Lesson 7 - Rate Limiting & Traffic Shaping

Question 1

What is the motivation of traffic classification and shaping?

Answer 1

-Control network resources-Ensure no traffic flow exceeds a particular pre-specified rate

Question 2

Classifications of traffic sources

Answer 2

-Data can be bursty, weekly, periodic, regular-Audio is typically continuous and strongly periodic-Video is typically continuous but often bursty due to how it’s compressed

Question 3

2 classes of traffic

Answer 3

-CBR (continuous bit rate): traffic arrives at regular intervals. packets typically the same size as they arrive. -VBR (variable bit rate)

Question 4

Example of CBR

Answer 4

-Audio

Question 5

How to shape CBR

Answer 5

-According to peak rate

Question 6

Example of VBR

Answer 6

-Video-Data Transfers

Question 7

How to shape VBR

Answer 7

-According to average rate and peak rate, where the average rate might actually be a small fraction of the peak rate.

Question 8

Token bucket vs leaky bucket

Answer 8

-Both easy to implement, but token bucket is more flexible since it has additional parameters to configure burst size-Policing traffic sent by token buckets can be difficult-Token buckets allow for long bursts, and if the bursts are of high priority traffic, they are difficult to police and may interfere with other high priority traffic

Question 9

How to police traffic sent by a token bucket

Answer 9

-Use a composite shaper-Combines a token bucket shaper and a leaky bucket shaper-Allows for good policing, confirming that the flow’s data rate does not exceed the average data rate allowed by the smooth leaky bucket is easy, but the implementation is more complex since each flow now requires two counters and two timers, one timer and one counter for each bucket.

Question 10

Power boost

Answer 10

-Traffic shaping mechanism first deployed commercially in 2006 by Comcast-Allows a subscriber to send at a higher rate for a brief period of time-Targets the spare capacity in the network for subscribers who don’t put a sustained load on the network.

Question 11

2 Types of Power Boost

Answer 11

-Capped: the rate which the user can achieve during the burst window is set to not exceed a particular rate-Uncapped: no limit. Simple implementation.

Question 12

Calculate sender rate

Answer 12

Review this lecture

Question 13

Solutions to buffer bloat problems

Answer 13

-User smaller buffers (tall order given that the infrastructure is already deployed)-Use traffic shaping methods-Shape traffic such that traffic coming in to the access link never exceeds the uplink that the ISP has provided us, then the buffer will never fill. Thus, by shaping traffic at the home router such that the rate traffic is sent to the ISP never exceeds the rate of the uplink, the modem buffer will never actually fill up.

Question 14

2 types of network measurement

Answer 14

-Passive: collect packets, flow statistics, etc. of traffic that is already being sent on the network, flow traces-Active: inject additional traffic to measure various characteristics Example: previous lessons where we actively sent traffic on the network to measure speeds of downloads-Other common active measurement tools include ping and traceroute

Question 15

2 common active measurement tools

Answer 15

-Ping: often used to measure delay to a particular server-Traceroute: often used to measure the network level, or the IP level, path between 2 hosts on the network

Question 16

Why measure network?

Answer 16

-Billing (passively measure) based on traffic sent on network by consumer. Common mode of billing is 95th percentile where customer pays CIR (committed information rate) and throughput is measured ever 5 minutes. Customer is billed on 95th percentile of those samples.-Security: operators may want to know the type of traffic that’s being sent on the network so that they can detect rogue behavior, to detect: * Compromised hosts * Presence of Botnets * Denial of Service Attacks

Question 17

SNMP

Answer 17

-Simple Network Management Protocol: provides packet and byte counters to measure network passively-Advantage: ubiquitous, supported on almost all networking equipment. Many products for pulling and analyzing SNMP data.-Disadvantage: fairly coarse. Because we’re just pulling byte or packet counts on the interface, we can’t ask specific questions like “how much traffic has been sent by a particular host or by a particular flow”. You cannot express complex queries on the data.

Question 18

2 ways to measure passively (besides SNMP)

Answer 18

-Monitoring at a packet level granularity. Monitors can see full packet contents, or at least headers.-Monitoring at flow level. Monitor may see specific statistics about individual flows in the network

Question 19

Packet monitoring

Answer 19

-Monitor might see full packet contents, or at least the headers, of the packets that traverse a particular link-Common ways of performing packet monitoring: * tcpdump * ethereal * wireshark-Sometimes it’s performed using expensive hardware that can be mounted in servers alongside the routers that forward traffic through the network. * An optical link in the network is sometimes split so that traffic can be both sent along the network and sent to the monitor. Although it can be expensive on high speed links, what you do on tcpdump, ethereal, or Wireshark is essentially the same thing. Your machine essentially acts as a monitor on the LAN.

Question 20

Advantages of packet monitoring

Answer 20

Provides lots of detail. You can see timing information, and info in the packet headers.

Question 21

Disadvantages of packet monitoring

Answer 21

-Fairly high overhead-Very hard to keep up with high-speed link, and often requires a separate monitoring device such as the monitoring card shown below.

Question 22

Flow monitoring

Answer 22

-A monitor, which might actually be running on the router itself, records statistics per flow-A flow consists of packets that share a common source and destination IP address, source and dest port, protocol type, TOS byte, and interface on which the packets arrived.-A flow monitor can then record statistics for a flow that’s defined by the group of packets that share these features.-Much less overhead than packet monitoring, but is also much more coarse than packet monitoring because the monitor does not see individual packets or payloads. Therefore, it’s impossible to get certain information from flow monitoring such as packet timing information.-In addition to the above characteristics, packets are typically grouped into flows if they occur close tighter in time. If packets with the same header information do not appear for a particular time interval, such as 15 or 30 seconds, the router simply declares the flow to be over and sends a flow record to the monitor based on the group of packets that it’s seen up to that point.

Question 23

Flow records

Answer 23

Contain helpful information:-next-hop IP address-other information related to routing, such as the src/dest AS on which those packets appear to be coming from and going to based on the routing table, as well as the prefix that those packets matched in the routing table.

Question 24

Sampling

Answer 24

Build flow statistics based only on samples of the packets-For example, flows may be created based on 1 out of every 10 or 100 packets, or a packet might be sampled with a particular probability and flow statistics might only be tabulated based on the packets that end up being sampled randomly from the total set of packets

Question 25

Which type of monitoring can provide timing information (packet level)?

Answer 25

Packet monitoring

Question 26

Which type of monitoring can provide packet header information?

Answer 26

Packet monitoring

Question 27

Which type of monitoring can provide the number of bytes in each flow?

Answer 27

Packet monitoring AND flow monitoring(if you have packet information, you can of course compute number of bytes in each flow)

Question 28

Common methods used for Packet Monitoring

Answer 28

• tcpdump * ethereal * wireshark

Question 29

Advantages of packet monitoring

Answer 29

Provides lots of detail. You can see timing information, and info in the packet headers

Question 30

Disadvantage of packet monitoring

Answer 30

• Fairly high overhead * Very hard to keep up with high-speed link, and often requires a separate monitoring device like a monitoring card

Question 31

What is a flow

Answer 31

traffic flow, packet flow or network flow is a sequence of packets from a source computer to a destination, which may be another host, a multicast group, or a broadcast domain. RFC 2722 defines traffic flow as “an artificial logical equivalent to a call or connection.”

Question 32

Difference between Leaky and Token bucket

Answer 32

In example, lower-case b is packet size. B is bucket capacity.if b < B:-if bucket is full, packet is sent and b tokens are removed-if bucket is empty, packet must wait until b tokens drip into the bucket-if bucket is partially full, it depends. Packet is sent immediately if # tokens is > b. Otherwise, need to wait until b tokens arrive in the bucket.

Question 33

Limitation of Token Bucket

Answer 33

Token:-Permits burstiness, but bounds it.-In any T, rate < B + T*p-Long-term, rate is always < p-No discard or priority policies-Policing traffic sent by token buckets difficult due to burstinessLeaky:-Forces traffic to be smooth-Implement priority policies for flows that exceed smoothing rateBoth easy to implement, but token more flexible (more parameters to control burst size)

Question 34

What is Beta (B) in traffic shaping?

Answer 34

Size of the bucket

Question 35

What is rho (p) in traffic shaping?

Answer 35

Drain rate of the bucket-Controls the average rate-“regulator”

Question 36

In leaky bucket, how many buckets per flow?

Answer 36

1

Question 37

What does the size of the bucket control?

Answer 37

The maximum burst size that a sender can send for a particular flow-Sender might be able to send at a rate faster than rho as long as the total size of the burst does not exceed the size of the bucket (Beta)

Question 38

If B = 16 KB, packets are 1 KB, and p = 8 pps, what would be the maximum of the avg rate of sending be?

Answer 38

64Kbps (8pps, each packet is 1 KB, 8 bits in a Byte)

Question 39

Setting a larger bucket size can accommodate a __________

Answer 39

Larger burst rate

Question 40

Setting a larger rate of rho can accommodate or enable a ________

Answer 40

Faster packet rate

Question 41

(r, T) smooth traffic shape

Answer 41

One cannot send a packet that’s larger than r-bits long. Unless T is very large, the packet size is small. Typically limited

Question 42

(r, T) vs leaky bucket

Answer 42

(r, T) slightly more relaxed because it can send a # of bits every time unit, as opposed to a # of packets every time unit

Question 43

Why use a token bucket?

Answer 43

Allow for bursts

Question 44

Rho (p) in token bucket

Answer 44

Rate at which tokens are placed in bucket

Question 45

Beta (B) in token bucket

Answer 45

Capacity of the bucket (bucket contains tokens)

Question 46

Lambda avg and lambda peak

Answer 46

Rate at which traffic arrives in a token bucket shaper.

Question 47

How to police token buckets?

Answer 47

Composite shaper (combines token bucket and leaky bucket)-Basically a token bucket shaper with a leaky bucket afterwards-Allows for good policing, confirming that the avg. data rate does not exceed the rate allowed by the smooth leaky bucket-It’s easy but implementation is more complex since each flow now requires 2 counters AND 2 timers

Question 48

Buffer bloat causes the user to see what?

Answer 48

Delay!Delay = amount of data in buffer divided by rate that the buffer can drain

Question 49

1 byte = how many bits?

Answer 49

8 bits

Question 50

8 bits = what?

Answer 50

1 byte