Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks TCP Performance Monitoring (and Pyretic background )

Assignments Buffer bloat –Extension till 3pm Tuesday October 14 Next assignment: two options –BGP measurement  Study BGP (in)stability “in the wild”  If you haven’t taken COS 461  TA: Linpeng Tang –SDN firewall  Build an SDN controller application on Pyretic  If you haven’t taken the fall 2013 SDN grad seminar  TA: Xin Jin –If you didn’t take either course, you can pick one! 2

Applications Inside Data Centers 3 Front end Server Aggregator Workers ….

Challenges of Datacenter Diagnosis Large complex applications –Hundreds of application components –Tens of thousands of servers New performance problems –Update code to add features or fix bugs –Change components while app is in operation Old performance problems (Human factors) –Developers may not understand network well –Small packets, delayed ACK, etc. 4

Diagnosis in Data Centers 5 Host App OS Packet sniffer App logs: #Reqs/sec Response time 1% req.>200ms delay Switch logs: #bytes/pkts per minute Packet trace: Filter out trace for long delay req. SNAP: Diagnose net-app interactions SNAP: Diagnose net-app interactions Application- specific Too expensive Too coarse-grained Generic, fine-grained, and lightweight

Collect Data in TCP Stack TCP understands net-app interactions –Flow control: How much data apps want to read/write –Congestion control: Network delay and congestion Collect TCP-level statistics –Defined by RFC 4898 –Already exists in today’s Linux and Windows OSes 6

TCP-level Statistics Cumulative counters –Packet loss: #FastRetrans, #Timeout –RTT estimation: #SampleRTT, #SumRTT –Receiver: RwinLimitTime –Calculate the difference between two polls Instantaneous snapshots –#Bytes in the send buffer –Congestion window size, receiver window size –Representative snapshots based on Poisson sampling 7

Life of Data Transfer 8 Application generates the data –No network problem Copy data to send buffer –Send buffer not large enough TCP sends data to the network –Fast retransmission –Timeout Receiver receives the data and ACK –Not reading fast enough (CPU, disk, etc.) –Not ACKing fast enough (Delayed ACK) Sender App Send Buffer Receiver Network

Characterizing Performance Limitations 9 Send Buffer Receiver Network #Apps that are limited for > 50% of the time 1 App 6 Apps 8 Apps 144 Apps –Send buffer not large enough –Fast retransmission –Timeout –Not reading fast enough (CPU, disk) – Not ACKing fast enough (Delayed ACK )

Discussion What to do if the monitoring is too expensive? What to do in a public cloud, where each tenant runs its own virtual machine? What to do in the wide area, between a server and a (remote) client? 10

Programming Abstractions for SDN Controller Applications rs/pyretic-login13.pdf 11

Simple, Open Data-Plane API Prioritized list of rules –Pattern: match packet header bits –Actions: drop, forward, modify, send to controller –Priority: disambiguate overlapping patterns –Counters: #bytes and #packets 12 1.src=1.2.*.*, dest=3.4.5.*  drop 2.src = *.*.*.*, dest=3.4.*.*  forward(2) 3. src= , dest=*.*.*.*  send to controller 1.src=1.2.*.*, dest=3.4.5.*  drop 2.src = *.*.*.*, dest=3.4.*.*  forward(2) 3. src= , dest=*.*.*.*  send to controller

(Logically) Centralized Controller 13 Controller Platform

Protocols  Applications 14 Controller Platform Controller Application

Programming SDNs 15 Images by Billy Perkins The Good –Network-wide visibility –Direct control over the switches –Simple data-plane abstraction The Bad –Low-level programming interface –Functionality tied to hardware –Explicit resource control The Ugly –Non-modular, non-compositional –Programmer faced with challenging distributed programming problem

Combining Many Networking Tasks 16 Controller Platform Monitor + Route + FW + LB Monolithic application Hard to program, test, debug, reuse, port, …

Modular Controller Applications 17 Controller Platform LB Route Monitor FW Easier to program, test, and debug Greater reusability and portability A module for each task

Modules Affect the Same Traffic 18 Controller Platform LB Route Monitor FW How to combine modules into a complete application? Each module partially specifies the handling of the traffic

From Rules to a Policy Function Located packet –A packet and its location (switch and port) Policy function –From located packet to set of located packets Examples –Original packet: identity –Drop the packet: none –Modified header: modify(f=v) –New location: fwd(a) 19

From Bit Patterns to Predicates OpenFlow –No direct way to specify dstip!= – Requires two prioritized bitmatches  Higher priority: dstip=  Lower priority: * Using boolean predicates – Providing &, |, and ~ – E.g., ~match(dstip= ) 20

Virtual Header Fields Unified abstraction –Real headers: dstip, srcport, … –Packet location: switch and port –User-defined: e.g., traffic_class Simple operations –Match: match(f=v) –Modify: modify(f=v) Example – match(switch=A) & match(dstip=‘ ’ ) 21

Power of Policy as a Function Dynamic policy –A stream of policy functions Composition –Parallel: Monitor + Route –Sequential: Firewall >> Route A >> (B + C) >> D (A >> P) + (B >> P) (A + B)>>P 22

Equational Theory Commutative (+) –P + Q == Q + P Associative (+) –(P + Q) + R == P + (Q + R) Drop unit –P + drop == P Associative (>>) –(P >> Q) >> R == P >> (Q >> R) 23 A sign of a well-conceived language == a simple equational theory

Equational Theory Id unit (>>) –id >> P == P –P >> id == P Drop zero (>>) –drop >> P == drop –P >> drop == drop If commutes (>>) –(if q then P else Q) >> R == if q then (P >> R) else (Q >> R) 24

A Simple Use Case (Modular Reasoning) 25 firewall = if srcip = then drop else id firewall = if srcip = then drop else id router =... app = firewall >> router app == firewall >> router == (if srcip = then drop else id) >> router == if srcip = then (drop >> router) else (id >> router) == if srcip = then drop else (id >> router) == if srcip = then drop else router

Compiling Parallel Composition 26 Controller Platform Route on destination Monitor on source + dstip =  fwd(1) dstip =  fwd(2) srcip =  count

Compiling Parallel Composition 27 Controller Platform Route on destination Monitor on source + dstip =  fwd(1) dstip =  fwd(2) srcip =  count srcip = , dstip =  fwd(1), count srcip = , dstip =  fwd(2), count srcip =  count dstip =  fwd(1) dstip =  fwd(2)

Compiling Sequential Composition 28 Controller Platform Routing Load Balancer >> dstip =  fwd(1) dstip =  fwd(2) srcip = 0*, dstip=  dstip= srcip = 1*, dstip=  dstip=

Compiling Sequential Composition 29 Controller Platform Routing Load Balancer >> dstip =  fwd(1) dstip =  fwd(2) srcip = 0*, dstip=  dstip= srcip = 1*, dstip=  dstip= srcip = 0*, dstip =  dstip = , fwd(1) srcip = 1*, dstip =  dstip = , fwd(2)

Queries as Buckets Forwarding to a “bucket” –Q = packets(limit=1,group_by=['srcip']) Callback functions –Q.register_callback(printer) Multiple kinds of buckets –Packets: with limit on number –Packet counts: with time interval –Byte counts: with time interval 30

SQL-Like Query Language Get what you ask for –Nothing more, nothing less SQL-like query language –Familiar abstraction –Returns a stream –Intuitive cost model Minimize controller overhead –Filter using high-level patterns –Limit the # of values returned –Aggregate by #/size of packets 31 Select(bytes) * Where(in:2 & srcport:80) * GroupBy([dstmac]) * Every(60) Select(packets) * GroupBy([srcmac]) * SplitWhen([inport]) * Limit(1) Learning Host Location Traffic Monitoring

Next Steps Assignments –Buffer bloat due 3pm Tuesday October 14 –BGP/Pyretic assignment due 5pm Friday November 14 Project proposals –Up to two pages, due 5pm Friday October 17 Next two weeks –Interdomain routing 32