jennifer rexford fall 2014 (tth 3:00-4:20 in cs 105) cos 561: advanced computer networks
DESCRIPTION
Measurement. Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks http://www.cs.princeton.edu/courses/archive/fall14/cos561/. Why Measure?. Managing protocols Generating reports Diagnosing problems Tuning network configuration Planning future capacity - PowerPoint PPT PresentationTRANSCRIPT
Jennifer Rexford
Fall 2014 (TTh 3:00-4:20 in CS 105)
COS 561: Advanced Computer Networks
http://www.cs.princeton.edu/courses/archive/fall14/cos561/
Measurement
Why Measure?
• Managing protocols– Generating reports– Diagnosing problems– Tuning network configuration – Planning future capacity
• Evaluating protocols– Characterizing protocol behavior in the wild– Creating realistic models to drive protocol evaluation
How to Monitor a Link
5
Host A Host B Monitor
Shared media (Ethernet, wireless)
Host A
Host B
Host C
Monitor
Switch
Multicast switch
Router A Router B
Monitor
Splitting a point-to-point link
Router A
Line card that does monitoring
Subselecting the Traffic
• Look at a subset of the packets–Filter on packet-header fields–Sample packets (e.g., 1 out of 1000)
• Collect the first n bytes of packet –Medium access control header (if present)–IP header (typically 20 bytes)–IP+UDP header (typically 28 bytes)–IP+TCP header (typically 40 bytes)–Application-layer message (entire packet)
• What can you learn?6
Data Analysis Challenges
• Mapping IP addresses to names, users, institutions
• Mapping transport port numbers to applications
• Reconstructing application messages from packets
• Missing data (sampling, monitor overload)
• Routing changes
• Asymmetric routing
7
Data Aggregation: Flow Monitoring
• Grouping packets into flows– Packets with the same header fields– Close together in time
• Approximating a “conversation”– Without access to the end-hosts
• E.g., NetFlow, sFlow 8
flow 1 flow 2 flow 3 flow 4
Recording Flow Statistics
• Packet header fields– Source and destination IP addresses– Source and destination TCP/UDP port numbers– Other IP & TCP/UDP header fields
• Location– Input and output ports
• Aggregate statistics– Start and finish time – Number of bytes or packets– Summary of TCP flags
9
start finish4 packets1436 bytes
SYN, ACK, & FIN
SYN ACK ACK FIN
Network-Wide Traffic Measurement
• Observe directly as packets flow
• Observe at ingress and project to paths
• Infer from link loads and routing 10
current state &traffic flow
fine grained:path matrix = bytes per path
traffic matrix =bytes per
ingress-egress
predictedcontrol action:
impact of routing
Monitoring the Routes
• Control plane–Routing-protocol messages
• Techniques–Dump state from one or more routers–Participate in the routing protocol–Collect packets from routing-protocol messages
• Challenges–Cooperation of the network administrator–Collection from enough vantage points–Delays in propagating routing messages 12
Monitoring Link-State Routing
• Flooding of link-state advertisements–All routers knows the entire topology
Can dump the state of any router
–Monitor can participate in the routing protocol Can collect the routing-protocol messages
13
32
2
1
14
1
4
5
3
Monitoring Path-Vector Routing
• Propagating a path to each neighbor–A router knows the path used by each neighbor–Monitor can become a neighbor of a router–Multiple vantage points to achieve coverage
14
Monitor
BGP session
BGP session
BGP Table (“show ip bgp” at RouteViews)
Network Next Hop Path* 3.0.0.0/8 205.215.45.50 4006 701 80 * 167.142.3.6 5056 701 80 * 157.22.9.7 715 1 701 80 * 195.219.96.239 8297 6453 701 80 * 195.211.29.254 5409 6667 6427 3356 701 80 *> 12.127.0.249 7018 701 80 * 213.200.87.254 3257 701 80
* 9.184.112.0/20 205.215.45.50 4006 6461 3786 * 195.66.225.254 5459 6461 3786 *> 203.62.248.4 1221 3786 * 167.142.3.6 5056 6461 6461 3786 * 195.219.96.239 8297 6461 3786 * 195.211.29.254 5409 6461 3786
AS 80 is General Electric, AS 701 is UUNET, AS 7018 is AT&TAS 3786 is DACOM (Korea), AS 1221 is Telstra
Measuring the Forwarding Path
• Data plane– What path is the traffic taking
• Techniques– Extract the forwarding-table state– Record the path as the packet travels– Infer the path from end-to-end measurements
• Challenges– Cooperation of the network administrator– Routing changes during the measurement– Overhead of collecting the data
16
Traceroute
• Time-To-Live field in IP packet header– Source sends a packet with a TTL of n– Each router along the path decrements the TTL– “TTL exceeded” sent when TTL reaches 0
• Traceroute tool exploits this TTL behavior
17
source destination
TTL=1
Time exceeded
TTL=2
Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message
From My House to Princeton CS
18
1 192.168.0.1 (192.168.0.1) 2 c-68-37-226-1.hsd1.nj.comcast.net (68.37.226.1) 3 xe-2-1-0-sur01.hillsboro.nj.panjde.comcast.net (68.85.119.149) 4 ae-18-0-ar03.plainfield.nj.panjde.comcast.net (68.85.62.65) 5 he-3-10-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.93.225) 6 he-0-12-0-0-pe03.111eighthave.ny.ibone.comcast.net (68.86.83.106) 7 be7922.ccr21.jfk10.atlas.cogentco.com (154.54.13.161) 8 be2057.ccr22.jfk02.atlas.cogentco.com (154.54.80.177) 9 te0-0-2-1.rcr12.phl03.atlas.cogentco.com (154.54.27.118) 10 te0-0-2-1.rcr12.phl03.atlas.cogentco.com (154.54.27.118)11 38.122.150.2 (38.122.150.2)12 core-87-router.princeton.edu (128.112.12.130) 13csgate.princeton.edu (128.112.12.58)
...