CS514: Intermediate Course in Operating SystemsInternet Quality of ServiceWhy is Internet QoS hard?Why is Internet QoS so hard?Slide 5Slide 6Slide 7Routers and flow propertiesWeighted Fair QueuingFor our example?What about real time issues?Life of a routerCan a router preserve packet flow dynamics?The Internet is a QoS randomizer!Behavior of the InternetNo luck!What does this tell us?Other options?Alternatives?AddressingSlide 21SecurityIPSecBefore and AfterAlso in the pipelineMore issuesNetwork fault-toleranceSlide 28Slide 29Slide 30Dual IP addressesIdea: Use Dual IP to get network fault-toleranceNetwork fault-tolerance with dual IP addressesSlide 34Slide 35Network fault-tolerance with dual-IP addressesGoals for a future networkWill IPv6 be deployed?IPv6 IssuesIPv6 and QoSQoS via RSVP, DiffsrvSummary?Slide 43CS514: Intermediate Course in Operating SystemsProfessor Ken BirmanBen Atkin: TALecture 17 Oct. 24Internet Quality of Service•The term quality of service, or QoS, is used to talk about properties associated with communication links–Telephone connections (virtual circuits) are slow but guarantee•Low latency•Steady 56kb throughput•Low jitter (variability in latency)•Relatively good isolation and noise properties–But Internet lacks QoS guaranteesWhy is Internet QoS hard?•How does it work now?–Recall that Internet itself is based on packet model–But routers do have a forwarding policy•Currently, “weighted fair queuing”•Also, depends on routing policy –A reasonable goal is to measure behavior of the networkWhy is Internet QoS so hard?Why is Internet QoS so hard?Why is Internet QoS so hard?Why is Internet QoS so hard?•Life of a router: packets show up, are stored, then forwarded•Problem: how does router impact dynamics of a “flow”?Routers and flow properties•Suppose that process A using connection A-B sends 50 8KB messages per second•And process C on connection C-D sends 25 per second•Would we expect that B sees 50 per second, and D sees 25 per second?Weighted Fair Queuing•Implemented by most routers•Treats each (source,dest) IP pair as a “flow”–Ignores port numbers•Normally, router forwards what it rcvs•But congested router gives equal share of resources to each flow, no matter what load it presents•Idea is to protect against flow that hogs resourcesFor our example?•Router sees –50 msgs/sec from flow “x”–25 msgs/sec from flow “y”•And has capacity to send 50 messages per second right now•If congested…–Each gets an equal share–Hence “y” sees no loss, but “x” might see 50% loss rates•Actually, with RED, “y” would lose some, tooWhat about real time issues?•Life of a router is to–Copy incoming messages from input links into storage–Copy outgoing messages from storage to outgoing links–Drop packets (RED) if overloaded•Router is largely indifferent to packet “dynamics”Life of a router•Router could receive 50 msgs/sec from A–But perhaps they sit on a queue because the link these must follow is busy–So 10 or 15 pile up•Finally router gets a chance to send packets on this busy link–Now the router sends 10 or 15 as a burst–Effective rate was zero for a while, then perhaps a few hundred per secondCan a router preserve packet flow dynamics?•A very hard open problem•The answer is probably –Yes with infinite resources–No with finite resources•But in any case, modern routers don’t actually try to do so!The Internet is a QoS randomizer!•Whatever properties the input flow may have had…•The Internet probably mixes things up in ways that can disrupt those properties•The more hops taken by a packet through the network, the more chance for such disruption to occurBehavior of the Internet•Studies published mostly in SIGCOMM and INFOCOM, the top networking conferences•People seek to–Accurately understand traffic patterns and QoS of the network–Develop into a “model” that describes what they observeNo luck!•Studies have repeatedly found:–That the Internet is pretty chaotic–Routing is surprisingly unstable–Random periods of high loss rate–Latencies vary wildly–Most distributions are “heavy tailed”•Idea is to graph percentage of messages having each latency value or loss rate•Ideally, want a nice clean graph•But in practice get graphs with very long tailsWhat does this tell us?•We can sample, for example, the round-trip time between A and B–But we can’t assume it will be steady–And even if we average many samples the result may not be very meaningful•Heavy-tailed distributions may have enormous or even infinite variance–E.g. “2 ms +/- 2500”•Makes it hard to even write down the properties of an Internet connection!Other options?•Email, TCP applications don’t really care–They adapt rapidly to conditions–No real effort to track or model the distributions associated with various Internet properties•In this approach, Internet lacks guarantees and is proud of it!Alternatives?•Much talk about how to build a better Internet•Current IP protocols are based on IPv4•Proposed IPv6 would–Extend address lengths to 64 bits–Add security to DNS, routing, IGMP–Provide user-level QoS featuresAddressing•Issue is that we are running out of IPv4 addresses–The field is only 32 bits long–And a big chunk is reserved for multicast addresses•Despite this, Internet multicast is generally not available•Problems with load and charging for costs led ISVs to disable the feature–What can we do?Addressing•IP leasing is part of the answer–Idea is that machines can•Share a small pool of IP addresses, allocating on demand•Even share a single IP address, like when you connect a home wireless network to road-runner–Trick is to remap on the fly–Gets you pretty far but not far enough•We’ll exhaust the address pool “soon”Security•Issue here is that Internet is too easy to attack•Any machine can claim to be a router–Then its DNS and DHCP packets are trusted–In effect, any machine can take control of Internet routing and naming!•IPSec secures IP w/ cryptographyIPSec•Idea is that a public key hierarchy is used to obtain triple DES keys for use by IP•Lets us secure IP packets with signatures (“HMAC”) or encryption•DNS and routing protocol use this to secure themselvesBefore and After•Without IPSec–Hackers can easily “clear a route”
View Full Document
Unlocking...