Network Simulation and Testing-Testing on Real Systems-dummynet

Network Simulation and Testing

Polly Huang EE NTU

http://cc.ee.ntu.edu.tw/~phuang [email protected]

2

Testing on Real Systems

Let’s Take a Good Look Back

• For the Internet

– Monitor the usage

• Passive and active measurement

– Characterize the workload

• Traffic, topology, routing errors, access pattern modeling

– Predict for the future

• Scalable simulation & testing tools

– Revise original design

• Protocol and Infrastructure

– Instrument the changes

Scalable Packet-level Simulation Internet Instrumentation (IETF) Reliable Measurement Internet Characterization Structure & Design Decision

The

Internet

4

Predict for the Future

• Nature

– Find out whether a system is going to work!

• A.k.a

The Three Methods

• Analytical

• Simulation

• Life system

• Can be good or bad

• Depending on

– The problem in hand – The resource in hand

6

Analytical

• The level of detail

– Low

– Go for the average behavior

– Make assumptions to simplify for the derivation – Might not be generally applicable

• The cost

– Low

– Pen and paper

• The skill required

Simulation

• The level of detail

– Medium but flexible

– Can go with various levels of details – Can go large scale

• The cost

– Medium

– Usually 1 computer

• The required Skill

– Need solid programming skill – Vivid imagination

8

Live Testing

• The level of detail

– High

– Go with full detail

– Difficult to go large scale

• The cost

– High

– Multiple computers

• The required skill

– Need solid system skill – Vivid imagination

For Example

Obtaining TCP Throughput

10

Analytical

• J. Padhye, V. Firoiu, D. Towsley, and J. Kurose. • Modeling TCP throughput: A simple model and its

empirical validation.

• In Proceedings of the ACM SIGCOMM Conference, pages 303-314, Vancouver, Canada, September 1998. ACM

BW with Limited Window

[Padhye98a, eqn 32]

B( Wmax, RTT, p, b, To)

12

Simulation

• Lee Breslau, Deborah Estrin, Kevin Fall, Sally Floyd, John Heidemann, Ahmed Helmy, Polly Huang, Steven McCanne, Kannan Varadhan, Ya Xu, and Haobo Yu. • Advances in Network Simulation

• IEEE Computer, 33 (5 ), pp. 59-67, May, 2000. • Expanded version available as USC TR 99-702b

ns-2 Setup

set ns [new Simulator] set n0 [$ns node]

set n1 [$ns node]

set ftp [new Application/FTP] $ftp attach-agent $tcp $ns at 0.2 "$ftp start" $ns at 1.2 ”exit" $ns run $ns duplex-link $n0 $n1 1.5Mb 10ms DropTail set tcp [$ns create-connection TCP $n0 TCPSink $n1 0]

14

BW with ns-2

• Run the script

• Obtain the output file

• Process the output file

– Add the number of data bytes

– Divide by the time duration

Live Testing

• Luigi Rizzo

• Dummynet: a simple approach to the evaluation of network protocols

16

BW with dummynet

• We will figure this out during the coming 4

weeks

4 Weeks

• Week 1

– Introduction, basic features

• Week 2

– Setup and bandwidth management

• Week 3

– Advanced features

• Week 4

18

Today

• Introduction

• Basic features

Introduction

• dummynet as a software

– Part of FreeBSD kernel

• dummynet as an emulation tool

– Can do various bandwidth, delay, loss

• dummynet as a traffic filter

– Real-time on live traffic

– Filter on local and transit traffic – Filter at levels as fine as flows

• dummynet works also as a traffic shaper

20

Motivation

• To do repeatable live code experiments

– ns-2 simulations might ignore certain details

• For example, the processing time

– Live experiments not in controlled environment

• Hard to track and re-produce • Expensive to build

– Certain network components or protocols

cannot be modeled

Research Applications

• Small-scale performance testing

– Behavior in the presence of loss, delay,

bandwidth limitation

– Live user access, client-server interaction

– Evaluation of metrics subject to user perception

• Audio/video quality

22

Production Applications

• Bandwidth limitation

– Probably the most widely used application of dummynet

• Product/Protocol testing

– Slightly different goal from research applications

– Checking whether the implementation complies with the specification

– Checking whether the product will work in the field of heterogeneous network conditions

Design Goals

• Simplicity and ease of use

– Will see in usage

• Be realistic

– To see the network behavior as the results of how it is implemented, structured, and driven in the real world

• Flexibility and extendibility

– Orthogonal features can be added over time – Will see in basic vs. advanced features

24

Basic Features

• Two major components

– The pipe

– The packet filter

• Simple examples

• Configuration

– The pipe

– The packet filter

The Pipe

• Emulates a communication link

• Configurable with the usual pipe link

parameters

26

Optional Queue

• Input queue

– Essentially a leaky bucket

– Why it’s used frequently as a traffic shaper

pipe 10 config bw 500 Kbits/s queue 30KB delay 12ms plr 0.02 _{queue size}

The Packet Filter

• Use the FreeBSD firewall – ipfw

• Set ipfw rules to select packets that will go

through the pipe

pipe 10 tcp from any to any 80 in

28

A Simple Example

ipfw add pipe 10 tcp from any to any 80 in

Emulating a Multi-Access Link

• One pipe

• Data going both direction content for

10Mbps bandwidth

ipfw add pipe 1 ip from any to any ipfw pipe 1 config bw 10 Mbits/s

30

Emulating a Point-to-Point Link

• Two pipes

• One for each direction

ipfw add pipe 1 ip from any to any in ipfw add pipe 2 ip from any to any out ipfw pipe 1 config bw 640 Kbits/s

ipfw pipe 2 config bw 128 Kbits/s

Modem downlink

Configuring Pipes

32

1. Bandwidth

• The rate the packets are extracted from the

queue

– Unit: bit/s, Kbit/s, Mbit/s, Bytes/s, KBytes/s,

MBytes/s

– Packet size: up to IP

• Note

2. Delay

• Propagation delay

– Unit: millisecond

• Note

34

3. Loss

• Random packet loss

– Range: 0 to 1

– Granularity: 0.01

• Note

– Used mainly for performance evaluation

– No significant drops unless the traffic rate is extremely high

4. Queue

• Input Queue

– Size unit: packets or Bytes, KBytes

• Note

– Extra queuing add up to the delay

– Typical Ethernet queues: 50 packets

36

Configuring Packet Filters

ipfw basic

ipfw

• A simple firewall utility function in

FreeBSD

38

ipfw: Adding Filters

ipfw add

[N] [prob X] [action] [PROTO]

from

[SRC] to [DST] [OPTIONS]

[N]: rule number (indexing) [prob X]: 0 to 1, default = 1 [action]: allow, deny, pipe N

N: pipe ID, 1 to 65534

[PROTO]: ip, tcp, udp, icmp etc

[SRC] [DST]: address with netmask, port, range of ports [OPTIONS]: various protocol option

Rule Examples

ipfw add 01012 allow tcp from 10.0.1.0/8 to 10.0.1.1 139

ipfw add 01012 allow udp from 10.0.1.0/8 to 10.0.1.1 137,138

ipfw add 02000 allow udp from any to any 4000-65535,domain,ntalk,ntp

ipfw add 02500 allow udp from any to any frag

ipfw add 03000 allow tcp from any to any http,https ipfw add 03000 allow tcp from any to any

4000-65535,ssh,smtp,domain,ntalk

ipfw add 03000 allow tcp from any to any auth,pop3,ftp,ftp-data

40

ipfw: Manipulating Filters

• ipfw pipe 1 show

– Show parameters of pipe 1

• ipfw pipe 1 delete

– Delete pipe 1

• ipfw pipe flush

Setting for Types of Machines

Hosts

Routers

Bridges

42

Be Aware of the Data Flow

Device Driver Upper Layer in out Through Traffic In a Bridge Through Traffic In a Router _{IP layer} Link layer

1. Easy for the Hosts

in

out _{IP layer}

Link layer

44

In Case of Routers:

ipfw add pipe 1 ip from any to any in ipfw add pipe 2 ip from any to any out

Yes, Problem

• The problem

– Through traffic get filtered twice

• The solution

– Deal with through traffic separately

ipfw add pipe 1 ip from any to “my IP” in ipfw add pipe 2 ip from “my IP” to any out

46

2. Careful for the Routers

in out

Through Traffic

In a Router _{IP layer}

Link layer

1 2

ipfw add pipe 1 ip from any to “my IP” in ipfw add pipe 2 ip from “my IP” to any out Ipfw add pipe 3 ip from any to not “my IP” in

3. Similarly, for the Bridges

in

out _{IP layer}

Link layer

1 2

ipfw add pipe 1 ip from any to “my IP” in

Through Traffic In a Bridge

48

System Setting

Kernel Options

sysctl Variables

Kernel Options

• IPFIREWALL - enable ipfirewall

• DUMMYNET - enable dummynet

operation

50

Required Kernel Option

• options IPFIREWALL

• options DUMMYNET

• Must have the above 2 options in the kernel

configuration file

Related Kernel Option

• options HZ

– Sets the timer granularity – Default 100, meaning 10ms

– Options HZ=1000, system tick reduced to 1ms

• options NMBCLUSTERS

– Set the buffer size to store network packets – Product of bandwidth * delay

52

Minor Kernel Options

• options IPFIREWALL_VERBOSE

– Enable firewall output

• options

IPFIREWALL_VERBOSE_LIMIT

ipfw Related sysctl Variables

• net.inet.ip.fw.enable: 1

– Enable firewall in the IP stack

• net.inet.ip.fw.one_pass: 1

– Force a single pass through the firewall.

– If set to 0, packets coming out of a pipe will be re-injected into the firewall starting with the rule after the matching one.

– One could create multi-hop paths with a bit of imagination

– NOTE: there is always one pass for bridged packet

54

Bridge Related sysctl Variables

• net.link.ether.bridge_cfg: ed2:1,rl0:1

– Set of interfaces for which bridging is

enabled, and cluster they belong to

• net.link.ether.bridge: 0

– Enable bridging

• net.link.ether.bridge_ipfw: 0

dummynet Related sysctl Variables

• net.inet.ip.dummynet.hash_size: 64

– Size of hash table for dynamic pipes.

• net.inet.ip.dummynet.expire: 1

– Delete dynamic pipes when they become

empty.

• Dynamic pipes will be covered in week

3

56

Next Week

• Laptops

– Running FreeBSD

– With access to FreeBSD

• FreeBSD