Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko,...
-
date post
22-Dec-2015 -
Category
Documents
-
view
212 -
download
0
Transcript of Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko,...
![Page 1: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/1.jpg)
Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis
Yu-Chung Cheng
John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage
![Page 2: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/2.jpg)
2
Enterprise 802.11?
Easy. Blanket the building with 802.11 APs for 100% coverage
![Page 3: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/3.jpg)
3
A familiar story...
“The wireless is being flaky.”
“Flaky how?”
“Well, my connections got dropped earlier and now things seem very sloooow.”
“OK, we will take a look”
“Wait, wait … it’s ok now”
“Mmm… well let us know if you have any more problems.”
Now what?
Employee
Support
![Page 4: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/4.jpg)
4
What are the problems? Contention with nearby wireless
devices? Bad AP channel assignments? Microwave ovens? Congestions in the Internet? Bad interaction between TCP and 802.11? Rogue access points? Poor choice of APs (weak signal)? Incompatible user software/hardware? 802.11 DoS attack?! …
Need to monitor the wireless network across time, locations, channels, and protocol layers
![Page 5: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/5.jpg)
5
How to monitor 802.11?
Measurement Limitations
AP traces Only packets that AP sees
1 passive sniffer
Limited coverage
N passive sniffers in 1 channel
Limited frequency (roaming, broadband interference, AP channel assignments)
N passive sniffers of all channels
Need synchronized traces
![Page 6: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/6.jpg)
6
Jigsaw
Measure real large wireless networks Collect every possible information
• PHY/Link/IP/TCP/App layer trace• Collect every single wireless packet
Need many sniffers for 100% coverage Provide global view of wireless
networks across time, locations, channels, and protocol layers
![Page 7: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/7.jpg)
7
New CSE building at UCSD
150k square feet 4 floors
>500 occupants 150 faculty/staff 350 students
Building-wide WiFi 39 access points 802.11b/g
• Channel 1, 6, 11 10 - 90 active
clients anytime Daily traffic ~5
GB
![Page 8: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/8.jpg)
8
UCSD passive monitor system
Overlays existing WiFi network Series of passive
sniffers Blanket deployment over 4
floors 39 sensor pods (156 radios) 4 radios per pod, cover
all channels in use Captures all 802.11
activities• Including CRC/PHY events
Stream back over wired network to a centralized storage
![Page 9: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/9.jpg)
9
Jigsaw design
Traces synchronization and unification
L2 state reconstruction
TCP flow reconstruction
![Page 10: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/10.jpg)
10
Synchronization Create a virtual global
clock To keep unification working
Critical evidence for analysis• If A and B are
transmitting at the same time they could interfere
• If A starts transmitting after B has started then A can’t hear B
Require fine time-scales (10-50us) NTP is >100 usec accuracy 802.11 HW clocks (TSF) have 100PPM stability
Time (s)T
SF
diff
(us
)
TSF diff of two sniffers
![Page 11: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/11.jpg)
11
Traces synchronization and unification Sniffers label packets w/ local timestamp (TSF) Need a global clock Estimate the offset between TSF and the global clock for each
sniffer
![Page 12: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/12.jpg)
12
Trace unification (ideal)
Time
![Page 13: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/13.jpg)
13
Trace unification (reality)
Time
JFrame 1
JFrame 4
JFrame 5
JFrame 3
JFrame 2
Jigsawunifiedtrace
![Page 14: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/14.jpg)
14
Challenge: sync at large-scale
How to bootstrap? Goal: estimate the offset between TSF and the
global clock for each sniffer Time reference from one sniffer to the other
Sync across channels Dual radios on same sniffer slaved to same clock
Manage TSF clock skews Continuously re-adjust offsets when unifying
frames
To
1 2 3 4
∆t1
∆t2
![Page 15: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/15.jpg)
15
Jigsaw in action Jigsaw unifies
156 traces into one global trace
Covers 99% of AP frames, 96% of client frames
Starts Jan 24,2006 (Tuesday)
Duration 24 hr
Total APs 107 (39 CSE)
CSE Clients 1026
Active CSE clients anytime
10 - 90
Total Events 2,700M
PHY/CRC Errors 48%
Valid Frames 52%
JFrames 530M
Events per Jframe
2.97
![Page 16: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/16.jpg)
16
L2-ACK
Beacon
Synchronized
Valid packets
CRC errors
PHY errors
![Page 17: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/17.jpg)
17
Jigsaw syncs 99% frames < 20us
Measure sync. quality by max dispersion per Jframe
20 us is important threshold 802.11 back-off time
is 20 us 802.11 inter frame
time is 50 us Sufficient to infer
many 802.11 events
![Page 18: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/18.jpg)
18
Hidden terminal problems
Infer transmission failure by absence of ACK Estimate conditional probability of loss
given simultaneous transmission by some hidden-terminal
sender receiver hidden terminal
How much packet is lost due to hidden-terminal?
?
![Page 19: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/19.jpg)
19
Hidden Terminal Problems
10% of sender-receiver pairs have over 10% losses due to hidden terminals
![Page 20: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/20.jpg)
20
Trace analysis802.11 b/g interactions
ARP Broadcast Storms
TCP loss rate in wireless vs. in Internet
Microwave Ovens
![Page 21: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/21.jpg)
21
Moving forward Developed “Jigsaw” that allows
24x7 monitor system in UCSD CSE w/ 156 sniffers
Global fine-grained view of large wireless network (time, locations, channels)
Jigsaw software will be available shortly
Ongoing work Root cause diagnoses of end-to-end
performance in wireless networks Standard wireless problem analysis
• Ex. Exposed terminal problems
![Page 22: Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.](https://reader030.fdocuments.us/reader030/viewer/2022032523/56649d805503460f94a64e53/html5/thumbnails/22.jpg)
22
Q & A
Live traffic monitoring and more information at http://wireless.ucsdsys.net