• No results found

Sting: a TCP-based network measurement tool

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Sting: a TCP-based network measurement tool"

Copied!
28
0
0

Loading.... (view fulltext now)

Download now ( 28 Page )

Full text

(1)

Sting: a TCP-based

network measurement tool

Stefan Savage

Department of Computer Science and Engineering University of Washington

(2)

Simple problem

Can we measure one-way packet loss

rates to and from unmodified hosts?

ICMP-based tools (e.g. ping)

■ Can’t measure one-way loss

■ Must cope with degraded service for ICMP

Measurement infrastructures (e.g. NIMI)

(3)

Mind-expanding moment…

Stop thinking of TCP as a

transport protocol

(4)

Overview

Sting’s key features

■ Measures one-way packet loss rates ■ Does not require remote cooperation

■ TCP-based measurement traffic (not filtered)

Basic approach

■ Send selected TCP packets to remote host ■ Leverage TCP behavior to deduce which

(5)

Deducing losses in a TCP transfer

What we know

■ How many data packets we sent

■ How many acknowledgements we received

What we need to know

■ How many data packets were received? – Remote host’s TCP MUST know

■ How many acknowledgements were sent? – Easy, if one ACK is sent for each data packet

(6)

How TCP reveals packet loss

Data packets ordered by seq#

ACK packets specify next seq# expected

Nothing lost

Data lost

ACK lost

1 2 1 2 1 1 2 2 3 Data ACK

(7)

Basic loss deduction algorithm

Data seeding phase

■ Send n packets (dataSent)

■ Count ACKs received (ackReceived)

Hole filling phase

■ Send new packet; next ACK points to first loss ■ Reliably retransmit lost packet and increment

count of lost data (dataLost)

(8)

Example

Hole filling

Data seeding

dataSent = 3 ackReceived = 1 dataLost = 1 ackSent = dataReceived = 2 1 2 2 3 2 4 2 2 5 =1 - (dataReceived/dataSent) = 33% =1 - (ackReceived/ackSent) = 50% Lossfwd Lossrev
(9)

Guaranteeing ACK parity

How do we know one ACK is sent for

each data packet received?

Exploit TCP’s fast retransmit algorithm

■ TCP must send an immediate ACK for each

out-of-order packet it receives

Send all data packets out-of-order

■ Skip first sequence number

(10)

Managing limited receiver buffers

Large packets can overflow receiver buffer

Mitigate by overlapping sequence numbers

1500 bytes 1500 bytes 1500 bytes 1500 bytes 1500 bytes Sequence space 1500 1504 1 5 packets sent (7500 bytes)

(11)

Delaying connection termination

Some Web servers/firewalls terminate

connections abruptly by sending RST

Solutions:

■ Format data packets as valid HTTP request ■ Set advertised receiver window to 0 bytes

– TCP flow control prevents server from sending – HTTP response, hence RST, trapped at server

(12)

Sting implementation details

Raw sockets to send TCP datagrams

Packet filter (libpcap) to get responses

Problems

Problems

with packet filters

■ Very easy to race with native TCP stack ■ Fragile; next version will use OS-specific

firewall interfaces

(13)

Last-generation user interface

# sting –c 100 –f poisson –m 0.500 –p 80 www.audiofind.com Source = 128.95.2.93 Target = 207.138.37.3:80 dataSent = 100 dataReceived = 98 acksSentSent = 98 acksReceived = 97

Forward drop rate = 0.020000 Reverse drop rate = 0.010204

(14)

Preliminary experimental results

Anecdotally

■ Works great for debugging operational

problems

Real data

■ Measured loss rates from UW to 50 web

servers (25 random, 25 popular)

(15)

Distribution of losses to Web servers

0.80 0.82 0.84 0.86 0.88 0.90 0.92 0.94 0.96 0.98 1.00 0 0.1 0.2 0.3 Loss rate C u m u la ti v e fra c ti o n

Forward loss rate Reverse loss rate

0.80 0.82 0.84 0.86 0.88 0.90 0.92 0.94 0.96 0.98 1.00 0 0.05 0.1 0.15 0.2 0.25 0.3 Loss rate C u m u la ti v e fra c ti o n

Forward loss rate

Reverse loss rate

(16)

Conclusions

TCP protocol features can be leveraged

for non-standard purposes

Packet loss is highly asymmetric

Ongoing work:

■ Using TCP to estimate one-way queuing

delays, bottleneck bandwidths, propagation delay and server load

(17)
(18)

Loss rate as ping sees it

Reported loss = 1 – (1-loss

forw

)(1-loss

rev

)

Both of these cases look the same:

EchoReq EchoReply

(19)

User/kernel races with packet filters

User Kernel SYN SYN/ACK Ti m e Remote server RST SYN/ACK
(20)

Example: diurnal effects

0 0.05 0.1 0.15 0.2 0.25 0.3 0:00 4:00 8:00 12:00 16:00 20:00 0:00 Time of day E s ti m a te d r e v e rs e p a th l o s s r a te
(21)

ICMP rate limiting

Client Server

ICMP EchoReq

Ti

m

e

ICMP EchoR

ep

ICMP EchoReq ICMP EchoReq

(22)

ICMP spoofing

Client Firewall

ICMP EchoReq

TCP ACK ICMP EchoR ep TCP DATA Ti m e Server TCP ACK TCP DATA

(23)

ICMP blocking

Client Firewall

ICMP EchoReq

TCP ACK TCP DATA Ti m e Server TCP ACK TCP DATA

(24)

Mapping seq#’s to packets

1500 bytes 1500 bytes 1500 bytes 1500 bytes 1500 bytes Sequence space 1500 1504 1 5 packets sent (7500 bytes)
(25)

Data Seeding phase

for i = 1 to n

send packet w/seq #i dataSent++

wait for long time

for each ack received ackReceived++

(26)

Hole Filling Phase

lastACK := 0

while lastAck = 0

send packet w/seq # n+1 while lastAck < n + 1

dataLost++

retransPkt := lastAck

while lastAck = retransPkt

send packet w/seq# retransPkt dataReceveid := dataSent – dataLost ackSent := dataReceived

for each ack received w/ack #j lastAck = MAX(lastAck,j)

(27)

Distribution of losses to 25

popular Web servers

0.80 0.82 0.84 0.86 0.88 0.90 0.92 0.94 0.96 0.98 1.00 0 0.05 0.1 0.15 0.2 0.25 0.3 Loss rate C u m u la ti ve f ract io n

Forward loss rate Reverse loss rate

(28)

Distribution of losses to 25

random Web servers

0.80 0.82 0.84 0.86 0.88 0.90 0.92 0.94 0.96 0.98 1.00 0 0.05 0.1 0.15 0.2 0.25 0.3 Loss rate C u m u la tiv e fr a c ti o n

Forward loss rate Reverse loss rate

References

Download now ( PDF - 28 Page - 204.34 KB )

Related documents

WORK SESSION NOVEMBER 10, 2020

Be It Resolved: that the Town Board of the Town of Conklin approves the Supervisor, William Dumian, to enter into and sign the 2021 Shared Service Agreement for the Code Officer

University of Maryland Carey School of Law s Moser Ethics in Action Initiative

Koch currently is the President of the BCCWBA (Baltimore City, Baltimore County &amp; Carroll County Women’s Bar Association) and is a member of the Board of Governors

© Sanja y Rath, Mar 2004

house from äruòha lagna is either occupied or aspected by both benefic and malefic house from äruòha lagna is either occupied or aspected by both benefic and malefic planets, the

All Responsibility, no Care: A Systems Analysis Case Study of Beach Driving Stakeholders in Australia

The identification of further actors was facilitated via documentation review of Federal, State and Local government regulatory environments, including management and

Correlation of Packet Delay and Loss in the Internet 1

To look at future loss conditioned on current packet delay, we can count the number of packets lost at a specific lag from a packet experiencing a given delay.. This is expressed by

First Midterm for ECE374 03/24/11 Solution!!

Note that TCP always send an ACK with expected sequence number. This is because TCP uses fast retransmit without waiting until

Minutes The Township of Cavan Monaghan Regular Council Meeting. Monday, June 1, :00 p.m. Council Chambers

2020-28 being a by-law to provide for the levy and collection of special charges for the year 2020 in respect of the Business Improvement Area; and that By-law No. 2020-29 being a

Chemical precipitation of nickel nanoparticles on Ti(C,N) suspensions focused on cermet processing

Metal coated ceramic powders refer to composite powders with a ceramic core and a metal shell that can endow the ceramic particles with particular electrical, magnetic and