530 likes | 624 Views
Centre for Applied Internet Research www.cair-uk.org. MIC 2011 Keynote, 14/02/2011, Innsbruck. The Internet: A difficult beast to control?. Professor Vic Grout Director of the Centre for Applied Internet Research (CAIR) Glynd ŵr University, North Wales v.grout@glyndwr.ac.uk
E N D
Centre for Applied Internet Research www.cair-uk.org
MIC 2011 Keynote, 14/02/2011, Innsbruck The Internet:A difficult beast to control? Professor Vic Grout Director of the Centre for Applied Internet Research (CAIR) Glyndŵr University, North Wales v.grout@glyndwr.ac.uk www.cair-uk.org
MIC 2011 Keynote, 14/02/2011, Innsbruck The Internet:A difficult beast to control? A rambling – and probably confused – collection of thoughts from 25 years’ research into network algorithms and optimization!
Control? Optimization? optimize or optimiseverb (optimized, optimizing) 1 to make the most or best of (a particular situation or opportunity, etc). 2 to make the most efficient use of something, especially by analysing and planning. 3intrans to be optimistic or act optimistically. 4intrans to become optimal. 5computing to prepare or modify (a computer system or program) so as to achieve the greatest possible efficiency. optimizationnoun. ETYMOLOGY: 19c. So what’s ‘Optimizing the Internet’? Making the Internet perfect? Having a look at something somewhere and consider tinkering with it?
Internet Optimization? There you are … I’ve optimized it!
Internet Optimization? There you are … I’ve optimized it!
We don’t always agree what optimization is! Thought #1
Conventionally, two different types of model/problem/solution: Design Topologies Dimensioning Off-line/Centralized Control/Management Traffic handling Routing Filtering Real-time/Distributed Internet/Network Optimization
Actually, there’s a much more interesting (and relevant) way of classifying models/problems/solutions! Thought #2
An alternative taxonomy: Internet/Network Optimization Things that have to be done (because finding any solution is a form of optimization). eg, routing Things that have an obvious default/initial solution(but it’s probably distinctly sub-optimal). eg, physical design Things that don’t have to be done (because there’s an existing valid solution already). eg, compression Essential Optional
A Cautionary Tale Start with one of the (conceptually) simplest optimization problems in graph theory: Minimum Spanning Tree (MST) “The EMST problem is a common component in applications involving networks. If one desires to set up a communications system among N nodes requiring interconnection cables, using the EMST will result in a network of minimal cost”, Michael Shamos, PhD Thesis, Yale University, 1978 Not practical!
Network Topology Core Access Distribution Complex!
A Further Complication j cij i Difficult to assign known costs as inputs ‘Double-drop’ and ‘triple-drop’ heuristics typical
There’s often a big difference between the textbook theory and real-world practice! Thought #3
Wireless Networks Minimum Connected Dominating Set (MCDS) Subscriber locations Fibre backbone
Sometimes the textbook works! Thought #4
Wireless Networks Initial network (Feasible links)
Wireless Networks MST (Inappropriate)
Wireless Networks MCDS
Optical Networks Regenerators needed to maintain signal integrity Very expensive! Actual link Feasible path Network topology with Impairment Feasible Paths
Optical Networks Effective link Transformed graph of the network
Optical Networks Core network Graph transformation and CDS
Optical Networks Mk-CDS Constraints: k-connectivity (core) k-domination (edge) a 2-CDS of the transformed graph
Wireless Networks Real-time optimisation? Distributed optimisation?
Many problems are just too hard! Thought #5
Classes of Internet Problem • Real-time • Runs repetitively/frequently within the network (not part of initial off-line planning) • Line-speed • Has to complete processing one packet/frame before the next arrives (at least, on average) • Distributed • Runs independently on each network device (switch, router, etc.) • Cooperative • Needs input from other network devices prior to solution (eg, topology status) • Responsive • Needs input from other network devices during solution (eg, control negotiation)
Classes of Internet Problem ‘Conventional’ eg, MST RT D C LS STP R Algorithms and Algorithmics! Spanning Tree Protocol RT: Real-time, LS: Line-speed, D: Distributed, C: Cooperative, R: Responsive
Routing RT/LS/D/C/R Network must converge before too many packets are lost or poorly routed Routers exchange link-state Information when topology changes
Shortest Paths Dijkstra’s Shortest Path Algorithm (DSPA) finds all shortest paths (and places them in the routing table) DSPA is polynomial complexity. Is that OK?
Sometimes, even the easy problems are hard! Thought #6
Routing j c = 1 / bandwidth cij i
Routing j c = 108 / bandwidth cij i
Routing P ? j c = 108 / bandwidth cij i
Routing P C = ΣijPcij =ΣijP 1/bij ? C = minijPbij ? When we try to optimize something in the Internet, what’s our objective function? What are we trying to maximise or minimise? throughput? delay? reliability? customer satisfaction bank balance? P = f(b) j c = 108 / bandwidth Bandwidth (b) Delay (d) Load (l) Reliability (r) cij i
No, seriously, we really don’t know what optimization means! Thought #7
Traffic Filtering • “Access Control Lists (ACLs)” • Interfaces: in and out (permit/deny) • Also selecting packets for traffic policies • Across an internet • Can add considerable packet latency
Access Control Lists Various possible implementations: Hardware (TCAMs) Trees/Tries, etc. access-list 173 permit icmp any any access-list 173 permit tcp any any established access-list 173 deny ip RANGE MASK any access-list 173 deny ip 10.77.23.0 0.255.255.255 any access-list 173 deny ip 172.16.2.0 0.15.255.255 any access-list 173 deny ip 192.168.1.0 0.0.255.255 any access-list 173 deny ip 169.254.1.0 0.0.255.255 any access-list 173 deny ip 192.168.2.0 0.0.0.255 any access-list 173 permit tcp any host MAILSERVER eq smtp access-list 173 permit tcp any host NAMESERVER eq domain access-list 173 permit udp any host NAMESERVER eq domain access-list 173 permit udp any eq 53 host NAMESERVER gt 1024 access-list 173 permit tcp host MANAGER host SUN eq telnet access-list 173 permit tcp host MANAGER host SERIAL0 eq telnet access-list 173 permit tcp host MANAGER host ETHERNET0 eq telnet access-list 173 permit udp host MANAGER host SERIAL0 eq snmp access-list 173 permit tcp any host FTPSERVER eq ftp access-list 173 permit tcp any eq ftp-data host FTPSERVER access-list 173 permit tcp any eq ftp-data any gt 1024 access-list 173 permit tcp any host WWWSERVER eq www access-list 173 permit tcp any host SWWWSERVER eq 443 access-list 173 permit udp EXT-NTPSERVER any eq 123 access-list 173 permit udp any range 6970 7170 any access-list 173 deny ip any any Sequence of ‘permit’ and ‘deny’ rules Each rules tries to match some feature of the packet being processed Rules processed sequentially … … until a rule matches the packet (stop) … … or the last rule is reached
Linear ACL Optimization • nrules in listL • Hit-ratehi(L) • probability that packets match rule i in list L • Latencyi(L) • time taken to process rule iin list L • Cumulative latency i(L) • time taken to process list up to and including iin list L • Expected latency E(L) • average time to process List L
Linear ACL Optimization • Expected latency E(L) • average time to process List L • Dependency MatrixD = (dij) • Problem: • Minimise E(L)subject to D • NP-complete (Grout et al., JoH, 2005) • RT/LS/D/C/R Rules i and j are dependent otherwise A major problem, even with approximations, is having to re-evaluate the objective function for each potential reordering of the list
Simplified ACL Optimization access-list 173 permit icmp any any access-list 173 permit tcp any any established access-list 173 deny ip RANGE MASK any access-list 173 deny ip 10.77.23.0 0.255.255.255 any access-list 173 deny ip 172.16.2.0 0.15.255.255 any access-list 173 deny ip 192.168.1.0 0.0.255.255 any access-list 173 deny ip 169.254.1.0 0.0.255.255 any access-list 173 deny ip 192.168.2.0 0.0.0.255 any access-list 173 permit tcp any host MAILSERVER eq smtp access-list 173 permit tcp any host NAMESERVER eq domain access-list 173 permit udp any host NAMESERVER eq domain access-list 173 permit udp any eq 53 host NAMESERVER gt 1024 access-list 173 permit tcp host MANAGER host SUN eq telnet access-list 173 permit tcp host MANAGER host SERIAL0 eq telnet access-list 173 permit tcp host MANAGER host ETHERNET0 eq telnet access-list 173 permit udp host MANAGER host SERIAL0 eq snmp access-list 173 permit tcp any host FTPSERVER eq ftp access-list 173 permit tcp any eq ftp-data host FTPSERVER access-list 173 permit tcp any eq ftp-data any gt 1024 access-list 173 permit tcp any host WWWSERVER eq www access-list 173 permit tcp any host SWWWSERVER eq 443 access-list 173 permit udp EXT-NTPSERVER any eq 123 access-list 173 permit udp any range 6970 7170 any access-list 173 deny ip any any In fact, in comparing rule order for a list L, the significance of rule hit-rates is only relative. It is not necessary for them to be normalised probabilities. This implies that the hit-rate of a newly hit rule, i, can increase without changing the hit-rates of the other rules. Following an increase in a rule i’s hit-rate, the only possible change in rule order (to reduce E(L)) is to promote i up the list. The most likely candidate with which to exchange it is rule i-1, immediately above it. The potential saving in expected latency in swapping rules i-1 and i is given by a simple, local calculation.
Simplified ACL Optimization Three-part heuristic (-opt): Step 1: Initialisation (following manual ACL configuration) fori := 1tondo hi := 1 \ hit rates equal at start Step 2: Promotion (on a packet matching rule i) hi := 2hi \ exponentially increase matched hit-rate ifdi-1 i=0andhiλi-1 > hi-1λithen Swap(i-1, i) \ promote if E(L) reduced Step 3: Reduction (periodically to prevent overflow) fori := 1tondo hi := hi / maxj hj
ACL Optimization Effectiveness • ACL characteristics: DI (dependency index) • probability of two rules being dependent • Traffic self-similarity: SI(self-similarity index) • Probability that a packet matches the same rule as the previous packet • Minimum number of rules (n*) for -optto work:
Sometimes, just sometimes, we get a break! Thought #8
Complexity can be complex! Thought #9
Recap We don’t always agree what optimization is! There are different ways of classifying problems! There’s often a big difference between theory and practice! Sometimes the textbook works! Many problems are too hard! Sometimes even the easy problems are hard! We really don’t know what optimization means! Sometimes we get a break! Complexity can be complex!