550 likes | 569 Views
This article presents two TCP-based network measurement tools, Sting and TBIT, which can measure packet loss rates and infer TCP behavior. These tools are helpful for testing and analyzing TCP implementations.
E N D
TCP-Related Measurements Presented by: Charles Simpson (Robby) September 30, 2003
Sting: a TCP-based Network Measurement Tool • Stefan Savage (Department of Computer Science and Engineering, University of Washington, Seattle) • Published in Proceedings of USENIX Symposium on Internet Technologies and Systems (USITS ’99), October 1999
Features • Can measure the packet loss rate on both the forward and reverse paths between a pair of hosts • Only uses the TCP algorithm • Target only needs to run a TCP service, such as a web server
Forward Loss • Data Seeding: • Source sends in-sequence TCP data packets to target, each of which will be a loss sample • Hole-filling: • Sends TCP data packet with sequence number one greater than the last seeding packet • If target ACKs this new packet, no loss • Else, each ACK indicates missing packets • Should be reliable, that is retransmissions must be made in Hole-filling
Reverse Loss • Data Seeding: • Skip first sequence number, ensuring out-of-sequence data (Fast Retransmit) • Receiver will immediately acknowledge each data packet received • Measure lost ACKs • Hole-filling: • Transmit first sequence number • Continue as before
Results • Loss rates increase during business hours, and then wane • Forward and reverse loss rates vary independently • On average, with popular web servers, the reverse loss rate is more than 10 times greater than the forward loss rate
On Inferring TCP Behavior • Jitendra Padhye and Sally Floyd (AT&T Center for Internet Research at ICSI (ACIRI)) • Published in SIGCOMM ‘01
Features • Developed a tool called TBIT (TCP Behavior Inference Tool) to characterize the behavior of remote web servers, bugs, and non-compliance • Based on Sting
Motivations and Requirements • “Is it appropriate to base Internet simulation and analysis on Reno TCP?” • “What are the initial windows used in TCP connections in the Internet?” • Is end-to-end congestion control being used? • To identify and correct TCP implementation bugs • Testing the TCP behavior of the equipment en route to the target • Should be able to test any web server, any time • TBIT traffic should not be hostile, or even appear to be hostile (or anomalous)
Initial Value of Congestion Window (ICW) • Sends TCP SYN to target, port 80, with large receiver window and desired MSS • Upon receiving SYN/ACK, HTTP 1.0 GET request is sent (along with ACK) • TBIT does not acknowledge any more packets, so the target will only send packets that fit in its ICW • Once TBIT sees a retransmission, it sends a RST to close the connection
Congestion Control Algorithm (CCA) • Connection is established with a small MSS (~100 bytes) to force several packets to be sent (receiver window is set to 5*MSS) • Request is made • All packets are acknowledged up to 13th packet • This packet is dropped • The 14th and 15th packets arrive and are acknowledged (duplicate ACKs) • Packet 16 is dropped, all further packets are acknowledged • Connection is closed once 25 data packets are received, including retransmissions
Conformant Congestion Control (CCC) • Connection is established and request made, with a small MSS • All packets acknowledged until packet 15 is received, which is dropped • All are ACKed, with duplicate ACKs sent for packet 14 until 15 is retransmitted (which is ACKed) • Size of reduced congestion window is the difference between the maximum sequence number received and the highest sequence number acknowledged
Response to SACK • SYN with small MSS and SACK_PERMITTED sent • If SYN/ACK with SACK_PERMITTED is not received, test is terminated • Else packets are received and ACKed until packet 15 is received. 15, 17, and 19 are dropped and an appropriate SACK for 16 and 18 is sent • TBIT waits, sending appropriate SACKs, until 15, 17, and 19 are received • Connection is closed
Time Wait Duration • A three-way handshake (FIN, FIN/ACK, ACK) is used for closing connections • TCP standard specifies after ACKing the FIN, the target should wait 2*MSL (Maximum Segment Lifetime) before port can be reused
Response to ECN • ECN-setup SYN is sent • If no SYN/ACK is received after three retries, or if RST is received, TBIT concludes failure • Else, SYN/ACK is checked for ECN-setup (ECN_ECHO set, CWR unset) • HTTP request sent with ECT and CE bits set • If ACK is received, check for ECN_ECHO, else give up after three retries
Interesting Result • Many tests were terminated because the remote host sent packets with MSS larger than that set by the receiver
Future Work • Further Tests of TCP implementation • DSACK (RFC 2883) • Limited Transmit (RFC 3042) • Congestion Window Validation (RFC 2861) • Test for Standards Compliance • Use TBIT to generate models of TCP implementations for simulators such as NS
On the Characteristics and Origins of Internet Flow Rates • Yin Zhang and Lee Breslau (AT&T Labs – Research) • Vern Paxson and Scott Shenker (International Computer Science Institute) • Published in SIGCOMM ‘02
Features • Developed tool, T-RAT (TCP Rate Analysis Tool), that analyzes TCP packet-level dynamics, by examining traces • They want to find the distribution of flow data transmit rates, as well as the causes of these rates • They examine the distribution of flow rates seen and investigate the relationship between these rates and other characteristics like flow size and duration
Rate Distribution • Average rates vary over several orders of magnitude • Flow sizes more highly skewed than flow rates, probably due to unbounded sizes • Used Q-Q plot to determine fit to log-normal distribution, which was good • Find that most flows are not fast, but the fast flows account for a significant fraction of all traffic • They see a divide between large, fast flows and small, slow flows
Correlations • Tested three correlations and found: • Duration and rate (negative correlation) • Size and rate (slightly positive correlation) • Duration and size (really strong correlation)
T-RAT Specifications • Entire connection need not be observed • Trace can be recorded at arbitrary location • Tool works in a streaming fashion • Packets are grouped into flights, and the following is recorded: • The MSS is estimated • The RTT is estimated • The rate limit is estimated
T-RAT Rate Limiting Factors • Opportunity Limited – limited amount of data to send • Congestion Limited – due to packet loss • Transport Limited – sender is in congestion avoidance, but doesn’t experience any loss • Receiver Window Limited – sender is limited by the receiver’s maximum advertised window • Bandwidth Limited – sender fully utilizes bandwidth • Application Limited – application does not produce data fast enough to be transport or bandwidth limited
Results (per bytes) • Most common rate limiting factor is congestion (22% - 43% of bytes in traces) • Window limitations, more specifically receiver window, was the second most limiting factor • Other limitations did not really present themselves
Results (per flows) • Most common are opportunity and application limitations (together, over 90% of all flows) • Other factors had little, if any, affect • Supports the conclusion that most flows are small and slow • Small – opportunity limited • Slow – application limited • Much more work to do
Passive Estimation of TCP Round-Trip Times • Hao Jiang (Computer and Information Sciences, University of Delaware) • Constantinos Dovrolis (Computer and Information Sciences, University of Delaware) • To appear at the ACM Computer Communications Review, August 2002
Objectives • “… to estimate the Round-Trip Times (RTTs) of the TCP connections that go through a network link, using passive measurements at that link.” • Using traces • Using only unidirectional flows • Must have IP and TCP headers and an accurate timestamp for each packet
Techniques • SYN-ACK (SA) estimation • Flows from caller to callee • Slow-Start (SS) estimation • Flows from callee to caller • Must transfer at least five consecutive segments, the first four must be MSS packets • NOTE: These techniques are simple enough to be able to run on routers in real-time • Only one estimation is made per connection, which has been validated in “On Estimating End-to-End Network Path Properties,” by Mark Allman and Vern Paxson, SIGCOMM ‘99
SYN-ACK (SA) Estimation • Basic Idea: “… RTT can be estimated from the time interval between the last-SYN and the first-ACK that the caller sends to the callee” • Three Conditions: • No delay • SYN/ACK cannot be lost, as well as first ACK • Low delay jitter • Still performs well when conditions are not met
Slow-Start (SS) Estimation • MSS value can be estimated from trace, by comparing with “well-known” values • Basic Idea: “… the time spacing between the first and second bursts is roughly equal to the connection’s RTT.” • Delayed ACKs could become a problem, thus first burst must consist of at least two MSS packets
Direct Verification • Compare SA and SS estimated RTT values with ping measurements • Accuracy threshold: The estimate must be within 5ms or 10%, whichever is larger, to the median ping measurement • Only 5-10% of SA estimates are outside the threshold • 10-15% of SS estimates are outside the threshold • The errors seem worse on links with larger RTTs, probably due to jitter