Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke,

Slides:



Advertisements
Similar presentations
Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.
Advertisements

Network Layer – IPv4 Dr. Sanjay P. Ahuja, Ph.D.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
11 Packet Sampling for Worm and Botnet Detection in TCP Connections Reporter: 林佳宜 /10/25.
Sampling and Flow Measurement Eric Purpus 5/18/04.
Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.
Multimedia Streaming Gateway With Jitter Detection Siu-Ping Chan, Chi-Wah Kok Albert K. Wong IEEE TRANSACTIONS ON MULTIMEDIA, June 2005.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.
Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.
User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
1 An Information-theoretic Approach to Network Measurement and Monitoring Yong Liu, Don Towsley, Tao Ye, Jean Bolot.
1 An Information Theoretic Approach to Network Trace Compression Y. Liu, D. Towsley, J. Weng and D. Goeckel.
Chapter 9 Classification And Forwarding. Outline.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Informal Quiz 2 True or False? T F  The IP checksum protects the entire IP datagram 
R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.
MonNet – a project for network and traffic monitoring Detection of malicious Traffic on Backbone Links via Packet Header Analysis Wolfgang John and Tomas.
TCOM 515 IP Routing. Syllabus Objectives IP header IP addresses, classes and subnetting Routing tables Routing decisions Directly connected routes Static.
Analysis of Internet Backbone Traffic and Header Anomalies Observed Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers.
1 - GEC8, San Diego, July 20-22, 2010 Measurement Tools in PlanetLab Europe Tanja Zseby (Fraunhofer FOKUS, Berlin, Germany) (some slides from other OneLab.
Networks and Protocols CE Week 7b. Routing an Overview.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.
Trajectory Sampling for Direct Traffic Oberservation N.G. Duffield and Matthias Grossglauser IEEE/ACM Transactions on Networking, Vol. 9, No. 3 June 2001.
Sampling and Filtering Techniques for IP Packet Selection - Update - draft-ietf-psamp-sample-tech-04.txt Tanja Zseby, FhG FOKUS Maurizio Molina, NEC Europe.
Network Layer4-1 Datagram networks r no call setup at network layer r routers: no state about end-to-end connections m no network-level concept of “connection”
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
A Bandwidth Estimation Method for IP Version 6 Networks Marshall Crocker Department of Electrical and Computer Engineering Mississippi State University.
Net Flow Network Protocol Presented By : Arslan Qamar.
Sampling and Filtering Techniques for IP Packet Selection - Update - draft-ietf-psamp-sample-tech-02.txt Tanja Zseby, FhG FOKUS Maurizio Molina, NEC Europe.
1 Computer Communication & Networks Lecture 19 Network Layer: IP and Address Mapping Waleed Ejaz.
Internet Protocol Version 4 VersionHeader Length Type of Service Total Length IdentificationFragment Offset Time to LiveProtocolHeader Checksum Source.
1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.
1 PSAMP WGIETF, November 2003PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-04.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:
Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.
Unique Packet Identifiers for Multipoint Monitoring of QoS Parameters Juraj Giertl, František Jakab Gorazd Baldovský, Ján Genči.
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
Hash Function comparison for PSAMP purposes: results and suggestions Maurizio Molina,
Ethernet Packet Filtering – Part 2 Øyvind Holmeide 10/28/2014 by.
ETTC 2015-Guaranteed end-to-end latency through Ethernet Øyvind Holmeide 02/01/2015 by.
Introduction to Networks
Multiplexing.
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
The Devil and Packet Trace Anonymization
Monitoring MIPv6 Traffic with IPFIX
Internet Protocol Formats
Chapter 6: Network Layer
Seminar report on IPv4 & IPv6
Chapter 6: Network Layer
Towards Measuring Anonymity
Impact of Packet Sampling on Anomaly Detection Metrics
Network Fundamentals – Chapter 5
Internet Protocol (IP)
What does this packet do?
Net 323 D: Networks Protocols
Chapter 4 Network Layer Computer Networking: A Top Down Approach 5th edition. Jim Kurose, Keith Ross Addison-Wesley, April Network Layer.
Internet Protocol Formats
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
Transport Layer Identification of P2P Traffic
Review of Internet Protocols Network Layer
Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.
Presentation transcript:

Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke, Carsten Schmoll, Tanja Zseby Fraunhofer Institute FOKUS, Berlin, Germany

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Outline 2 1.Introduction Multipoint Sampling 2.Problem Statement 3.Approach 4.Measurement Setup 5.Measurement Results 6.Conclusion

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Introduction Multipoint Sampling 3 Passive Multipoint Measurements –at observation points a packet ID and timestamp exported for each packet –trace observable based on occurrence of packet ID –delay = timestamp A – timestamp B of packets with equal ID Multipoint Collector Point A Point B Point C

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Introduction Multipoint Sampling 4 CChallenge in Passive Multipoint Measurements  immense amounts of measurement data  High infrastructure costs: processing, storing, exporting Random Packet Selection and Estimation Random Sampling (n-out-of-N, probabilistic) unsuitable -> inconsistent sample at observation points Duffield and Grossglauser in “Trajectory Sampling for Direct Traffic Observation” propose hash-based packet selection.

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Introduction Multipoint Sampling 5 IP HeaderTransport HeaderPayload hash input hash function packet selectedpacket not selected consistent selected subset if x, h and S are equal at all observation points Hash-Based Paket Selection

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Problem Statement Which packet content to use as hash input? Requirements for header fields 1.static between network nodes ( IP TTL and checksum) 2.variable among packets Challenge:  HBS is deterministic; but goal is to emulate random selection  choice of hash input can introduce bias to the selection 6

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Problem Statement 7 How bias is introduced -packets in a hash input collision have same hash input -selection decision is not independent -the more packets in collision the more grievous the bias -unsuitable to use whole packet because hash value calculation time increases with hash input length

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Approach Approach –packets differ more often in high variable bytes –entropy per byte used to measure variability Entropy Information Efficiency p i probability that hash value i occurs H(B) entropy dependent on discrete Variant of Byte Values 8

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Evaluation dependent on analyzed traces -6 IPv4 trace groups – 1 IPv6 -geographical locations (NZ, AUT, FR, NED – 2 LEO) -network location (university, peering point, large ISP) -application mix Measurement Setup 9

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results Entropy IPv4 10

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results High Entropy Header Fields  IPv4: Identification, Length LSB, Src/Dst Address 2 LSB  TCP: Chksum, SeqNo, AckNo, Src/Dst Port 2 LSB  UDP: Chksum, Length LSB, Src/Dst Port 2 LSB  ICMP: Chksum, Bytes 12,13,18,19  IPv6: Length LSB –more IPv6 traces required for further evaluation –Addresses anonymized and no transport header - only 8 bytes could be evaluated Recommended 8 byte Configuration IP ID field + 6 Transport Header Bytes:  TCP (Checksum, 2 LSB of Seq and AckNo)  UDP (Checksum, Source Port, LSB Destination Port, LSB Length)  ICMP (Checksum, Bytes 12,13,18,19) 11

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results 12 Empirical Hash Input Collisions Evaluation  4 configurations used 1.whole IP and transport header (minimum reachable collisions) 2.only IP header (bad configuration) 3.8 high entropy bytes 4.Molina‘s 16 bytes  sum of packets on 20 largest collisions of each trace –Large collision: all or none decision of all packets that have same attributes –Small collisions: packets equal in one collision but different between

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results Hash Input Collision Comparison  recommended 8 bytes better than Molina’s 16 bytes  LEO2 traces include a large VPN traffic flow with UDP Checksum==0 – more high entropy bytes should be used 13

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Conclusion Outcome  give a recommendation of 8 bytes for use as hash input for HBS  8 recommended bytes sufficient to gain unique hash inputs Henke, Schmoll, Zseby “Empirical Evaluation of Hash Functions for Multipoint Measurements”  hash calculation time linear increase with input length  hash functions are able to select representative subset based on 8 bytes 14

Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Future Work Correlation between Bytes  Correlation between address bytes  entropy of combined bytes expected to be average of entropy IPv6  entropy evaluation of IPv6 addresses  transport headers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.