A Suite of Schemes for User-level Network Diagnosis without Infrastructure
37
1 A Suite of Schemes for User- level Network Diagnosis without Infrastructure Yao Zhao, Yan Chen Lab for Internet and Secu rity Technology, Northwes tern University
description
A Suite of Schemes for User-level Network Diagnosis without Infrastructure. Yao Zhao, Yan Chen Lab for Internet and Security Technology, Northwestern University. Motivation. How do end users, with no special privileges, identify packet loss inside the network with one or two computers?. - PowerPoint PPT Presentation
Transcript of A Suite of Schemes for User-level Network Diagnosis without Infrastructure
1
A Suite of Schemes for User-level Network Diagnosis without Infrastructure
Yao Zhao, Yan ChenLab for Internet and Security Technology, Northwestern Univ
ersity
2
Motivation
• How do end users, with no special privileges, identify packet loss inside the network with one or two computers?
3
Motivation
• How do end users, with no special privileges, identify packet loss inside the network with one or two computers?
• Take-home– We propose three user-level loss rate
diagnosis approaches– The combo of our approaches and
Tulip [SOSP03] is much better than any single approach
4
Outline
• Motivation• Related Works• Lossy Link Diagnosis
– Fragmentation Aided Diagnosis (FAD)• Algebraic FAD• Opportunistic FAD
– Striped Probe Analysis (SPA)
• Evaluations• Conclusions
5
Related Work I
• Internet Tomography– Multicast based (not practical)– Unicast based
• Mimic multicast
L1 L2 L3 L4
S
Virtua
l link
The more cooperating end
hosts, the shorter the virtual links
6
Related Work II
• Tulip [SOSP03]– Leverage on consecutive IPID– Tend to underestimate forward loss
rates• Suffer from the packet loss correlation
x
id
id+1
Forward Loss
S D
xid
id+2
Reverse Loss
S D
xid
S D
x
?
7
Outline
• Motivation• Related Works• Lossy Link Diagnosis
– Fragmentation Aided Diagnosis (FAD)• Algebraic FAD• Opportunistic FAD
– Striped Probe Analysis (SPA)
• Evaluations• Conclusions
8
Link Diagnosis=> Forward Path Diagnosis
• If we can infer the loss rates of forward path F1 and F2, we can infer the link loss rate of l3
F1
DS R1 R2
F2
l3l2l1
• The more diagnosable forward path segments, the better the diagnosis granularity
9
Basic Idea of FAD
S NP R
P
R
S NP1 RP2R
P1
P2
10
Algebraic FAD
• Let pf and pr be the loss rate of the forward and reverse path respectively
P
R
R
P1
P2
(1 - pf)×(1 - pr)=1 – p (1)
(1 - pf)2×(1 - pr)=1 – p’ (2)
p and p’ are measurable. Solve pf and pr using (1) and (2)
11
How to Achieve FAD
IP Fragmentation– Fragment a packet longer than MTU– Required to be supported in IPv4– Some routers disable it for security reason
• Support of IP Fragmentation– 64,320 router IP addresses probed by using Tr
aceroute– About 80% of routers support IP fragmentation
• Degree of Rate Limiting on Responses– 99% of routers allow a rate of 100 probes/s for
ICMP Echo, ICMP Timestamp and TCP probes– Response to UDP probe is severely rate-limited
12
Opportunistic FAD
F1 F2+ P
F’2F1+ P’
aaaaaaaa bbbbbbbb aaaaaaaabbbbbb
aaaaaaaa ccccccccc aaaaaaaacccccccc
13
Opportunistic FAD
R’
Forward Loss
F1
xF
2
F’2R
No Loss
S NF
1
F2
F’2 F1+F2
F1+F’2
S N
Similar to Tulip, but OFAD allows large gap between fragments
14
Striped Probe Analysis (SPA)
• S sends a probe to D and we get the path p1->p2
• S sends UDP packet with a certain TTL so that R returns an ICMP TTL-Exceeded response. Hence we get path p1->p3
S
p1
p3
p2DR
S
R
D S
p1
p2 p3
15
Striped Probe Analysis (SPA)
S
R
S
p1
p2 p3
P1 P2
(1) Loss on shared link
D
16
Striped Probe Analysis (SPA)
• Success rate of p1≈n1×n2 / (n×n12) – n: number of striped probes sent, – n1: number of P1 received by D, – n2: number of P2 received by S, – n12: number of cases that both P1 and P2 are received
• Unbiased if packet loss has perfect correlation and loss rates of different links are independent
S
R
S
p1
p2 p3
P1 P2
(2) Loss on non-shared link
D
S
R
S
p1
p2 p3
(1) Loss on shared link
D
17
Summary
Requirement Accuracy
Tulip [SOSP03]
Consecutive IPID (70%)Inaccurate w/ strong loss correlation
FAD (AFAD & OFAD)
IP fragmentation (80%)Accurate w/ weak or short loss correlation
SPAICMP TTL-Exceeded. Access from both end hosts
Accurate w/ strong loss correlation
The current Internet usually has strong but short loss correlation.
18
Outline
• Motivation
• Related Works
• Lossy Link Diagnosis– FAD– SPA
• Evaluations
• Conclusions
19
Evaluation Metrics
• Diagnosis Granularity– Weighted average of the lengths of the
path’s diagnosable segments– For example, an 8-hop path has two
diagnosable segments of length 3 and 5, and then the granularity of the path is (32 + 52)/8 = 4.25
• Accuracy– Estimation error: – Relative error:
20
Diagnosis GranularitySPA
is best
FAD ≈Tulip
Combo of FAD and
Tulip is better
21
Path-Level Accuracy Evaluation
FAD > Tulip > SPA
OFAD, Tulip and SPA tends to underestimate
loss rates
22
More Evaluations
• Consistency Check
• Packet Probe Size Selection
• Lossy Link Distribution• More in the technical report
http://www.cs.northwestern.edu/~yzh734/
23
Conclusions and Recommendations
• We propose AFAD, OFAD and SPA which can conduct loss rate diagnosis without infrastructure
• Tulip, FAD and SPA have different working scenarios– The combination of them can achieve low diagn
osis granularity and high accuracy
• Recommendations– OFAD+SPA, if we can control the two ends of a
n end-to-end path– OFAD+Tulip, if we can only control the source
24
25
Thanks!
Questions?
26
Path-Level Accuracy of Combined Schemes
27
28
Path-Level Accuracy Evaluation
29
Path-Level Accuracy of Combined Schemes
30
IP Fragmentation Is Widely Supported
• Router Collection– 64,320 router IP addresses probed by using traceroute from a
machine• Support of Different Probes
• Support of IP Fragmentation– 90.3% of responsive routers support IP fragmentation– Altogether about 80% of routers support FAD.
• Degree of Rate Limiting on Responses– 99% of routers allow a rate of 100 probes/s for ICMP Echo,
ICMP Timestamp and TCP probes– UDP probe is severely rate-limited
Echo Timestamp UDP TCP Any
1 source 85.3% 69.2% 64.5% 71.7% 88.2%
10 sources 87.3% 72.3% 70.7% 73.3% 90.1%
31
Packet Transmission Correlation
• Choose 100 PlanetLab hosts and randomly measure 5000 paths
• Little loss correlation with enough gap
32
Forward Path Diagnosis => Link Diagnosis
• If we can infer the loss rates of forwarding path l1 and P1, we can infer the link loss rate of l2 too.
D
33
Opportunistic FAD
• n: number of R12 received, n’: number of R’12 received
• Xi = 0 when forward packet i is lost and Xi =1 otherwise
• P(X2=1)≈P(X2=1|X1=1)≈n/(n+n’)
R12
P1
P2
P’2
R’12
P1
P2
P’2
x
(1) (2)
34
Striped Probe Analysis (SPA)
• No fragmented packets needed !
• S sends a probe to D and we get the path l1->l2
• S sends UDP packet with a certain TTL so that R returns an ICMP TTL-Exceeded response. Hence we get path l1->l3
S R
l1
l3
l2
S
R
D S
l1
l2 l3
D
35
Striped Probe Analysis (SPA)
S
R
S
l1
l2 l3
P1 P2
D
36
Striped Probe Analysis (SPA)
S
R
S
l1
l2 l3
P1 P2
(1) No loss (2) Loss on shared link
S
R
S
l1
l2 l3
P1 P2
D D
37
Striped Probe Analysis (SPA)
• Success rate of l1≈n1×n2 / (n×n12) – n: number of striped probes sent, – n1: number of P1 received by D, – n2: number of P2 received by S, – n12: number of cases that both P1 and P2 are received
• Unbiased if packet loss has perfect correlation and loss rates of different links are independent
S
R
S
l1
l2 l3
S
R
S
l1
l2 l3
P1 P2
(1) No loss (2) Loss on shared link (3) Loss on non-shared link
S
R
D S
l1
l2 l3
P1 P2
D D
