1 / 156

Network Measurements, Modeling and Simulations

Network Measurements, Modeling and Simulations. Kun-chan Lan Department of Computer Science and Information Engineering klan@csie.ncku.edu.tw. Some Admin stuff. Paper review 2 paper reviews instead one as we originally planned since now the number of enrollment is reduced to 7

dougal
Télécharger la présentation

Network Measurements, Modeling and Simulations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network Measurements, Modeling and Simulations Kun-chan Lan Department of Computer Science and Information Engineering klan@csie.ncku.edu.tw

  2. Some Admin stuff • Paper review • 2 paper reviews instead one as we originally planned since now the number of enrollment is reduced to 7 • Please send the titles of the paper you will review to TA by the end of this week

  3. Guess talk next week • Talk: 如何一邊玩線上遊戲一邊寫論文? • 陳昇瑋: 中央研究院 • The talk will be related to your 2nd homework • No class lecture next week

  4. Homework 2 • Similar to the experiments done in the paper “Online Game QoE Evaluation using Paired Comparisons “ • Compare gaming performance using different wireless media • WiFi vs. 3G vs. WiMax • The experiments will be done in LENS lab using the multihomed mobile router

  5. Multi-homed mobile router • A mobile router with multiple interfaces • Will be setup in LENS lab • The mobile router will periodically change to a difference interface game client Game server

  6. Multi-homed mobile router • You job: • Play game • Make comparison about your perceived gaming performance • Create graph similar to what shown in the paper (you don’t need to write program for that purpose. Some programs will be offered to you to generate the plots)

  7. A quick survey… Why do you come to this class? What do you want to get out of this course?

  8. Learn about ns-2? • Learn how to measure traffic? • Learn how to use emulator? • Somebody suggested you to try it out? • None of the above (you have no idea why you came here!)

  9. Outline • Model and simulate Internet traffic • It’s hard to model and simulate Internet • Use measurement to improve the realism of your model • We advocate trace-driven simulation • Internet and wireless measurements

  10. The challenges in modeling and simulating Internet traffic

  11. What is a model? • Abstraction of real world • Base of a network simulation • Topology model • e.g. “a dumbbell topology” • Traffic model • “80% TCP + 20% UDP” • Queuing model • e.g. “FIFO”, “Fair queuing”, etc. • …..

  12. Role of simulation • Based on some particular models • Topology: e.g. dumbell vs. tree • Traffic: e.g. TCP vs. UDP • … • Widely used by researcher to study Internet • Millions of hosts in different administrative domains • Simulation vs. experiment (Why simulation?) • Repeatability • Configurability • Scalability • Explore complicated scenarios • Study “future” application/prtotocol/network

  13. What simulation does’t do • Realism • Details of simulation matters! • It’s your responsibility to know what level of details you need to capture in the simulation • Prove correctness of the model • Only for validation! • The value of simulation relies on a good model

  14. It’s hard to simulate Internet • Network heterogeneity • Rapid and unpredictable change

  15. Network heterogeneity • Topology • Link properties • Protocol • traffic • All the above matter when you do the simulation

  16. Difficulty in modeling topology • Constantly changing • Routing change • Link/node up and down • ISPs typically do not make topological information available • There is no “typical” topology • Depends on what are you simulating

  17. Difficulty in modeling links • large diversities • Speed: e.g. modem vs. fiber optic link • Loss: e.g. cooper wire vs. 802.11 • Transmission: point-to-point vs. broadcast • Latency: DSL vs. satellite links • Routing-dependent • Asymmetry

  18. Difficulty in modeling protocol • Differences in implementations • 400 different TCP implementations • Different applications and different traffic mix

  19. Difficulty in modeling traffic • Traffic is different everywhere • Effect of background traffic • Queuing, congestion • Some application are adaptive to network conditions

  20. Rapid and unpredictable changes • Change in TCP: Reno -> NewReno/SACK • Change in devices: PC->handheld • Change in web: caching -> CDN • Change in killer applicaton: • web->p2p->VoIP? • Change in physical layer: wired -> wireless

  21. Coping strategy • OK, so it’s hard to simulate Internet, but can we do something about it? • Yes • Systematically explore important parameters • Searching for invariants

  22. Network behavior as a function • Explore network behavior as a function of changing parameters • <observed traffic> = f(x1,x2,x3,…..) • Impossible to explore the whole set of parameters • Challenge: identify important parameters • Example parameters to which a simulation might be sensitive • Congestion • Topology • Router mechanism (routing, scheduling, etc.)

  23. Search for Invariants • Invariant: behavior that holds in a very wide range of environment • Examples • Diurnal patterns • Self-similarity • Poisson session arrival • Heavy-tailed distribution • Geographical topology • Extract invariants from real world data • Extensive measurements!

  24. Question?

  25. Outline • Model and simulate Internet traffic • It’s hard to model and simulate Internet • Internet and wireless measurements • Case study: modeling heavy-hitter traffic

  26. Why measuring? • To tell us what are the invariants, and what are just artifacts of the system • A base for realistic modeling and simulation • A common practice in other science disciplines (physics, biology, etc)

  27. A measurement plan • What questions you want to answer? • Testbed setup • How to collect the traces? And for how long? • What to collect? (what is your performance metrics) • Data analysis All of these should be in your project report!

  28. TCP over GPRS network How fair is TCP over GPRS?

  29. Things I am going to tell you next • What can you measure? • Things that you need to know when you measure • Where can you get Internet traffic measurements for free?

  30. Measure the Internet • What can you measure • Traffic • Routing • Topology • Performance • Multicast • Wireless/Mobility

  31. Tool for measuring traffic • Tcpdump/etherreal (libpcap) • Netflow • NetTrMet/RTG (SNMP)

  32. tcpdump/Ethereal • tcpdump • Most commonly used packet collector • based on libpcap API • Output can be easily analyzed using awk/perl scripts • Ethereal • GUI-based • Support various trace formats, including tcpdump, snoop, etc. • Support various link-layer headers, including 802.11, ATM, etc. • tcpdpriv • A commonly used packet anonymizer (to share traces with the others) • Libpcap-based • Link-level headers are passed through unchanged.

  33. Usage of tcpdump tcpdump [ -adeflnNOpqStvx ] [ -ccount ] [-Ffile ]   [ -iinterface ] [ -rfile ] [ -ssnaplen ] [-Ttype ] [ -wfile ] [expression ] Must run as root or have sudo permission

  34. <option> -iListen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback) -nDon't convert addresses (i.e., host addresses, port numbers, etc.) to names

  35. <option> -pDon't put the interface into promiscuous mode. -q Quick (quiet?) output. Print less protocol information so output lines are shorter. -r Read packets from file (which was created with the -w option). Standard input is used if file is ``-''.

  36. <option> -wWrite the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. -rRead packets from file (which was created with the -w option). Standard input is used if file is ``-''. -SPrint absolute, rather than relative, TCP sequence numbers

  37. <option> -s snarf snaplen bytes of data from each packet rather than the default of 68. 68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets. Packets truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. - Limit snaplen to the smallest number that will capture the protocol information you're interested in.

  38. <option> -tDon't print a timestamp on each dump line. -ttPrint an unformatted timestamp on each dump line. -v(Slightly more) verbose output. For example, the time to live and type of service information in an IP packet is printed. -vvEven more verbose output. For example, additional fields are printed from NFS reply packets. -xPrint each packet in hex.

  39. <expression> • selects which packets will be dumped. If no expression is given, all packets will be dumped. Otherwise, only packets for which expression is `true' will be dumped. • The expression consists of one or more primitives. Primitives usually consist of an id (name or number) preceded by one or more qualifiers. • There are three different kinds of qualifier. <type> <dir> <proto>

  40. <qualifier> <type> • what kind of thing the id name or number refers to • Possible types are host, net and port • E.g., `host csie.ncku.edu.tw', `net 146.132', `port 20' • If there is no type qualifier, host is assumed.

  41. <qualifier> <dir> • specify a particular transfer direction to and/or from id. • Possible directions are src, dst, src or dst and src anddst. • E.g., `src csie.ncku.edu.tw', `dst net 146.132', `src or dst port ftp-data'. • If there is no dir qualifier, src or dst is assumed

  42. <qualifier> <proto> • restrict the match to a particular protocol. • Possible protos are: ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp. • E.g., `ether src server1.ncku.edu.tw', `arp net 128.3', `tcp port 21'. • If there is no proto qualifier, all protocols consistent with the type are assumed. E.g., `src mail.ncku.edu.tw' means `(ip or arp or rarp) src mail.ncku.edu.tw'

  43. Complex expression • complex filter expressions are built up by using the words and, or and not to combine primitives. • E.g., `host csie.ncku.edu.tw and not port ftp and not port ftp-data'. • Iidentical qualifier lists can be omitted. E.g., `tcp dst port ftp or ftp-data or domain' == `tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain'.

  44. Allowable primitives • dst host host • src host host • host host • ether dst ehost • ether src ehost • ether host ehost • gatewayhost

  45. Allowable primitives • dst net net • src net net • net net • net netmask mask • net net/len True if the IP address matches net a netmask len bits wide. May be qualified with src or dst. • dst port port • src port port • port port

  46. Allowable primitives • less length True if the packet has a length less than or equal to length. This is equivalent to: len <= length. • greater length • ip proto protocol • True if the packet is an ip packet of protocol type protocol. Protocol can be a number or one of the names icmp, igrp, udp, nd, or tcp. Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped via backslash (\) • ether broadcast • ip broadcast

  47. Allowable primitives • ether multicast • ip multicast • ip, arp, rarp, decnet short for: ether proto pwhere p is one of the above protocols. • tcp, udp, icmp short for: ip proto p

  48. Relation operator • expr relop expr • relop is one of >, <, >=, <=, =, != • expr is an arithmetic expression composed of integer constants, the normal binary operators [+, -, *, /, &, |], a length operator, and special packet data accessors. • To access data inside the packet, use the following syntax: proto [ expr : size ]Proto is one of ether, fddi, ip, arp, rarp, tcp, udp, or icmp. E.g.tcp[0] means the first byte of the TCP header • For example, `ether[0] & 1 != 0' catches all multicast traffic. The expression `ip[0] & 0xf != 5' catches all IP packets with options.

  49. Combining primitives • Primitives may be combined using: • Negation (`!' or `not'). • Concatenation (`&&' or `and'). • Alternation (`||' or `or'). • Negation has highest precedence. Alternation and concatenation have equal precedence and associate left to right.. • If an identifier is given without a keyword, the most recent keyword is assumed. • E.g.,not host vs and aceis short for not host vs and host ace,which should not be confused with not ( host vs or ace )

  50. Netflow • Built-in service for most Cisco router/switch that runs Cisco IOS • Provide flow-level information • First packet in a flow is used to build an entry in the cache • Per-interface basis • Useful for accounting/billing, traffic monitoring, user profiling, data mining, etc.

More Related