Test 2 L7 Flashcards
Traffic Classification motivation
Motivation:
- control network resources
- no traffic flow exceeds a particular pre-specified rate
Traffic Shaping
Constant Bit Rate (CBR) Source
—Shaped according to peak rate
Variable Bit Rate (VBR):
—Shaped according to peak rate and average rate
The “regulator” is the part of the traffic shaper that allows packets to be send (or not) based on the traffic shaper parameters (rho, beta).
Leaky Bucket Traffic Shaper
Traffic arrives in a bucket of size beta and drains from bucket at a rate rho
Rho controls average rate. Data can arrive faster or slower but cannot drain at a rate faster than rho
So max average rate that traffic can be sent is smooth rate rho
Size of bucket controls max burst size. Even though average cannot exceed rho, but at times sender can exceed rate if total size of burst does not overflow the bucket
Leaky bucket allows flows to periodically burst and regulator ensures average rate does not exceed the drain rate of the bucket
(r,T) Traffic Shaper
Traffic divided into T-bit frames and traffic can flow inject less than or equal to r bits into any T-bit frame
rT smooth traffic shape: To send more than one packet of r bits, sender must wait until next T-frame. Cannot sent packet that is larger than r bits long
- –so limited to fixed rate flows
- –variable flows have to request data rates equal to peak flow, which is wasteful. Configuring shaper such that average rate supports peak rate
Relaxed from leaky bucket because rather than sending one packet every time unit, flow can sent certain number of bits every time unit.
If flow exceeds its rate, the excess packets in the flow are given lower priority or maybe dropped if congestion. Sender can mark its own packets.
Token Bucket Traffic Shaper
For shaping bursty traffic patterns but still ensure flow does not exceed some average rate
Token arrive in a bucket at a rate Rho, and Beta is again the capacity of the bucket. Traffic arrives at an average rate Lambda average and a peak rate Lambda peak. Traffic can be sent by the regulator as long as there are tokens in the bucket.
Different from leaky bucket: if token bucket is full, packet is sent and b tokens removed. But if bucket empty, must wait until b tokens arrive. If bucket partially full, will send if at least little b tokens. Otherwise wait.
Limitation: any traffic interval of length T, the flow can send Beta + TRho tokens of data. If network tries to police the flows by measuring traffic over intervals of length T, flow can cheat by sending this amount of data in each interval. Over 2T, flow consumes 2 (Beta + TRho), which is greater than the Beta +2T*Rho it’s supposed to consume.
Composite Traffic Shaper
Combines Token Bucket with Leaky Bucket to police Token Buckets
confirms flow’s data rate does not exceed average data rate requried
Requires two counters and two times for each buffer, so more complex to implement
Video traffic
continuous bursty (due to compression), periodic
Classes of Traffic
Constant Bit Rate (CBR) Source
- traffic arrives at regular intervals and packets typically same size as they arrive, resulting in constant bit rate of arrival. Ex.: Audio
- –Shaped according to peak rate
Variable Bit Rate (VBR): Ex. video and data
—Shaped according to peak rate and average rate
Leaky Bucket Regulator
The “regulator” is the part of the traffic shaper that allows packets to be sent (or not) based on the traffic shaper parameters (rho, beta).
(r,T) vs leaky bucket
Relaxed from leaky bucket because rather than sending one packet every time unit, flow can sent certain number of bits every time unit.
Policing
If flow exceeds its rate, the router can give excess packets in the flow lower priority or maybe drop if congestion.
Types of Traffic Shapers
Leaky Bucket
(r,T)
Token Bucket
Composite
Difference in Token Bucket and Leaky Bucket
Token Bucket
--permits burstiness, but bounds it.
in any interval T, rate < Beta (max tokens that can be accumulated in bucket) + T*Rho rate tokens accumulate
long term rate always less than rho
--No discard or priority
Leaky Bucket
- -smooths bursty traffic
- -priority policies
both easy to implement, but token bucket is more flexible since additional parameters to configure burst size
Policing Token Buckets
Use Composite Shaper that combines token bucket with leaky bucket
Types of Traffic Shapers
Leaky Bucket
(r,T)
Token Bucket
Composite
Power Boost
Power Boost
Allows subscriber to send at higher rate for a brief time
Targets spare capacity in network for use by subscribers who do not put sustained load on network.
two types:
- Capped: rate at which user can achieve during burst window is set to not exceed a particular rate. To cap, apply second token bucket with another value of Rho to limit peak sending rate for power boost eligible packets to Rho C.
- -Uncapped: configuration simple. Area above average rate and below power boost rate is power boost bucket rate. Max sustained traffic rate is Rho.
Power boost: How long can sender send at the rate r that exceeds the sustained rate?
sending rate r>Rsustained
Powerboost bucket size Beta
Beta = d(r*Rsus)
d = Beta/(r-Rsus)
Power boost effect on latency
Even though power boost allows users to send at higher rate, users still experience high latency and loss over duration sending at higher rate
Reason: access link can’t support the higher rate, resulting in buffers filling up, introducing delays because no packet loss even though access link may not be able to send at that higher rate
Solution: sender shape rate never to exceed sustained rate
Buffer Bloat
If buffer can support higher rate, it’ll fill with packets, but still only drain at sustained rate.
Even though sender can send at higher rate for brief period of time, packets are queued in a buffer, so see higher delays than if arrived at front of queue and delivered immediately
delay = amount of data in buffer/rate that buffer can drain
Ruins performance for voice, video
Shows up in home routers, home APs, hosts, switches/routers
Buffer Bloat
If buffer can support higher rate, it’ll fill with packets, but still only drain at sustained rate.
Even though sender can send at higher rate for brief period of time, packets are queued in a buffer, so see higher delays than if arrived at front of queue and delivered immediately
delay = amount of data in buffer/rate that buffer can drain
Ruins performance for voice, video
Shows up in home routers, home APs, hosts, switches/routers
Sender will send at increasingly faster rates until they see a loss, but buffer will continue to fill up because drains slower, but won’t show packet loss
Solution:
- -smaller buffers, but this is tall order
- -shape traffic such that the rate of traffic coming into the access link never exceeds the uplink that the ISP has provided, then buffer will never fill. Shape traffic at home router to prevent exceeding rate of uplink.
Network Measurements
This is how to see what traffic is being sent on network
Passive measurement: collection of packets, flow stats that are already on the network
Active measurement: inject additional traffic to measure various characteristics. Done with ping (measures delay to server), traceroute (measures network level or IP level path between two hosts on the network)
Purposes for measuring network
Billing: passively measure how much traffic customer is sending, 95th percentile billing where customer pays for (committed information rate) CIR, throughput measured every 5 minutes, customer billed on the 95th percentile of these five minute samples
Security: network operators know type of traffic being sent to detect rogue behavior, compromised hosts, presents of botnets or DoS attacks
How to measure network traffic passively
SNMP (Simple network management protocol)
–network devices provide management information base that can be polled for interface byte and packet counts.
Packet monitoring: see full packet contents or headers
Flow monitors: see specific statistics about flows in the network
SNMP (Simple network management protocol) Monitoring
- -network devices provide management information base that can be polled for interface byte and packet counts. By periodically polling, can determine rates by taking difference of counters over intervals.
- -advantage is ubiquitous (many products and equipment)
- -disadvantage is it’s coarse (just polling byte/packet counts, so no specific question about particular host or flow), no complex queries on data
Packet Monitoring
Full packet monitoring or packet header
examples: tcpdump, ethereal, wireshark
Done with expensive hardware monitoring traffic in network. Done on very high speed links.
Packet Monitoring
Full packet monitoring or packet header
examples: tcpdump, ethereal, wireshark
Done with expensive hardware monitoring traffic in network. Done on very high speed links.
Advantages: details on timing and information in headers.
Disadvantages: high overhead. Hard to keep up with high speed links. Requires separate monitoring device such a monitoring card
Flow Monitoring
Monitor, perhaps on the router, recording statistics on the flow
Flow consists of packets that share a common source and destination IP address, source and destination port, protocol type, TOS byte, and interface on which packets arrived
Flow records contain next hop IP address, source/destination AS and prefix
Advantages: less overhead than packet monitoring
Disadvantage: more coarse than packet monitoring
Packets grouped into flows if close together in time
May be coupled with sampling to only create flows on subset like 1/100 packets or with a probability or random set
