1 RECONSTRUCTION OF APPLICATION LAYER MESSAGE SEQUENCES BY NETWORK MONITORING Jaspal SubhlokAmitoj Singh University of Houston Houston, TX Fermi National.

Slides:

Advertisements

Similar presentations

Communication Networks Recitation 3 Bridges & Spanning trees.

Advertisements

CGrid 2005, slide 1 Empirical Evaluation of Shared Parallel Execution on Independently Scheduled Clusters Mala Ghanesh Satish Kumar Jaspal Subhlok University.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI Transport Layer Network Fundamentals – Chapter 4.

1 VLDB 2006, Seoul Mapping a Moving Landscape by Mining Mountains of Logs Automated Generation of a Dependency Model for HUG’s Clinical System Mirko Steinle,

Kapsalakis Giorgos - AM: 1959 HY459 - Internet Measurements Fall 2010.

UC Berkeley Online System Problem Detection by Mining Console Logs Wei Xu* Ling Huang † Armando Fox* David Patterson* Michael Jordan* *UC Berkeley † Intel.

Fundamentals of Computer Networks ECE 478/578 Lecture #20: Transmission Control Protocol Instructor: Loukas Lazos Dept of Electrical and Computer Engineering.

SKELETON BASED PERFORMANCE PREDICTION ON SHARED NETWORKS Sukhdeep Sodhi Microsoft Corp Jaspal Subhlok University of Houston.

Communication Pattern Based Node Selection for Shared Networks

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

A Parallel Computational Model for Heterogeneous Clusters Jose Luis Bosque, Luis Pastor, IEEE TRASACTION ON PARALLEL AND DISTRIBUTED SYSTEM, VOL. 17, NO.

TDC365 Spring 2001John Kristoff - DePaul University1 Internetworking Technologies Transmission Control Protocol (TCP)

Shivkumar KalyanaramanRensselaer Q1-1 ECSE-6600: Internet Protocols Quiz 1 Time: 60 min (strictly enforced) Points: 50 YOUR NAME: Be brief, but DO NOT.

1 Computer Networks Local Area Networks. 2 A LAN is a network: –provides Connectivity of computers, mainframes, storage devices, etc. –spans limited geographical.

ECE 526 – Network Processing Systems Design Packet Processing II: algorithms and data structures Chapter 5: D. E. Comer.

TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,

Gursharan Singh Tatla Transport Layer 16-May

Performance and Power Efficient On-Chip Communication Using Adaptive Virtual Point-to-Point Connections M. Modarressi, H. Sarbazi-Azad, and A. Tavakkol.

NETWORKING CONCEPTS. DATA LINK LAYER Data Link Control main functions of the data link layer are Data link control media access control. Data link control.

Data Communications and Networking

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Rice01, slide 1 Characterizing NAS Benchmark Performance on Shared Heterogeneous Networks Jaspal Subhlok Shreenivasa Venkataramaiah Amitoj Singh University.

MapReduce. Web data sets can be very large – Tens to hundreds of terabytes Cannot mine on a single server Standard architecture emerging: – Cluster of.

Chapter Five Network Architecture. Chapter Objectives  Describe the basic and hybrid LAN technologies  Describe a variety of enterprise-wide and WAN.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Introduction1-1 Data Communications and Computer Networks Chapter 5 CS 3830 Lecture 27 Omar Meqdadi Department of Computer Science and Software Engineering.

Characteristics of Communication Systems

Chapter 2 – X.25, Frame Relay & ATM. Switched Network Stations are not connected together necessarily by a single link Stations are typically far apart.

© 2002, Cisco Systems, Inc. All rights reserved..

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.

1 Chapter 16 Protocols and Protocol Layering. 2 Protocol  Agreement about communication  Specifies  Format of messages (syntax)  Meaning of messages.

Transport Layer OSI Model. The transport layer is responsible for the segmentation and the delivery of a message from one process to another.

University of the Western Cape Chapter 12: The Transport Layer.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI Transport Layer Network Fundamentals – Chapter 4.

Lecture Week 4 OSI Transport Layer Network Fundamentals.

Switching Techniques Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Planned AlltoAllv a clustered approach Stephen Booth (EPCC) Adrian Jackson (EPCC)

(Business) Process Centric Exchanges

Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Data Link Layer Part I – Designing Issues and Elementary.

High Performance Cluster Computing Architectures and Systems Hai Jin Internet and Cluster Computing Center.

A Measurement Based Memory Performance Evaluation of High Throughput Servers Garba Isa Yau Department of Computer Engineering King Fahd University of Petroleum.

COP 4930 Computer Network Projects Summer C 2004 Prof. Roy B. Levow Lecture 3.

IPDPS 2005, slide 1 Automatic Construction and Evaluation of “Performance Skeletons” ( Predicting Performance in an Unpredictable World ) Sukhdeep Sodhi.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 4 Switching Concepts.

CS3505: DATA LINK LAYER. data link layer  phys. layer subject to errors; not reliable; and only moves information as bits, which alone are not meaningful.

William Stallings Data and Computer Communications

Replicating Memory Behavior for Performance Skeletons Aditya Toomula PC-Doctor Inc. Reno, NV Jaspal Subhlok University of Houston Houston, TX By.

Accommodating Bursts in Distributed Stream Processing Systems Yannis Drougas, ESRI Vana Kalogeraki, AUEB

Network Protocols and Standards (Part 2). The OSI Model In 1984, the International Organization for Standardization (ISO) defined a standard, or set of.

Using Heterogeneous Paths for Inter-process Communication in a Distributed System Vimi Puthen Veetil Instructor: Pekka Heikkinen M.Sc.(Tech.) Nokia Siemens.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Protocols and Architecture Slide 1 Use of Standard Protocols.

Protocol Layering Chapter 11.

IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.

Data Communication Network Models

McGraw-Hill Chapter 23 Process-to-Process Delivery: UDP, TCP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

LACSI 2002, slide 1 Performance Prediction for Simple CPU and Network Sharing Shreenivasa Venkataramaiah Jaspal Subhlok University of Houston LACSI Symposium.

Artur BarczykRT2003, High Rate Event Building with Gigabit Ethernet Introduction Transport protocols Methods to enhance link utilisation Test.

Chapter Objectives After completing this chapter you will be able to: Describe in detail the following Local Area Network (LAN) technologies: Ethernet.

Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 – Data Communications, Data Networks, and.

11 CS716 Advanced Computer Networks By Dr. Amir Qayyum.

Chapter 3: Packet Switching (overview)

Solving Real-World Problems with Wireshark

Data Link Layer.

The Devil and Packet Trace Anonymization

Network Fundamentals – Chapter 4

Ken Gunnells, Ph.D. - Networking Paul Crigler - Programming

Transport Layer Unit 5.

Shreeni Venkataramaiah

Data Link Layer. Position of the data-link layer.

Presentation transcript:

1 RECONSTRUCTION OF APPLICATION LAYER MESSAGE SEQUENCES BY NETWORK MONITORING Jaspal SubhlokAmitoj Singh University of Houston Houston, TX Fermi National Accelerator Laboratory Batavia, IL

2 Introduction Reconstruct Application layer message sequences by analyzing Transport layer traffic. messages sent messages recvd TCP segments exchanged N1 N3 N2

3 Purpose (why bother ?) Application message exchange pattern is a fundamental program property –e.g., determines application performance in different conditions Network traffic due to an application can be monitored non-intrusively, but.. discovering application message sequence is hard – need access to source code or a profiling library Hence this method to construct application messages from TCP monitoring

4 Particular Motivation Data Sim 1 Vis Sim 2 Stream Model Pre ? Application Network size and pattern of message exchanges is a key component of an application profile used to select good network nodes to execute on

5 Key Principle An application message is typically fragmented into a consecutive sequence of TCP segments where all except the last segment is of size MSS (Maximum Segment Size). Application message TCP segment 1 unit = MSS Application Layer TCP layer Last TCP segment

6 Message Reconstruction Procedure Phases 1.Separate TCP streams. 2.Sanitize a TCP stream. 3.Reconstruct application layer messages. 4.Error minimization by “best-of-three” technique.

7 Separating TCP streams A communication link transports multiple TCP streams A TCP stream spans a unique series of sequence numbers 1 : : : : : : : : : : : : : : : : : : MSS = 1448 bytes Separate red and black streams of TCP Segments (not fool proof but adequate)

8 Sanitizing TCP streams Insert TCP segments not recorded (assume it is rare) Filter out retransmissions 1 : : : : : : : : : : : 8683 Missing TCP segment Duplicate TCP segment is removed bytes 997 bytes 1448 bytes Missing TCP segment is inserted

9 Reconstruct application messages A TCP segment of size smaller than MSS (=1448) indicates the end of an application message. 1 : : : : : : : : : : : ,574 bytes 2,248 bytes End of Message Start of Message Application messages TCP segments bytes 800 bytes 1448 bytes

10 Best-of-three Reconstruction heuristic is not perfect 1.A TCP segment smaller than MSS may be sent before the entire application message is finished. 2.Two short application messages may be packed into the same TCP segment. Application message TCP segment 1. 2.

11 Best-of-three Basic idea:reconstruction heuristic is unlikely to fail in exactly the same way in multiple identical runs Solution: make 3 runs and select the majority view at every stage Run 1 Run 2 Run 3Correct Message Sequence A B C D A B C+D A+B C D A B C D

12 Experimental setup NAS parallel benchmark suite programs run on a cluster of 4 workstations tcpdump utility used to capture TCP segments The reconstructed application layer message sequence compared with the true sequence obtained with profiling

13 Results APPROX MATCH: Includes reconstructed messages off by upto 100 bytes AND/OR combined with one other application message. Perfect for large messages (IS), Approx for small (LU)

14 Conclusions Majority of messages reconstructed accurately, almost all detected approximately Accuracy low for large number of small messages Procedure based entirely on network measurements, hence can be applied to any code Accuracy sufficient for resource selection in Network/Grid environments.

15 Dominant communication pattern of the NAS benchmarks

16 Experimental Setup tcpdump – capturing outgoing TCP packets. 100 Mbps Ethernet switch 500 MHz dual processor Pentium Linux workstations.