An overview on Internet Measurement Methodologies, Techniques and Tools AA 2011/2012 emiliano.casalicchio@uniroma2.it
(Agenda) Lezione 2/05/2012 Part 1 Intro basic concepts ISP Traffic exchange (peering) Measurement Topics Active vs passive n tools overview (we will see them in the next classes) One or many obs. points Net vs App n The IPPM framework Sampling techniques Part 2 An overview of the IPPM framework (Homework)
(Agenda) Lezione 2/05/2012 Part 3 The most common metrics Availability Reliability Measurement Tools
Who need to measure Internet traffic and performance? Corporate administrators who buy network service for their organization. Smaller service providers who buy network service from a larger provider and resell it to their own customers. Anyone buying outsourced Services who must judge the service provider s ability to serve their end user community adequately.
Who need to measure Internet traffic and performance? To succeed the exam!!!! Course Projects: there will be projects on network measurement and analysis
Basic Terminology
Networks and Internets def. A network is a collection of hosts connected together so that they can exchange information. Hosts in a network communicate using a mutuallyagreed network protocol, i.e. they exchange packets of information An internet is a collection of networks with links between them Routers are devices with links to more than one network
Adjacency, Connectivity, Internet and Intranets The Internet is the internet of networks that use the TCP/IP suite of protocols The Internet can be viewed as a graph in the sense that it is a set of nodes (networks containing routers) and edges between them (links between routers)
Visualization from the Opte Project of the various routes through a portion of the Internet (http://opte.org/)
http://www.caida.org/research/topology/as_core_network/
Adjacency and Reachability We describe two networks as adjacent if there is at least one link directly between them A network is reachable from another network if there is a path between them reachability is one-way; X may be reachable from Y while Y is unreachable from X n e.g. VPN à Internet; Internet à VPN two networks are connected if there is a path (made up of one or more routers and/or links) between them that provides reachability in both directions
Connectivity A distinguishing feature of the Internet is that it provides universal connectivity to its hosts every host is connected to every other host and able to communicate with it individual hosts within a network may be prevented from communicating with Internet hosts by a firewall; such hosts do not have Internet connectivity
Firewall and Intranet A firewall is a hardware device or a software program running on a secure host that sits at the junction point or gateway between two networks usually a private network and a public network such as the Internet, and has connectivity to both An intranet is an internet using TCP/IP, but in which all the hosts belong to a single organization, for example a large company with office networks at various geographic locations. hosts on an intranet are only accessible to members of the organization that owns it an intranet is not part of the Internet an intranet may have some hosts that are Internet-connected (gateway/firewall)
Internet Service Providers
ISP common concept ISPs provide a complete range of services, e.g. they will Connect networks (or individual hosts) to the Internet Provide services for their customers such as e-mail, network news and Web access Provide support services such as Web hosting
Specialized ISP Transport providers Service providers Content providers Traffic Exchange providers (Internet Exchange Points)
Transport providers ISP running their own wide-area network and provide Internet connectivity for their customers via that network e.g. telecom, fastweb ISPs who focus on end-user customers can be described as access providers ISPs having high-speed networks covering large geographical areas and connecting to many other ISP networks are commonly described as backbone providers A special case of transport provider is a transit provider, i.e. one whose customers are other transport providers rather than individuals or companies.
http://www.wiley.com/legacy/compbooks/press/ch14.htm
http://www.wiley.com/legacy/compbooks/press/ch14.htm
Transit providers Peering: how providers agree to cooperate ISPs pay for transit Bilateral peering: exchange of routing information each ISP becomes aware of the other's routes to their customers' networks. Information received/transmitted is used to control the flow of traffic exchanged with the outside ISPs may or may not agree to carry traffic to some or all of those customers n the details are determined by a contract between the two providers. Transit: carry traffic on behalf of another ISP traffic may be carried with or without exchange of routing info the details are agreed between providers
IXP http://www.wiley.com/legacy/compbooks/press/ch14.htm
Traffic measured @ NaMeX (RM) and MIX-IT (MI)
Traffic measured @ NaMeX (RM) and MIX-IT (MI)
Traffic measured @ NaMeX (RM) and MIX-IT (MI)
Oversubscription customer 1 customer N Access Provider Network Transport Provider Network Internet distal capacity proximal capacity oversubscription ratio R R = (total distal capacity) / (proximal capacity) R>1 means oversubscription
Service providers Web hosting/housing Application service providers complex applications with web service access n Software as a Service development platform n Platform as a Service Infrastructure providers Infrastructure as a Service
Content Providers Any network host that is the source of downloadable content Content delivery networks CDNs are used by popular commercial Web sites to reduce page download times
Measurement Topics Lord Kelvin said, when you can measure what you are speaking about, and express it in numbers, you know something about it; but when you cannot measure it, when you cannot express it in numbers, your knowledge is of a meager and unsatisfactory kind
Why measurement Without measurements, you have no objective record or benchmark of how a network behaves Measurements show whether changes improve or degrade the network s performance, and by how much If you are buying Internet connectivity from an ISP you need to understand the kind of service being offered Only by measuring actual performance can you verify that you're getting what you pay for.
Active vs. Passive measurement Passive measurements: by observing normal network traffic Not invasive Challenging when rate increases tools: e.g. tcpdump, CoralReef, NeTraMet Active measurements: by sending test traffic into the network Invasive tools: e.g. Scamper
One or Many observation points Some measurements rely on observations at more than one point in the network to measure the time a packet takes to travel from A to B, you must record the times when the packet leaves A and arrives at B using accurate, synchronized clocks. For measuring traffic flows through a large network is not a good idea observing flows at many points It is difficult to correlate measurements of flows taken simultaneously at even a few different places It is much simpler to measure traffic at the ingress/egress links of your network Follow individual packets on their various paths through the network ONLY IF you need to produce a traffic matrix showing overall traffic flows through it
Network vs. Application Measurements Application-level measurements are needed for a clear view of overall application performance, which cannot easily be synthesized from lower level data They may also offer some insights into the performance of the client and server hosts, and of the network links between. Application measurements allow to bypass traffic filtering some ISPs today block ICMP echo packets or limit the rate at which they are processed measurements using such packets (e.g. using ping) are still useful, but the increasing use of traffic filtering is decreasing that utility RFC 2330 clarify the difference between application and network metrics
ISP performance evaluated using Application Measurement by www.truenet.co.nz/
The IPPM Framework To clarify the differences between application and network metrics, the IETF's IP Performance Metrics (IPPM) WG has developed a Measurement Framework for measuring network performance RFC 2330: Framework for IP Performance Metrics The Framework presents terms for describing networks, explains the need for metrics to be useful, concrete, well defined, and capable of being measured repeatedly and reliably With the Framework defined, the IPPM WG has continued to specify network metrics such as A One-way Delay Metric for IPPM -- RFC 2679 IPPM metrics for measuring connectivity -- RFC 2678
Sampling Techniques and Traps Observing packet packet missing is not admitted if packets were missed the number of lost packets must be reported What to do when packet rate increase? sample the network traffic
Sampling Techniques and Traps (2) What sampling algorithm should one use? to examine every n-th packet examine packets at fixed time intervals; this is harder to implement and may be affected by aliasing (synchronization) effects (RFC 2330 discuss this issues) to measure effects that happen at frequencies of F Hz or less, you must sample the signal at least 2F times per second (from the Sampling Theorem) In practice sampling granularity depends on the phenomena we want catch the rete of packets
Common Metrics The IP Performance Metrics WG s view
Latency widely used measure of network latency is roundtrip time (RTT) the time for a packet to make the round trip from a client to a server and back
Network latency component times a) The time it takes a packet to travel along the physical links that make up its path through the Internet (transport time) b) The time it takes to pass through routers between those links (queuing and transmission time) c) The time required for the server to process an incoming packet and generate a response packet (server response time) (a) + (b) = { Forward delay (Client à Server) } and (c) Server delay { Reverse delay (Server à Client) } One Way Delay Techniques (RFC 2679)
Measuring latency Use a method that is implemented within the server's IP stack, so that it requires very little server processing to generate a response Ping the most common used Factors influencing latency Server load Path congestion Routing algorithms (Path used, peering policies)
The ISP point of view An ISP can manage latency only for packets travelling within its own network. Maximum latency can be higher than the average You need to ask how often the latency is measured, by how much it may vary, and over what period it is averaged. ISPs will measure latency using a tool such as ping, which uses the ICMP protocol This may not accurately represent the performance of applications that use other protocols
09/2011 Technical Note: Some network equipment is known to give ICMP a much lower priority than other traffic, this could make the results for ISPs that use that equipment appear to be slower than they really are. However, we perform a large number of pings, which should reduce the affects of routing equipment giving ICMP traffic a low priority.
Packet Loss Network packet loss is the fraction of packets lost in transit from client to server and back during a specified time interval, expressed as a percentage of the packets sent to the server during that interval TCP relies on detecting lost packets to sense congestion and control the rate at which packets are sent, we expect to see occasional packets lost from TCP streams
Throughput The rate at which data is sent through the network, usually expressed in bits per second (bps), bytes per second (Bps) or packets per second (pps) Throughput is measured by counting bytes transported during a specified time interval a long interval will average out short-term bursts in the data rate Short intervals imply a higher data collection rate, and may exaggerate the burstiness of the data. A good compromise is to use one- to five minute intervals, and to produce daily or weekly plots
Traffic measured @ NaMeX (RM) and MIX-IT (MI)
SpeedTest.net
Performance Measurement Tools Taxonomy http://www.caida.org/tools/taxonomy/ performance.xml
Availability and Reliability
Availability ITU-T E.800, namely: the ability of an item to be in a state to perform a required function at a given instant of time or at any instant of time within a given time interval... From the user point of view, availability over a specified time interval is the percentage of that interval during which the system was available for normal use
What is supposed to be available? Service availability Web service availability test Host availability Host availability test Network availability Network availability test
When is the service unavailable? Tests will produce latency and packet loss values for each case A service is effective if are satisfied maximum latency and minimum packet loss if the measured values fall outside these limits, the service will be considered unavailable
Reliability Is closely related to availability is a measure of how often you get a response back that is wrong, or get a part that is defective
Statistics Managers are effected by Mononumerosis E.C.
Working with statistics Mean, Median and Percentiles Sampling periods must be the same for comparison Averaging period impact statistics
Performance Measurement Tools http://www.caida.org/tools/taxonomy/index.xml Anonymization Topology Workload Performance Routing Multicast Measurement Infrastructures
Source Fundamental of Internet Measurement: A tutorial http://edu.eap.gr/pli/pli23/documents/parallila_keimena/b_tomos/pdf/ Fundamentals_of_Internet_Measurement_A_Tutorial.pdf