Lesson 7 - Rate Limiting & Traffic Shaping Flashcards
What is the motivation of traffic classification and shaping?
-Control network resources-Ensure no traffic flow exceeds a particular pre-specified rate
Classifications of traffic sources
-Data can be bursty, weekly, periodic, regular-Audio is typically continuous and strongly periodic-Video is typically continuous but often bursty due to how it’s compressed
2 classes of traffic
-CBR (continuous bit rate): traffic arrives at regular intervals. packets typically the same size as they arrive. -VBR (variable bit rate)
Example of CBR
-Audio
How to shape CBR
-According to peak rate
Example of VBR
-Video-Data Transfers
How to shape VBR
-According to average rate and peak rate, where the average rate might actually be a small fraction of the peak rate.
Token bucket vs leaky bucket
-Both easy to implement, but token bucket is more flexible since it has additional parameters to configure burst size-Policing traffic sent by token buckets can be difficult-Token buckets allow for long bursts, and if the bursts are of high priority traffic, they are difficult to police and may interfere with other high priority traffic
How to police traffic sent by a token bucket
-Use a composite shaper-Combines a token bucket shaper and a leaky bucket shaper-Allows for good policing, confirming that the flow’s data rate does not exceed the average data rate allowed by the smooth leaky bucket is easy, but the implementation is more complex since each flow now requires two counters and two timers, one timer and one counter for each bucket.
Power boost
-Traffic shaping mechanism first deployed commercially in 2006 by Comcast-Allows a subscriber to send at a higher rate for a brief period of time-Targets the spare capacity in the network for subscribers who don’t put a sustained load on the network.
2 Types of Power Boost
-Capped: the rate which the user can achieve during the burst window is set to not exceed a particular rate-Uncapped: no limit. Simple implementation.
Calculate sender rate
Review this lecture
Solutions to buffer bloat problems
-User smaller buffers (tall order given that the infrastructure is already deployed)-Use traffic shaping methods-Shape traffic such that traffic coming in to the access link never exceeds the uplink that the ISP has provided us, then the buffer will never fill. Thus, by shaping traffic at the home router such that the rate traffic is sent to the ISP never exceeds the rate of the uplink, the modem buffer will never actually fill up.
2 types of network measurement
-Passive: collect packets, flow statistics, etc. of traffic that is already being sent on the network, flow traces-Active: inject additional traffic to measure various characteristics Example: previous lessons where we actively sent traffic on the network to measure speeds of downloads-Other common active measurement tools include ping and traceroute
2 common active measurement tools
-Ping: often used to measure delay to a particular server-Traceroute: often used to measure the network level, or the IP level, path between 2 hosts on the network
Why measure network?
-Billing (passively measure) based on traffic sent on network by consumer. Common mode of billing is 95th percentile where customer pays CIR (committed information rate) and throughput is measured ever 5 minutes. Customer is billed on 95th percentile of those samples.-Security: operators may want to know the type of traffic that’s being sent on the network so that they can detect rogue behavior, to detect: * Compromised hosts * Presence of Botnets * Denial of Service Attacks
SNMP
-Simple Network Management Protocol: provides packet and byte counters to measure network passively-Advantage: ubiquitous, supported on almost all networking equipment. Many products for pulling and analyzing SNMP data.-Disadvantage: fairly coarse. Because we’re just pulling byte or packet counts on the interface, we can’t ask specific questions like “how much traffic has been sent by a particular host or by a particular flow”. You cannot express complex queries on the data.
2 ways to measure passively (besides SNMP)
-Monitoring at a packet level granularity. Monitors can see full packet contents, or at least headers.-Monitoring at flow level. Monitor may see specific statistics about individual flows in the network
Packet monitoring
-Monitor might see full packet contents, or at least the headers, of the packets that traverse a particular link-Common ways of performing packet monitoring: * tcpdump * ethereal * wireshark-Sometimes it’s performed using expensive hardware that can be mounted in servers alongside the routers that forward traffic through the network. * An optical link in the network is sometimes split so that traffic can be both sent along the network and sent to the monitor. Although it can be expensive on high speed links, what you do on tcpdump, ethereal, or Wireshark is essentially the same thing. Your machine essentially acts as a monitor on the LAN.
Advantages of packet monitoring
Provides lots of detail. You can see timing information, and info in the packet headers.
Disadvantages of packet monitoring
-Fairly high overhead-Very hard to keep up with high-speed link, and often requires a separate monitoring device such as the monitoring card shown below.
Flow monitoring
-A monitor, which might actually be running on the router itself, records statistics per flow-A flow consists of packets that share a common source and destination IP address, source and dest port, protocol type, TOS byte, and interface on which the packets arrived.-A flow monitor can then record statistics for a flow that’s defined by the group of packets that share these features.-Much less overhead than packet monitoring, but is also much more coarse than packet monitoring because the monitor does not see individual packets or payloads. Therefore, it’s impossible to get certain information from flow monitoring such as packet timing information.-In addition to the above characteristics, packets are typically grouped into flows if they occur close tighter in time. If packets with the same header information do not appear for a particular time interval, such as 15 or 30 seconds, the router simply declares the flow to be over and sends a flow record to the monitor based on the group of packets that it’s seen up to that point.
Flow records
Contain helpful information:-next-hop IP address-other information related to routing, such as the src/dest AS on which those packets appear to be coming from and going to based on the routing table, as well as the prefix that those packets matched in the routing table.
Sampling
Build flow statistics based only on samples of the packets-For example, flows may be created based on 1 out of every 10 or 100 packets, or a packet might be sampled with a particular probability and flow statistics might only be tabulated based on the packets that end up being sampled randomly from the total set of packets
Which type of monitoring can provide timing information (packet level)?
Packet monitoring
Which type of monitoring can provide packet header information?
Packet monitoring
Which type of monitoring can provide the number of bytes in each flow?
Packet monitoring AND flow monitoring(if you have packet information, you can of course compute number of bytes in each flow)
Common methods used for Packet Monitoring
- tcpdump * ethereal * wireshark
Advantages of packet monitoring
Provides lots of detail. You can see timing information, and info in the packet headers
Disadvantage of packet monitoring
- Fairly high overhead * Very hard to keep up with high-speed link, and often requires a separate monitoring device like a monitoring card
What is a flow
traffic flow, packet flow or network flow is a sequence of packets from a source computer to a destination, which may be another host, a multicast group, or a broadcast domain. RFC 2722 defines traffic flow as “an artificial logical equivalent to a call or connection.”
Difference between Leaky and Token bucket
In example, lower-case b is packet size. B is bucket capacity.if b < B:-if bucket is full, packet is sent and b tokens are removed-if bucket is empty, packet must wait until b tokens drip into the bucket-if bucket is partially full, it depends. Packet is sent immediately if # tokens is > b. Otherwise, need to wait until b tokens arrive in the bucket.
Limitation of Token Bucket
Token:-Permits burstiness, but bounds it.-In any T, rate < B + T*p-Long-term, rate is always < p-No discard or priority policies-Policing traffic sent by token buckets difficult due to burstinessLeaky:-Forces traffic to be smooth-Implement priority policies for flows that exceed smoothing rateBoth easy to implement, but token more flexible (more parameters to control burst size)
What is Beta (B) in traffic shaping?
Size of the bucket
What is rho (p) in traffic shaping?
Drain rate of the bucket-Controls the average rate-“regulator”
In leaky bucket, how many buckets per flow?
1
What does the size of the bucket control?
The maximum burst size that a sender can send for a particular flow-Sender might be able to send at a rate faster than rho as long as the total size of the burst does not exceed the size of the bucket (Beta)
If B = 16 KB, packets are 1 KB, and p = 8 pps, what would be the maximum of the avg rate of sending be?
64Kbps (8pps, each packet is 1 KB, 8 bits in a Byte)
Setting a larger bucket size can accommodate a __________
Larger burst rate
Setting a larger rate of rho can accommodate or enable a ________
Faster packet rate
(r, T) smooth traffic shape
One cannot send a packet that’s larger than r-bits long. Unless T is very large, the packet size is small. Typically limited
(r, T) vs leaky bucket
(r, T) slightly more relaxed because it can send a # of bits every time unit, as opposed to a # of packets every time unit
Why use a token bucket?
Allow for bursts
Rho (p) in token bucket
Rate at which tokens are placed in bucket
Beta (B) in token bucket
Capacity of the bucket (bucket contains tokens)
Lambda avg and lambda peak
Rate at which traffic arrives in a token bucket shaper.
How to police token buckets?
Composite shaper (combines token bucket and leaky bucket)-Basically a token bucket shaper with a leaky bucket afterwards-Allows for good policing, confirming that the avg. data rate does not exceed the rate allowed by the smooth leaky bucket-It’s easy but implementation is more complex since each flow now requires 2 counters AND 2 timers
Buffer bloat causes the user to see what?
Delay!Delay = amount of data in buffer divided by rate that the buffer can drain
1 byte = how many bits?
8 bits
8 bits = what?
1 byte
