Why running measurements?



Similar documents
Troubleshooting Tools

Policy Based Forwarding

Monitoring Android Apps using the logcat and iperf tools. 22 May 2015

Introduction to Passive Network Traffic Monitoring

Network Management and Debugging. Jing Zhou

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Host Discovery with nmap

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Website Analysis. foxnews has only one mail server ( foxnewscommail.protection.outlook.com ) North America with 4 IPv4.

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

LESSON Networking Fundamentals. Understand TCP/IP

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

IP network tools & troubleshooting. AFCHIX 2010 Nairobi, Kenya October 2010

Network performance in virtual infrastructures

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from

Introduction to Network Security Lab 2 - NMap

Using IPM to Measure Network Performance

Rapid IP redirection with SDN and NFV. Jeffrey Lai, Qiang Fu, Tim Moors December 9, 2015

Live Traffic Monitoring with Tstat: Capabilities and Experiences

Avaya ExpertNet Lite Assessment Tool

CIT 380: Securing Computer Systems

Workshop on Scientific Applications for the Internet of Things (IoT) March

Solution of Exercise Sheet 5

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands

Exercise 7 Network Forensics

File transfer and login using IPv6, plus What to do when things don t work

Network and Services Discovery

NETWORK SECURITY WITH OPENSOURCE FIREWALL

Practical Network Forensics

Chapter 8 Security Pt 2

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Inside Dropbox: Understanding Personal Cloud Storage Services

Network Simulation Traffic, Paths and Impairment

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Cisco IOS Flexible NetFlow Technology

Broadband Quality Test Plan

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

About Firewall Protection

Tools for penetration tests 1. Carlo U. Nicola, HT FHNW With extracts from documents of : Google; Wireshark; nmap; Nessus.

Networks: IP and TCP. Internet Protocol

Application Latency Monitoring using nprobe

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

Network Connect Performance Logs on MAC OS

Homework 3 TCP/IP Network Monitoring and Management

Host Fingerprinting and Firewalking With hping

Challenges of Sending Large Files Over Public Internet

+ iptables. packet filtering && firewall

Visualizations and Correlations in Troubleshooting

Frequently Asked Questions

Internet Infrastructure Measurement: Challenges and Tools

L3DSR Overcoming Layer 2 Limitations of Direct Server Return Load Balancing

How To Monitor A Network On A Network With Bro (Networking) On A Pc Or Mac Or Ipad (Netware) On Your Computer Or Ipa (Network) On An Ipa Or Ipac (Netrope) On

1! Network forensics

What is a DoS attack?

EKT 332/4 COMPUTER NETWORK

Nmap: Scanning the Internet

Introduction of Intrusion Detection Systems

Unix System Administration

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

TCP Performance Management for Dummies

Chapter 11 Cloud Application Development

Technical Support Information Belkin internal use only

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

Applications. Network Application Performance Analysis. Laboratory. Objective. Overview

Introduction to Cisco IOS Flexible NetFlow

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

NQA Technology White Paper

Network Address Translation (NAT) Virtual Private Networks (VPN)

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

Controlling Risk, Conserving Bandwidth, and Monitoring Productivity with Websense Web Security and Websense Content Gateway

Introduction to Performance Measurements and Monitoring. Vinayak

You can keep your firewall (if you want to) Practical, simple and cost saving applications of OpenDaylight you can implement today

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Flow Analysis Versus Packet Analysis. What Should You Choose?

Configuring PA Firewalls for a Layer 3 Deployment

Chapter 8 Network Security

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

NetFlow/IPFIX Various Thoughts

Network Traffic Analysis

How To Gather Log Files On A Pulse Secure Server On A Pc Or Ipad (For A Free Download) On A Network Or Ipa (For Free) On An Ipa Or Ipv (For An Ubuntu) On Your Pc

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas

Test Methodology White Paper. Author: SamKnows Limited

Attack Lab: Attacks on TCP/IP Protocols

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

IP address format: Dotted decimal notation:

Configuration Guide. BES12 Cloud

CS197U: A Hands on Introduction to Unix

NETWORK LAYER/INTERNET PROTOCOLS

Packet filtering with Linux

IP Network Monitoring and Measurements: Techniques and Experiences

Transcription:

Network Measurements: Passive, Active and Hybrid approaches Stefano Traverso stefano.traverso@polito.it Why running measurements? The Internet is the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy that we have ever had. Eric Schmidt, former Google CEO. Fundamental cornerstone to build an idea of what is going on in the network Network monitoring Troubleshooting Security Characterization of users/devices/services Stefano Traverso - TNG group - Politecnico di Torino 2 1

Network Measurements Active Measurements Study cause/effect relationships by injecting extra traffic into the network and observe reactions Full control on the generated traffic Lack of generality Passive Measurements Analysis of traffic traces captured by sniffers Study traffic properties without interfering with it Study traffic generated from actual Internet users In general, require a large effort Hybrid Measurements Take the best of the passive and active approaches Stefano Traverso - TNG group - Politecnico di Torino 3 Active Measurements Stefano Traverso - TNG group - Politecnico di Torino 4 2

The Active Measurements Scenario Supervisor Instruments probes & Extract analytics Reposit Collect measurements ory active probe data control measurements What s the bandwidth? How far is the closest server? Stefano Traverso - TNG group - Politecnico di Torino 5 Active Measurements The basic Swiss knife: Ping Host reachability tests Traceroute Detects the routers to reach a given hosts Nmap Detects open ports and hosts Iperf Measures the throughput to a host May be deployed in several vantage Points e.g., PlanetLab Stefano Traverso - TNG group - Politecnico di Torino 6 3

Ping Based on ICMPs echo messages Measures RTT (min,max,avg, std), TTL, packet loss, $ping www.google.com PING www.google.com (173.194.35.20): 56 data bytes 64 bytes from 173.194.35.20: icmp_seq=0 ttl=54 time=2.715ms 64 bytes from 173.194.35.20: icmp_seq=1 ttl=54 time=2.740ms 64 bytes from 173.194.35.20: icmp_seq=2 ttl=54 time=3.218ms 64 bytes from 173.194.35.20: icmp_seq=3 ttl=54 time=2.750ms 64 bytes from 173.194.35.20: icmp_seq=4 ttl=54 time=2.932ms ^C --- www.google.com ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 2.715/2.871/3.218/0.190ms Stefano Traverso - TNG group - Politecnico di Torino 7 Ping advanced use Flood the host $ sudo ping -f 130.192.9.61 PING 130.192.9.61 (130.192.9.61) 56(84) bytes of data..^c --- 130.192.9.61 ping statistics --- 30734 packets transmitted, 30733 received, 0% packet loss, time 8514ms rtt min/avg/max/mdev = 0.187/0.243/0.828/0.039ms, ipg/ewma 0.277/0.224ms Get the list of traversed hops $ ping -R 130.192.2.90 PING 130.192.2.90 (130.192.2.90) 56(124) bytes of data. 64 bytes from 130.192.2.90: icmp_req=1 ttlms NOP RR: 130.192.91.74 130.192.2.105 130.192.2.90 130.192.2.90 130.192.91.65 130.192.91.74 64 bytes from 130.192.2.90: icmp_req=2 ttl=254 time=6.15ms NOP (same route) Stefano Traverso - TNG group - Politecnico di Torino 8 4

Ping advanced use (cont d) Measure the buffer size of your ADSL modem $ num=11 ; sudo ping -l $num -c $num -s 1472 130.192.9.61 PING 130.192.9.61 (130.192.9.61): 1472 data bytes 1480 bytes from 130.192.9.61: icmp_seq=0 ttl=50 time=55.363 ms 1480 bytes from 130.192.9.61: icmp_seq=1 ttl=50 time=68.527 ms 1480 bytes from 130.192.9.61: icmp_seq=2 ttl=50 time=79.940 ms 1480 bytes from 130.192.9.61: icmp_seq=3 ttl=50 time=92.876 ms 1480 bytes from 130.192.9.61: icmp_seq=4 ttl=50 time=107.227 ms 1480 bytes from 130.192.9.61: icmp_seq=5 ttl=50 time=120.439 ms 1480 bytes from 130.192.9.61: icmp_seq=6 ttl=50 time=133.647 ms 1480 bytes from 130.192.9.61: icmp_seq=7 ttl=50 time=147.563 ms 1480 bytes from 130.192.9.61: icmp_seq=9 ttl=50 time=160.042 ms 1480 bytes from 130.192.9.61: icmp_seq=10 ttl=50 time=177.829 ms --- 130.192.9.61 ping statistics --- 11 packets transmitted, 10 packets received, 9.1% packet loss round-trip min/avg/max/stddev = 55.363/114.345/177.829/38.607 ms Stefano Traverso - TNG group - Politecnico di Torino 9 Ping advanced use (cont d) Geolocation of IP addresses using multi-lateration techniques Stefano Traverso - TNG group - Politecnico di Torino 10 5

Ping advanced use (cont d) Ping s reliability is impaired by flow-based load balancing It can not reliably represent the performance experienced by applications In-flow RTT is more reliable Use tokyo-ping Stefano Traverso - TNG group - Politecnico di Torino 11 Ping advanced use (cont d) Often blocked by routers (they do not reply to ICMP probes) Use other protocols than ICMP UDP (as traceroute does) TCP SYN/ACK/FIN/RST messages nping Stefano Traverso - TNG group - Politecnico di Torino 12 6

Traceroute Print the route packets travel to network host $ traceroute www.google.it traceroute to www.google.it (74.125.232.151), 30 hops max, 60 byte packets 1 130.192.91.65 (130.192.91.65) 2.021ms 2.203ms 2.427ms 2 18-c6500-vss.polito.it (130.192.2.65) 0.377 0.424ms 0.485ms 3 mz-c-polfi.polito.it (130.192.232.60) 1.432ms * 1.727ms 4 l3-garr.polito.it (130.192.232.254) 6.472ms 6.704ms 7.211ms 5 ru-polito-rx1-to1.to1.garr.net (193.206.132.33) 7.520ms 7.907ms 8.205ms 6 rx1-to1-rx1-mi2.mi2.garr.net (90.147.80.217) 11.472ms 11.148ms 11.088ms 7 rx1-mi2-r-mi2.mi2.garr.net (90.147.80.73) 9.654ms 8.722ms 8.831ms 8 r-mi2-google.mi2.garr.net (193.206.129.130) 4.044ms 6.412ms 6.398ms 9 * 209.85.249.54 (209.85.249.54) 8.203ms 20.474ms 10 64.233.174.243 (64.233.174.243) 8.294ms 8.331ms 8.745ms 11 mil02s05-in-f23.1e100.net (74.125.232.151) 8.617ms 8.709ms 9.336ms Stefano Traverso - TNG group - Politecnico di Torino 13 Traceroute (cont d) Sends UDP/IP packets with short TTLs to induce routers to reply with ICMP Time to Live exceeded in Transit $ nping --ttl=2 --udp 130.192.232.60 Starting Nping 0.6.00 ( http://nmap.org/nping ) at 2014-12-16 10:05 CET SENT (0.0047s) UDP 130.192.91.74:53 > 130.192.232.60:40125 ttl=2 id=17368 iplen=28 RCVD (0.0182s) ICMP 130.192.2.65 > 130.192.91.74 TTL=0 during transit (type=11/code=0) ttl=254 id=62922 iplen=56 Stefano Traverso - TNG group - Politecnico di Torino 14 7

Traceroute (cont d) Fails in presence of routers employing load balancing based on the packet header Use paris-traceroute Stefano Traverso - TNG group - Politecnico di Torino 15 Nmap Tool for network discovery and security auditing Given a host It identifies open ports It identify the OS Given a network It identifies hosts that are up Stefano Traverso - TNG group - Politecnico di Torino 16 8

Nmap (cont d) SYN stealth port scan Sends TCP SYN message if ACK received, port = open Immediately sends RST message to close the connection Else, port = closed $ sudo nmap -ss 130.192.9.61 Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-16 17:28 CET Nmap scan report for 130.192.9.61 Host is up (0.00069s latency). Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql 6000/tcp open X11 9418/tcp open git Stefano Traverso - TNG group - Politecnico di Torino 17 A network scan Nmap (cont d) $ nmap -sp 130.192.91.0/25 Starting Nmap 6.00 ( http://nmap.org ) at 2014-12-16 17:21 CET Nmap scan report for aslan.polito.it (130.192.91.1) Host is up (0.00025s latency). Nmap scan report for l3-areait-91.polito.it (130.192.91.17) Host is up (0.0048s latency). Nmap scan report for amedeonl2.polito.it (130.192.91.101) Host is up (0.0014s latency).... Nmap scan report for 130.192.91.102 Host is up (0.00059s latency). Nmap scan report for printernl1.polito.it (130.192.91.126) Host is up (0.00072s latency). Nmap done: 128 IP addresses (14 hosts up) scanned in 1.71 seconds Stefano Traverso - TNG group - Politecnico di Torino 18 9

Iperf It measures TCP and UDP bandwidth performance Useful to 1. Run speed-tests 2. Create artificial traffic Requires the user to have control of both end points Stefano Traverso - TNG group - Politecnico di Torino 19 Iperf (cont d) Server $ iperf -s ------------------------------------------------------------ Server listening on TCP port 5001 TCP window size: 85.3 KByte (default) ------------------------------------------------------------ [ 4] local 130.192.91.74 port 5001 connected with 2.230.134.65 port 51957 [ ID] Interval Transfer Bandwidth [ 4] 0.0-11.4 sec 768 KBytes 550 Kbits/sec Client $ iperf -c 130.192.91.74 ------------------------------------------------------------ Client connecting to 130.192.91.74, TCP port 5001 TCP window size: 129 KByte (default) ------------------------------------------------------------ [ 4] local 192.168.1.76 port 58733 connected with 130.192.91.74 port 5001 [ ID] Interval Transfer Bandwidth [ 4] 0.0-10.3 sec 768 KBytes 611 Kbits/sec Stefano Traverso - TNG group - Politecnico di Torino 20 10

DNS-level active measurements Useful to dissect the infrastructure of Internet services E.g., Content Delivery Networks, Cloud-based services Different DNS servers provide often different results, based on client location Stefano Traverso - TNG group - Politecnico di Torino 21 NSlookup $ nslookup eu.sc-proxy.samsungosp.com 130.192.3.21 Server: 130.192.3.21 Address: 130.192.3.21#53 Non-authoritative answer: eu.sc-proxy.samsungosp.com canonical name = scloud-pew1-prx-493782659.eu-west- 1.elb.amazonaws.com. Name: scloud-pew1-prx-493782659.eu-west-1.elb.amazonaws.com Address: 54.246.187.126 Name: scloud-pew1-prx-493782659.eu-west-1.elb.amazonaws.com Address: 54.194.18.205 Stefano Traverso - TNG group - Politecnico di Torino 22 11

HTTP-level active measurements Web servers provides information about the services they host Probe the server with artificial HTTP requests HTTP-Knocking Using automatic (headless) browsers Stefano Traverso - TNG group - Politecnico di Torino 23 HTTP-Knocking Probe a web server with a simple HTTP $ curl --head 54.231.128.184 HTTP/1.1 405 Method Not Allowed x-amz-request-id: ACF953EAEC5F234B x-amz-id-2: euqwzyxgrjudhfpnh00f5xzl84htcb9mi8dzd2jdcssnqhjbtg0iztr40 3RLbR9m Allow: GET Content-Type: application/xml Transfer-Encoding: chunked Date: Wed, 17 Dec 2014 16:21:48 GMT Server: AmazonS3 Stefano Traverso - TNG group - Politecnico di Torino 24 12

Automatic Browsing Selenium WebDriver [http://www.seleniumhq.org] Can be combined with Standard browsers (Firefox, Chrome, etc.) Headless browsers (Phantomjs [http://phantomjs.org]) Emulates users interacting with a webpage: Important for web developers to test their designs Useful for researchers to build crawlers E.g., infer Twitter s social graph Stefano Traverso - TNG group - Politecnico di Torino 25 Passive Measurements Stefano Traverso - TNG group - Politecnico di Torino 26 13

The Passive Measurement Scenario Supervisor Extract analytics Collect measurements Reposit ory passive probe data control traffic Deploy some vantage points What are the performance of YouTube video streaming? What are the performance of a cache? Stefano Traverso - TNG group - Politecnico di Torino 27 Passive measurements The basic Swiss knife: TCPdump Full packet-level captures Tstat, Netflow Flow-level captures, aggregated statistics Netstat Host-level, aggregated statistics Wireshark Full packet-level captures with nice GUI May be deployed in several vantage points, e.g., probes within a large network Works on a single machine Stefano Traverso - TNG group - Politecnico di Torino 28 14

Netstat (cont d) Summarizes the connections, interface statistics, etc. for a given host Useful to monitor server machines $ netstat -s Tcp: 132861 active connections openings 39 passive connection openings 131967 failed connection attempts 139 connection resets received 6 connections established 185494 segments received 202549 segments send ou t 39519 segments retransmited 4 bad segments received. 278 resets sent Stefano Traverso - TNG group - Politecnico di Torino 29 Netstat (cont d) $ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:50398 localhost:23414 ESTABLISHED tcp 0 0 localhost:25001 localhost:41428 ESTABLISHED tcp 0 0 localhost:41428 localhost:25001 ESTABLISHED tcp 0 0 localhost:23414 localhost:50398 ESTABLISHED tcp 0 0 grigio.local:53723 snt-re4-10c.sjc.dr:http ESTABLISHED tcp 0 48 grigio.local:ssh 2.230.134.65:56181 ESTABLISHED tcp 0 1 grigio.local:42397 stefanonl1.polito:24800 SYN_SENT Stefano Traverso - TNG group - Politecnico di Torino 30 15

Tcpdump It dumps the traffic it observes flowing on a network from its vantage point It inspects packets at network level E.g., It does not rebuilds TCP flows It can generate large amounts of data In pcap and txt formats Stefano Traverso - TNG group - Politecnico di Torino 31 Tcpdump (cont d) It provides very detailed view on the packets $ sudo tcpdump -nnvvxs src 130.192.91.73 11:31:10.863681 IP (tos 0x0, ttl 64, id 62735, offset 0, flags [DF], proto TCP (6), length 40) 130.192.91.73.62266 > 17.254.32.16.80: Flags [.], cksum 0xb3f6 (correct), seq 1562604172, ack 3075043650, win 65535, length 0 0x0000: 0015 6347 fe47 00e0 4c36 00c2 0800 4500..cG.G..L6...E. 0x0010: 0028 f50f 4000 4006 35a9 82c0 5b49 11fe.(..@.@.5...[I.. 0x0020: 2010 f33a 0050 5d23 728c b749 7142 5010...:.P]#r..IqBP. 0x0030: ffff b3f6 0000 Stefano Traverso - TNG group - Politecnico di Torino 32 16

Wireshark Tcpdump with a nice GUI Same very detailed view on the traffic It rebuilds TCP/HTTP/ connections Let the user run specific analysis in a few clicks Best tool for quick troubleshooting Load the traffic into the memory Not suitable to load/capture GBs of traces Stefano Traverso - TNG group - Politecnico di Torino 33 Wireshark (cont d) Stefano Traverso - TNG group - Politecnico di Torino 34 17

http://tstat.polito.it Tstat is a passive sniffer developed by Polito It works at flow-level Monitors at network level, and re-builds flows at transport-level Computes several L3/L4 metrics (e.g., #pkts, #bytes, RTT, TTL, etc.) Performs traffic classification Deep Packet Inspection (DPI) Statistical methods (Skype, obfuscated P2P) Different output formats (logs, RRDs, histograms, pcap) Run on off-the-shelf HW Up to 2Gb/s with standard network interfaces Currently adopted in real network scenarios (campus network and ISPs) Stefano Traverso - TNG group - Politecnico di Torino 35 Tstat deployment scenario Private Network Border router Rest of the world Traffic stats Stefano Traverso - TNG group - Politecnico di Torino 36 18

How Tstat works? client Tstat server 1 TCP logs (100+ stats) L7 Data TCP Flow 2 Classification HTTP Transaction P2P Skype HTTP logs Stefano Traverso - TNG group - Politecnico di Torino 37 client Tstat server Tstat + DN-Hunter DNS server DNS conversation The worst enemy of a passive sniffer is traffic encryption (HTTPS) DN-Hunter is a plugin which inspects DNS conversations (which are not encrypted, yet) DNS-level information is attached to TCP logs L7 Data Stefano Traverso - TNG group - Politecnico di Torino 38 19

Tstat Use case: Understanding Amazon AWS Elastic Cloud Computing EC2 provides re-sizeable compute capacity in the Cloud by means of virtualized servers Simple Storage Service S3 offers a service to store/retrieve files into/from the Cloud Content Delivery Network CloudFront EC2/S3 Datacenters distribute content to end-users with CloudFront low latency edge-nodes and high data transfer speeds Focus: 1. Evolution over time of AWS: the number of datacenters, their locations, and performance as perceived by the ISP customers 2. Analysis of popular Cloud/CDN-based web-services: show their dynamics, how they perform, etc. Analysis of traffic generated by Clouds and CDNs 39 Tstat Use case: Understanding Amazon AWS Stefano Traverso - TNG group - Politecnico di Torino 40 20

Tstat Use case: NetCurator Web app based on Tstat which extracts interesting links browsed by users from HTTP traffic http://tstat.polito.it/netcurator/ Stefano Traverso - TNG group - Politecnico di Torino 41 Hybrid Measurements Stefano Traverso - TNG group - Politecnico di Torino 42 21

Network Measurements Active measurements Let us exactly define the workload the network is subject to Allow to measure cause/effect relationhips easily Passive measurements Do not change the working point of the network More detailed view of the network status Stefano Traverso - TNG group - Politecnico di Torino 43 with some drawbacks Active measurements Difficult to obtain detailed information about Transport and Network Layers Passive measurements Generate lots of data to process Fail when no (useful) traffic is generated Stefano Traverso - TNG group - Politecnico di Torino 44 22

Hybrid Measurements Combine active and passive approaches: 1. Augment measurements from active tests with detailed IP/TCP-level information obtained passively 2. Active measurements generate the desired amount of traffic less logs to analyze Iperf Stefano Traverso - TNG group - Politecnico di Torino Ping 45 Hybrid Measurements for Network QoS Troubleshooting Management Layer Analysis Layer Measurement Layer ISP Stefano Traverso - TNG group - Politecnico di Torino IXP 46 23

Use case: Speed Tests in ISP network Active probe: IQM (by Fastweb) Passive probe: Tstat FTP Client Traceroute FTP Server Traceroute Ping Headless Browser Ping IQM Client IQM Server Stefano Traverso - TNG group - Politecnico di Torino 47 Testbed & Dataset 30+ IQM client probes uniformly distributed within Fastweb edge network Tstat installed on the IQM server probe Network configurations 1. ADSL: U-1Mbps/D-16Mbps U-1Mbps/D-12Mbps U-0.5Mbps/D-8Mbps 2. FTTH U- 10Mbps/D-10Mbps 10-sec long speed-test every 4min FTP transfers in both Upload and Download 3 months of tests (Feb 1st to Apr 30th 2014) 1.2M+ speed-test reports Stefano Traverso - TNG group - Politecnico di Torino 48 24

Congestion in the Virtual Leased Network ADSL U1Mbps/D12Mbps Active Test Evident day/night periodicity + Large std(rtt) and RTX rate Passive measurement Congestion in the Virtual Leased Line Stefano Traverso - TNG group - Politecnico di Torino 49 Congestion at the Uplink FTTH U10Mbps/D10Mbps Active Test Passive measurement FTTH (no low SNR issues) + No day/night periodicity + large RTX segment rate??? Small buffer at the uplink (thanks ping ) Stefano Traverso - TNG group - Politecnico di Torino 50 25

Thanks! Stefano Traverso - TNG group - Politecnico di Torino 51 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information