1 a suite of schemes for user-level network diagnosis without infrastructure yao zhao, yan chen lab...
Post on 20-Dec-2015
213 views
TRANSCRIPT
1
A Suite of Schemes for User-level Network Diagnosis without Infrastructure
Yao Zhao, Yan ChenLab for Internet and Security Technology, Northwestern Univ
ersity
2
Motivation
• How do end users, with no special privileges, identify packet loss inside the network with one or two computers?
3
Motivation
• How do end users, with no special privileges, identify packet loss inside the network with one or two computers?
• Take-home– We propose three user-level loss rate
diagnosis approaches– The combo of our approaches and
Tulip [SOSP03] is much better than any single approach
4
Outline
• Motivation• Related Works• Lossy Link Diagnosis
– Fragmentation Aided Diagnosis (FAD)• Algebraic FAD• Opportunistic FAD
– Striped Probe Analysis (SPA)
• Evaluations• Conclusions
5
Related Work I
• Internet Tomography– Multicast based (not practical)– Unicast based
• Mimic multicast
L1 L2 L3 L4
S
Virtua
l link
The more cooperating end
hosts, the shorter the virtual links
6
Related Work II
• Tulip [SOSP03]– Leverage on consecutive IPID– Tend to underestimate forward loss
rates• Suffer from the packet loss correlation
x
id
id+1
Forward Loss
S D
xid
id+2
Reverse Loss
S D
xid
S D
x
?
7
Outline
• Motivation• Related Works• Lossy Link Diagnosis
– Fragmentation Aided Diagnosis (FAD)• Algebraic FAD• Opportunistic FAD
– Striped Probe Analysis (SPA)
• Evaluations• Conclusions
8
Link Diagnosis=> Forward Path Diagnosis
• If we can infer the loss rates of forward path F1 and F2, we can infer the link loss rate of l3
F1
DS R1 R2
F2
l3l2l1
• The more diagnosable forward path segments, the better the diagnosis granularity
10
Algebraic FAD
• Let pf and pr be the loss rate of the forward and reverse path respectively
P
R
R
P1
P2
(1 - pf)×(1 - pr)=1 – p (1)
(1 - pf)2×(1 - pr)=1 – p’ (2)
p and p’ are measurable. Solve pf and pr using (1) and (2)
11
How to Achieve FAD
IP Fragmentation– Fragment a packet longer than MTU– Required to be supported in IPv4– Some routers disable it for security reason
• Support of IP Fragmentation– 64,320 router IP addresses probed by using Tr
aceroute– About 80% of routers support IP fragmentation
• Degree of Rate Limiting on Responses– 99% of routers allow a rate of 100 probes/s for
ICMP Echo, ICMP Timestamp and TCP probes– Response to UDP probe is severely rate-limited
12
Opportunistic FAD
F1 F2+ P
F’2F1+ P’
aaaaaaaa bbbbbbbb aaaaaaaabbbbbb
aaaaaaaa ccccccccc aaaaaaaacccccccc
13
Opportunistic FAD
R’
Forward Loss
F1
xF
2
F’2R
No Loss
S NF
1
F2
F’2 F1+F2
F1+F’2
S N
Similar to Tulip, but OFAD allows large gap between fragments
14
Striped Probe Analysis (SPA)
• S sends a probe to D and we get the path p1->p2
• S sends UDP packet with a certain TTL so that R returns an ICMP TTL-Exceeded response. Hence we get path p1->p3
S
p1
p3
p2DR
S
R
D S
p1
p2 p3
16
Striped Probe Analysis (SPA)
• Success rate of p1≈n1×n2 / (n×n12) – n: number of striped probes sent, – n1: number of P1 received by D, – n2: number of P2 received by S, – n12: number of cases that both P1 and P2 are received
• Unbiased if packet loss has perfect correlation and loss rates of different links are independent
S
R
S
p1
p2 p3
P1 P2
(2) Loss on non-shared link
D
S
R
S
p1
p2 p3
(1) Loss on shared link
D
17
Summary
Requirement Accuracy
Tulip [SOSP03]
Consecutive IPID (70%)Inaccurate w/ strong loss correlation
FAD (AFAD & OFAD)
IP fragmentation (80%)Accurate w/ weak or short loss correlation
SPAICMP TTL-Exceeded. Access from both end hosts
Accurate w/ strong loss correlation
The current Internet usually has strong but short loss correlation.
18
Outline
• Motivation
• Related Works
• Lossy Link Diagnosis– FAD– SPA
• Evaluations
• Conclusions
19
Evaluation Metrics
• Diagnosis Granularity– Weighted average of the lengths of the
path’s diagnosable segments– For example, an 8-hop path has two
diagnosable segments of length 3 and 5, and then the granularity of the path is (32 + 52)/8 = 4.25
• Accuracy– Estimation error: – Relative error:
21
Path-Level Accuracy Evaluation
FAD > Tulip > SPA
OFAD, Tulip and SPA tends to underestimate
loss rates
22
More Evaluations
• Consistency Check
• Packet Probe Size Selection
• Lossy Link Distribution• More in the technical report
http://www.cs.northwestern.edu/~yzh734/
23
Conclusions and Recommendations
• We propose AFAD, OFAD and SPA which can conduct loss rate diagnosis without infrastructure
• Tulip, FAD and SPA have different working scenarios– The combination of them can achieve low diagn
osis granularity and high accuracy
• Recommendations– OFAD+SPA, if we can control the two ends of a
n end-to-end path– OFAD+Tulip, if we can only control the source
30
IP Fragmentation Is Widely Supported
• Router Collection– 64,320 router IP addresses probed by using traceroute from a
machine• Support of Different Probes
• Support of IP Fragmentation– 90.3% of responsive routers support IP fragmentation– Altogether about 80% of routers support FAD.
• Degree of Rate Limiting on Responses– 99% of routers allow a rate of 100 probes/s for ICMP Echo,
ICMP Timestamp and TCP probes– UDP probe is severely rate-limited
Echo Timestamp UDP TCP Any
1 source 85.3% 69.2% 64.5% 71.7% 88.2%
10 sources 87.3% 72.3% 70.7% 73.3% 90.1%
31
Packet Transmission Correlation
• Choose 100 PlanetLab hosts and randomly measure 5000 paths
• Little loss correlation with enough gap
32
Forward Path Diagnosis => Link Diagnosis
• If we can infer the loss rates of forwarding path l1 and P1, we can infer the link loss rate of l2 too.
D
33
Opportunistic FAD
• n: number of R12 received, n’: number of R’12 received
• Xi = 0 when forward packet i is lost and Xi =1 otherwise
• P(X2=1)≈P(X2=1|X1=1)≈n/(n+n’)
R12
P1
P2
P’2
R’12
P1
P2
P’2
x
(1) (2)
34
Striped Probe Analysis (SPA)
• No fragmented packets needed !
• S sends a probe to D and we get the path l1->l2
• S sends UDP packet with a certain TTL so that R returns an ICMP TTL-Exceeded response. Hence we get path l1->l3
S R
l1
l3
l2
S
R
D S
l1
l2 l3
D
36
Striped Probe Analysis (SPA)
S
R
S
l1
l2 l3
P1 P2
(1) No loss (2) Loss on shared link
S
R
S
l1
l2 l3
P1 P2
D D
37
Striped Probe Analysis (SPA)
• Success rate of l1≈n1×n2 / (n×n12) – n: number of striped probes sent, – n1: number of P1 received by D, – n2: number of P2 received by S, – n12: number of cases that both P1 and P2 are received
• Unbiased if packet loss has perfect correlation and loss rates of different links are independent
S
R
S
l1
l2 l3
S
R
S
l1
l2 l3
P1 P2
(1) No loss (2) Loss on shared link (3) Loss on non-shared link
S
R
D S
l1
l2 l3
P1 P2
D D