1 / 36

ECE 526 – Network Processing Systems Design

ECE 526 – Network Processing Systems Design. Network Processing Functions Chapter 6&9: D. E. Comer. Packet Processing Functions. Basic network system functionality Address lookup Packet forwarding Fragmentation and re-assembly Security Error detection and correction Queuing Scheduling

Download Presentation

ECE 526 – Network Processing Systems Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ECE 526 – Network Processing Systems Design Network Processing Functions Chapter 6&9: D. E. Comer

  2. Packet Processing Functions • Basic network system functionality • Address lookup • Packet forwarding • Fragmentation and re-assembly • Security • Error detection and correction • Queuing • Scheduling • Protocol de-multiplexing • Packet classification • Traffic measurement (Lab 2) ECE 526

  3. Outline • Error detection and correction • Queueing • Scheduling • Packet classification • Inefficiency of packet de-multiplexing • Classification implementation schemes • Summary ECE 526

  4. Error Detection and Correction • Bit errors can occur in packet • Layer 2 • Cyclic Redundancy Check (CRC) • Layer 3 • Header checksum • Significant computation overhead • Layer 2 CRC done in hardware • Layer 3 checksum computed over packet header only • Error correction not performed by network system • Even more overhead • Error correction handled by upper layers ECE 526

  5. Queueing • Referred to policies, data structure and algorithms related to storing and selecting packets • Packet processing- store and forward • Incoming packet placed in incoming queue • Outgoing packet placed in output queue • When queue full, packets are discarded • Recall: queuing is one source of packet delay • Basic questions about queuing • What is the right size of each queue? • How many queue needed? • Where to place queues physically? • How to implement priority policy? ECE 526

  6. Queueing Priority • Multiple queues used to enforce priority • Incoming packet • Assigned priority as function of packet content, size or security • Placed in appropriate priority queue • Queueing discipline • Examining priority queues • Chooses which packet to send • Drop/discard policy: tail drop ECE 526

  7. Queueing Disciplines • Priority Queueing • Assign unique priority number to each queue • Choose packet from highest priority queue which is nonempty • Known as strict priority queueing -> starvation • Weighted Round Robin (WRR) • Assign unique priority number to each queue • Process all queues round-robin • Compute N, max number of packets to select from a queue proportional to priority • Take up to N packet for processing before moving to next queue • Does this work well? • Weighed Fair Queueing (WFQ) • Use packet size rather than number of packets • Allocates priority to data amount of from a queue rather than number of packets ECE 526

  8. Scheduling • Co-ordination of activities in network systems • Two types • Link (queue) scheduling • Resource scheduling • Resource allocation • Processing on multiple packets • Processing on multiple protocols • Multiple processors • Scheduling attempts to achieve fairness ECE 526

  9. network link physical link physical M M Ht Ht M M Hn Hn Hn Hn Ht Ht Ht Ht M M M M Hl Hl Hl Hl Hl Hl Hn Hn Hn Hn Hn Hn Ht Ht Ht Ht Ht Ht M M M M M M source Encapsulation message application transport network link physical segment datagram frame switch destination application transport network link physical router ECE 526

  10. Protocol Demultiplexing • Used with layered protocols • Protocols at each layer of stack are differentiated with type information at lower layer • Example: layer 3 – IP, ARP based on Ethernet type • Layered processing • On output side (sender), type field in each header specifies encapsulation. • On input side (receiver), software in each layer chooses module at next higher layer. • Layered processing is inefficient since we have to go through all stacks sequentially • Can we do better? ECE 526

  11. Packet Classification • Alternative to demultiplexing for higher speed • Idea • All layer header information available (no dependency) • Can we process layer headers at different sequence (reorder!) • Can we consider all layer header at the same time (parallel!) • Classification • Mapping packet into categories • Based on header information from mixed layer • Rule based • Example: • five-tuple flow classification • Web traffic ECE 526

  12. Classification:Software Version • Compare values in header fields • Conceptually a logic and of all fields comparisons • Example: web traffic • three classification rules required If ((frame type == 0x800) && (IP type ==6) && (TCP port ==80) packet matched classification else packet does not match classification • Can we do better? ECE 526

  13. Classification: Software Optimization ECE 526

  14. Classification: Hardware Version • Specific hardware • Extract required fields parallel ECE 526

  15. Classification: Hybrid Version • Hardware and software combination • Hardware for standard cases • Software for exceptions ECE 526

  16. Summary • Finish overview of the major packet processing functions • Error detection and correction are expensive • Queuing and queuing disciplines • Scheduling and fairness • Difference between demultiplexing and classification • Sequential tour layers vs. parallel scan ECE 526

  17. Network Measurements • Why do we need measurements? • Debugging • Performance tuning • Discovery of network structure • Understanding of network behavior (reverse-engineering) • Discovery of security holes and attacks • Etc. • How can we measure networks? • Inject packets and see what happens (active measurement) • Observe traffic (passive measurement) • What are pros and cons of measurement? ECE 526

  18. Active Measurement • Metrics that can be measured • Connectivity • Round-trip time • Loss rate • Reordering • Available bandwidth • Bandwidth capacity • Some metrics are available per-hop, others only end-to-end • Some tools need software on both sides of measurement ECE 526

  19. Passive Measurement • Tcpdump is an example of passive network measurement • Passive measurement consists of several phases • Data collection • Data storage • Extraction and calculation of metrics • Passive measurement metrics • Traffic volume (link utilization) • Traffic mix (e.g., by protocol type, by destination) • TCP flow behavior (packet retransmissions) • Passive measurement challenges? • Data rates to process • Only partial view of network • Staleness of data ECE 526

  20. Lab2: NetworkTraffic Monitoring & Performance Measurement • Goals • Learn basic network tools • Understand packet structure by watching real packets • Get real performance number • Tools • Ping: a program verifying the existence of IP address • Used for packet generator and delay measurement • Traceroute: a program tracing the route from sender to destination • Used for delay measurement and route bottleneck identifier • Ethereal: network protocol analyzer • Iperf: a tool to measure the maximum throughput between client and server ECE 526

  21. Connectivity • Simples case of active measurement • Typically done with ICMP Echo Request • Recipient will reply with ICMP Echo Response • Implemented in ping tool: • Sends ICMP echo requests to specified IP address • Prints responses • Reports TTL, round-trip time, loss rate (both ways) • Useful parameters • -c or -n count • On Unix: -n numeric output (no IP address translation) • -f flood ping ☺ • Very common and useful tool ECE 526

  22. Ping • Sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies • Using interval timing and response rate, ping estimates the round-trip time and packet loss ECE 526

  23. Ping Limitations • What are the limitations of ping? • ICMP disabled • NAT boxes / firewalls • No information on route (other than TTL) • No information on performance (other than RTT) • Other interesting observations • TTL in packets can reveal OS type (useful for hackers) ECE 526

  24. Route • How can route of packet be measured? • Traceroute approach: • Send packets with limited TTL towards destination • Packets will “expire” and cause ICMP error message • Source of error message is intermediate hop • Repeat with increasing TTL • Output: • Each router with RTT ECE 526

  25. Traceroute • To determine the route taken by packets across an IP network. • working by increasing the "time-to-live" value of each successive batch of packets sent • Host discards the packet and sends an ICMPtime exceeded packet when TTL = 0 • Using these returning packets to produce a list of hosts that the packets have traversed en route to the destination • IP does not guarantee that all the packets take the same route. ECE 526

  26. ECE 526

  27. Traceroute Limitation • Not all routers respond • Processing, control and queue leads to wrong TTL results ECE 526

  28. tcpdump • Passive network measurement tool: tcpdump • Tcpdump collects packets from interface and displays headers • Only one interface can be observed at any point of time • All traffic on interface can bee seen (promiscuous mode) • Filter allows pre-filtering of output • Payload can be preserved (if necessary) • Timestamp of packet arrival and transmission • Very useful to check network setup • Useful options • -n no address translation • -r and -w to read and write files • -s determines length of preserved data • -vv very verbose output • Results can be displayed nicely with ethereal ECE 526

  29. Ethereal ECE 526

  30. Bandwidth • How to measure bandwidth? • TCP vs. UDP • Inject packets at high rates • Reporting of result? • Requires software on both sides • Issues to consider • Measurement reports currently available bandwidth • Reports only bottleneck bandwidth • TCP behavior needs to be considered • Timing of UDP packet is critical • Tool: iperf (and many others) • Client acts as sender • Server sinks traffic and reports statistics ECE 526

  31. iperf • Iperf report • Iperf options • -s run as server • -c run as client • -u uses UDP instead of TCP • Man other options for packet size and rate (UDP) • -b binds output interface (very useful) ECE 526

  32. Iperf • > iperf -c 10.0.13.68 • results should look like this:------------------------------------------------------------Client connecting to 10.0.13.68, TCP port 5001TCP window size: 8.00 KByte (default)------------------------------------------------------------[1924] local (your IP) port 1500 connected with 10.0.13.68 port 5001[ ID] Interval Transfer Bandwidth[1924] 0.0-10.0 sec 111 MBytes 92.9 Mbits/sec • You're interested in the red numbers ECE 526

  33. iperf Limitations • What are the limitations of iperf? • Same as for any other bandwidth measurement tool • Control overhead • Many options -> possible misconfiguration • Need tool to observe network traffic to verify correct measurement setup ECE 526

  34. Hyperion Project • Distributed passive measurement platform • Multiple measurement node in network • Coordinated traffic collection and storage • Performance challenge • Extraction, storage, and retrieval requires high performance • Network processors can be used for extraction and pre-processing ECE 526

  35. Hyperion Node Architecture ECE 526

  36. Privacy Issues • Passive measurements observe all traffic in network • Users have rights to privacy • Measurement data can reveal lots of personal information • Examples of personal information • Web pages visited • Usernames and passwords (if not encrypted) • Emails, IM, etc. • Even encrypted traffic reveals information • One possible solution: anonymization of traces • “Scramble” IP addresses • Prefix-preserving hashing is preferable over random hashing • Computationally expensive ECE 526

More Related