ECE 526 – Network Processing Systems Design Network Processing Functions Chapter 6&9: D. E. Comer

ECE 526 – Network ECE 526 – Network Processing Systems Processing Systems

DesignDesignNetwork Processing Functions

Chapter 6&9: D. E. Comer

Ning Weng ECE 526 2

Packet Processing Packet Processing FunctionsFunctions

• Basic network system functionality─ Address lookup─ Packet forwarding ─ Fragmentation and re-assembly─ Security─ Error detection and correction─ Queuing─ Scheduling─ Protocol de-multiplexing─ Packet classification─ Traffic measurement (Lab 2)

Ning Weng ECE 526 3

OutlineOutline• Error detection and correction• Queueing• Scheduling• Packet classification

─ Inefficiency of packet de-multiplexing─ Classification implementation schemes

• Summary

Ning Weng ECE 526 4

Error Detection and Error Detection and CorrectionCorrection

• Bit errors can occur in packet• Layer 2

─ Cyclic Redundancy Check (CRC)

• Layer 3─ Header checksum

• Significant computation overhead─ Layer 2 CRC done in hardware─ Layer 3 checksum computed over packet header only

• Error correction not performed by network system─ Even more overhead─ Error correction handled by upper layers

Ning Weng ECE 526 5

QueueingQueueing• Referred to policies, data structure and

algorithms related to storing and selecting packets

• Packet processing- store and forward─ Incoming packet placed in incoming queue─ Outgoing packet placed in output queue

• When queue full, packets are discarded• Recall: queuing is one source of packet delay

• Basic questions about queuing─ What is the right size of each queue?─ How many queue needed?─ Where to place queues physically?─ How to implement priority policy?

Ning Weng ECE 526 6

Queueing PriorityQueueing Priority• Multiple queues used to enforce priority

• Incoming packet─ Assigned priority as function of packet content, size or

security─ Placed in appropriate priority queue

• Queueing discipline─ Examining priority queues─ Chooses which packet to send─ Drop/discard policy: tail drop

Ning Weng ECE 526 7

Queueing DisciplinesQueueing Disciplines• Priority Queueing

─ Assign unique priority number to each queue─ Choose packet from highest priority queue which is nonempty─ Known as strict priority queueing -> starvation

• Weighted Round Robin (WRR)─ Assign unique priority number to each queue─ Process all queues round-robin─ Compute N, max number of packets to select from a queue

proportional to priority─ Take up to N packet for processing before moving to next queue─ Does this work well?

• Weighed Fair Queueing (WFQ)─ Use packet size rather than number of packets─ Allocates priority to data amount of from a queue rather than

number of packets

Ning Weng ECE 526 8

SchedulingScheduling• Co-ordination of activities in network systems• Two types

─ Link (queue) scheduling─ Resource scheduling

• Resource allocation─ Processing on multiple packets─ Processing on multiple protocols─ Multiple processors

• Scheduling attempts to achieve fairness

Ning Weng ECE 526 9

messagesegment

datagram

frame

sourceapplicatio

ntransportnetwork

linkphysical

HtHnHl M

HtHn M

Ht M

M

destination

application

transportnetwork

linkphysical

HtHnHl M

HtHn M

Ht M

M

networklink

physical

linkphysical

HtHnHl M

HtHn M

HtHnHl M

HtHn M

HtHnHl M HtHnHl M

router

switch

EncapsulatioEncapsulationn

Ning Weng ECE 526 10

Protocol DemultiplexingProtocol Demultiplexing• Used with layered protocols• Protocols at each layer of stack are differentiated

with type information at lower layer─ Example: layer 3 – IP, ARP based on Ethernet type

• Layered processing─ On output side (sender), type field in each header

specifies encapsulation.─ On input side (receiver), software in each layer chooses

module at next higher layer.─ Layered processing is inefficient since we have to go

through all stacks sequentially

• Can we do better?


Packet ClassificationPacket Classification• Alternative to demultiplexing for higher speed• Idea

─ All layer header information available (no dependency)─ Can we process layer headers at different sequence

(reorder!)─ Can we consider all layer header at the same time

(parallel!)

• Classification─ Mapping packet into categories─ Based on header information from mixed layer

• Rule based─ Example:

• five-tuple flow classification• Web traffic


Classification:Classification: Software Software VersionVersion

• Compare values in header fields• Conceptually a logic and of all fields comparisons

• Example: web traffic ─ three classification rules requiredIf ((frame type == 0x800) && (IP type ==6) && (TCP port

==80) packet matched classificationelse

packet does not match classification

• Can we do better?


Classification: Software Classification: Software OptimizationOptimization


Classification: Hardware Classification: Hardware VersionVersion

• Specific hardware• Extract required fields parallel


Classification: Hybrid Classification: Hybrid VersionVersion

• Hardware and software combination─ Hardware for standard cases─ Software for exceptions


SummarySummary

• Finish overview of the major packet processing functions

• Error detection and correction are expensive• Queuing and queuing disciplines• Scheduling and fairness• Difference between demultiplexing and

classification─ Sequential tour layers vs. parallel scan


Network MeasurementsNetwork Measurements• Why do we need measurements?

─ Debugging─ Performance tuning─ Discovery of network structure─ Understanding of network behavior (reverse-

engineering)─ Discovery of security holes and attacks─ Etc.

• How can we measure networks?─ Inject packets and see what happens (active

measurement)─ Observe traffic (passive measurement)

• What are pros and cons of measurement?


Active Measurement • Metrics that can be measured

─ Connectivity─ Round-trip time─ Loss rate─ Reordering─ Available bandwidth─ Bandwidth capacity

• Some metrics are available per-hop, others only end-to-end

• Some tools need software on both sides of measurement


Passive Passive Measurement • Tcpdump is an example of passive network

measurement• Passive measurement consists of several phases

─ Data collection─ Data storage─ Extraction and calculation of metrics

• Passive measurement metrics─ Traffic volume (link utilization)─ Traffic mix (e.g., by protocol type, by destination)─ TCP flow behavior (packet retransmissions)

• Passive measurement challenges?─ Data rates to process─ Only partial view of network─ Staleness of data


Lab2: Lab2: NetworkNetwork Traffic Monitoring & Traffic Monitoring & Performance MeasurementPerformance Measurement

• Goals─ Learn basic network tools─ Understand packet structure by watching real packets─ Get real performance number

• Tools─ Ping: a program verifying the existence of IP address

• Used for packet generator and delay measurement

─ Traceroute: a program tracing the route from sender to destination

• Used for delay measurement and route bottleneck identifier

─ Ethereal: network protocol analyzer─ Iperf: a tool to measure the maximum throughput between

client and server


Connectivity • Simples case of active measurement• Typically done with ICMP Echo Request

─ Recipient will reply with ICMP Echo Response

• Implemented in ping tool:─ Sends ICMP echo requests to specified IP address─ Prints responses─ Reports TTL, round-trip time, loss rate (both ways)

• Useful parameters─ -c or -n count─ On Unix: -n numeric output (no IP address translation)─ -f flood ping ☺

• Very common and useful tool


PingPing• Sending ICMP “echo request” packets to the

target host and listening for ICMP “echo response” replies

• Using interval timing and response rate, ping estimates the round-trip time and packet loss


Ping Limitations • What are the limitations of ping?

─ ICMP disabled─ NAT boxes / firewalls─ No information on route (other than TTL)─ No information on performance (other than RTT)

• Other interesting observations─ TTL in packets can reveal OS type (useful for hackers)


RouteRoute• How can route of packet be measured?• Traceroute approach:

─ Send packets with limited TTL towards destination─ Packets will “expire” and cause ICMP error message─ Source of error message is intermediate hop─ Repeat with increasing TTL

• Output:─ Each router with RTT


TracerouteTraceroute• To determine the route taken by packets across

an IP network. • working by increasing the "time-to-live" value of

each successive batch of packets sent• Host discards the packet and sends an ICMP time

exceeded packet when TTL = 0 • Using these returning packets to produce a list of

hosts that the packets have traversed en route to the destination

• IP does not guarantee that all the packets take the same route.



Traceroute LimitationTraceroute Limitation• Not all routers respond• Processing, control and queue leads to wrong TTL

results


tcpdumptcpdump• Passive network measurement tool: tcpdump• Tcpdump collects packets from interface and displays

headers─ Only one interface can be observed at any point of time─ All traffic on interface can bee seen (promiscuous mode)─ Filter allows pre-filtering of output─ Payload can be preserved (if necessary)─ Timestamp of packet arrival and transmission

• Very useful to check network setup• Useful options

─ -n no address translation─ -r and -w to read and write files─ -s determines length of preserved data─ -vv very verbose output

• Results can be displayed nicely with ethereal


EtherealEthereal


BandwidthBandwidth• How to measure bandwidth?

─ TCP vs. UDP─ Inject packets at high rates─ Reporting of result?─ Requires software on both sides

• Issues to consider─ Measurement reports currently available bandwidth─ Reports only bottleneck bandwidth─ TCP behavior needs to be considered─ Timing of UDP packet is critical

• Tool: iperf (and many others)─ Client acts as sender─ Server sinks traffic and reports statistics


iperfiperf• Iperf report

• Iperf options─ -s run as server─ -c run as client─ -u uses UDP instead of TCP─ Man other options for packet size and rate (UDP)─ -b binds output interface (very useful)


IperfIperf• > iperf -c 10.0.13.68 • results should look like this:

------------------------------------------------------------Client connecting to 10.0.13.68, TCP port 5001TCP window size: 8.00 KByte (default)------------------------------------------------------------[1924] local (your IP) port 1500 connected with 10.0.13.68 port 5001[ ID] Interval Transfer Bandwidth[1924] 0.0-10.0 sec 111 MBytes 92.9 Mbits/sec

• You're interested in the red numbers


iperf Limitations • What are the limitations of iperf?

─ Same as for any other bandwidth measurement tool─ Control overhead─ Many options -> possible misconfiguration

• Need tool to observe network traffic to verify correct measurement setup


Hyperion ProjectHyperion Project• Distributed passive measurement platform

─ Multiple measurement node in network─ Coordinated traffic collection and storage

• Performance challenge

─ Extraction, storage, and retrieval requires high performance

• Network processors can be used for extraction and pre-processing


Hyperion Node Architecture


Privacy IssuesPrivacy Issues• Passive measurements observe all traffic in network

─ Users have rights to privacy─ Measurement data can reveal lots of personal information

• Examples of personal information─ Web pages visited─ Usernames and passwords (if not encrypted)─ Emails, IM, etc.─ Even encrypted traffic reveals information

• One possible solution: anonymization of traces─ “Scramble” IP addresses ─ Prefix-preserving hashing is preferable over random

hashing─ Computationally expensive

Documents

ECE 526 – Network Processing Systems Design Network Processing Functions Chapter 6&9: D. E. Comer