1 Traffic Engineering of High-Rate Large-sized Flows Acknowledgment: UVA work is supported by DOE ASCR grants DE-SC002350 and DE-SC0007341, and NSF grants, OCI-1038058, OCI-1127340, and CNS-1116081, and ESnet work is supported by DOE grant DE-AC02- 05CH11231 Tian Jin, Chris Tracy, Malathi Veeraraghavan, Zhenzhen Yan University of Virginia and ESnet [email protected], [email protected]July 8-11, 2013
20
Embed
1 Traffic Engineering of High-Rate Large-sized Flows Acknowledgment: UVA work is supported by DOE ASCR grants DE-SC002350 and DE-SC0007341, and NSF grants,
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Traffic Engineering of High-Rate Large-sized Flows
Acknowledgment: UVA work is supported by DOE ASCR grants DE-SC002350 and DE-SC0007341, and NSF grants, OCI-1038058, OCI-1127340, and CNS-1116081, and ESnet work is supported by DOE grant DE-AC02-05CH11231
Tian Jin, Chris Tracy, Malathi Veeraraghavan, Zhenzhen Yan University of Virginia and ESnet
(router-3: REN;router-4: commercial) Why is cumulative
effectivness lower for peeringrouters, esp. router-4?
Boxplots for 214 values each router-1 omitted as it is similar to router-2
Cum
ula
tive e
ffect
iveness
Effectiveness comparisons
15
• Obs. 1: higher effectiveness for /24 than for /32• Obs. 2: higher effectiveness for router-1 and router-2 than
for router-3 and router-4• Obs. 3: fewer alpha prefix IDs for router-3 and router-4
Explanations
16
• Obs. 1: data-transfer node clusters are typically located in the same /24 subnet; thus, repetition is greater with /24 than /32
• Obs. 2 and obs. 3: • Higher effectiveness for routers 1 & 2:
downloads from supercomputing facilities are repetitive (a scientist accesses the same data transfer nodes)
• Lower effectiveness for routers 3 & 4:• fewer uploads to DoE labs than
downloads from DOE labs• expect few, if any, scientific data
transfers from commerical peers (router-4)
Outline
• Problem statement & Motivation• Hybrid Network Traffic Engineering
System (HNTES)• HNTES evaluation
– NetFlow data collection– Effectiveness– Afflicted-flow packet percentage
17
Afflicted-flow packets
• B: set of non-alpha NetFlow reports for flows that share alpha prefix IDs
• Divide B into four subsets in sequence– C: non-alpha reports of alpha flows– D B-C: data-transfer reports (heuristic)– W B-C-D: well-known ports– L: leftover = B-C-D-W
• Afflicted flows: W+L
18
Afflicted-flow packets
• Tradeoff: /24 vs /32– /32 has lower effectiveness: large % of afflicted-flow packets
will be impacted when an alpha flow is not redirected– /24 has higher afflicted-flow packet percentage: small % of
afflicted-flow packets are adversely impacted
• Recommend /24 address prefixes for firewall filters
19
Percentage of afflicted-flow packets in samples of beta-flow (non-alpha flow) packets; across the 214-day period
Conclusions
• Hypothesis: Most high-speed data transfer nodes have static IP addresses, and alpha flows are created repeatedly between the same source-destination subnets– Validated for flows generated by dataset downloads as
observed at edge routers
• HNTES solution of determining src-dest address prefixes of completed alpha flows & using these prefixes to set firewall filters for future alpha-flow redirection is effective for downloads from DOE labs
• Less effective for uploads esp. from commercial peering links – But alpha-flow causing uploads are fewer