-back (make note of the interval) to – Bugs in router implementations. the other end which echoes the packets back • Packet loss – Measure the difference at the other end and determine the – Speed of EM waves in media. bandwidth based on the added transmission delay – CPU Power (e.g. routing updates). – Cross-traffic has a big effect • Packet loss – To get true results – Packets on the slow path. • Send several packet pairs at various times – Congestion (Queuing). • Send longer back-to-back packet trains • Packet loss – Packet pairs determine bottleneck capacity – Packet sizes. • Several tools available – Noisy channels. – Pathchar, pathrate, pathload, pchar etc. – Route flapping. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Delay variation, jitter Timing compression • No commonly accepted definitions exist • Packets arrive earlier than they should for delay variation – Queues usually store(delay) packets – PPDV – packet to packet delay variation – Sometimes packets are earlier packets are held up in the network and later packets • Easy to measure have time to catch up – Jitter envelope • Track the max and min delay compared to short term average delay • Delay is (usually) caused by several network elements •5

  6. HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Delay measurement methods Packet loss in the network • Obtain a good timing source, synchronize clocks • Unavoidable in packet switched • Basic Active measurement networks – Send measurement probes, record send and receive times – With complex traffic characteristics • Basic Passive measurement • TCP bases some of its congestion – Payload CRC acts as a signature • CRC recorded at the source and checked at the receiver -> detection on packet loss match packets and record timestamps -> off-line analysis • Basic delay measurements may be based on RTT – Large buffers would lead to very large observations (ping) delays • Are delays(routes) symmetrical? • Packet loss happens (usually) in just • 2-point measurements are preferable – Synchronize site clocks, send measurement probes one (congested, faulted) place in the network HELSINKI UNIVERSITY OF TECHNOLOGY HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmäki, Lic.Sc. (Tech.) Mika Ilvesmäki, Lic.Sc. (Tech.) Measuring for packet loss BW, Delay, Drops inter-related • A packet lost is a packet lost • Available BW is depends up on – A packet lost in capture is not packet lost in transmission speed, queue status and the network! router processor capacity • A packet lost might be just an acknowledgement lost! • Delay is a result of transmission speed, – Route asymmetry processing limitations and subsequent • Need to keep record of sent packets and storage of packets in a buffer arrived packets • When buffers overflow packet drops – And packets dropped by the measurement occur device •6

Recommend


More recommend