11

Trace collection in Trace collection in the UNC-CH DiRT the UNC-CH DiRT

lablab

TheThe UNIVERSITY UNIVERSITY ofof NORTH CAROLINA NORTH CAROLINA atat CHAPEL HILL CHAPEL HILL

22

OutlineOutline

Monitoring location and UNC networkMonitoring location and UNC network

Setup specs - infrastructureSetup specs - infrastructure

Process sequence overviewProcess sequence overview

Live demoLive demo

Post-processingPost-processing

Our experimental infrastructure and its capabilitiesOur experimental infrastructure and its capabilities

33

Trace collection pointTrace collection point

UNC-CH network

Internet & Internet2

Monitor w/ DAG Monitor w/ DAG cardcard

44

InfrastructureInfrastructure

• Monitor specs: P4 1.8 GHz CPU, 1.4 GB Monitor specs: P4 1.8 GHz CPU, 1.4 GB RAM, 5*32GB hard drives, FreeBSD 4.7.RAM, 5*32GB hard drives, FreeBSD 4.7.

• DAG 4.3GE dual interface 1000Base-SX DAG 4.3GE dual interface 1000Base-SX Gigabit Ethernet 133MHz PCI-X card.Gigabit Ethernet 133MHz PCI-X card.

55

Process sequence overviewProcess sequence overview

packet capture using dagsnap

convert to tcpdump format

using dagconvert

anonymize using tcpdpriv

create connection

vectors in tmixanalyze and

present results

run (100s of) tmix

experiments in the lab

66

DemoDemo

1.1. /usr/local/bin/dagsnap -d /dev/dag0 -s 300 -v -o /usr/local/bin/dagsnap -d /dev/dag0 -s 300 -v -o test.dagtest.dag

2.2. dagconvert -Terf:pcap -i ../test.dag -f b > dagconvert -Terf:pcap -i ../test.dag -f b > test.b.tcpdumptest.b.tcpdump

3.3. dagconvert -Terf:pcap -i ../test.dag -f a > dagconvert -Terf:pcap -i ../test.dag -f a > test.a.tcpdumptest.a.tcpdump

4.4. /usr/dirt/src/tcpdpriv-1.1.10/tcpdpriv -P99 -A60 -M20 -t /usr/dirt/src/tcpdpriv-1.1.10/tcpdpriv -P99 -A60 -M20 -t mapping_file -r test.a.tcpdump -w test.a.anon.tcpdumpmapping_file -r test.a.tcpdump -w test.a.anon.tcpdump

5.5. /usr/dirt/bin/4.x/tcpdump-hiperf -I -S -n -tt -r /usr/dirt/bin/4.x/tcpdump-hiperf -I -S -n -tt -r test.a.anon.tcpdump tcp > test.a.anon.tcpdump.txttest.a.anon.tcpdump tcp > test.a.anon.tcpdump.txt(-I (-I Print IP header fields (ttl, id and length)) Print IP header fields (ttl, id and length))

77

Packet capturePacket capture

• Usage: dagsnap [options]Usage: dagsnap [options]• -d <device> DAG device name-d <device> DAG device name• -h display help (this page)-h display help (this page)• -j Maximize disk write performance - will only write -j Maximize disk write performance - will only write

in chunksin chunks• -m <mebibytes> Maximum amount of data to write per call -m <mebibytes> Maximum amount of data to write per call

in MiB (default 4)in MiB (default 4)• -o <filename> output file name (default is stdout)-o <filename> output file name (default is stdout)• -s <seconds> runtime in seconds-s <seconds> runtime in seconds• -v increase verbosity-v increase verbosity

• With -v three columns are printed per second.With -v three columns are printed per second.• 1. The cumulative total of data written out.1. The cumulative total of data written out.• 2. The buffer occupancy. Small values indicate no packet 2. The buffer occupancy. Small values indicate no packet

loss.loss.• 3. The rate at which data is currently being written.3. The rate at which data is currently being written.

88

Convert dag to tcpdumpConvert dag to tcpdump

• dagconvert: DAG file conversion utility: Usage: dagconvert dagconvert: DAG file conversion utility: Usage: dagconvert [options][options]

• -d <device> DAG device name-d <device> DAG device name• -h display help (this page)-h display help (this page)• -v increase verbosity-v increase verbosity• -i <filename> input file-i <filename> input file• -o <filename> output file-o <filename> output file• -r N[k|m|g] change output file after N Bytes.-r N[k|m|g] change output file after N Bytes.• k, m, g suffixes for kilobytes, megabytes, k, m, g suffixes for kilobytes, megabytes,

gigabytes.gigabytes.• -s <snaplen> output snap length-s <snaplen> output snap length• -t <seconds> capture period in seconds-t <seconds> capture period in seconds• -T <in_type:out_type> input and output types (see list of -T <in_type:out_type> input and output types (see list of

types below)types below)• -f <list> comma separated list of filters (see list -f <list> comma separated list of filters (see list

of filters below)of filters below)

99

anonymizeanonymize

• usage: usage: /usr/dirt/src/tcpdpriv-1.1.10/tcpdpriv/usr/dirt/src/tcpdpriv-1.1.10/tcpdpriv

• P99 – pass TCP port numbers through P99 – pass TCP port numbers through unchangedunchanged

• A60 – map address using mapping fileA60 – map address using mapping file

• M20 – option for multicast addressesM20 – option for multicast addresses

1010

Example plot – throughput Example plot – throughput (Mbps)(Mbps)

• A 10-min trace collected at low-usage A 10-min trace collected at low-usage time (2:30am)time (2:30am)

1111

Example plot – throughput Example plot – throughput (Kpps)(Kpps)

1212

AnalysisAnalysis

Simple statistics like throughput plots Simple statistics like throughput plots over timeover time

Loss ratesLoss rates

RTT (round trip time) calculationsRTT (round trip time) calculations

Running tmix experiments with the dataRunning tmix experiments with the dataanalyze resultsanalyze resultscreate various possible scenarios and test create various possible scenarios and test

(e.g. what does doubling the traffic (e.g. what does doubling the traffic throughput do to end user response times?) throughput do to end user response times?)

1313

EndEndsystemssystems

EndEndsystemssystems

Network TopologyNetwork Topology

EthernetEthernetSwitchSwitch

EthernetEthernetSwitchSwitch

RouterRouter RouterRouter

… …

MonitorsMonitors

Access router & Access router & control stationcontrol station

NFS serversNFS serversarp proxyarp proxy

1414

Tmix discussionTmix discussion

• Replay trace on the network in a controlled Replay trace on the network in a controlled environmentenvironment

• Throughput can be varied up or downThroughput can be varied up or down

• Induce losses and delays per flowInduce losses and delays per flow

• Replaying a-b-t sequencesReplaying a-b-t sequences