TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.
-
Upload
isabella-taylor -
Category
Documents
-
view
215 -
download
2
Transcript of TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.
![Page 2: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/2.jpg)
The Papers
[3] Maltz, “TCP Splicing for Application Layer Proxy Performance”[4] Spatscheck, “Optimizing TCP Forwarder Performance
[2] Snoeren, “An End-to-End Approach to Host Mobility”
[1] Snoeren, “Fine-Grained Failover Using Connection Migration
Divided into two groups:
TCP Splicing TCP Mobility
![Page 3: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/3.jpg)
TCP Splicing
Let’s first look at TCP Splicing…
![Page 4: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/4.jpg)
TCP Splicing – The IssueDef’n: Split Connection Proxy -
A proxy machine is interposed between the server and the client machine in order to mediate the communication between them.
Client Proxy ServerTCP TCP
eg. HTTP cache, security firewall, encryption servers, SOCKS proxy
![Page 5: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/5.jpg)
TCP Splicing – The Problem
Split Connection Proxies are slow!The proxy must maintain 2 TCP connections.
Client Server
Net1 Net2
IP IP
TCP TCP
Proxy
Unoptimized TCP Forwarder
Hardware:
Kernel:
Process:
![Page 6: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/6.jpg)
TCP Splicing – The ProblemWhat’s wrong with split connection proxies?
The proxy must maintain 2 TCP connections. Needs a lot of memory & CPU processing
Performance is often CPU limited
Performance degradation due to lost packets (One connection must wait for the other to recover)
Potentially Violate the End-to-End semantics of TCP
![Page 7: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/7.jpg)
TCP Splicing – The Ideal
Client Proxy ServerTCP TCP
How can we remove these problems from the proxy concept?
Ideally, we’d like to be able eliminate the middle-man.
![Page 8: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/8.jpg)
TCP Splicing – The Ideal
Client ServerTCP
How can we remove these problems from the proxy concept?
Ideally, we’d like to be able eliminate the middle-man.
But there is no way to “join” 2 connections in TCP.
What’s the next best thing? Splicing!
![Page 9: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/9.jpg)
TCP Splicing – The SolutionQ. What is TCP Splicing?
A. Joining 2 TCP connection so that the endpoints can communicate as peers.
Client Server
Net1 Net2
IP IP
TCP TCP
Proxy
Unoptimized TCP Forwarder
Hardware:
Kernel:
Process:
![Page 10: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/10.jpg)
TCP Splicing – The SolutionQ. What is TCP Splicing?
A. Joining 2 TCP connection so that the endpoints can communicate as peers.
Client Server
Net1 Net2
IP IP
FWD
TCP Forwarder with Splicing
Hardware:
Kernel:
Process:
![Page 11: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/11.jpg)
TCP Splicing – How it worksUse an IP forwarder, but munge the packets as they travel between the Server and Client
Simply have to renumber the IP src/dest addresses and ports, as well as the sequence numbers
Spatscheck[4] introduces the idea that if we carefully choose the TCP src/dest ports as well as initial sequence numbers, we don’t even have to touch the TCP portion of the packet
![Page 12: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/12.jpg)
TCP Splicing – Trace
A SOCKS Packet Trace
![Page 13: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/13.jpg)
TCP Splicing – Data
Now, let’s look at some data to see what TCPSplicing buys us…
![Page 14: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/14.jpg)
TCP Splicing – CPU Usage
CPU Utilization under varying number of connections
![Page 15: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/15.jpg)
TCP Splicing - Throughput
Throughput of a SOCKS and TCP Splices compared against IP Forwarding throughput
![Page 16: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/16.jpg)
TCP Splicing - Latency
Distribution of Forwarding latency of TCP Splice, SOCKS and IP Forwarding
![Page 17: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/17.jpg)
TCP Splicing - IssuesTCP Options
The client/proxy connection is negotiated before the proxy/server connection - it is possible that the 2 connections have negotiated incompatible options
1. Don’t splice incompatible connections
2. Proxy advertises minimal option set
3. Strip or map certain options as they pass through the TCP splice
See Maltz[3] for a fuller explanation on option mapping (MSS, SACK, etc.)
![Page 18: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/18.jpg)
Host Mobility
On to host mobility…
![Page 19: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/19.jpg)
Host Mobility - Intro
Host mobility is the idea that a computer can reattach itself to the network, without losing its connections.
![Page 20: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/20.jpg)
Host Mobility – Mobile IPMobile IP uses the idea of a home agent, as a reflector to direct connections to the mobile host.Packets are sent using triangle routing.
Mobile host
Home Agent Foreign Client
![Page 21: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/21.jpg)
Host Mobility – A New Take
Snoeren[2] introduces a transport layer solution to this problem, by introducing a new migrate-permitted TCP option.
![Page 22: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/22.jpg)
Host Mobility – LocatingSnoeren’s Solution [2]:The first problem – How do you locate a machine’s IP address if it’s mobile?
No Problem – just use secure DNS updates to announce new location. (This is nothing new)
This is only an issue if the computer accepts passive connections.
![Page 23: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/23.jpg)
Host Mobility - Migrating
Snoeren Introduces a new Migrate-Permitted TCP option
The mobile host will announce its new address to existing connections, and re-establish.
But how do we migrate existing connections?
![Page 24: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/24.jpg)
Host Mobility – Migrating
In existing TCP/IP, connections are uniquely identified by<src addr, src port, dest addr, dest port>
With the Migrate TCP option, connections are identified by<src addr, src port, token>
![Page 25: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/25.jpg)
Host Mobility – In Action
Mobile Host
Client TCP Connect
![Page 26: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/26.jpg)
Host Mobility – In Action
Mobile Host
Client TCP SessionEstablished
![Page 27: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/27.jpg)
Host Mobility – In Action
Mobile Host
Client
Mobile Host
Migrating…
![Page 28: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/28.jpg)
Host Mobility – In Action
Client
Mobile Host
TCP Connect& Migrate
![Page 29: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/29.jpg)
Host Mobility – In Action
Client
Mobile Host
TCP ConnectionRe-established
![Page 30: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/30.jpg)
Host Mobility - Proxy
What if we want to use a proxy?
Well, that’s alright. In this way, only the TCP stacks of the proxy, and the mobile host need to be modified to deploy this scheme.
Of course, we’re back to the triangle routing/home agent approach…
![Page 31: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/31.jpg)
Host Mobility – IssuesThis is an end to end solution. So, both client and server must support the migrate TCP. There needs to be financial incentive for wide-scale deployment.
Simultaneous migrations will not work.
Existing applications have often made assumptions about the stability of their network addresses.
![Page 32: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/32.jpg)
Host MobilityNow that we’ve covered all these cool ideas, what can we do with them all?
On to the title paper –
Snoeren, Andersen, Balakrishnan,“Fine-Grained Failover Using ConnectionMigration”,Proc. of the Third Annual USENIX Symposium on Internet Technologies and Systems (USITS), March 2001
![Page 33: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/33.jpg)
The Problem
This slide shamelessly copied from - http://nms.lcs.mit.edu/talks/usits01-migrate/sld002.htm
Servers Fail.More often than users want to know…
![Page 34: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/34.jpg)
Solution: Server Redundancy
Use a healthy one at all times.
This slide shamelessly copied from - http://nms.lcs.mit.edu/talks/usits01-migrate/sld003.htm
![Page 35: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/35.jpg)
Server Failover – In Action
Server A
Client TCP Connect
Server B
Health Monitor
![Page 36: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/36.jpg)
Server Failover – In Action
Server A
ClientTCP SessionEstablished
Server B
Health Monitor
![Page 37: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/37.jpg)
Server Failover – In Action
Server A
Client
Untimely Death..
Server B
Health Monitor
![Page 38: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/38.jpg)
Server Failover – In Action
Client A
Client
Server B
Health Monitor
Death Notification
![Page 39: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/39.jpg)
Server Failover – In Action
Client
Server B
TCP Connect& Migrate
Health Monitor
Server A
![Page 40: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/40.jpg)
Server Failover – In Action
Client
Server B
TCP ConnectionRe-established
Health Monitor
Server A
![Page 41: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/41.jpg)
So what Can we do?
So, now that we have this idea in mind, how can we use integrate this failover mechanism with existing services? (Incidentally, this architecture can also be used for load balancing)
We need a way to synchronize state across many machines. This idea works best if there is not much data to synchronize, and if our stream maps directly into a file.
A great example: static content on a web server farm
![Page 42: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/42.jpg)
Web Farm Design
We want to keep compatibility with existing web servers
Let’s use a stream mapper to control all this fail-over mechanism. (aka. The Wedge)
Stream Mapper Stream Mapper
Server A Server B
Client
![Page 43: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/43.jpg)
The WedgeLet’s take a closer look at the wedge
What great place to use a TCP Splice!
![Page 44: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/44.jpg)
Synchronizing the Wedges
We need enough information to restart the TCP connection
Client addr/port
Takeover sequence #
TCP Migrate Fields (connection token)
Application specific object parameters (The URL)
What data do we need to synchronize between the wedges?
But we don’t need to sync last-sent packets!
![Page 45: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/45.jpg)
Syncing the Streams
Why don’t we need to sync last-sent packets?
The client already has that information. All we need to do is elicit an ACK from the client, and they will tell us what the last sent packet is.
Let’s see how this happens -
![Page 46: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/46.jpg)
Network TraceInitial Data Transmission: 0.00000 cl.1065 > sA.8080: . ack 0505 win 31856 --(Erroneous) sA Death Pronouncement Issued-- 0.08014 sA.8080 > cl.1065: P 0505:1953(1448) ack 1 win 31856Successful Connection Migration to sB: 0.09515 sB.1033 > cl.1065: S 0:0(0) win 0 <migrate PRELOAD1> 0.09583 cl.1065 > sB.1033: S 0:0(0) ack 1953 win 32120 0.14244 sB.1033 > cl.1065: . ack 1 win 32120Continued Data Transmission from sA: 0.17370 sA.8080 > cl.1065: P 0505:1953(1448) ack 1 win 31856 0.17376 cl.1065 > sA.8080: R 1:1(0) win 0Failed Connection Migration Attempt by sC: 0.17423 sC.1499 > cl.1065: S 0:0(0) win 0 <migrate PRELOAD1> 0.17450 cl.1065 > sC.1499: R 0:0(0) ack 1 win 0Resumed Data Transmission from sB: 0.24073 sB.1033 > cl.1065: P 1953:3413(1460) ack 1 win 32120 0.25663 cl.1065 > sB.1033: . ack 3413 win 31856 0.33430 sB.1033 > cl.1065: P 3413:4873(1460) ack 1 win 32120 0.42776 sB.1033 > cl.1065: P 4873:6333(1460) ack 1 win 32120 0.42784 cl.1065 > sB.1033: . ack 6333 win 31856 . . .
An annotated failover trace (collected at the client) depicting the migration of a connection to one of two candidate servers.
![Page 47: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/47.jpg)
Wedge Overhead
The Request overhead of the wedge as a function of request size.
![Page 48: TCP Mobility/Splicing Francis Chang Systems Software Lab OGI.](https://reader036.fdocuments.us/reader036/viewer/2022070407/56649e235503460f94b118c4/html5/thumbnails/48.jpg)
IssuesDual simultaneous migration is still not possible
Wedge definitely adds some overhead
Application level-sync is still non-trivial
- What if content changes?
- Still doesn’t solve interactive streams
- Some applications will require modifications to take advantage of mobility.
Some apps still assume static IP addresses
What if a server dies before announce its connections?
Needs wide-scale deployment