1

A Suite of Schemes for User-level Network Diagnosis without Infrastructure

Yao Zhao, Yan ChenLab for Internet and Security Technology, Northwestern Univ

ersity

2

Motivation

• How do end users, with no special privileges, identify packet loss inside the network with one or two computers?

3

Motivation

• How do end users, with no special privileges, identify packet loss inside the network with one or two computers?

• Take-home– We propose three user-level loss rate

diagnosis approaches– The combo of our approaches and

Tulip [SOSP03] is much better than any single approach

4

Outline

• Motivation• Related Works• Lossy Link Diagnosis

– Fragmentation Aided Diagnosis (FAD)• Algebraic FAD• Opportunistic FAD

– Striped Probe Analysis (SPA)

• Evaluations• Conclusions

5

Related Work I

• Internet Tomography– Multicast based (not practical)– Unicast based

• Mimic multicast

L1 L2 L3 L4

S

Virtua

l link

The more cooperating end

hosts, the shorter the virtual links

6

Related Work II

• Tulip [SOSP03]– Leverage on consecutive IPID– Tend to underestimate forward loss

rates• Suffer from the packet loss correlation

x

id

id+1

Forward Loss

S D

xid

id+2

Reverse Loss

S D

xid

S D

x

?

7

Outline

• Motivation• Related Works• Lossy Link Diagnosis

– Fragmentation Aided Diagnosis (FAD)• Algebraic FAD• Opportunistic FAD

– Striped Probe Analysis (SPA)

• Evaluations• Conclusions

8

Link Diagnosis=> Forward Path Diagnosis

• If we can infer the loss rates of forward path F1 and F2, we can infer the link loss rate of l3

F1

DS R1 R2

F2

l3l2l1

• The more diagnosable forward path segments, the better the diagnosis granularity

9

Basic Idea of FAD

S NP R

P

R

S NP1 RP2R

P1

P2

10

Algebraic FAD

• Let pf and pr be the loss rate of the forward and reverse path respectively

P

R

R

P1

P2

(1 - pf)×(1 - pr)=1 – p (1)

(1 - pf)2×(1 - pr)=1 – p’ (2)

p and p’ are measurable. Solve pf and pr using (1) and (2)

11

How to Achieve FAD

IP Fragmentation– Fragment a packet longer than MTU– Required to be supported in IPv4– Some routers disable it for security reason

• Support of IP Fragmentation– 64,320 router IP addresses probed by using Tr

aceroute– About 80% of routers support IP fragmentation

• Degree of Rate Limiting on Responses– 99% of routers allow a rate of 100 probes/s for

ICMP Echo, ICMP Timestamp and TCP probes– Response to UDP probe is severely rate-limited

12

Opportunistic FAD

F1 F2+ P

F’2F1+ P’

aaaaaaaa bbbbbbbb aaaaaaaabbbbbb

aaaaaaaa ccccccccc aaaaaaaacccccccc

13

Opportunistic FAD

R’

Forward Loss

F1

xF

2

F’2R

No Loss

S NF

1

F2

F’2 F1+F2

F1+F’2

S N

Similar to Tulip, but OFAD allows large gap between fragments

14

Striped Probe Analysis (SPA)

• S sends a probe to D and we get the path p1->p2

• S sends UDP packet with a certain TTL so that R returns an ICMP TTL-Exceeded response. Hence we get path p1->p3

S

p1

p3

p2DR

S

R

D S

p1

p2 p3

15

Striped Probe Analysis (SPA)

S

R

S

p1

p2 p3

P1 P2

(1) Loss on shared link

D

16

Striped Probe Analysis (SPA)

• Success rate of p1≈n1×n2 / (n×n12) – n: number of striped probes sent, – n1: number of P1 received by D, – n2: number of P2 received by S, – n12: number of cases that both P1 and P2 are received

• Unbiased if packet loss has perfect correlation and loss rates of different links are independent

S

R

S

p1

p2 p3

P1 P2

(2) Loss on non-shared link

D

S

R

S

p1

p2 p3

(1) Loss on shared link

D

17

Summary

Requirement Accuracy

Tulip [SOSP03]

Consecutive IPID (70%)Inaccurate w/ strong loss correlation

FAD (AFAD & OFAD)

IP fragmentation (80%)Accurate w/ weak or short loss correlation

SPAICMP TTL-Exceeded. Access from both end hosts

Accurate w/ strong loss correlation

The current Internet usually has strong but short loss correlation.

18

Outline

• Motivation

• Related Works

• Lossy Link Diagnosis– FAD– SPA

• Evaluations

• Conclusions

19

Evaluation Metrics

• Diagnosis Granularity– Weighted average of the lengths of the

path’s diagnosable segments– For example, an 8-hop path has two

diagnosable segments of length 3 and 5, and then the granularity of the path is (32 + 52)/8 = 4.25

• Accuracy– Estimation error: – Relative error:

20

Diagnosis GranularitySPA

is best

FAD ≈Tulip

Combo of FAD and

Tulip is better

21

Path-Level Accuracy Evaluation

FAD > Tulip > SPA

OFAD, Tulip and SPA tends to underestimate

loss rates

22

More Evaluations

• Consistency Check

• Packet Probe Size Selection

• Lossy Link Distribution• More in the technical report

http://www.cs.northwestern.edu/~yzh734/

23

Conclusions and Recommendations

• We propose AFAD, OFAD and SPA which can conduct loss rate diagnosis without infrastructure

• Tulip, FAD and SPA have different working scenarios– The combination of them can achieve low diagn

osis granularity and high accuracy

• Recommendations– OFAD+SPA, if we can control the two ends of a

n end-to-end path– OFAD+Tulip, if we can only control the source

24

25

Thanks!

Questions?

26

Path-Level Accuracy of Combined Schemes

27

28

Path-Level Accuracy Evaluation

29

Path-Level Accuracy of Combined Schemes

30

IP Fragmentation Is Widely Supported

• Router Collection– 64,320 router IP addresses probed by using traceroute from a

machine• Support of Different Probes

• Support of IP Fragmentation– 90.3% of responsive routers support IP fragmentation– Altogether about 80% of routers support FAD.

• Degree of Rate Limiting on Responses– 99% of routers allow a rate of 100 probes/s for ICMP Echo,

ICMP Timestamp and TCP probes– UDP probe is severely rate-limited

Echo Timestamp UDP TCP Any

1 source 85.3% 69.2% 64.5% 71.7% 88.2%

10 sources 87.3% 72.3% 70.7% 73.3% 90.1%

31

Packet Transmission Correlation

• Choose 100 PlanetLab hosts and randomly measure 5000 paths

• Little loss correlation with enough gap

32

Forward Path Diagnosis => Link Diagnosis

• If we can infer the loss rates of forwarding path l1 and P1, we can infer the link loss rate of l2 too.

D

33

Opportunistic FAD

• n: number of R12 received, n’: number of R’12 received

• Xi = 0 when forward packet i is lost and Xi =1 otherwise

• P(X2=1)≈P(X2=1|X1=1)≈n/(n+n’)

R12

P1

P2

P’2

R’12

P1

P2

P’2

x

(1) (2)

34

Striped Probe Analysis (SPA)

• No fragmented packets needed !

• S sends a probe to D and we get the path l1->l2

• S sends UDP packet with a certain TTL so that R returns an ICMP TTL-Exceeded response. Hence we get path l1->l3

S R

l1

l3

l2

S

R

D S

l1

l2 l3

D

35

Striped Probe Analysis (SPA)

S

R

S

l1

l2 l3

P1 P2

D

36

Striped Probe Analysis (SPA)

S

R

S

l1

l2 l3

P1 P2

(1) No loss (2) Loss on shared link

S

R

S

l1

l2 l3

P1 P2

D D

37

Striped Probe Analysis (SPA)

• Success rate of l1≈n1×n2 / (n×n12) – n: number of striped probes sent, – n1: number of P1 received by D, – n2: number of P2 received by S, – n12: number of cases that both P1 and P2 are received

• Unbiased if packet loss has perfect correlation and loss rates of different links are independent

S

R

S

l1

l2 l3

S

R

S

l1

l2 l3

P1 P2

(1) No loss (2) Loss on shared link (3) Loss on non-shared link

S

R

D S

l1

l2 l3

P1 P2

D D