Flashcards in Midterm 2 Deck (68):
What is congestion control?
Goal: 'Fill the internet pipes without overflowing them'
'Watch the sink, slow down the water flow if it begins to overlow'
What is congestion collapse?
Increase in load -> decrease in useful work done: throughput is less than the bottleneck link.
What are the causes of congestion collapse?
Spurios Retransmission: Senders don't receive ACK in reasonable time, they retransmit the packet. The results in many copies of the same packet being outstanding.
Undelivered Packets: Packets consume resoursces and are dropped elsewhere in the network
Solution: TCP Congestion control to all traffic!
What are the goals of congestion control?
* Use network resources efficiently
* Preserve fair allocation of resources
* Avoid congestion collapse
What are the two approaches to congestion control?
End to End (What TCP uses)
- No feedback from network
- Congestion inferred from loss and delay
- Routers provide Feedback
- set a single Bit indicating congestion (ECN)
- tell sender explicit rate they should send at
How does TCP congestion occur?
* Senders increase rate until packets are dropped
* TCP interprets packet loss as congestion and slows down
What is the window-based approach to adjusting transmission rates?
* Send up to WINDOW_SIZE packets
* Stop sending until you get an ACK back
* Each time you get an ACK, increase window size by 1 and send packets until window is full
* If you fail to receive an ACK for a packet, cut the window size in half
* TCP is Additive Increase, Multiplicative Decrease (AIMD)
* This is the common method to use
What is Rate Based congestion control (as opposed to window based congestion control)?
* Monitor loss rate
* Uses timer to modulate transmission rate
Calculate the Sending Rate for the following:
RTT = 100ms
Window Size: 10 Packets
* 10 packets / 100ms = 100 packets / second
* 1000B * 8 b/B = 8000b
* 8000 b/packet * 100 packets / sec = 800kbps
What is fairness and efficiency in congestion control?
* everyone gets their fair share of resources
* network resources are used well.
* No spare capacity in network
How does AIMD converge to optimal fairness and efficiency?
* Efficiency: x1 + x2 = C (network capacity, Constant)
* Fairness: x1 = x2
* Left of the x1 + x2 = C -> Underutilization
* Right of the x1 + x2 = c -> Overutilization
* Optimal Point is where network is neither under or over-utilized and you are on the x1 = x2 fairness line
* Additive increased moves parallel to the fairness line. This continues until network becomes overloaded (Increases efficiency)
* multiplicative decrease moves you toward the origin which makes it more fair.
Describe TCP Incast
Drastic reduction in application network throughput when large number of servers using TCP all make simultaneous requests.
Results b/c of:
* High Fan In
* High bandwidth, low latency
* lots of parallel requests each w/ small amount of data
Results in bursty, retransmission
When TCP timeout occurs, have to wait hundreds of ms for timeout to occur, but RTT inside DC network is < 1ms, or even us, so throughput is reduced by up to 90% because of link idle time (waiting for TCP timeout to occur)
How do you calculate average AIMD throughput?
(3/4) * (Wm/RTT)
What are solutions to TCP incast?
* us granularity of retransmission timers (reducing retransmission timeout)
* Timers need to operate on granularity close to the RTT time.
* ACKS for every other packet
What are some challenges of streaming data?
* Large volume of data
* Data volume varies over time
* Low tolerance for delay variation (don't like buffering)
* Low tolerance for delay, period
* Some loss is acceptable
How is video compression performed?
* Image Compression -> Spatial Redundancy
* Compression across images -> temporal redundancy
Why is TCP not a good fit for congestion control for streaming data?
- Reliable Delivery (could resend packets, waisting time and causing buffering)
- Slowing down upon loss (could slow down too much and starve buffer)
- Protocol overhead (extra bytes to send)
+ No Retransmission
+ No Sending rate adaption
How are youtube and skype implemented?
Youtube: Decided to keep it simple and still use HTTP/TCP
Skype: Peer to Peer (P2P)
* Individual users route voice traffic through one another
How does QOS Work?
Marking and Policing
* Marking and Scheduling - mark packet with higher priority then they can be put into a higher priority queue. Schedule that queue so it's serviced more often than lower priority queues.
Describe the different traffic classifications
CBR - Constant bit rate (audio)
VBR - variable bit rate (video, data)
What is leaky bucket traffic shaping?
Beta = size of bucket
rho = drain rate from bucket (average rate)
Sender can send bursty traffic as long as it doesn't overfill the bucket
Larger bucket = larger burst
larger drain rate = enable faster packet rate
Example Audio Stream
* 16KB Bucket
* Packet size = 1KB
* Rho = 8 packets / s
So could possible accept a burst up to 16 packets, but will constantly deliver 8 packets/s out of the bucket.
What is (r, T) traffic shaping?
Typically limited to fixed rate flows.
- can send max r bits during a T-bit frame
- can send a certain number of bits every time unit
If flow exceeds rate, those bits are assigned a lower priority and may be dropped.
What is a token bucket?
Shapes bursty traffic patterns - bounded by the rate, rho.
- arrive in bucket at rate rho
- bucket size is beta
If 'b' is packet size, < beta:
- if bucket is full - packet sent, b tokens removed
- if bucket is empty, must wait for b tokens before sending
In general, you must wait for packet size bits to be present in the bucket at which point they will be sent.
difficult to police traffic sent by token buckets.
bound in token bucket is:
Over any interval T, rate < Beta + T*rho
You can always send at rate Rho - if you want to send a burst of > rho, you use the bucket size. So if rho = 6Mbps and you want to send at 10Mbps for 0.5s, you need: (10 - 6)*0.5 = 2Mb = 250KB = beta.
How do you police a token bucket shaper?
To use a composite shaper: Combined token bucket shaper + leaky bucket shaper. Token feeds the leaky.
What is a power boost?
Allows subscriber to send at higher rate for short period of time. Spare capacity for users who do not put a sustained load on the network.
Time allowed for power boost = Beta / (r_boost - r_sustained)
What is buffer bloat?
When there is too much buffering and thus the latency (RTT) can significantly increase.
1) smaller buffers (not realistic - lot of stuff currently deployed)
2) traffic shaping - prevent sending at a rate higher than the upload link provided by your ISP.
Why measure network traffic?
- Security - looking for rogue behavior (botnets, DOS)
- Billing - something like the 95th percentile
How do you passively measure data?
SNMP - simple network management protocol
-- Interface byte and packet counts
What is packet monitoring?
Can see full packet contents (tcpdump, ethereal, wireshark)
+ lots of detail (timing, header info)
- high overhead - hard to keep up w/ high speed links (often requires additional hardware)
What is flow monitoring?
Monitors statistics per flow:
-- a flow consists of packets that share common: src/dest IP, src/dest PORT, protocol type, TOS byte, interface
-- sometimes also grouped if they are 'close' together in time
+ Less overhead
- Much more course, no packets/payloads
Could also just do 'sampling' instead of measuring all packets.
What are the contents of an HTTP Request?
- Method (GET, POST, HEAD)
- URL (relative, /index.html)
- HTTP Version number
Headers (not usually required):
- Referer - what caused page to be requested
- User Agent - client software used to fetch page
- Accept: client will accept these types
- Host: host location is being made to
What does an HTTP Response look like?
- HTTP Version
- Response Code:
- 100's - info
- 200's - success
- 300's - redirection
- 400's - errors
- 500's - server error
- Location: could be used for redirection
- server: server software (apache/2.2.16)
- allow: http methods that are allowed
- content-encoded: how content is encoded
- content-length: length in bytes
- expires: how long content cant be cached
- modified: last time page was modified
What are persistent connections and why do they exist?
multiple http requests/responses on a single TCP connection
- delimiters indicate ends of requests
Can be combined with 'pipelineing'
- client sends requests as soon as it encounters a referenced object
How can you configure how to use a cache?
1. Browser Config
2. Origin sends a special reply telling the client to go to a cache to get the data
What is a CDN?
Content Delivery Network
Overlay network of web caches designed to deliver content to client from the optimal location
What are the major challenges of running a CDN?
Goal: Replicate content on many servers
How do you find it?
How to choose server replicas?
how to direct clients?
Describe server selection (CDNs) (what metrics would use to select which server to send a client to)
- lowest load
- any 'alive' server
- lowest latency (typically chosen)
Describe content routing (CDN)
1. Routing (eg, anycas) - simple but service providers have little control over which server client actually gets sent to
2. Application-Based - (http redirect) - effective but client must first go to origin to get redirect location
3. Naming-based (DNS) - when DNS lookup done, it returns a location that is best suited for client
Why do CDNs and ISPs like eachother?
CDNs with ISPs:
+ better throughput (lower latency)
+burtiness - lower transit costs
ISPs with CDNs:
+ good performance for customers
+ lower transit costs
What is a distributed hash table?
Example, a Chord - scaleable, distributed lookup service. A key - value map (DNS, directory service)
+ Proven Correctness
What is consistent hashing?
Keys and nodes are mapped to the same ID Space.
Think of a ring with node ids distributed around it. The key ids are also distributed around the ring.
In Chord, you key to the owning node by looking up the next higher node in the id space.
So if there are nodes 1, 10, 32, and 43, then keys 33-42 are owned by node 43. 2 - 9 are owned by node 10, etc.
+ Load balancing
+ Flexibility - when node is added/removed, it's pretty simple to re-balance
How do you implement consistent hashing?
* Every node knows location of every other node:
+ lookups = O(1)
- Tables= O(n)
* Node only knows about it's successor:
- lookups = O(n)
+ tables = O(1)
What are Finger Tables?
* Every node knows M other nodes in Ring
* Distance of nodes that it knows increases exponentially
So in ring w/ nodes: 1, 10, 32, 43 (out of 0-63 key space):
* Node 10 maintains mappings from:
** 10+2^0, 10+2^1 ... 10+2^i
Where Finger i points to the successor of 10 + 2^i, so:
* 10+2^0 = 11 -> 32
* 10+2^4 = 23 ->32
*10+2^5 = 42 -> 43, etc
So it walks around the ring trying to find the predecessor of the data it's looking for and
+ Tables = O(log n)
+ Lookup = O(log n)
Each node knows about the node half way around the ring, then half way to that node, and again half way to that node ... until it gets to it's successor. It's like a binary search. 1/2 -> 1/4 -> 1/8 ... etc.
What are the benefits of CUBIC over BIC?
* Much more simple algorithm
* BIC can be too aggressive for short RTT systems and was designed for larger bandwidth/longer RTTs, making it unfriendly to other TCP competing flows
* Based on Time b/t congestion events instead of doing something at each RTT.
* Keeps BICS stability utilization strengths, but simpler algorithm with less to keep track of.
When would you use UDP over TCP?
* Latency is critical
* You don't mind dropped packets
* Congestion Control can cause unacceptable delays
Why does linear growth of TCP Reno perform poorly for short lived flows? (1/RTT)
It takes a long time for the congestion window to reach its maximum. Short lived flows may never reach a congestion event and thus transmit unnecessarily slow.
How does BIC-TCP work?
* Starts out by linearly going toward Wmax (additive increase)
* after meets specific threshold, transitions to binary search
* Cuts distance b/t Wmax and Wmin in half, repeatedly for each RTT. This becomes new Wmin.
* Keep doing this until increment is < Smin, then set to Wmax
* Transitions to max probing which is symmetric view of the first half
* When congestion event occurs, decrease by beta
Describe the three regions of TCP CUBIC
Concave - Rapid growth back toward Wmax at the previous congestion event for quick recovery
Plateau - AKA, TCP Friendly region. very slow, near linear growth as it approaches Wmax
Convex - Max Probing - Grow quickly to find a new Wmax
What is CUBICs fast convergence?
If successive congestion events are encountered prior to Wmax, the window is further reduced [(2-Beta)/2] to free up additional bandwidth.
What kind of flows are good for TCP fast-open?
Short lived TCP connections - small data size on links with long RTTs. Performance of these flows is dominated by RTT so reducing one RTT can really help.
How does TCP Fast Open prevent source spoof attacks that would allow the server to respond to all HTTP GET requests and just send data?
by using an encrypted cookie that must be requested by the requestor before initiating requests. Server uses this cookie to verify the requestor address is not a forgery.
What role do middle boxes play in MPTCP?
* Strip out unrecognized TCP options/flags
* Endpoints could both support MPTCP, but if middle box doesn't and strips the flags, it doesn't matter.
* MPTCP will fallback to TCP if it doesn't get an ack containing the MPTCP flag.
Why does MPTCP require larger buffers? What controls does MPTCP use to maximize efficiency.
* Buffer size is dictated by the largest RTT of the flow. so it's Link_Size*max(RTT).
* Occurs because MPTCP allows out of order packets and allows other links to keep sending
* Worst case is packet dropped early and must wait for it to be sent on slowest link, while faster link keeps sending data
* Opportunistic Retransmission - retransmit un-ack'd data that was already sent on a slower flow (but now we send on the faster flow).
* Subflows that induce opp. retransmission can be penalized and have their cwnd reduced.
* Buffer itself dynamically grows over time as needed, so doesn't use worst case unless it must
How does the youtube application flow control work and describe how it interacts with TCP
* Connection starts normally, sending data until the application buffer is deemed full
* Then data is sent in 'blocks' or bursts as the video is watched
* The receive/send buffers are emptied during the pauses when no data is being sent, then when the large burst of data comes through, it is seen as congestion on the line and packet loss occurs reducing throughput
How does TFO defend against a SYN FLOOD attack?
* Requiring the security cookie
* Maintaining # of active new TFO requests and if threshold is hit, falls back to regular 3WHS while continuing to process existing ones. RSTs still count against this quota.
How does TFO defend against an Amplified Reflection attack?
* The TFO cookie is basically enough. They would need cookies from multiple hosts and have to use them before they expire. In order to get the cookie the host may already be compromised so this is ultimately of little value.
What is active measurement?
Inject additional traffic into network to measure additional characteristics of the network.
ping - delay to server,
traceroute - network or ip level path b/t two hosts on the network.
Under what conditions was the RTT*C rule of thumb developed?
* Assumed a single long lived flow
* Currently there are thousands of flows in a backbone router, have varying RTTs and congestion windows are not synchronized.
Why do short flows not significantly impact buffer queue sizing?
Average queue length is only affected by the length of the TCP flows and the load on the link. It does not depend on:
* Propagation Delay of the flows
* Number of flows
Describe CoDel - what are the three innovations it brings to the table?
Controlled Delay Management
* Assumes standing queue of target size is acceptable
* At least one MTU worth of data must be in buffer before dropping packets
* If min time in queue exceeds target value for at least a set interval, drop packets according to a control law until queue delay is back on target or data in buffer drops below one MTU.
- Uses minimum rather than average as the queue measure
- simplified single-state variable tracking of minimum
- Use of queue-sojourn time
What is a standing queue and how does it develop?
When there is a constant number of packets in the queue.
Difference in the bottleneck link speed and link RTT result in some # of packets constantly occupying the queue. As queue is processed, the receiver sends ACKS back which are turned into more data by the sender.
What is the last modified field if the header?
Datetime of when document was last modified
What is the HOST field in the header?
The domain name - eg, www.w3.org/pub/WWW --> www.w3.org is domain
What is the cookie field in the header?
If set-cookie was set in a response field, future requests to the same domain would send the cookie in this field.
What are the methods of CDN redirection and which is the most preferred?
Routing (anycast) - give all replicas same IP and allow routing to take the user to the proper location
- simple, but course at the mercy of routing - no control
Application Based (HTTP redirect)
- simple, but long delays. slow because you have to visit the original page/location first
DNS routing (Preferred) - Response when DNS lookup gives response of optimal cache.
+ fine grained control and fast
How does Bit torrent tit for tat work?
* Send to top N Peers (unchoked) + 1 optimistically unchoked peer
* If optimistically unchoked peer sends fast enough to get into top N, then client boots slowest of top 5 and adds this one, and then will send back in return
* If not, drops that peer and tries another
What is the bit torrent solution to freeloading/freeriding?
Choking! I won't send to you if you don't send to me