NetCheck: Network Diagnoses from Blackbox Traces

Yanyan Zhuang, Eleni GessiouNYU Poly,

University of British Columbia

Motivation

• Ping– Only reachability

• Wireshark– Applicationor network-specific knowledge

• Network Config Analysis– Detailed network knowledge – HW + config

• …

Goal

• Diagnose network problems in large and complex applications

• Without modifying the original application

Syscall trace from strace

Challenges

• Accuracy: ambiguity in order reconstruction

• Efficiency: exploring an exponential space of possible orderings

• Network complexity: diagnosing issues in real networks

NetCheck Overview

Finding deviations from the model of the network (Deutsch’s Fallacies)network is reliable, latency is zero, etc.

Priority & Dependency of syscalls

e.g.

Fault diagnoses

Rules summary

Example of rule (1): when a client is behind a NAT, (i) the client uses a private IP, (ii) the peer socket address in server’s accept is not the client’s IP

Evaluation

• Reproduce reported bugs from bug trackers (Python, Apache, Ruby, Firefox, etc.)– A total of 71 bugs– Correct analysis of 95.7% bugs

• Twenty faults observed in practice on a live network(Seattle Testbed)– 90% of cases correctly detected

Runtime performance overhead

Best: O(l)

Worst: O(nl)

Conclusion

• Derives a plausible global traces ordering as a proxy for the ground truth

• Uses a model of expected and simple network behavior to identify and diagnose unexpected behavior