Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tools, Algorithms & System Implementation for End-user performance monitoring dario.rossi Dario Rossi

Published byAubree Ackroyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Tools, Algorithms & System Implementation for End-user performance monitoring dario.rossi Dario Rossi"— Presentation transcript:

1 Tools, Algorithms & System Implementation for End-user performance monitoring dario.rossi Dario Rossi dario.rossi@enst.fr http://www.enst.fr/~drossi

2 Agenda Tools, algorithms System implementation End-user performance monitoring Two perspective: – Background (all available from my webpage) – Foreground (open for collaboration)

3 Background

4 Tools, Algorithms Classification (C45, SVM,..) Regression (ARMA,SVR,..) Statistical analysis (PCA, ANOVA,..) Inference (Apriori,…) Applied to: Traffic analysis & classification

5 System implementation Tstat – Passive flow-level sniffer, classifier, traffic analyzer ModelNet-TE – Packet-level emulator with Traffic Engineering capabilities 5 Demonstration software – at Sigcomm, Sigmetrics, Infocom, Globecom All available from SOFTWARE and DEMO categories at http://www.enst.fr/~drossi http://www.enst.fr/~drossi

6 End-user performance monitoring Web – Methodology to infer, from TCP traffic, if a Web connection has been interrupted P2P-VoIP – In-depth black-box study of Skype P2P-TV systems – Assessment of peer selection strategies More at http://ww.enst.fr/~drossi/index.php?n=Main.PublicationsByTopic

7 Example: traffic classification Deep Packet Inspection (DPI) Stochastic Packet Inspection (KISS) Behavior analysis (Abacus) GET MAIL FROM: BT Specific KeywordApplication syntax X M L TC S P TR S V PK G B X K G B XA P S TR S V P Algorithm design Entropy of L7 header, Chi-square test Contact “weights” CDF Bhattaccharyya distance

8 Kiss vs Abacus algorithms PPLive TVAnts Normalized   (first 14 header bytes) Packets per sender peers pdf (5 sec intervals) SopCast 8 http://www.enst.fr/~drossi/index.php?n=Software.ClassificationDemo

9 System implementation ISP1 HTTP YouTube BitTorrent BitTorrent UDP Other UDP Other TCP eMule … ISP5 9

10 Foreground

11 Interests Very high-speed implementation (>10Gbps) – Monitoring & classification Federation of passive measurement points – Increase statistical relevance of measurement – Challenging per se New measures: Workload for CDN/ICN New algorithms: Bufferbloat inference New tools: Map-Reduce for traffic analysis

12 System implementation (1/2) Wire-speed classification engines Submitted to IMC’12

13 System implementation (2/2) ISP1 … ISP2 Federation of passive measurement points – Aim: coalesce RRD data to increase statistical relevance – Incentive model: gain access to the aggregated data – Implementation Star topology: the root R fetch ISP1…ISPn, aggregates on ISP* and redispatch Chain: ISP2 aggregate ISP1 and ISP2, pass it to ISP3 and so on; chain ends at R that add its own data to ISP* and send it back P2P: structured vs unstructured? e.g., BitTorrent only to redispatch ISP*? 13 ISPn

14 System implementation (3/3) Exploit of (new) active measurement points – Compare results between PlanetLab & e.g., Boinc – Boinc http://boinc.berkeley.edu/http://boinc.berkeley.edu/ Aim: collaborative/volounteering computing Used by: More than 295,000 worldwide location Incentive to provide PCs: being on the top-100. Unexplored for network resources 14

15 End-user performance monitoring (1/2) Bufferbloat Large buffer size (≥128KB) + Narrow bw (≤1Mbps) = Queueing delay (≥1 sec) Passive accurate method to measure remote peers queue size Integration on Dasu (BitTorrent plugin) to crowdsource ISP characterization ? Submitted to IMC’12 Bufferbloat! TCP AIMD fills the buffer! Nasty impact on interactive Web, VoIP, gaming traffic

16 End-user performance monitoring (2/2) Workload for CDN/ICN – Goal: assess the relevance of in-network caching – Need: a relevant large-scale workload Challenges – Cannot use Tier-1 backbone trace current dest. Server IP maps to CDN nodes – Cannot use DNS Caching => @root malformed > legitimate queries; frequencies avail at stub resolver, but impossible to get contemporary logs from many (>1000) of them – Cannot use HTTP Not everything tunneled in HTTP; still, would need payload of Tier-1 backbone, with a large snaplen to get the full URLs – Solution? In progress (=none so far)

17 ?? || //

18 Backup slides

19 Traffic Classification Taxonomy ApproachSubcategoryGranularityTimelinessComplexityComment Payload Based [1,2] Deep Packet Inspection (DPI) Fine-grained individual applications Early (first few packets). Access to packet payload of first few packets. Moderate cost Deterministic technique; KISS[Ton’10] Stochastic Packet Inspection Fine-grained individual applications Online (100s packets windows) Access to packet payload of several packets. High cost Robust technique Statistical Analysis [4,5,6,7]Coarse-grained, class of application Late (after the flow end). Access to flow-level information Lightweight cost Post-mortem analysis [8,9]Fine-grained individual applications Early (first 5 packets) Access to first few packets Lightweight cost On the fly classification Behavioral Analysis [10,11]Coarse-grained, class of application Late (after the flow end). LightweightPost-mortem analysis Abacus [ComNet’11] Fine-grained, individual P2P applications Online (1s-5s seconds windows) LightweightOnline classification Limited to P2P

20 Overview Deep Packet Inspection (DPI) Stochastic Packet Inspection (KISS) Behavior analysis (Abacus) GET MAIL FROM: BT Specific KeywordApplication syntax X M L TC S P TR S V PK G B X K G B XA P S TR S V P Algorithm design

21 Y1 pkt1 cb d2... 02 60 Y1 pkt2 cc d5... 02 08 Y2 pkt1 01 da... 02 65 Y1 pkt3 cd c0... 02 d9 Y2 pkt2 02 c1... 02 5c Y2 pkt3 03 dc... 02 11 Y1 pkt4 ce cb... 02 28 Y1 pkt5 cf d1... 02 8a Y1 pkt6 d0 ca... 02 3a Y2 pkt4 04 c2... 02 b7 1) Extract the first N bytes of the payload from a window of W consecutive packets 2) Divide each byte in 2 chunks of 4 bits 3) Collect the frequency distribution O i of the values assumed by each chunk 4) Compare the distribution to a uniform distribution Ei=/2 4 with a   -like test counters C||D = 3 bit fixed random deterministic X Y1Y1 Y2Y2 measure the randomness of each chunk KISS signature: [X 1, X 2,... X 2N ]over W pkts KISS: Stochastic packet inspection Header syntax is fixed, binary alphabet 21

22 1)Count the number of packets/bytes received in a fixed time window  T 2) Count the number of hosts sending a given number of packets/bytes (exponential binning) 3) Normalize the packet/bytewise counts to gather two probability mass functions X Y1Y1 Y2Y2 2 4 8... Y3Y3 Y4Y4 16 Y5Y5 Freq. Distribution = [1, 1, 3, 0] Signature = [0.2, 0.2, 0.6] Example using packets Abacus: Behavioral signatures Applications implement different activities (signaling, data chunks) and tuning (chunk size) 22

23 Kiss vs Abacus signatures PPLive TVAnts Normalized   (first 14 header bytes) Packets per sender peers pdf (5 sec intervals) SopCast 23

24 Oops! Sorry, wrong key

Download ppt "Tools, Algorithms & System Implementation for End-user performance monitoring dario.rossi Dario Rossi"

Similar presentations

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.

Quality of Service CS 457 Presentation Xue Gu Nov 15, 2001.
Florin Dinu T. S. Eugene Ng Rice University Inferring a Network Congestion Map with Traffic Overhead 0 zero.

Florin Dinu T. S. Eugene Ng Rice University Inferring a Network Congestion Map with Traffic Overhead 0 zero.
Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.

Spring 2006CS 685 Network Algorithmics1 Principles in Practice CS 685 Network Algorithmics Spring 2006.
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.

Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
KISS: Stochastic Packet Inspection for UDP Traffic Classification

KISS: Stochastic Packet Inspection for UDP Traffic Classification
Top Causes for Poor Application Performance Case Studies Mike Canney.

Top Causes for Poor Application Performance Case Studies Mike Canney.
2014 Examples of Traffic. Video Video Traffic (High Definition) –30 frames per second –Frame format: 1920x1080 pixels –24 bits per pixel  Required rate:

2014 Examples of Traffic. Video Video Traffic (High Definition) –30 frames per second –Frame format: 1920x1080 pixels –24 bits per pixel  Required rate:
Ahmed Mansy, Mostafa Ammar (Georgia Tech) Bill Ver Steeg (Cisco)

Ahmed Mansy, Mostafa Ammar (Georgia Tech) Bill Ver Steeg (Cisco)
Internet Traffic Classification KISS Dario Bonfiglio, Alessandro Finamore, Marco Mellia, Michela Meo, Dario Rossi 1.

Internet Traffic Classification KISS Dario Bonfiglio, Alessandro Finamore, Marco Mellia, Michela Meo, Dario Rossi 1.
Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.

Marios Iliofotou (UC Riverside) Brian Gallagher (LLNL)Tina Eliassi-Rad (Rutgers University) Guowu Xi (UC Riverside)Michalis Faloutsos (UC Riverside) ACM.
James 1:5 If any of you lacks wisdom, he should ask God, who gives generously to all without finding fault, and it will be given to him.

James 1:5 If any of you lacks wisdom, he should ask God, who gives generously to all without finding fault, and it will be given to him.
Profiling Network Performance in Multi-tier Datacenter Applications

Profiling Network Performance in Multi-tier Datacenter Applications
1 Modeling and Emulation of Internet Paths Pramod Sanaga, Jonathon Duerig, Robert Ricci, Jay Lepreau University of Utah.

1 Modeling and Emulation of Internet Paths Pramod Sanaga, Jonathon Duerig, Robert Ricci, Jay Lepreau University of Utah.
Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.

Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.
A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.

A Framework for Classifying Denial of Service Attacks Alefiya Hussain, John Heidemann and Christos Papadopoulos presented by Nahur Fonseca NRG, June, 22.
Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.

Shadow Configurations: A Network Management Primitive Richard Alimi, Ye Wang, Y. Richard Yang Laboratory of Networked Systems Yale University.
PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong.

PBS: Periodic Behavioral Spectrum of P2P Applications Tom Z.J. Fu, Yan Hu, Xingang Shi, Dah Ming Chiu and John C.S. Lui The Chinese University of Hong.
Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Similar presentations

Ads by Google