1 / 22

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis. Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage. Enterprise 802.11?. Easy. Blanket the building with 802.11 APs for 100% coverage. A familiar story. “The wireless is being flaky.”.

evette
Download Presentation

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung ChengJohn Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage

  2. Enterprise 802.11? Easy. Blanket the building with 802.11 APs for 100% coverage

  3. A familiar story... “The wireless is being flaky.” “Flaky how?” “Well, my connections got dropped earlier and now things seem very sloooow.” “OK, we will take a look” Employee “Wait, wait … it’s ok now” “Mmm… well let us know if you have any more problems.” Support Now what?

  4. What are the problems? • Contention with nearby wireless devices? • Bad AP channel assignments? • Microwave ovens? • Congestions in the Internet? • Bad interaction between TCP and 802.11? • Rogue access points? • Poor choice of APs (weak signal)? • Incompatible user software/hardware? • 802.11 DoS attack?! • … Need to monitor the wireless network across time, locations, channels, and protocol layers

  5. How to monitor 802.11?

  6. Jigsaw • Measure real large wireless networks • Collect every possible information • PHY/Link/IP/TCP/App layer trace • Collect every single wireless packet • Need many sniffers for 100% coverage • Provide global view of wireless networks across time, locations, channels, and protocol layers

  7. New CSE building at UCSD • 150k square feet • 4 floors • >500 occupants • 150 faculty/staff • 350 students • Building-wide WiFi • 39 access points • 802.11b/g • Channel 1, 6, 11 • 10 - 90 active clients anytime • Daily traffic ~5 GB

  8. UCSD passive monitor system • Overlays existing WiFi network • Series of passive sniffers • Blanket deployment over 4 floors • 39 sensor pods (156 radios) • 4 radios per pod, cover all channels in use • Captures all 802.11 activities • Including CRC/PHY events • Stream back over wired network to a centralized storage

  9. Jigsaw design Traces synchronization and unification L2 state reconstruction TCP flow reconstruction

  10. TSF diff of two sniffers TSF diff (us) Time (s) Synchronization • Create a virtual global clock • To keep unification working • Critical evidence for analysis • If A and B are transmitting at the same time they could interfere • If A starts transmitting after B has started then A can’t hear B • Require fine time-scales (10-50us) • NTP is >100 usec accuracy • 802.11 HW clocks (TSF) have 100PPM stability

  11. Traces synchronization and unification • Sniffers label packets w/ local timestamp (TSF) • Need a global clock • Estimate the offset between TSF and the global clock for each sniffer

  12. Trace unification (ideal) Time

  13. JFrame 1 JFrame 2 JFrame 3 JFrame 4 JFrame 5 Trace unification (reality) Jigsawunifiedtrace Time

  14. 1 2 3 4 ∆t1 ∆t2 To Challenge: sync at large-scale • How to bootstrap? • Goal: estimate the offset between TSF and the global clock for each sniffer • Time reference from one sniffer to the other • Sync across channels • Dual radios on same sniffer slaved to same clock • Manage TSF clock skews • Continuously re-adjust offsets when unifying frames

  15. Jigsaw in action • Jigsaw unifies 156 traces into one global trace • Covers 99% of AP frames, 96% of client frames

  16. PHY errors CRC errors L2-ACK Beacon Synchronized Valid packets

  17. Jigsaw syncs 99% frames < 20us • Measure sync. quality by max dispersion per Jframe • 20 us is important threshold • 802.11 back-off time is 20 us • 802.11 inter frame time is 50 us • Sufficient to infer many 802.11 events

  18. Hidden terminal problems • Infer transmission failure by absence of ACK • Estimate conditional probability of loss given simultaneous transmission by some hidden-terminal • How much packet is lost due to hidden-terminal? ? sender receiver hidden terminal

  19. Hidden Terminal Problems • 10% of sender-receiver pairs have over 10% losses due to hidden terminals

  20. TCP loss rate in wireless vs. in Internet 802.11 b/g interactions ARP Broadcast Storms Microwave Ovens Trace analysis

  21. Moving forward • Developed “Jigsaw” that allows • 24x7 monitor system in UCSD CSE w/ 156 sniffers • Global fine-grained view of large wireless network (time, locations, channels) • Jigsaw software will be available shortly • Ongoing work • Root cause diagnoses of end-to-end performance in wireless networks • Standard wireless problem analysis • Ex. Exposed terminal problems

  22. Q & A Live traffic monitoring and more information at http://wireless.ucsdsys.net

More Related