Measurement Jennifer Rexford

advertisement
Measurement
Jennifer Rexford
Fall 2014 (TTh 3:00-4:20 in CS 105)
COS 561: Advanced Computer Networks
http://www.cs.princeton.edu/courses/archive/fall14/cos561/
Why Measure?
• Managing protocols
– Generating reports
– Diagnosing problems
– Tuning network configuration
– Planning future capacity
• Evaluating protocols
– Characterizing protocol behavior in the wild
– Creating realistic models to drive protocol evaluation
What to Measure
• Traffic
• Routing
• Topology
• Performance
3
Traffic Measurement
4
How to Monitor a Link
Multicast switch
Shared media (Ethernet, wireless)
Host A
Host A
Host B
Monitor
Host B
S
w
i
t
c
h
Host C
Monitor
Splitting a point-to-point link
Line card that does monitoring
Router A
Router B
Router A
Monitor
5
Subselecting the Traffic
• Look at a subset of the packets
–Filter on packet-header fields
–Sample packets (e.g., 1 out of 1000)
• Collect the first n bytes of packet
–Medium access control header (if present)
–IP header (typically 20 bytes)
–IP+UDP header (typically 28 bytes)
–IP+TCP header (typically 40 bytes)
–Application-layer message (entire packet)
• What can you learn?
6
Data Analysis Challenges
• Mapping IP addresses to names, users,
institutions
• Mapping transport port numbers to applications
• Reconstructing application messages from packets
• Missing data (sampling, monitor overload)
• Routing changes
• Asymmetric routing
7
Data Aggregation: Flow Monitoring
flow 1
flow 2
flow 3
flow 4
• Grouping packets into flows
– Packets with the same header fields
– Close together in time
• Approximating a “conversation”
– Without access to the end-hosts
• E.g., NetFlow, sFlow
8
Recording Flow Statistics
• Packet header fields
– Source and destination IP addresses
– Source and destination TCP/UDP port numbers
– Other IP & TCP/UDP header fields
• Location
– Input and output ports
• Aggregate statistics
– Start and finish time
– Number of bytes or packets
– Summary of TCP flags
SYN
ACK
start
4 packets
1436 bytes
ACK
SYN, ACK, & FIN
FIN
finish
9
Network-Wide Traffic Measurement
current state &
traffic flow
predicted
control action:
impact of routing
fine grained:
path matrix =
bytes per path
traffic matrix =
bytes per
ingress-egress
• Observe directly as packets flow
• Observe at ingress and project to paths
• Infer from link loads and routing
10
Routing
11
Monitoring the Routes
• Control plane
–Routing-protocol messages
• Techniques
–Dump state from one or more routers
–Participate in the routing protocol
–Collect packets from routing-protocol messages
• Challenges
–Cooperation of the network administrator
–Collection from enough vantage points
–Delays in propagating routing messages
12
Monitoring Link-State Routing
• Flooding of link-state advertisements
–All routers knows the entire topology
 Can dump the state of any router
–Monitor can participate in the routing protocol
 Can collect the routing-protocol messages
2
3
2
1
1
1
4
4
5
3
13
Monitoring Path-Vector Routing
• Propagating a path to each neighbor
–A router knows the path used by each neighbor
–Monitor can become a neighbor of a router
–Multiple vantage points to achieve coverage
BGP session
Monitor
BGP session
14
BGP Table (“show ip bgp” at RouteViews)
Network
* 3.0.0.0/8
*
*
*
*
*>
*
Next Hop
205.215.45.50
167.142.3.6
157.22.9.7
195.219.96.239
195.211.29.254
12.127.0.249
213.200.87.254
Path
4006 701 80
5056 701 80
715 1 701 80
8297 6453 701 80
5409 6667 6427 3356 701 80
7018 701 80
3257 701 80
* 9.184.112.0/20 205.215.45.50
4006 6461 3786
*
195.66.225.254 5459 6461 3786
*>
203.62.248.4
1221 3786
*
167.142.3.6
5056 6461 6461 3786
*
195.219.96.239 8297 6461 3786
*
195.211.29.254 5409 6461 3786
AS 80 is General Electric, AS 701 is UUNET, AS 7018 is AT&T
AS 3786 is DACOM (Korea), AS 1221 is Telstra
Measuring the Forwarding Path
• Data plane
– What path is the traffic taking
• Techniques
– Extract the forwarding-table state
– Record the path as the packet travels
– Infer the path from end-to-end measurements
• Challenges
– Cooperation of the network administrator
– Routing changes during the measurement
– Overhead of collecting the data
16
Traceroute
• Time-To-Live field in IP packet header
– Source sends a packet with a TTL of n
– Each router along the path decrements the TTL
– “TTL exceeded” sent when TTL reaches 0
• Traceroute tool exploits this TTL behavior
TTL=1
Time
exceeded
source TTL=2
Send packets with TTL=1, 2, 3, …
and record source of “time exceeded” message
destination
17
From My House to Princeton CS
1 192.168.0.1 (192.168.0.1)
2 c-68-37-226-1.hsd1.nj.comcast.net (68.37.226.1)
3 xe-2-1-0-sur01.hillsboro.nj.panjde.comcast.net (68.85.119.149)
4 ae-18-0-ar03.plainfield.nj.panjde.comcast.net (68.85.62.65)
5 he-3-10-0-0-cr01.newyork.ny.ibone.comcast.net (68.86.93.225)
6 he-0-12-0-0-pe03.111eighthave.ny.ibone.comcast.net (68.86.83.106)
7 be7922.ccr21.jfk10.atlas.cogentco.com (154.54.13.161)
8 be2057.ccr22.jfk02.atlas.cogentco.com (154.54.80.177)
9 te0-0-2-1.rcr12.phl03.atlas.cogentco.com (154.54.27.118)
10 te0-0-2-1.rcr12.phl03.atlas.cogentco.com (154.54.27.118)
11 38.122.150.2 (38.122.150.2)
12 core-87-router.princeton.edu (128.112.12.130)
13 csgate.princeton.edu (128.112.12.58)
...
18
RocketFuel Paper
Discussion
19
Download