1 Network Simulation and Testing Polly Huang EE NTU

Slides:



Advertisements
Similar presentations
Access Control List (ACL)
Advertisements

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli University of Calif, Berkeley and Lawrence Berkeley National Laboratory SIGCOMM.
Leon-Garcia & Widjaja: Communication Networks Copyright ©2000 The McGraw Hill Companies A Little More on Chapter 7 And Start Chapter 8 TCP/IP.
Lecture 3  A round up of the most important basics I haven’t covered yet.  A round up of some of the (many) things I am missing out of this course (ATM,
Ahmed El-Hassany CISC856: CISC 856 TCP/IP and Upper Layer Protocols Slides adopted from: Injong Rhee, Lisong Xu.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
1 Modeling and Emulation of Internet Paths Pramod Sanaga, Jonathon Duerig, Robert Ricci, Jay Lepreau University of Utah.
Katz, Stoica F04 EECS 122 Introduction to Computer Networks (Fall 2003) Network simulator 2 (ns-2) Department of Electrical Engineering and Computer Sciences.
1 Emulating AQM from End Hosts Presenters: Syed Zaidi Ivor Rodrigues.
Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
Receiver-driven Layered Multicast Paper by- Steven McCanne, Van Jacobson and Martin Vetterli – ACM SIGCOMM 1996 Presented By – Manoj Sivakumar.
DataLink Layer1 Ethernet Technologies: 10Base2 10: 10Mbps; 2: 200 meters (actual is 185m) max distance between any two nodes without repeaters thin coaxial.
Network Simulation Internet Technologies and Applications.
Connecting LANs, Backbone Networks, and Virtual LANs
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
© 2006, The Technology FirmWWW.THETECHFIRM.COM 1 WINDOWS XP SUPPORT TOOLS.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Interior Gateway Routing Protocol (IGRP) is a distance vector interior routing protocol (IGP) invented by Cisco. It is used by routers to exchange routing.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
1 Ns Tutorial: Case Studies John Heidemann (USC/ISI) Polly Huang (ETH Zurich) March 14, 2002.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
LECTURE 9 CT1303 LAN. LAN DEVICES Network: Nodes: Service units: PC Interface processing Modules: it doesn’t generate data, but just it process it and.
Wave Relay System and General Project Details. Wave Relay System Provides seamless multi-hop connectivity Operates at layer 2 of networking stack Seamless.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Redes Inalámbricas Máster Ingeniería de Computadores 2008/2009 Tema 7.- CASTADIVA PROJECT Performance Evaluation of a MANET architecture.
Chapter 6: Packet Filtering
1 Enabling Large Scale Network Simulation with 100 Million Nodes using Grid Infrastructure Hiroyuki Ohsaki Graduate School of Information Sci. & Tech.
Section 4 : The OSI Network Layer CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE.
CS3502: Data and Computer Networks Local Area Networks - 4 Bridges / LAN internetworks.
Access Control List ACL. Access Control List ACL.
Windows 7 Firewall.
Access Control List (ACL) W.lilakiatsakun. ACL Fundamental ► Introduction to ACLs ► How ACLs work ► Creating ACLs ► The function of a wildcard mask.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
TCOM 509 – Internet Protocols (TCP/IP) Lecture 03_b Protocol Layering Instructor: Dr. Li-Chuan Chen Date: 09/15/2003 Based in part upon slides of Prof.
Introduction1-1 Chapter 1 Computer Networks and the Internet Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose,
Access-Lists Securing Your Router and Protecting Your Network.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 7 Internet Protocol (IP) Routing.
Othman Othman M.M., Koji Okamura Kyushu University Proceedings of the 32 nd Asia-Pacific Advanced Network Meeting India, New Delhi, 2001/8/22.
The Design and Implementation of Firewall, NAT, Traffic Shaper on FreeBSD.
4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.
1 Introduction to NS-2 r Tutorial overview of NS m Create basic NS simulation r Walk-through a simple example m Model specification m Execution and trace.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Connecting Devices CORPORATE INSTITUTE OF SCIENCE & TECHNOLOGY, BHOPAL Department of Electronics and.
1 Wide Area Network Emulation on the Millennium Bhaskaran Raman Yan Chen Weidong Cui Randy Katz {bhaskar, yanchen, wdc, Millennium.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Linux Operations and Administration Chapter Eight Network Communications.
The New NS2 Emulation Facility Kevin Fall NS2 is the simulation vehicle for the VINT project: –USC/ISI: Deborah Estrin, Mark Handley,
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
1 Network Simulation and Testing Polly Huang EE NTU
1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
VINT: Status and Plans Deborah Estrin: Project overview Steve McCanne: ns architecture John Heidemann: scaling, visualization Audience: Comments and questions.
1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.
NS2 (and possible directions for mobile routing simulation) Kevin Fall
* Essential Network Security Book Slides.
Access Control Lists CCNA 2 v3 – Module 11
Ns Tutorial: Case Studies
Network Core and QoS.
Setting Up Firewall using Netfilter and Iptables
Karthik Sadasivam Banuprasad Samudrala
Performance Evaluation of Computer Networks
Performance Evaluation of Computer Networks
Review of Internet Protocols Transport Layer
Network Core and QoS.
Presentation transcript:

1 Network Simulation and Testing Polly Huang EE NTU

2 Testing on Real Systems dummynet

3 This course Let’s Take a Good Look Back For the Internet –Monitor the usage Passive and active measurement –Characterize the workload Traffic, topology, routing errors, access pattern modeling –Predict for the future Scalable simulation & testing tools –Revise original design Protocol and Infrastructure –Instrument the changes IETF Scalable Packet-level Simulation Internet Instrumentation (IETF) Reliable Measurement Internet Characterization Structure & Design Decision The Internet

4 Predict for the Future Nature –Find out whether a system is going to work! A.k.a –The Performance Evaluation problem

5 The Three Methods Analytical Simulation Life system Can be good or bad Depending on –The problem in hand –The resource in hand –The skill you are more accustomed to

6 Analytical The level of detail –Low –Go for the average behavior –Make assumptions to simplify for the derivation –Might not be generally applicable The cost –Low –Pen and paper The skill required –Need solid math skill

7 Simulation The level of detail –Medium but flexible –Can go with various levels of details –Can go large scale The cost –Medium –Usually 1 computer The required Skill –Need solid programming skill –Vivid imagination

8 Live Testing The level of detail –High –Go with full detail –Difficult to go large scale The cost –High –Multiple computers The required skill –Need solid system skill –Vivid imagination

9 For Example Obtaining TCP Throughput n0n1

10 Analytical J. Padhye, V. Firoiu, D. Towsley, and J. Kurose. Modeling TCP throughput: A simple model and its empirical validation. In Proceedings of the ACM SIGCOMM Conference, pages , Vancouver, Canada, September ACM

11 BW with Limited Window [Padhye98a, eqn 32] B( Wmax, RTT, p, b, To)

12 Simulation Lee Breslau, Deborah Estrin, Kevin Fall, Sally Floyd, John Heidemann, Ahmed Helmy, Polly Huang, Steven McCanne, Kannan Varadhan, Ya Xu, and Haobo Yu. Advances in Network Simulation IEEE Computer, 33 (5 ), pp , May, Expanded version available as USC TR b

13 ns-2 Setup set ns [new Simulator] set n0 [$ns node] set n1 [$ns node] set ftp [new Application/FTP] $ftp attach-agent $tcp $ns at 0.2 "$ftp start" $ns at 1.2 ”exit" $ns run $ns duplex-link $n0 $n1 1.5Mb 10ms DropTail set tcp [$ns create-connection TCP $n0 TCPSink $n1 0]

14 BW with ns-2 Run the script Obtain the output file Process the output file –Add the number of data bytes –Divide by the time duration

15 Live Testing Luigi Rizzo Dummynet: a simple approach to the evaluation of network protocols ACM Computer Communication Review, Jan. 1997

16 BW with dummynet We will figure this out during the coming 4 weeks

17 4 Weeks Week 1 –Introduction, basic features Week 2 –Setup and bandwidth management Week 3 –Advanced features Week 4 –Testing over a simple network

18 Today Introduction Basic features Largely based on Luigi’s slides

19 Introduction dummynet as a software –Part of FreeBSD kernel dummynet as an emulation tool –Can do various bandwidth, delay, loss dummynet as a traffic filter –Real-time on live traffic –Filter on local and transit traffic –Filter at levels as fine as flows dummynet works also as a traffic shaper –For example, to limit the bandwidth of certain flows

20 Motivation To do repeatable live code experiments –ns-2 simulations might ignore certain details For example, the processing time –Live experiments not in controlled environment Hard to track and re-produce Expensive to build –Certain network components or protocols cannot be modeled For example, the Microsoft Windows TCP

21 Research Applications Small-scale performance testing –Behavior in the presence of loss, delay, bandwidth limitation –Live user access, client-server interaction –Evaluation of metrics subject to user perception Audio/video quality –Validation of simulation results

22 Production Applications Bandwidth limitation –Restricting services –Protecting networks –Probably the most widely used application of dummynet Product/Protocol testing –Slightly different goal from research applications –Checking whether the implementation complies with the specification –Checking whether the product will work in the field of heterogeneous network conditions

23 Design Goals Simplicity and ease of use –Will see in usage Be realistic –To see the network behavior as the results of how it is implemented, structured, and driven in the real world Flexibility and extendibility –Orthogonal features can be added over time –Will see in basic vs. advanced features

24 Basic Features Two major components –The pipe –The packet filter Simple examples Configuration –The pipe –The packet filter System setting

25 The Pipe Emulates a communication link Configurable with the usual pipe link parameters pipe 10 config bw 500 Kbits/s delay 12ms plr 0.02 bandwidthdelayloss pipe ID

26 Optional Queue Input queue –Essentially a leaky bucket –Why it’s used frequently as a traffic shaper pipe 10 config bw 500 Kbits/s queue 30KB delay 12ms plr 0.02 queue size

27 The Packet Filter Use the FreeBSD firewall – ipfw Set ipfw rules to select packets that will go through the pipe pipe 10 tcp from any to any 80 in typefromtoportdirection

28 A Simple Example ipfw add pipe 10 tcp from any to any 80 in ipfw pipe 10 config bw 500 Kbits/s delay 12ms plr 0.02

29 Emulating a Multi-Access Link One pipe Data going both direction content for 10Mbps bandwidth ipfw add pipe 1 ip from any to any ipfw pipe 1 config bw 10 Mbits/s

30 Emulating a Point-to-Point Link Two pipes One for each direction ipfw add pipe 1 ip from any to any in ipfw add pipe 2 ip from any to any out ipfw pipe 1 config bw 640 Kbits/s ipfw pipe 2 config bw 128 Kbits/s Modem downlink

31 Configuring Pipes Bandwidth, Delay, Loss, Queue

32 1. Bandwidth The rate the packets are extracted from the queue –Unit: bit/s, Kbit/s, Mbit/s, Bytes/s, KBytes/s, MBytes/s –Packet size: up to IP Note –Used by production applications a lot

33 2. Delay Propagation delay –Unit: millisecond Note –Mainly used for performance evaluation

34 3. Loss Random packet loss –Range: 0 to 1 –Granularity: 0.01 Note –Used mainly for performance evaluation –No significant drops unless the traffic rate is extremely high

35 4. Queue Input Queue –Size unit: packets or Bytes, KBytes Note –Extra queuing add up to the delay –Typical Ethernet queues: 50 packets

36 Configuring Packet Filters ipfw basic Setting for types of machines

37 ipfw A simple firewall utility function in FreeBSD Specifying rules to set up packet filters

38 ipfw: Adding Filters ipfw add [N] [prob X] [action] [PROTO] from [ SRC] to [ DST] [OPTIONS] [N]: rule number (indexing) [prob X]: 0 to 1, default = 1 [action]: allow, deny, pipe N N: pipe ID, 1 to [PROTO]: ip, tcp, udp, icmp etc [SRC] [DST]: address with netmask, port, range of ports [OPTIONS]: various protocol option

39 Rule Examples ipfw add allow tcp from /8 to ipfw add allow udp from /8 to ,138 ipfw add allow udp from any to any ,domain,ntalk,ntp ipfw add allow udp from any to any frag ipfw add allow tcp from any to any http,https ipfw add allow tcp from any to any ,ssh,smtp,domain,ntalk ipfw add allow tcp from any to any auth,pop3,ftp,ftp- data

40 ipfw: Manipulating Filters ipfw pipe 1 show –Show parameters of pipe 1 ipfw pipe 1 delete –Delete pipe 1 ipfw pipe flush –Delete all pipes

41 Setting for Types of Machines Hosts Routers Bridges

42 Be Aware of the Data Flow Device Driver Upper Layer in out Through Traffic In a Bridge Through Traffic In a Router IP layer Link layer

43 1. Easy for the Hosts in out IP layer Link layer 12 ipfw add pipe 1 ip from any to any in ipfw add pipe 2 ip from any to any out

44 In Case of Routers: in out Through Traffic In a Router IP layer Link layer 12 ipfw add pipe 1 ip from any to any in ipfw add pipe 2 ip from any to any out Problem?

45 Yes, Problem The problem –Through traffic get filtered twice The solution –Deal with through traffic separately ipfw add pipe 1 ip from any to “my IP” in ipfw add pipe 2 ip from “my IP” to any out Ipfw add pipe 3 ip from any to not “my IP” in

46 2. Careful for the Routers in out Through Traffic In a Router IP layer Link layer 12 ipfw add pipe 1 ip from any to “my IP” in ipfw add pipe 2 ip from “my IP” to any out Ipfw add pipe 3 ip from any to not “my IP” in 3

47 3. Similarly, for the Bridges in out IP layer Link layer 12 ipfw add pipe 1 ip from any to “my IP” in ipfw add pipe 2 ip from “my IP” to any out Ipfw add pipe 3 ip from any to not “my IP” in Through Traffic In a Bridge 3

48 System Setting Kernel Options sysctl Variables

49 Kernel Options IPFIREWALL - enable ipfirewall DUMMYNET - enable dummynet operation

50 Required Kernel Option options IPFIREWALL options DUMMYNET Must have the above 2 options in the kernel configuration file

51 Related Kernel Option options HZ –Sets the timer granularity –Default 100, meaning 10ms –Options HZ=1000, system tick reduced to 1ms options NMBCLUSTERS –Set the buffer size to store network packets –Product of bandwidth * delay –Plus queue size

52 Minor Kernel Options options IPFIREWALL_VERBOSE –Enable firewall output options IPFIREWALL_VERBOSE_LIMIT –Limit firewall output

53 ipfw Related sysctl Variables net.inet.ip.fw.enable: 1 –Enable firewall in the IP stack net.inet.ip.fw.one_pass: 1 –Force a single pass through the firewall. –If set to 0, packets coming out of a pipe will be re- injected into the firewall starting with the rule after the matching one. –One could create multi-hop paths with a bit of imagination –NOTE: there is always one pass for bridged packet

54 Bridge Related sysctl Variables net.link.ether.bridge_cfg: ed2:1,rl0:1 –Set of interfaces for which bridging is enabled, and cluster they belong to net.link.ether.bridge: 0 –Enable bridging net.link.ether.bridge_ipfw: 0 –Enable ipfw for bridging

55 dummynet Related sysctl Variables net.inet.ip.dummynet.hash_size: 64 –Size of hash table for dynamic pipes. net.inet.ip.dummynet.expire: 1 –Delete dynamic pipes when they become empty. Dynamic pipes will be covered in week 3

56 Next Week Laptops –Running FreeBSD –With access to FreeBSD FreeBSD –The kernel with proper options

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.