End-to-End Inference of Router Packet Forwarding Priority

1
End-to-End Inference of Router Packet Forwarding
Priority

• Guohan Lu1, Yan Chen2, Stefan Birrer2,
• Fabian E. Bustamante2, Chi Yin Cheung2, Xing Li1
• Lab for New Generation Network, Tsinghua Univ.
  China
• Lab for Internet Security Tech, Northwestern
  Univ.

2
(No Transcript)
3
Background

• Router QoS mechanisms available
• Priority Queueing
• Custom Queueing
• Class-Based Weighted Fair Queueing
• Traffic policing/shaping
• ISPs do use them
• Rate limiting, e.g., P2P applications
• Provide bandwidth guarantee for certain
  applications

4
Motivation

• Packet forwarding priority affects
• measurements, loss, delay, available bandwidth
• applications
• Hidden rules
• Users circumvent skype, port 80
• End-to-end approach
• POPI (Packet fOrwarding Priority Inference)
• The first such work to the best of our knowledge

5
Outline

• Background and Motivation
• Inference Methods
• Evaluations
• Conclusions

6
Basic Ideas

• Priority generates packet delivery differences
• Measure the differences
• Send different packet types
• Choose a metric
• Loss the most natural choice
• Delay queuing delay maybe small
• Out-of-order not all QoS generate OOO, but very
  interesting work we have in progress

7
Challenges and Building Blocks

• Challenges
• Background traffic fluctuations
• Packet losses can be highly correlated
• POPI Design
• Step 1 Generate the differences
• Saturate low-priority queue(s) temporarily
• Step 2 Detect the differences
• Non-parametric statistical methods independent to
  the loss model and insensitive to loss
  correlation
• Step 3 Cluster multiple packet types into groups
• Hierarchical clustering method

8
Step 1 Probing Approaches

• Send bursts
• Spectrum of approaches
• Small bursts less aggressive, wait for the
  losses
• Large bursts more aggressive, incur the losses

Less intrusive Less accurate Longer period
More intrusive More accurate Shorter period
Large Burst
Small Burst
9
Probing Method

• nb bursts, nr rounds, k packet types
• Packets randomly distributed in one burst
• No bias

10
Step 2 Detect the Difference Average
Normalized Loss Ranks
k6, nb4, nr10
A
B
C
D
E
F
Loss rates
Loss ranks
Burst1
Burst2
Loss rates
Loss ranks
Loss ranks
Burst3
Loss rates
Loss rates
Loss ranks
Burst4
ANR

• Small difference for the same group
• Large difference for different groups

11
Loss Rates vs. Loss Ranks

• Absolute loss rate parametric
• Depends on the loss model
• Loss rate ranks non-parametric
• Independent of the loss model
• Ranks randomly permuted over bursts for packet
  types within a same priority
• Non-parametric statistical approach is better

12
Step 3 Grouping Method

• Threshold derived for ANR range in the paper
• Hierarchical Divisive Clustering based on ANR
  threshold
• k-means
• Details in the paper

13
Outline

• Background and Motivation
• Inference Method
• Evaluations
• NS2 Simulations (details in the paper)
• PlanetLab experiments
• Conclusions

14
PLab Evaluation Methodology

• 81 random pairs (both directions) for 162 end
  hosts. Each from different institutes.
• USA, Asia, Europe, South America
• 32 bursts, 40 rounds in a burst
• 32 packet types as below

Protocols Type/Source Port Number
ICMP ICMP_ECHO
TCP well-known app 20-21 (ftp), 23 (telnet), 110 (pop3), 179 (BGP), 443 (https) P2P 1214 (fasttrack), 4661-4663(eDonkey), 6346-6347 (gnutella), 6881(bitTorrent) security-related 161 (snmp), 136, 137, 139, 445 Random 1000, 12432, 25942, 38523, 43822, 57845
UDP SNMP 161 Random 1000, 12432, 25942, 38523, 43822, 57845
15
Evaluation of ANR Metric (I)

• Except for very few paths, most ANR/q are lt 0.8
  or gt 1.2
• Paths well separated by ANR

gt1.20
lt0.80
16
Evaluation of ANR Metric (II)

• Choose top 30 paths w/ the largest ANR range
• First 15 detected w/ multiple priorities
• Large inter-group distance
• Packet types within a same group are condensed

17
Multi-Priority Paths Inferred

• 4 P2P (all low), 3 for well-known applications
  (all high), 8 for ICMP (majority low)
• 3 pairs show symmetric group pattern

18
Validation -- Methodology

• Hop-by-hop method
• Vary TTLs
• Measure loss rates difference by counting the
  ICMP replies from routers
• Test 30 paths 15 multi-priority and 15
  non-priority paths
• Send emails to related network operators

19
Validation -- Results

• Hop-by-hop method
• 5 paths could not be checked
• Routers no response or hosts down
• Good true positives 13 of multi-priority paths
  successfully validated
• No false negatives 12 of non-priority paths show
  no loss difference
• Inquiry Response
• Sent 13 emails
• 7 replies, all positive confirmations from
  network operators
• One as standalone traffic shaper

20
Conclusions

• The first end-to-end attempt to infer router
  forwarding priority
• Robust non-parametric method
• Good inference accuracy
• Several priority configurations found through
  PlanetLab experiments
• Ongoing work
• Decrease the probe overhead
• Other kinds of metric (packet reordering)

21

• Software download available at
• http//list.cs.northwestern.edu/popi
• Questions?
• Thanks !

22
Threshold of the ANR Range

• One group
• normal distribution
• R decreases as nb increases
• Two groups R gt 0.5

R lt
ANR range
Range
One group
Two groups
Normal Distribution
0.5
nb
12
23
Related Work (I)

• Shared Congestion for flows
• detect shared congested queue
• Two flows
• Flows already congested
• Our problem detect unshared congested queue
• More than two flows
• Focus on router configuration, not flows

24
Related Work (II)

• Hop-by-Hop approach
• Tulip, sting
• Statistical method also applied
• Used in our validation
• Network Tomography
• Infer link loss
• Non-intrusive

25
Effects of nb , nr and a

• Zero under-partition for nb 16
• Smaller over-partition for a 0.001
• Error decreases as nr increases, 40 for practical
  use

a nb Type 8 16 32 64 128
0.01 Over Partition() 8.5 2.52 2.23 2.52 2.42
0.01 Under Partition 0.2 0 0 0 0
0.01 Sum 8.7 2.52 2.23 2.52 2.42
0.001 Over Partition 5.7 0.63 0.21 0.29 0.23
0.001 Under Partition 43.5 0 0 0 0
0.001 Sum 49 0.63 0.21 0.29 0.23
26
Results

• All positive confirmation from the network
  operators!

27
Effects of nr

• Phase 1 Under-partition
• Phase 2 Under-partition and Over-partition
• Phase 3 Correct Partition

28
What if some bursts has no loss?

• Method can tolerate when a fraction bursts show
  no loss rate different.

29
Stability of bursts losses during the probe

• Either all Bursts experience losses or none of
  them experience loss
• Background traffic relative stable

30
nr needed for probe

• Error decreases as nr increases
• Correct inference when nr is very small (less
  than 5) for certain paths. Possibility to
  decrease the probe overhead.

31
Loss rate ranks v.s Loss rate

• Three paths correctly partition by ANR
• Blue points Large ANR but small LR range
• Red point Large LR, but small ANR