Key Performance Indicators of TCP Flows Patryk Brzoza Advisor(s): - - PowerPoint PPT Presentation

key performance indicators of tcp flows
SMART_READER_LITE
LIVE PREVIEW

Key Performance Indicators of TCP Flows Patryk Brzoza Advisor(s): - - PowerPoint PPT Presentation

Feb 25, 2023 137 likes •347 views

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Key Performance Indicators of TCP Flows Patryk Brzoza Advisor(s): M.Sc. Simon Bauer Supervisor: Prof. Dr.-Ing. Georg Carle Technical

slide-1
SLIDE 1

Chair of Network Architectures and Services Department of Informatics Technical University of Munich

Key Performance Indicators of TCP Flows

Patryk Brzoza Advisor(s): M.Sc. Simon Bauer Supervisor: Prof. Dr.-Ing. Georg Carle Technical University of Munich (TUM) Department of Informatics Chair of Network Architectures and Services Garching, 06.04.2018

slide-2
SLIDE 2

2

Patryk Brzoza | Key Performance Indicators of TCP Flows

Agenda

Introduction Protocol Background KPI Overview Measurement Methods Data Processing Deriving Network Events Conclusion

slide-3
SLIDE 3

3

Patryk Brzoza | Key Performance Indicators of TCP Flows

Introduction

  • Studies: 95% of total traffic volume provided by TCP [1]
  • TCP Flows play crucial role for overall performance

 How to evaluate this and which metrics are important?

slide-4
SLIDE 4

4

Patryk Brzoza | Key Performance Indicators of TCP Flows

Protocol Background: Transport Control Protocol (TCP)

  • Reliable and connection-oriented communication
  • Connection: two unidirectional flows
slide-5
SLIDE 5

5

Patryk Brzoza | Key Performance Indicators of TCP Flows

KPI Overview

  • Performance of TCP constrained by its features

 Deriving metrics: Key Performance Indicators (KPIs)

Latency Indicators TCP Flow KPIs Throughput Indicators Other Indicators Packet Loss Indicators

slide-6
SLIDE 6

6

Patryk Brzoza | Key Performance Indicators of TCP Flows

KPI Overview: Latency Indicators

Temporal quality and responsiveness metrics of flows Round Trip Time (RTT):

  • Interval between sending segment and receiving

acknowledgement Connection Setup Time (CST):

  • Interval for establishing

connection

slide-7
SLIDE 7

7

Patryk Brzoza | Key Performance Indicators of TCP Flows

KPI Overview: Packet Loss Indicators

slide-8
SLIDE 8

8

Patryk Brzoza | Key Performance Indicators of TCP Flows

KPI Overview: Throughput Indicators

slide-9
SLIDE 9

9

Patryk Brzoza | Key Performance Indicators of TCP Flows

KPI Overview: Other Indicators

Metrics that do not fit in previous categories Response Time (RT):

  • Processing time between last packet of response and first packet
  • f request

Reset Rate (RT):

  • Relation of RST segments to overall transmitted segments
slide-10
SLIDE 10

10

Patryk Brzoza | Key Performance Indicators of TCP Flows

Measurement Methods

  • Data must be measured first before processing it:

Measurement Methods Active Passive Generate probe segments Capture segments from link ✘ ✔

slide-11
SLIDE 11

11

Patryk Brzoza | Key Performance Indicators of TCP Flows

Measurement Methods

  • How many monitors should be set up and at which location? [3]

 Algorithms can determine good solutions

slide-12
SLIDE 12

12

Patryk Brzoza | Key Performance Indicators of TCP Flows

Measurement Methods

  • Possible measurement setup [4]:
  • Differentiation between bidirectional and unidirectional

measurement

slide-13
SLIDE 13

13

Patryk Brzoza | Key Performance Indicators of TCP Flows

Measurement Methods

Bidirectional approach:

  • Extract KPIs by correlating segments

Unidirectional approach:

  • Determine flow type first [4]:

Feedback Download Unknown

?

slide-14
SLIDE 14

14

Patryk Brzoza | Key Performance Indicators of TCP Flows

Data Processing

  • Measurements can generate vast amounts of data
  • Use data mining approaches to reduce it [5]:

− Find relationships − Filter out unnecessary packets

slide-15
SLIDE 15

15

Patryk Brzoza | Key Performance Indicators of TCP Flows

Data Processing: RTT calculation

slide-16
SLIDE 16

16

Patryk Brzoza | Key Performance Indicators of TCP Flows

Data Processing: RTT calculation

Unidirectional measurements: − SYN-based method: determine segment distance depending on flow type − Flight method: group packets by inter-arrival time, measure distance of groups

slide-17
SLIDE 17

17

Patryk Brzoza | Key Performance Indicators of TCP Flows

Network Event Derivation

  • KPIs give valuable information for intrusion detection, e.g.:

− Throughput spikes: flood-based DoS attacks [5]

− High Reset Rate: port scan attacks

  • Can also expose errors and misconfigurations
slide-18
SLIDE 18

18

Patryk Brzoza | Key Performance Indicators of TCP Flows

Conclusion

  • TCP flow performance constrained
  • Measurable with various classifiable KPIs
  • Collect data with either active or passive measurements
  • Reduce data amount with mining approaches
  • Extract KPIs from bi- or unidirectional measurements
  • Detect intrusion attacks or network errors using KPIs
slide-19
SLIDE 19

19

Patryk Brzoza | Key Performance Indicators of TCP Flows

Questions? Thank you for your attention! Any questions?

Contact: brzoza@in.tum.de

slide-20
SLIDE 20

20

Patryk Brzoza | Key Performance Indicators of TCP Flows

Sources

[1] Feldmann et al. “Efficient policies for carrying Web traffic over flow- switched networks“ [2] RFC 793. ”Transmission Control Protocol Specification” [3] Chaudet et al. ”Optimal Positioning of Active and Passive Monitoring Devices” [4] Shakkottai et al. ”The RTT Distribution of TCP Flows in the Internet and its Impact on TCP-based Flow Control” [5] Dickerson. ”Fuzzy Network Profiling for Intrusion Detection” [6] Plonka. ”FlowScan: A Network Traffic Flow Reporting and Visualization Tool”