Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke,

Published byHarriet Boyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke,"— Presentation transcript:

1 Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke, Carsten Schmoll, Tanja Zseby Fraunhofer Institute FOKUS, Berlin, Germany

2 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Outline 2 1.Introduction Multipoint Sampling 2.Problem Statement 3.Approach 4.Measurement Setup 5.Measurement Results 6.Conclusion

3 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Introduction Multipoint Sampling 3 Passive Multipoint Measurements –at observation points a packet ID and timestamp exported for each packet –trace observable based on occurrence of packet ID –delay = timestamp A – timestamp B of packets with equal ID Multipoint Collector Point A Point B Point C

4 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Introduction Multipoint Sampling 4 CChallenge in Passive Multipoint Measurements  immense amounts of measurement data  High infrastructure costs: processing, storing, exporting Random Packet Selection and Estimation Random Sampling (n-out-of-N, probabilistic) unsuitable -> inconsistent sample at observation points Duffield and Grossglauser in “Trajectory Sampling for Direct Traffic Observation” propose hash-based packet selection.

5 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Introduction Multipoint Sampling 5 IP HeaderTransport HeaderPayload hash input hash function packet selectedpacket not selected consistent selected subset if x, h and S are equal at all observation points Hash-Based Paket Selection

6 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Problem Statement Which packet content to use as hash input? Requirements for header fields 1.static between network nodes ( IP TTL and checksum) 2.variable among packets Challenge:  HBS is deterministic; but goal is to emulate random selection  choice of hash input can introduce bias to the selection 6

7 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Problem Statement 7 How bias is introduced -packets in a hash input collision have same hash input -selection decision is not independent -the more packets in collision the more grievous the bias -unsuitable to use whole packet because hash value calculation time increases with hash input length

8 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Approach Approach –packets differ more often in high variable bytes –entropy per byte used to measure variability Entropy Information Efficiency p i probability that hash value i occurs H(B) entropy dependent on discrete Variant of Byte Values 8

9 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Evaluation dependent on analyzed traces -6 IPv4 trace groups – 1 IPv6 -geographical locations (NZ, AUT, FR, NED – 2 LEO) -network location (university, peering point, large ISP) -application mix Measurement Setup 9

10 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results Entropy IPv4 10

11 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results High Entropy Header Fields  IPv4: Identification, Length LSB, Src/Dst Address 2 LSB  TCP: Chksum, SeqNo, AckNo, Src/Dst Port 2 LSB  UDP: Chksum, Length LSB, Src/Dst Port 2 LSB  ICMP: Chksum, Bytes 12,13,18,19  IPv6: Length LSB –more IPv6 traces required for further evaluation –Addresses anonymized and no transport header - only 8 bytes could be evaluated Recommended 8 byte Configuration IP ID field + 6 Transport Header Bytes:  TCP (Checksum, 2 LSB of Seq and AckNo)  UDP (Checksum, Source Port, LSB Destination Port, LSB Length)  ICMP (Checksum, Bytes 12,13,18,19) 11

12 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results 12 Empirical Hash Input Collisions Evaluation  4 configurations used 1.whole IP and transport header (minimum reachable collisions) 2.only IP header (bad configuration) 3.8 high entropy bytes 4.Molina‘s 16 bytes  sum of packets on 20 largest collisions of each trace –Large collision: all or none decision of all packets that have same attributes –Small collisions: packets equal in one collision but different between

13 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Measurement Results Hash Input Collision Comparison  recommended 8 bytes better than Molina’s 16 bytes  LEO2 traces include a large VPN traffic flow with UDP Checksum==0 – more high entropy bytes should be used 13

14 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Conclusion Outcome  give a recommendation of 8 bytes for use as hash input for HBS  8 recommended bytes sufficient to gain unique hash inputs Henke, Schmoll, Zseby “Empirical Evaluation of Hash Functions for Multipoint Measurements”  hash calculation time linear increase with input length  hash functions are able to select representative subset based on 8 bytes 14

15 Evaluation of Header Field Entropy for Hash-Based Packet Selection PAM 2008, Cleveland Future Work Correlation between Bytes  Correlation between address bytes  entropy of combined bytes expected to be average of entropy IPv6  entropy evaluation of IPv6 addresses  transport headers

Download ppt "Evaluation of Header Field Entropy for Hash-Based Packet Selection Evaluation of Header Field Entropy for Hash-Based Packet Selection Christian Henke,"

Similar presentations

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.
Network Layer – IPv4 Dr. Sanjay P. Ahuja, Ph.D.

Network Layer – IPv4 Dr. Sanjay P. Ahuja, Ph.D.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.

Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
11 Packet Sampling for Worm and Botnet Detection in TCP Connections Reporter: 林佳宜 2010/10/25.

11 Packet Sampling for Worm and Botnet Detection in TCP Connections Reporter: 林佳宜 /10/25.
Sampling and Flow Measurement Eric Purpus 5/18/04.

Sampling and Flow Measurement Eric Purpus 5/18/04.
Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.

Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.
Multimedia Streaming Gateway With Jitter Detection Siu-Ping Chan, Chi-Wah Kok Albert K. Wong IEEE TRANSACTIONS ON MULTIMEDIA, June 2005.

Multimedia Streaming Gateway With Jitter Detection Siu-Ping Chan, Chi-Wah Kok Albert K. Wong IEEE TRANSACTIONS ON MULTIMEDIA, June 2005.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.

Performance Evaluation of IPv6 Packet Classification with Caching Author: Kai-Yuan Ho, Yaw-Chung Chen Publisher: ChinaCom 2008 Presenter: Chen-Yu Chaug.
User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.

1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.

TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
1 An Information-theoretic Approach to Network Measurement and Monitoring Yong Liu, Don Towsley, Tao Ye, Jean Bolot.

1 An Information-theoretic Approach to Network Measurement and Monitoring Yong Liu, Don Towsley, Tao Ye, Jean Bolot.
1 An Information Theoretic Approach to Network Trace Compression Y. Liu, D. Towsley, J. Weng and D. Goeckel.

1 An Information Theoretic Approach to Network Trace Compression Y. Liu, D. Towsley, J. Weng and D. Goeckel.
Chapter 9 Classification And Forwarding. Outline.

Chapter 9 Classification And Forwarding. Outline.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Informal Quiz 2 True or False? T F  The IP checksum protects the entire IP datagram 

Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 Informal Quiz 2 True or False? T F  The IP checksum protects the entire IP datagram 
R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.

R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Similar presentations

Ads by Google