Avoiding Network Capacity Collapse John Kristoff jtkdepaul edu
- Slides: 28
Avoiding Network Capacity Collapse John Kristoff jtk@depaul. edu +1 312 362 -5878 De. Paul University Chicago, IL 60604 SANS 2001 John Kristoff - De. Paul University 1
Capacity Collapse � Scarcity of capacity � (Dropped � Goodput Traffic / Offered Traffic) increases decreases (approaches zero) � Response � Very time increases little or no real work gets done SANS 2001 John Kristoff - De. Paul University 2
Statistical Multiplexing �A primary advantage of data networks � Available � Share � Build � But capacity can be used by anyone capacity on first in, first out basis network based on average usage IP is arbitarily bursty � Hence, � How will probably have some congestion do you prevent capacity collapse? SANS 2001 John Kristoff - De. Paul University 3
IP Type of Service Field "The Type of Service provides an indication of the abstract parameters of the quality of service desired. " - RFC 791, September 1981 Twenty years later and still no Internet Qo. S! SANS 2001 John Kristoff - De. Paul University 4
TCP Congestion Avoidance � TCP � It cannot control congestion can react based on implicit network signals � Assumes � TCP packet loss is due to congestion is quite good - maybe too good � Tries � Want to fully utilize network - it can go very fast TCP to go slow? Drop packets! � Dropping SANS 2001 packets reduces goodput John Kristoff - De. Paul University 5
ICMP, UDP and Multicast � Some protocols unresponsive to congestion � Luckily TCP accounts for ~90% of the traffic � Congestion �A control is needed function of the network � How do we do it? is the question � RED and ECN � Scheduling � Price SANS 2001 and rate limiting incentives John Kristoff - De. Paul University 6
What about IPv 6, ATM, MPLS. . . � Are these ubiquituous in your network? � Thought so. � Probably � Next wouldn't be a panacea anyway slide please. . . SANS 2001 John Kristoff - De. Paul University 7
(D)Do. S Attacks are Related � But we won't talk specifically about them � Congestion � With some added features � Probably � Include SANS 2001 control ideas may help us only a temporary capacity collapse this in capacity management plan John Kristoff - De. Paul University 8
Let's Get More Capacity �LAN capacity is cheap, we can overprovision �Leased WAN links can be costly �Internet service can definitely be costly �Operational �Ugh. . . �Need �We versus capital costs provisioning problems and lead times simple, cheap and fast only get to pick one, maybe two if lucky SANS 2001 John Kristoff - De. Paul University 9
Access Blocking �DNS �IP black holing router filters �Null routes �Site blocking SANS 2001 John Kristoff - De. Paul University 10
Rate Limiting � IP, � IP UDP and TCP based - usually addresses � Protocol � Strict limits � Dynamic SANS 2001 ports limits John Kristoff - De. Paul University 11
UIUC Rate Limiting Experiment � Allow full capacity access by default � "Out-of-profile" � Increasingly � Analyzing aggressive limits if necessary cflowd data to determine usage � Dynamically � Scaling users are rate limited upload CAR configs once/hour issues - a tad scary http: //www. ncne. nlanr. net/training/techs/2001/0128/presentations/2000101 -kline 1_files/v 3_document. htm SANS 2001 John Kristoff - De. Paul University 12
Active Queue Management �One �Tail way to control congestion in the network drop (FIFO queueing) �Random �Explicit Early Detection (RED) Congestion Notification (ECN) �Probably �Ongoing coupled with RED experimentation and research �Implementations SANS 2001 available John Kristoff - De. Paul University 13
Tail Drop Illustrated SANS 2001 John Kristoff - De. Paul University 14
RED Illustrated SANS 2001 John Kristoff - De. Paul University 15
Scheduling � Alter transmission order of packets � Can be based on: � IP Addresses � Priority (e. g. To. S bits) � Protocols � Flow � Must (e. g. SSH) characteristics define capacity/weight for queues SANS 2001 John Kristoff - De. Paul University 16
Traffic Shaping �TCP rate control �Alter �ACK TCP receiver window on the fly pacing �Slow or spread out ACKs to control sender �Packeteer �Yes, �Can (middlebox) does this it can be a little scary be implemented in end host stacks SANS 2001 John Kristoff - De. Paul University 17
Caching � Transparent � It is there, but users don't know it � Voluntary � It is there, but users must know to use it � Probably SANS 2001 only buys a short amount of time John Kristoff - De. Paul University 18
Private Peering � There � Well, is such a thing as a free lunch! OK not really � Involves � Startup � You � If some routing complexity cost might be high may have a choice of transit provider you can get to an exchange, do so! SANS 2001 John Kristoff - De. Paul University 19
Private Peering Illustrated SANS 2001 John Kristoff - De. Paul University 20
Monitoring � Some tools: � MRTG, � Some RRDTool, cflowd things to watch: � Queue depth � Packet drops � Link utilization � Buffer � Latency SANS 2001 utilization versus throughput John Kristoff - De. Paul University 21
Consortia � Some nice things in your own back yard? � Might be free, low cost or subsidized � May at least be lots of capacity � Might also be worth what you pay � Examples: � Internet 2 � Illinois Century Network � STAR TAP SANS 2001 John Kristoff - De. Paul University 22
Proxy Servers � Lots of opportunity for control � Can do lots of the capacity solutions at once � Not sure that you want them to � Lots of middlebox issues SANS 2001 John Kristoff - De. Paul University 23
Content Distribution � Content � Maybe setup up your own Red Hat mirror � Akamai �A providers move data closer to you is well known in this space form of load balancing SANS 2001 John Kristoff - De. Paul University 24
Content Subscription � Obtain local copies of data for distribution � Sort of like a library service � You do not own the content � May help alleviate copyright issues � i. BEAM SANS 2001 is popular in this space John Kristoff - De. Paul University 25
Network Address Translation (NAT) � Intended � Has as solution to IP address shortage a number of well documented problems � Probably not your capacity solution � Probably wouldn't help much anyway � In fact, it would probably hurt you more � Not recommended if you have addresses � Bad Juju SANS 2001 John Kristoff - De. Paul University 26
What Would I Do? (Bias Slide) � Oversubscription � Preserve before Co. S/Qo. S End-to-end model � Get to an exchange and peer � Get into a consortium like Internet 2 � Do lots of monitoring (understand traffic) � Be wary of silicon snake oil � Be willing to research and test anything SANS 2001 John Kristoff - De. Paul University 27
References http: //condor. depaul. edu/~jkristof/ http: //www. aciri. org/floyd/ http: //www. ietf. org http: //www. nanog. org http: //listserv. nd. edu/archives/resnet-l. html http: //www. theorygroup. com/Archive/Unisog/ http: //darkwing. uoregon. edu/~joe/how-to-go-fast. ppt SANS 2001 John Kristoff - De. Paul University 28
- Lars kristofferson is the ceo of kristoff markets
- How to avoid foolish opinions bertrand russell pdf
- On formalizing fairness in prediction with machine learning
- Fox conflict style
- What is a run-on sentence? *
- Avoiding insider trading training
- Avoiding fragments and run-ons
- Nursing positions and their indications
- Chapter 12 lesson 2 improving your fitness
- Avoiding turtle conflict management
- Avoiding run on sentences
- Techniques for avoiding resource overload? *
- Methods of avoiding precedent
- Alfred adler theory of personality
- What's the best strategy for avoiding atm fees?
- Complete the introduction giving advice on avoiding
- Uts in text referencing
- Avoiding the sun
- A national policy of avoiding involvement in world affairs
- Channel capacity planning
- Edu.sharif.edu
- Wireless network capacity
- Hyatt regency walkway disaster
- Kansas city walkway
- The collapse of reconstruction chapter 12 section 3
- Florys models
- Principles of information security 5th edition pdf
- Chapter 7 section 4 napoleons empire collapses
- Hyatt regency walkway collapse