Performance Bounds in a Switched Aircraft Cabin Emanuel Heidinger - - PowerPoint PPT Presentation

Network Security, WS 2008/09, Chapter 9 1

Chair for Network Architectures and Services – Prof. Carle Department of Computer Science TU München

Performance Bounds in a Switched Aircraft Cabin

Emanuel Heidinger Supervision TUM: Prof. Carle Supervision EADS: Stefan Schneele

Network Security, WS 2008/09, Chapter 9 2

Outline

• Introduction to Communication Networks in Aeroplanes
• Goal of this Work
• Safety Criticality in the Aircraft Cabin
• State of the Art Cabin System
• Novel Approach based on Switched Ethernet
• DIMTOOL: A Platform for Determining WC Bounds
• The framework Network Calculus
• MIP Approach to determine the Worst Case
• Moving the Switched Aircraft Cabin towards deployment
• Conclusions

Network Security, WS 2008/09, Chapter 9 3

Communication networks in Airbus Aeroplanes

• Impression of the aircraft …
• Installation may look simple at system level, but …
• very complex at a/c level

Various Protocols like LVDS, RS-232, RS-485, CAN, Ethernet

Network Security, WS 2008/09, Chapter 9 4

Goal of this Work

Can we employ Standard Switched Ethernet in the Aircraft Cabin ? By „standard“ we mean

• PHY/MAC Layer
• IEEE 802.1D/Q, Intserv, Diffserv
• Switching to Gigabit Backbones
• Upcoming standards as Audio Video Bridging, BroadR-Reach

What are the pitfalls when addressing this goal ? Can we provide Inflight Entertainment (IFE) over same network ?

• Video
• Games
• Internet Surfing

Overall-goal in Aernonautics: Safe weight, reduce kerosine, reduce complexity

Network Security, WS 2008/09, Chapter 9 5

Domains in the Aircraft [ARINC664P5]

Aircraft Control (ACD) Airline Information Services (AISD) Passenger Information Entertainment Services (PIESD) Passenger Owned Devices (PODD) CIDS Embedded IFE criticality (usually) decreases higher lower

Network Security, WS 2008/09, Chapter 9 6

Objectives in Safety Relevant Aircraft Cabin

Device Description Signaling Latency Requirement Audio Latency Requirement Differential Delay Requirement PSU Passenger Announcement Lighted Signs 100 ms 10 ms

• IBU

Illumination 100 ms

• Handset

Cabin Interphone 100 ms 10 ms 1ms Camera Cabin Video Monitoring

• Smoke

Smoke Detector 100 ms

• The Cabin Core Functions mainly cover safety relevant functions
• Their requirements have to fulfill the [DO214]
• Other safety relevant functions as Cabin Surveillance are expected on same network

Network Security, WS 2008/09, Chapter 9 7

Safety in Aeronautics

DAL Classification DAL Definitions Failure Requirement [failures / hour] Level A Catastrophic Catastrophic failure condition for the aircraft Level B Hazardous / Severe-Major Hazardous / severe-major failure condition for the aircraft Level C Major Major failure condition for the aircraft Level D Minor Minor failure condition for the aircraft

• Level E

No Effect No effect on aircraft operational capability or flight crew workload

• Expressed in terms of Design Assurance Level [DO254], [ARP4754A]

9

10− < p

7

10− < p

5

10− < p

• Cabin Core Functions are „usually“ DAL-C
• Cabin Entertainment (IFE) is DAL-E
• Extensive use of redundancy in networks covering safety relevant functions
• Failure value is determined by Fault Tree Analysis
• Determinism must be presented in those networks

⇒ Necessity to determine the worst case

Network Security, WS 2008/09, Chapter 9 8

State of the Art – Today’s Aircraft Cabin / CIDS

• Based on 10Base2 Ethernet, Physical Layer
• TDMA (Time Division Multiple Access) Techniques
• Bus System, same medium

Advantage

• Bus System, so one single line
• Worst case relatively easy determined by measurement

Disadvantage

• Bus System, so Collision Avoidance / Detection
• Smaller IFG (8 Bytes), not all PHYs can do that
• Different CRC Polynomial, not all stacks can do that
• Small Bandwidth, 10 MBit/s

But when talking about GigaBit and later, there will be no bus support anymore (due to echo cancellation) ⇒ Moving towards switched network

Network Security, WS 2008/09, Chapter 9 9

Topology of Full Switched Aircraft Cabin

• Up to 22 lines
• Up to 16 cascade switches

per line

• Up to 8 end devices per

switch

• No star topology for saving

wires

• Number highly depends on

Aircraft type, be it A380, A350 or A30x Challenge: Determine Worst Case in Switched Network

Device Number Description PSU 1536 Service Unit IBU 1512 Light Scenario Handset 20 Cabin Interphone FAP 20 Panel for Cabin Control CVMS 25 Video Surveillance

A380 Configuration, Number of Devices

Network Security, WS 2008/09, Chapter 9 10 10

Network Latencies

 Propagation Delay

• stable and almost negligible
• (1/factor) * speed of light

 Processing Delay

• Hardware dependent
• relatively stable

 Transmission Delay

• Time it takes to transmit the

whole frame

 Queuing Delay

• If output port is busy, frames

must be queued

• Sum of transmission delay of
• ther frames, that have to be

served before Processing delay Queuing delay Propagation delay Transmission delay

Network Security, WS 2008/09, Chapter 9 11 11

CabinConfigurator (C++) DIMTOOL(Matlab) Topology Toolbox

Page 11

Certification System Integration Deployment

• Generate VLAN configuration for switches
• Extracting topology and flow information and forward to DIMTOOL
• DIMTOOL generates reports according to simulation, NC & worst

case scheduling analysis

Heidinger, E.; Burger, S.; Schneele S., Klein, A. & Carle, G., DIMTOOL: A Platform for Determining Worst Case Latencies in Switched Queuing Networks, ValueTools 2012

Toolchain DIMTOOL – Worst Case Estimation (I)

Network Security, WS 2008/09, Chapter 9 12 12

• Generate VLAN configuration for switches
• Extracting topology and flow information and forward to DIMTOOL
• DIMTOOL generates reports according to simulation, NC & worst

case scheduling analysis CabinConfigurator (C++) DIMTOOL(Matlab) Topology Toolbox

Page 12

Backends Certification

Toolchain DIMTOOL – Worst Case Estimation (II)

Network Security, WS 2008/09, Chapter 9 13 13

• Generate VLAN configuration for switches
• Extracting topology and flow information and forward to DIMTOOL
• DIMTOOL generates reports according to simulation, NC & worst

case scheduling analysis CabinConfigurator (C++) DIMTOOL(Matlab) Topology Toolbox

Page 13

Backends System Integration

Toolchain DIMTOOL – Worst Case Estimation (III)

Network Security, WS 2008/09, Chapter 9 14 14

• Generate VLAN configuration for switches
• Extracting topology and flow information and forward to DIMTOOL
• DIMTOOL generates reports according to simulation, NC & worst

case scheduling analysis CabinConfigurator (C++) DIMTOOL(Matlab) Topology Toolbox

Page 14

Backends Deployment

Toolchain DIMTOOL – Worst Case Estimation (IV)

Network Security, WS 2008/09, Chapter 9 15 15

Toolchain DIMTOOL – Worst Case Estimation (V)

• Generate VLAN configuration for switches
• Extracting topology and flow information and forward to DIMTOOL
• DIMTOOL generates reports according to simulation, NC & worst

case scheduling analysis CabinConfigurator (C++) DIMTOOL(Matlab) Topology Toolbox

Page 15

Backends

Network Security, WS 2008/09, Chapter 9 16 16

DIMTOOL Graphical User Interface

• Provide several Performance Evaluation Backends
• Topology creator for A380, A350, A30x
• Topology converter for different input formats, Camfigurator, Network

Notepad, OPNET

• Results shall be employable in certification

⇒ Deliver performance

reports

Network Security, WS 2008/09, Chapter 9 17 17

Refreshing Token Bucket Model

Token Bucket Scheme Network Calculus Representation

• Extended version of [Tan2002] and [Sta2001] which allows some burstiness
• Shaping does not occur until burst is consumed

 Textmasterformate durch Klicken bearbeite

• Zweite Ebene
• Dritte Ebene

– Vierte Ebene » Fünfte Ebene (accumulated arrivals)

Network Security, WS 2008/09, Chapter 9 18 18

Introduction to Network Calculus (I)

• Flows in terms of Arrival Envelopes / Arrival Curves
• Service experienced by switch in terms of Service Curve

Example of fluid flows, preemptive

• f1 and f2 are multiplexed and traverse

two servers / switches

• Flow of interest is f1
• Delay given by horizontal deviation

Node-by-Node Analysis

Network Security, WS 2008/09, Chapter 9 19 19

Introduction to Network Calculus (II)

• Flows in terms of Arrival Envelopes / Arrival Curves
• Service experienced by switch in terms of Service Curve

Example of fluid flows, preemptive

• f1 and f2 are multiplexed and traverse

two servers / switches

• Flow of interest is f1
• Delay given by horizontal deviation

Node-by-Node Analysis

Network Security, WS 2008/09, Chapter 9 20 20

Tightness of Network Calculus Bounds

However, with the so called Node-by-Node Analysis (as seen before)

• Latency is determined at each node, such that

burst is paid at every server, i.e., s1 as well as s2

• Also known as algorithm: Total Flow Analysis (TFA)

Tightening bounds

• „Pay Bursts Only Once“ [RIZ2005]
• Burst will only be paid at first node
• Edge-by-Edge Analysis (First: Service Curve over all edges, Then:

horizontal deviation)

• Also known as algorithm: Separated Flow Analysis (SFA)
• Addresses the following case

Network Security, WS 2008/09, Chapter 9 21 21

Non-Preemptiveness of Switched Ethernet (I)

• We showed how to determine worst cases in fluid flow models
• But how to deal with non-preemptiveness of Switched Ethernet ?

 Mapping by

Discrete Sized Bursts Additional latency in Rate Latency Service Curve

Network Security, WS 2008/09, Chapter 9 22 22

Non-Preemptiveness of Switched Ethernet (II)

• Packetizer

⇒ Packetizer only valid in case of node-by-node analysis ⇒ To be safe, packetizer is modeled by rate latency service curve

(additional delay by full length packet)

⇒ Introduces overestimation 250 byte packet prior to 500 byte packet 500 byte packet prior to 250 byte packet

Network Security, WS 2008/09, Chapter 9 23 23

Novel Optimization Based Approach based on MIP

Approach

• Capture NP-hardness by Mixed Integer Program

(rather than enumerating exponential number of solutions)

• Use discrete-sized packet model for better match to switched

Ethernet

• [SCH2008] and [BOU2008] proposed linear optimization based

techniques to find tight bound for fluid flow models

• [BOU2008] also showed NP-hardness

Network Security, WS 2008/09, Chapter 9 24 24

Mixed Integer Programming Approach

• Flow f1, packet size 108 Bytes, bandwidth 100kBit/s
• Flow f2, packet size 64 Bytes, bandwidth 1000kBit/s
• Flow f3, packet size 256 Bytes, bandwidth 2000kBit/s
• Flow f4, packet size 512 Bytes, bandwidth 5000kBit/s

Heidinger, E.; Kammenhuber, N.; Klein, A. & Carle, G., Network Calculus and Mixed-Integer LP Applied to a Switched Aircraft Cabin Network, Proc. of the 20th International Workshop on Quality of Service, IWQoS 2012, 2012

Network Security, WS 2008/09, Chapter 9 25 25

Mixed Integer Program Objective and Constraints

• Maximize time between
• send time and
• receive time
• Constraints
• Packet p is delayed by other

q packet if “boolean“ variable is “true“, i.e., 1

• Let solver decide how to set

“boolean“ variables in order to maximize latency

• Also possible:
• Use determined start times for simulation

⇒Worse Case Simulation

• Identify multicast delay difference

Paid too much, so substract packet p is either delayed by q or vice versa

Network Security, WS 2008/09, Chapter 9 26 26

Comparison of Different Approach – Use in Ethernet

Approach Fluid Model Edge- by- Edge Tight Ethernet Tight Fluid Comp. Effort TFA Yes No (-)

• Low 

Packetized TFA No No (-)

• n/a

Low 

SFA Yes Yes (+)

• 

Medium 

PMOO-SFA Yes Yes (+)

• 

High (o)

MIP No Yes (+)



n/a Exponential

• Tightness in DNC: Can bounds ever be reached ?

Network Security, WS 2008/09, Chapter 9 27 27

Results for Aircraft Cabin (100MBit/s)

• Cabin Line with 104 devices
• x-axis gives node in line
• y-axis gives worst case delay
• Downstream
• 13 hops, 8 devices per switch
• Server to EndDevice 108@30MBit/s
• Low priority traffic

Network Security, WS 2008/09, Chapter 9 28 28

Results for Aircraft Cabin (100MBit/s)

• Cabin Line with 104 devices
• x-axis gives node in line
• y-axis gives worst case delay
• Upstream
• 13 hops, 8 devices per switch
• CabinHandset 142@568kBit/s
• PSU 108@204kBit/s
• Low priority traffic

Network Security, WS 2008/09, Chapter 9 29 29

Zooming in MIP Approach

• About 5% better bounds than

known Network Calculus approaches

• But problem of state explosion

(similar to Model Checking) ⇒ Reduce search space by preselecting packet order and burst aggregation However, if MIP solver is not able to find solution, we can employ safe dual bound (here we stopped computation after 1h) ⇒ Experiments showed that up to 50 parallel flows are possible Determining worst case according to cabin length

Network Security, WS 2008/09, Chapter 9 30 30

Proof of Concept – Moving to the Cabin Mockup

• Perform measurements
• Convince pre-development

⇒ PASSED TRL 4 Gate Review

Network Security, WS 2008/09, Chapter 9 31 31

DIMTOOL - Results of Aircraft Cabin, 100MBit/s

• DIMTOOL Results for Upstream
• Worse Case Simulation shifts

latency towards analytical bounds Idea: Take results of MIP analysis and align token bucket offsets

• x-axis gives node in line
• y-axis gives worst case delay

Network Security, WS 2008/09, Chapter 9 32 32

Proof of Concept (Audio Multicast Delay Difference)

PRAM: Multicast Delay Difference between T1 and S12, high cross traffic PRAM and PA have same behavior in terms of multicast delay difference ⇒1 stream 1518 @ wire speed ⇒Requirement 1ms ⇒Test passed for 1GBit/s ⇒Test failed for 100MBit/s

100MBit/s 1GBit/s

Network Security, WS 2008/09, Chapter 9 33 33

Results for Mockup, Downstream (FastEthernet)

• 12 hops, 8 devices per switch
• CabinHandset 142@568kBit/s
• PSU 108@27kBit/s

⇒ MIP gives better bound in downstream ⇒The multicast delay difference requirement is not fulfilled in case of FastEthernet ⇒Moving towards Gigabit Ethernet

Network Security, WS 2008/09, Chapter 9 34 34

Proof of Concept (100MBit/s and 1GBit/s)

Multicast Delay Difference between T1 and S12, with cross traffic ⇒Requirement 1ms ⇒Test passed for 1GBit/s ⇒Test failed for 100MBit/s

Difference of arrival times S12 and T1

• PA Traffic from handset

Mirrored PA Traffic from server

Network Security, WS 2008/09, Chapter 9 35 35

DIMTOOL – Simulation Results for Multi Domain

Device Number Domain PSU 96 ACD IBU ACD Handset 2 ACD FAP 2 PODD Camera 4 ACD Wireless Sensors AP 1 AISD Crew WLAN AP 1 AISD Passenger WLAN AP 1 PIESD

• Gigabit Backbone

Network Security, WS 2008/09, Chapter 9 36 36

DIMTOOL – Worst Case Results for Multi Domain

Device Number Domain PSU 96 ACD IBU ACD Handset 2 ACD FAP 2 PODD Camera 4 ACD Wireless Sensors AP 1 AISD Crew WLAN AP 1 AISD Passenger WLAN AP 1 PIESD

• Gigabit Backbone

Network Security, WS 2008/09, Chapter 9 37 37

Conclusions

 Concerning Aircraft Cabin

• Switched Ethernet Cabin is possible
• Propose 1GBit/s in backbone rather than 100MBit/s
• Requirements can be fulfilled
• Ready for next generation applications in terms of bandwidth and delays

(IFE, Passenger Owned Devices)

 Comparability of Bounds

• DIMTOOL covers several performance evaluation approaches

 Concerning Tightness of Bounds

• Mixed Integer Approach allows better mapping of Switched Ethernet

⇒ Tighter bounds for Switched Ethernet

• Worse Case Simulation shifts simulation

Network Security, WS 2008/09, Chapter 9 38 38

References



[ARP4754A] ARP4754A, S. ARP 4754A: Guidelines for Development of Civil Aircraft and Systems Society of Automotive Engineers, 2010



[DO254] DO-254/ED-80, R. T. C. f. A. 254: Design Assurance Guidance For Airborne Electronic Hardware 2000



[BOU2004] Le Boudec, J., Network Calculus: A Theory of Deterministic Queuing Systems for the Internet, 2004



[Sch2008] Improving Performance Bounds in Feed-Forward Networks by Paying Multiplexing Only Once Measuring, Modelling and Evaluation of Computer and Communication Systems (MMB), 2008 14th GI/ITG Conference -, Proc. of the 14th Conference on Measuring, Modelling and Evaluation of Computer and Communication Systems (MMB), 2008



[RIZ2005] Rizzo, G. & Le Boudec, J. ``Pay bursts only once'' does not hold for non-FIFO Guaranteed Rate nodes Performance Evaluation, Elsevier, 2005, 62, 366-381



[SCH2008] Schmitt, J.; Zdarsky, F. & Fidler, M., Delay Bounds under Arbitrary Multiplexing: When Network Calculus Leaves You in the Lurch..., IEEE INFOCOM 2008. The 27th Conference on Computer Communications, 2008, 1669-1677



[BOU2008] Bouillard, A.; Gaujal, B.; Lagrange, S. & Thierry, &E., Optimal routing for end-to-end guarantees using Network Calculus, Performance Evaluation, Elsevier, 2008, 65, 883-906



[RIZ2005] Rizzo, G. & Le Boudec, J., “Pay bursts only once” does not hold for non-FIFO Guaranteed Rate nodes, Performance Evaluation, Elsevier, 2005, 62, 366-381

Network Security, WS 2008/09, Chapter 9 39 39

References



[1] Dantzig, G., Maximization of a linear function of variables subject to linear inequalities, New York, 1951



[2] Dasgupta, S.; Papadimitriou, C. & Vazirani, U. V., Algorithms, 2006



[3] lp_solve reference guide, Accessed December 11, 2011, http://lpsolve.sourceforge.net/



[4] Ralphs, T., COIN-OR Branch-and-Cut MIP Solver, Accessed December 11, 2011, https://projects.coin-or.org/Cbc

Network Security, WS 2008/09, Chapter 9 40 40

Additional Slides

• Network Calculus
• Non-preemptiveness
• Dimensioning tool and Deployment

Network Security, WS 2008/09, Chapter 9 41 41

• Based on the (min,+)-Algebra
• Arrival Curve – Input Flow
• Token Bucket, -constrained
• Periodic Curves
• Service Curve – Service of a Switch
• Rate Latency
• Burst Delay
• Convolution:
• Upper bound for output curve
• Convolution of tandem of service curves (convolution-form networks)
• Deconvolution:
• Lower bound for output curve

Network Calculus

Network Security, WS 2008/09, Chapter 9 42 42

Network Calculus Genealogy

• Evolution
• From basic calculus over (min,+)-Algebra to

– Stochastic extensions – Tightness / Convolution-form networks – Linear optimization based approaches

Cruz early 90ies Le Boudec late 90ies Jiang Liebeherr Schmitt Bouillard since 2000 Fidler SNC DNC

Network Security, WS 2008/09, Chapter 9 43 43

Min,+ Algebra

Min,+ Algebra is a semi-ring, dioid on , so Closure and Associativity of Zero element existent for Idempotency and Commutativity of Closure and Associativity of + Zero element for is absorbing for + Neutral element existent for + Distributivity of + with respect to is infimuum (or minimum if exists) is supremum (or maximum if exists)

∧ ∧ ∧ ∧ ∧ ∨

Network Security, WS 2008/09, Chapter 9 44 44

Deconvolution

• Move red curve to the left
• Determine maximum of difference between

red curve and green curve Application – Supremum (upper) bound for output curve – Earliest appearance of bits at output

Network Security, WS 2008/09, Chapter 9 45 45

Convolution

Application – Infimuum (lower) bound for output curve – Latest appearance of bits at output – Concatenation of Servers – Convolution of tandem of service curves (convolution-form networks)

Network Security, WS 2008/09, Chapter 9 46 46

Non-FIFO bounds

• Why do we talk about Non-FIFO bounds,

queuing discipline should be FIFO ?

• Consider following situation in a packet switch
• Usually switch fabric tries to find maximum matching in order to serve as

many input ports as possible

• For FIFO multiplexing, switches would have to store arrival time
• So, no FIFO (with respect to packet forwarding) is guaranteed

Network Security, WS 2008/09, Chapter 9 47 47

• Fluid Flow Models

– Generalized Processor Sharing

• Practical Implementation: WFQ
• Discrete-Sized Packet Models

– Few Research

• Tightness of Network Calculus bounds

has been investigated for fluid models

• Ethernet

– Overcome limitation/generalization of fluid models by use of rate latency curve

• Head of line (delay due to lower priority frame)

is used as additional burst to rate latency curve

• Employ burst of max-sized packet at time 0

– Ethernet switch is not FIFO in general [8]

• otherwise you would have to remember receive time in input port to guarantee FIFO

Network Calculus

fluid flow vs. discrete-sized, 125@1000kBit/s serviced by rate latency, 3µs latency, 100MBit/s

Network Security, WS 2008/09, Chapter 9 48 48

• Fluid Flow Models

– Generalized Processor Sharing

• Practical Implementation: WFQ
• Discrete-Sized Packet Models

– Few Research

• Tightness of Network Calculus bounds

has been investigated for fluid models

• Ethernet

– Overcome limitation/generalization of fluid models by use of rate latency curve

• Head of line (delay due to lower priority frame)

is used as additional burst to rate latency curve

• Employ burst of max-sized packet at time 0

– Ethernet switch is not FIFO in general [8]

• otherwise you would have to remember receive time in input port to guarantee FIFO

Network Calculus

• fluid flow vs. discrete-sized, 125@1000kBit/s
• serviced by rate latency, 3µs latency, 100MBit/s
• Horizontal deviation gives delay in case of FIFO
• Vertical deviation gives backlog in case of FIFO

Arbitrary multiplexing FIFO

Network Security, WS 2008/09, Chapter 9 49 49

Tightness of Network Calculus Bound

Tightening bounds

• „Pay Multiplexing Only Once“ [SCH2008]
• If flow is multiplexed several times, SFA will pay too much at each

multiplexing

• Also known as algorithm: PMOO-SFA
• Edge-by-Edge Analysis (First: Service Curve over all edges, Then:

horizontal deviation) – Usually better than PBOO – Addresses the following case

Network Security, WS 2008/09, Chapter 9 50 50

Prerequisites for deterministic bounds

When moving towards switched solutions, we have new active devices, namely the switches

• Predetermined Forwarding with VLAN
• Provided by COTS switches in hardware
• Priorities to handle different traffic classes
• Mapping to internal queues, minimum 4
• Shaping by hardware
• Required to fulfill token bucket traffic model
• Since traffic occurence is deterministic in ACD domain, we do not employ stochastic

traffic models here

Micro Controller

Uplink/Downlink Ports

Switch ASIC

• Limiting
• Shaping
• VLAN
• 802.1q priorities
• Functions

addressed by Registers

• Configuration

SNMP, Web, etc.

Network Security, WS 2008/09, Chapter 9 51 51

Non-Preemptiveness of Switched Ethernet (II)

64 64 1518 1518 64 1518 S2 S1

However, NC cannot map the following situation accurately:

• Assume a small packet being delayed by a larger packet
• At Server/Switch S1, the small packet is delayed by the full large packet
• At Server/Switch S2, the small packet is delayed only by the remaining 1454 bytes
• But for FastEthernet, exact worst case is

0.2480 ms (omitting IFG and preamble)

Network Security, WS 2008/09, Chapter 9 52 52

Non-Preemptiveness of Switched Ethernet (III)

 Additionally, NC can not map the following situation accurately:

• Assume three equally sized frames in a simple network
• Packet of interest is 1
• 1. Packet 1 and 2 arrive at first switch,

Packet 1 is delayed by Packet 2

• 2. Packet 2 is transmitted and arrives at second

switch as Packet 3 does

• 3. Packet 2 waits at second switch until transmission
• f Packet 3 finished
• 4. Packet 1 will be delayed by Packet 2

⇒ Additional delay by 2 packets ⇒ But NC gives additional delay of 3 packets

Network Security, WS 2008/09, Chapter 9 53 53

Non-Preemptiveness of Switched Ethernet (III)

 However, NC can not map the following situation accurately:

• Assume three equal sized frames in a simple network
• Packet of interest is 1
• 1. Packet 1 and 2 arrive at first switch,

Packet 1 is delayed by Packet 2

• 2. Packet 2 is transmitted and arrives at second

switch as Packet 3 does

• 3. Packet 2 waits at second switch until transmission
• f Packet 3 finished
• 4. Packet 1 will be delayed by Packet 2

⇒ Additional delay by 2 packets ⇒ But NC gives additional delay of 3 packets

Network Security, WS 2008/09, Chapter 9 54 54

Non-Preemptiveness of Switched Ethernet (III)

 However, NC can not map the following situation accurately:

• Assume three equal sized frames in a simple network
• Packet of interest is 1
• 1. Packet 1 and 2 arrive at first switch,

Packet 1 is delayed by Packet 2

• 2. Packet 2 is transmitted and arrives at second

switch as Packet 3 does

• 3. Packet 2 waits at second switch until transmission
• f Packet 3 finished
• 4. Packet 1 will be delayed by Packet 2

⇒ Additional delay by 2 packets ⇒ But NC gives additional delay of 3 packets

Network Security, WS 2008/09, Chapter 9 55 55

Non-Preemptiveness of Switched Ethernet (III)

 However, NC can not map the following situation accurately:

• Assume three equal sized frames in a simple network
• Packet of interest is 1
• 1. Packet 1 and 2 arrive at first switch,

Packet 1 is delayed by Packet 2

• 2. Packet 2 is transmitted and arrives at second

switch as Packet 3 does

• 3. Packet 2 waits at second switch until transmission
• f Packet 3 finished
• 4. Packet 1 will be delayed by Packet 2

⇒ Additional delay by 2 packets ⇒ But NC gives additional delay of 3 packets

Network Security, WS 2008/09, Chapter 9 56 56

Non-Preemptiveness of Switched Ethernet (III)

 However, NC can not map the following situation accurately:

• Assume three equal sized frames in a simple network
• Packet of interest is 1
• 1. Packet 1 and 2 arrive at first switch,

Packet 1 is delayed by Packet 2

• 2. Packet 2 is transmitted and arrives at second

switch as Packet 3 does

• 3. Packet 2 waits at second switch until transmission
• f Packet 3 finished
• 4. Packet 1 will be delayed by Packet 2

⇒ Additional delay by 2 packets ⇒ But NC gives additional delay of 3 packets

Network Security, WS 2008/09, Chapter 9 57 57

Non-Preemptiveness of Switched Ethernet (IV)

64 64 1518 1518 64 1518 S2 S1

However, NC cannot map the following situation accurately:

• Assume a small packet being delayed by a larger packet
• At Server/Switch S1, the small packet is delayed by the full large packet
• At Server/Switch S2, the small packet is delayed only by the remaining 1454 bytes
• But for FastEthernet, exact worst case is

0.2480 ms (omitting IFG and Preamble)

Network Security, WS 2008/09, Chapter 9 58 58

• However, recent research [SCH2008] showed that PMOO-SFA is not

always better than SFA

• [SCH2008] and [BOU2008] proposed linear optimization based

techniques to find tight bound for fluid flow models

• [BOU2008] also showed NP-hardness

Novel Optimization Based Approach based on MIP

Approach

• Capture NP-hardness by Mixed Integer Program

(rather than enumerating exponential number of solutions)

• Use discrete-sized packet model for better match to switched

Ethernet

• Address previously mentioned issues

(1) small packet follows larger packet (2) packet burst is not active any more

Network Security, WS 2008/09, Chapter 9 59 59

Linear Program / Mixed Integer Program

 Introduction by Example [5]

• Objective:

Maximize

• Subject to Inequalities:
• If some variables are in rather than in , problem becomes -hard

⇒ Integer Programming

• Generic Solver, such as
• lpSolve [6]
• Cbc [7]

 References:  Linear Programming, e.g., [4][5], Mixed Integer Programming, e.g., [5]

Network Security, WS 2008/09, Chapter 9 60 60

• Recent work showed linear optimization based techniques to find

tight bound for fluid flow models, [SCH2008] and [BOU2008]

• [BOU2008] also showed NP-hardness

Linear Optimization Based Approach

Questions

• When do flows burst ?
• When do servers take their latency ?

Idea

• determine formula for residual rates at servers
• use bursts of others flows to identify latency of flow of interest
• Find left-over service curve by maximizing burst of interferring flows

=> When do bursts have maximum impact ?

Network Security, WS 2008/09, Chapter 9 61 61

Mixed Integer Program Algorithm

Network Security, WS 2008/09, Chapter 9 62 62

Mixed Integer Program Algorithm

Network Security, WS 2008/09, Chapter 9 63 63

Toolchain DIMTOOL – Worst Case Estimation

• Generate VLAN configuration for switches
• Extracting topology and flow information and forward to DIMTOOL
• DIMTOOL generates reports according to simulation, NC & worst

case scheduling analysis CabinConfigurator (C++) DIMTOOL(Matlab) TopoGen Lib (C++)

Heidinger, E.; Burger, S.; Schneele S., Klein, A. & Carle, G., DIMTOOL: A Platform for Determining Worst Case Latencies in Switched Queuing Networks, submitted to ValueTools 2012

Backends

Network Security, WS 2008/09, Chapter 9 64 64

DIMTOOL - Results of Aircraft Cabin, 100MBit/s

• DIMTOOL Results for Upstream
• Worse Case Simulation shifts

latency towards analytical bounds

• At the first switch, FIFO bound

does not hold ⇒ Requirement of Non-FIFO bound

• Challenge in real

implementation: Does the switch guarantee FIFO ?

Network Security, WS 2008/09, Chapter 9 65 65

Distribute Configuration via SNMP and LLDP

• Using standarized protocols to
• verify topology
• distribute VLAN switching rules
• distribute shaping parameters
• Topology recognition Link Layer Discovery Protocol (LLDP)
• supported by Netgear GS110TP
• Configuration with Simple Network Management Protocol (SNMP)
• supported by Netgear GS110TP
• Providing C++ command line tool to
• calculate shapes
• determine VLAN rules
• configure via SNMP / LLDP

⇒ Allow the migration to cabin server software