1

End-to-End Inference of Router Packet Forwarding Priority

Guohan Lu1, Yan Chen2, Stefan Birrer2, Fabian E. Bustamante2, Chi Yin Cheung2, Xing Li1

1. Lab for New Generation Network, Tsinghua Univ. China

2. Lab for Internet & Security Tech, Northwestern Univ.

2

3

Background Router QoS mechanisms available

Priority Queueing Custom Queueing Class-Based Weighted Fair Queueing Traffic policing/shaping

ISPs do use them Rate limiting, e.g., P2P applications Provide bandwidth guarantee for certain applic

ations

4

Motivation Packet forwarding priority affects:

measurements, loss, delay, available bandwidth applications

Hidden rules Users circumvent: skype, port 80 End-to-end approach POPI (Packet fOrwarding Priority Inference) The first such work to the best of our knowl

edge

5

Outline Background and Motivation Inference Methods Evaluations Conclusions

6

Basic Ideas Priority generates packet delivery diff

erences Measure the differences

Send different packet types Choose a metric

Loss : the most natural choice Delay : queuing delay maybe small Out-of-order: not all QoS generate OOO,

but very interesting work we have in progress

7

Challenges and Building Blocks Challenges

Background traffic fluctuations Packet losses can be highly correlated

POPI Design Step 1: Generate the differences

Saturate low-priority queue(s) temporarily Step 2: Detect the differences

Non-parametric statistical methods independent to the loss model and insensitive to loss correlation

Step 3: Cluster multiple packet types into groups Hierarchical clustering method

8

Step 1: Probing Approaches Send bursts Spectrum of approaches

Small bursts: less aggressive, wait for the losses

Large bursts: more aggressive, incur the losses

Large BurstSmall Burst

More intrusive

More accurate

Shorter period

Less intrusive

Less accurate

Longer period

9

Probing Method

nb bursts, nr rounds, k packet types Packets randomly distributed in one b

urst No bias

A B CC B A AC B

10

Step 2: Detect the Difference – Average Normalized Loss Ranks

0.1 0.3 0.2 0.5 0.6 0.4

Burst1

A B C D E F

1 3 2 5 6 4Burst2

0.3 0.2 0.1 0.6 0.5 0.8

0.2 0.1 0.3 0.8 0.5 0.4

0.0 0.0 0.1 0.7 0.7 0.8

Burst3

Burst4 1.5 1.5 3 4.5 4.5 6

2 1 3 6 5 4

3 2 1 5 4 6

ANR 0.32

0.33

0.36

0.77

0.83

0.90

Small difference for the same group Large difference for different groups

k=6, nb=4, nr

=10

Loss ratesLoss ranksLoss ratesLoss ranksLoss ratesLoss ranksLoss rates

Loss ranks

0.7

0.3

A B C D E F

11

Loss Rates vs. Loss Ranks Absolute loss rate – parametric

Depends on the loss model Loss rate ranks – non-parametric

Independent of the loss model Ranks randomly permuted over

bursts for packet types within a same priority

Non-parametric statistical approach is better

12

Step 3: Grouping Method Threshold derived for ANR range in

the paper Hierarchical Divisive Clustering

based on ANR threshold

k-means Details in the paper

G0>

G01>

G010<

G011<

G02<

13

Outline Background and Motivation Inference Method Evaluations

NS2 Simulations (details in the paper) PlanetLab experiments

Conclusions

14

PLab Evaluation Methodology 81 random pairs (both directions) for 162

end hosts. Each from different institutes. USA, Asia, Europe, South America

32 bursts, 40 rounds in a burst 32 packet types as below

Protocols Type/Source Port Number

ICMP ICMP_ECHO

TCP well-known app: 20-21 (ftp), 23 (telnet), 110 (pop3), 179 (BGP), 443 (https)P2P: 1214 (fasttrack), 4661-4663(eDonkey), 6346-6347 (gnutella), 6881(bitTorrent)security-related: 161 (snmp), 136, 137, 139, 445Random: 1000, 12432, 25942, 38523, 43822, 57845

UDP SNMP: 161Random: 1000, 12432, 25942, 38523, 43822, 57845

15

Evaluation of ANR Metric (I)

Except for very few paths, most ANR/ are < 0.8 or > 1.2

Paths well separated by ANR

>1.20<0.80

16

Evaluation of ANR Metric (II)

Choose top 30 paths w/ the largest ANR range First 15 detected w/ multiple priorities

Large inter-group distance Packet types within a same group are condensed

17

Multi-Priority Paths Inferred

4 P2P (all low), 3 for well-known applications (all high), 8 for ICMP (majority low)

3 pairs show symmetric group pattern

18

Validation -- Methodology

Hop-by-hop method Vary TTLs Measure loss rates difference by counting the ICMP replie

s from routers Test 30 paths: 15 multi-priority and 15 non-priority paths

Send emails to related network operators

TTL=2TTL=1 TTL=3

Configured Router No loss rate difference!

19

Validation -- Results Hop-by-hop method

5 paths could not be checked Routers no response or hosts down

Good true positives: 13 of multi-priority paths successfully validated

No false negatives: 12 of non-priority paths show no loss difference

Inquiry Response Sent 13 emails 7 replies, all positive confirmations from

network operators One as standalone traffic shaper

20

Conclusions The first end-to-end attempt to infer

router forwarding priority Robust non-parametric method Good inference accuracy

Several priority configurations found through PlanetLab experiments

Ongoing work Decrease the probe overhead Other kinds of metric (packet reordering)

21

Software download available at http://list.cs.northwestern.edu/popi

Questions?

Thanks !

22

Threshold of the ANR Range One group:

normal distribution R decreases as nb increases

Two groups: R > 0.5

Normal Distribution

ANR rangeR <

nb

0.5

12

One group

Range

Two groups

23

Related Work (I) Shared Congestion for flows

detect shared congested queue Two flows Flows already congested

Our problem: detect unshared congested queue

More than two flows Focus on router configuration, not flows

24

Related Work (II) Hop-by-Hop approach

Tulip, sting Statistical method also applied Used in our validation

Network Tomography Infer link loss Non-intrusive

25

Effects of nb , nr and

Zero under-partition for nb ≥ 16 Smaller over-partition for = 0.001 Error decreases as nr increases, 40 for practical use

nb

Type 8 16 32 64 128

0.01

Over Partition(%)

8.5 2.52 2.23 2.52 2.42

Under Partition 0.2 0 0 0 0

Sum 8.7 2.52 2.23 2.52 2.42

0.001

Over Partition 5.7 0.63 0.21 0.29 0.23

Under Partition 43.5 0 0 0 0

Sum 49 0.63 0.21 0.29 0.23

26

Results

All positive confirmation from the network operators!

27

Effects of nr

Phase 1: Under-partition Phase 2: Under-partition and Over-partition Phase 3: Correct Partition

28

What if some bursts has no loss?

Method can tolerate when a fraction bursts show no loss rate different.

29

Stability of bursts losses during the probe

Either all Bursts experience losses or none of them experience loss

Background traffic relative stable

30

nr needed for probe

Error decreases as nr increases Correct inference when nr is very small (less than 5) for

certain paths. Possibility to decrease the probe overhead.

31

Loss rate ranks v.s Loss rate Three paths

correctly partition by ANR

Blue points: Large ANR but small LR range

Red point: Large LR, but small ANR