ABSTRACT
Round-trip time (RTT) is a central metric that influences end-user QoE and can expose traffic-interception attacks. Many popular RTT monitoring techniques either send active probes (that do not capture application-level RTTs) or passively monitor only the TCP handshake (which can be inaccurate, especially for long-lived flows). High-speed programmable switches present a unique opportunity to monitor the RTTs continuously and react in real time to improve performance and security. In this paper, we present Dart, an inline, real-time, and continuous RTT measurement system that can enable automated detection of network events and adapt (e.g., routing, scheduling, marking, or dropping traffic) inside the network. However, designing Dart is fraught with challenges, due to the idiosyncrasies of the TCP protocol and the resource constraints in high-speed switches. Dart overcomes these challenges by strategically limiting the tracking of packets to only those that can generate useful RTT samples, and by identifying the synergy between per-flow state and per-packet state for efficient memory use. We present a P4 prototype of Dart for the Tofino switch, as well our experiments on a campus testbed and simulations using anonymized campus traces. Dart, running in real time and with limited data-plane memory, is able to collect 99% of the RTT samples of an offline, software baseline---a variant of the popular tcptrace tool that has access to unlimited memory.
Supplemental Material
Available for Download
Supplemental material.
- 2021. NVIDIA Mellanox NIC's Performance Report with DPDK 21.05. http://fast.dpdk.org/doc/perf/DPDK_21_05_Mellanox_NIC_performance_report.pdf (2021).Google Scholar
- Anurag Agrawal and Changhoon Kim. 2020. Intel Tofino2: A 12.9 Tbps P4-Programmable Ethernet Switch. In IEEE Hot Chips Symposium (HCS). IEEE Computer Society, 1--32.Google ScholarCross Ref
- Aditya Akella, Jeffrey Pang, Bruce Maggs, Srinivasan Seshan, and Anees Shaikh. 2004. A comparison of overlay routing and multihoming route control. ACM SIGCOMM Computer Communication Review 34, 4 (2004), 93--106.Google ScholarDigital Library
- Maria Apostolaki, Ankit Singla, and Laurent Vanbever. 2021. Performance-Driven Internet Path Selection. In ACM SIGCOMM Symposium on SDN Research (SOSR). 41--53.Google Scholar
- Axel Arnbak and Sharon Goldberg. 2014. Loopholes for circumventing the constitution: Unrestricted bulk surveillance on americans by collecting network traffic abroad. Michigan Telecommunications and Technology Law Review 21 (2014), 317.Google Scholar
- Debopam Bhattacherjee, Muhammad Tirmazi, and Ankit Singla. 2017. A cloud-based content gathering network. In USENIX Workshop on Hot Topics in Cloud Computing.Google Scholar
- Henry Birge-Lee, Liang Wang, Jennifer Rexford, and Prateek Mittal. 2019. Sico: Surgical interception attacks by manipulating BGP communities. In ACM SIGSAC Conference on Computer and Communications Security. 431--448.Google ScholarDigital Library
- D. Borman, B. Braden, V. Jacobson, and R. Scheffenegger. 2014. TCP Extensions for High Performance. RFC 7323. RFC Editor.Google Scholar
- Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. 2014. P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review 44, 3 (2014), 87--95.Google ScholarDigital Library
- Francesco Bronzino, Paul Schmitt, Sara Ayoubi, Guilherme Martins, Renata Teixeira, and Nick Feamster. 2019. Inferring streaming video quality from encrypted traffic: Practical models and deployment experience. In ACM SIGMETRICS. 1--25.Google Scholar
- Kuan-Ta Chen, Yu-Chun Chang, Po-Han Tseng, Chun-Ying Huang, and Chin-Laung Lei. 2011. Measuring the latency of cloud gaming systems. In Proceedings of the 19th ACM international conference on Multimedia. 1269--1272.Google ScholarDigital Library
- Xiaoqi Chen, Hyojoon Kim, Javed M Aman, Willie Chang, Mack Lee, and Jennifer Rexford. 2020. Measuring TCP round-trip time in the data plane. In ACM SIGCOMM Workshop on Secure Programmable Network Infrastructure. 35--41.Google ScholarDigital Library
- Yunhua Deng, Yusen Li, Xueyan Tang, and Wentong Cai. 2016. Server allocation for multiplayer cloud gaming. In Proceedings of the 24th ACM international conference on Multimedia. 918--927.Google ScholarDigital Library
- Hao Ding and Michael Rabinovich. 2015. TCP stretch acknowledgements and timestamps: Findings and implications for passive RTT measurement. ACM SIGCOMM Computer Communication Review 45, 3 (2015), 20--27.Google ScholarDigital Library
- Jon Dugan, Seth Elliott, Bruce A Mah, Jeff Poskanzer, and Kaustubh Prabhu. 2014. iperf3, tool for active measurements of the maximum achievable bandwidth on IP networks. (2014). https://github.com/esnet/iperf.Google Scholar
- Mojgan Ghasemi, Theophilus Benson, and Jennifer Rexford. 2017. Dapper: Data plane performance diagnosis of TCP. In ACM SIGCOMM Symposium on SDN Research (SOSR). ACM, 61--74.Google ScholarDigital Library
- Nicholas Hopper, Eugene Y Vasserman, and Eric Chan-Tin. 2010. How much anonymity does network latency leak? ACM Transactions on Information and System Security (TISSEC) 13, 2 (2010), 1--28.Google ScholarDigital Library
- Hao Jiang and Constantinos Dovrolis. 2002. Passive estimation of TCP round-trip times. ACM SIGCOMM Computer Communication Review 32, 3 (2002), 75--88.Google ScholarDigital Library
- Daehyeok Kim, Zaoxing Liu, Yibo Zhu, Changhoon Kim, Jeongkeun Lee, Vyas Sekar, and Srinivasan Seshan. 2020. TEA: Enabling state-intensive network functions on programmable switches. In ACM SIGCOMM. 90--106.Google Scholar
- Adam Langley, Alistair Riddoch, Alyssa Wilk, Antonio Vicente, Charles Krasic, Dan Zhang, Fan Yang, Fedor Kouranov, Ian Swett, Janardhan Iyengar, et al. 2017. The QUIC transport protocol: Design and internet-scale deployment. In ACM SIGCOMM. 183--196.Google Scholar
- Changhyun Lee, Chunjong Park, Keon Jang, Sue Moon, and Dongsu Han. 2015. Accurate latency-based congestion feedback for datacenters. In USENIX Annual Technical Conference (ATC). 403--415.Google Scholar
- Sanghwan Lee, Zhi-Li Zhang, and Srihari Nelakuditi. 2004. Exploiting as hierarchy for scalable route selection in multi-homed stub networks. In ACM Internet Measurement Conference. 294--299.Google ScholarDigital Library
- Zaoxing Liu, Samson Zhou, Ori Rottenstreich, Vladimir Braverman, and Jennifer Rexford. 2020. Memory-efficient performance monitoring on programmable switches with lean algorithms. In Symposium on Algorithmic Principles of Computer Systems (APoCS). SIAM, 31--44.Google ScholarCross Ref
- Giovane CM Moura, John Heidemann, Wes Hardaker, Pithayuth Charnsethikul, Jeroen Bulten, Joao Ceron, and Cristian Hesselman. 2022. Old but Gold: Prospecting TCP to Engineer and Real-time Monitor DNS Anycast. In Passive and Active Measurement Conference.Google ScholarDigital Library
- RIPE NCC. 2021. RIPE Atlas. https://atlas.ripe.net/. (2021).Google Scholar
- Kathleen Nichols. 2017. pping (Pollere passive ping). https://github.com/pollere/pping. (2017).Google Scholar
- Shawn Ostermann. 2007. tcptrace Homepage. http://www.tcptrace.org/ (2007).Google Scholar
- Stefan Savage, Neal Cardwell, David Wetherall, and Tom Anderson. 1999. TCP congestion control with a misbehaving receiver. ACM SIGCOMM Computer Communication Review 29, 5 (1999), 71--78.Google ScholarDigital Library
- Brandon Schlinker, Todd Arnold, Italo Cunha, and Ethan Katz-Bassett. 2019. PEERING: Virtualizing BGP at the Edge for Research. In ACM SIGCOMM International Conference on Emerging Networking Experiments And Technologies. 51--67.Google ScholarDigital Library
- Satadal Sengupta, Hyojoon Kim, and Jennifer Rexford. 2021. Fine-Grained RTT Monitoring Inside the Network. Measuring Network Quality for End-Users (2021).Google Scholar
- Yixin Sun, Anne Edmundson, Laurent Vanbever, Oscar Li, Jennifer Rexford, Mung Chiang, and Prateek Mittal. 2015. RAPTOR: Routing attacks on privacy in Tor. In USENIX Security Symposium. 271--286.Google Scholar
- Yufei Zheng, Xiaoqi Chen, Mark Braverman, and Jennifer Rexford. 2022. Unbiased Delay Measurement in the Data Plane. In Symposium on Algorithmic Principles of Computer Systems (APoCS). SIAM, 15--30.Google Scholar
Index Terms
Continuous in-network round-trip time monitoring
Recommendations
Probabilistic analysis of an algorithm to compute TCP packet round-trip time for intrusion detection
Estimating the length of a connection chain is challenging and critical in detecting stepping-stone intrusion. In this paper, we propose a novel method, called standard deviation-based clustering approach (SDBA), to estimate the length of an interactive ...
Improving round-trip time estimates in reliable transport protocols
As a reliable, end-to-end transport protocol, the ARPA Transmission Control Protocol (TCP) uses positive acknowledgements and retransmission to guarantee delivery. TCP implementations are expected to measure and adapt to changing network propagation ...
Probabilistic proof of an algorithm to compute TCP packet round-trip time for intrusion detection
ACNS'06: Proceedings of the 4th international conference on Applied Cryptography and Network SecurityMost network intruders tend to use stepping-stones to attack or invade other hosts to reduce the risks of being discovered. One typical approach for detecting stepping-stone intrusion is to estimate the number of connections of an interactive session by ...
Comments