Presentation on theme: "1 End-to-End Inference of Router Packet Forwarding Priority Guohan Lu 1, Yan Chen 2, Stefan Birrer 2, Fabian E. Bustamante 2, Chi Yin Cheung 2, Xing Li."— Presentation transcript:
1 End-to-End Inference of Router Packet Forwarding Priority Guohan Lu 1, Yan Chen 2, Stefan Birrer 2, Fabian E. Bustamante 2, Chi Yin Cheung 2, Xing Li 1 1. Lab for New Generation Network, Tsinghua Univ. China 2. Lab for Internet & Security Tech, Northwestern Univ.
3 Background Router QoS mechanisms available Priority Queueing Custom Queueing Class-Based Weighted Fair Queueing Traffic policing/shaping ISPs do use them Rate limiting, e.g., P2P applications Provide bandwidth guarantee for certain applications
4 Motivation Packet forwarding priority affects: measurements, loss, delay, available bandwidth applications Hidden rules Users circumvent: skype, port 80 End-to-end approach POPI (Packet fOrwarding Priority Inference) The first such work to the best of our knowledge
5 Outline Background and Motivation Inference Methods Evaluations Conclusions
6 Basic Ideas Priority generates packet delivery differences Measure the differences Send different packet types Choose a metric Loss : the most natural choice Delay : queuing delay maybe small Out-of-order: not all QoS generate OOO, but very interesting work we have in progress
7 Challenges and Building Blocks Challenges Background traffic fluctuations Packet losses can be highly correlated POPI Design Step 1: Generate the differences Saturate low-priority queue(s) temporarily Step 2: Detect the differences Non-parametric statistical methods independent to the loss model and insensitive to loss correlation Step 3: Cluster multiple packet types into groups Hierarchical clustering method
8 Step 1: Probing Approaches Send bursts Spectrum of approaches Small bursts: less aggressive, wait for the losses Large bursts: more aggressive, incur the losses Large BurstSmall Burst More intrusive More accurate Shorter period Less intrusive Less accurate Longer period
9 Probing Method n b bursts, n r rounds, k packet types Packets randomly distributed in one burst No bias ABCCBAACB
10 Step 2: Detect the Difference – Average Normalized Loss Ranks 0.10.30.20.50.60.4 Burst 1 ABCDEF 132564 Burst 2 0.30.20.10.126.96.36.199.10.30.80.50.40.0 0.10.7 0.8 Burst 3 Burst 4 1.5 34.5 6213654321546 ANR 0.320.330.360.770.830.90 Small difference for the same group Large difference for different groups k=6, n b =4, n r =10 Loss ratesLoss ranks Loss ratesLoss ranks Loss rates Loss ranks Loss ratesLoss ranks 0.7 0.3 A B C D E F
11 Loss Rates vs. Loss Ranks Absolute loss rate – parametric Depends on the loss model Loss rate ranks – non-parametric Independent of the loss model Ranks randomly permuted over bursts for packet types within a same priority Non-parametric statistical approach is better
12 Step 3: Grouping Method Threshold derived for ANR range in the paper Hierarchical Divisive Clustering based on ANR threshold k-means Details in the paper G 0 > G 01 > G 010 < G 011 < G 02 <
13 Outline Background and Motivation Inference Method Evaluations NS2 Simulations (details in the paper) PlanetLab experiments Conclusions
14 PLab Evaluation Methodology 81 random pairs (both directions) for 162 end hosts. Each from different institutes. USA, Asia, Europe, South America 32 bursts, 40 rounds in a burst 32 packet types as below ProtocolsType/Source Port Number ICMPICMP_ECHO TCPwell-known app: 20-21 (ftp), 23 (telnet), 110 (pop3), 179 (BGP), 443 (https) P2P: 1214 (fasttrack), 4661-4663(eDonkey), 6346-6347 (gnutella), 6881(bitTorrent) security-related: 161 (snmp), 136, 137, 139, 445 Random: 1000, 12432, 25942, 38523, 43822, 57845 UDPSNMP: 161 Random: 1000, 12432, 25942, 38523, 43822, 57845
15 Evaluation of ANR Metric (I) Except for very few paths, most ANR/ are 1.2 Paths well separated by ANR >1.20<0.80
16 Evaluation of ANR Metric (II) Choose top 30 paths w/ the largest ANR range First 15 detected w/ multiple priorities Large inter-group distance Packet types within a same group are condensed
17 Multi-Priority Paths Inferred 4 P2P (all low), 3 for well-known applications (all high), 8 for ICMP (majority low) 3 pairs show symmetric group pattern
18 Validation -- Methodology Hop-by-hop method Vary TTLs Measure loss rates difference by counting the ICMP replies from routers Test 30 paths: 15 multi-priority and 15 non-priority paths Send emails to related network operators TTL=2TTL=1TTL=3 Configured RouterNo loss rate difference!
19 Validation -- Results Hop-by-hop method 5 paths could not be checked Routers no response or hosts down Good true positives: 13 of multi-priority paths successfully validated No false negatives: 12 of non-priority paths show no loss difference Inquiry Response Sent 13 emails 7 replies, all positive confirmations from network operators One as standalone traffic shaper
20 Conclusions The first end-to-end attempt to infer router forwarding priority Robust non-parametric method Good inference accuracy Several priority configurations found through PlanetLab experiments Ongoing work Decrease the probe overhead Other kinds of metric (packet reordering)
21 Software download available at http://list.cs.northwestern.edu/popi Questions? Thanks !
22 Threshold of the ANR Range One group: normal distribution R decreases as n b increases Two groups: R > 0.5 Normal Distribution ANR range R < nbnb 0.5 12 One group Range Two groups
23 Related Work (I) Shared Congestion for flows detect shared congested queue Two flows Flows already congested Our problem: detect unshared congested queue More than two flows Focus on router configuration, not flows
24 Related Work (II) Hop-by-Hop approach Tulip, sting Statistical method also applied Used in our validation Network Tomography Infer link loss Non-intrusive
25 Effects of n b, n r and Zero under-partition for n b 16 Smaller over-partition for = 0.001 Error decreases as n r increases, 40 for practical use n b Type 8163264128 0.01 Over Partition(%)8.52.522.232.522.42 Under Partition0.20000 Sum8.72.522.232.522.42 0.001 Over Partition5.70.630.210.290.23 Under Partition43.50000 Sum490.630.210.290.23
26 Results All positive confirmation from the network operators!
27 Effects of n r Phase 1: Under-partition Phase 2: Under-partition and Over-partition Phase 3: Correct Partition
28 What if some bursts has no loss? Method can tolerate when a fraction bursts show no loss rate different.
29 Stability of bursts losses during the probe Either all Bursts experience losses or none of them experience loss Background traffic relative stable
30 n r needed for probe Error decreases as n r increases Correct inference when n r is very small (less than 5) for certain paths. Possibility to decrease the probe overhead.
31 Loss rate ranks v.s Loss rate Three paths correctly partition by ANR Blue points: Large ANR but small LR range Red point: Large LR, but small ANR