Date post: | 31-Dec-2015 |
Category: |
Documents |
Upload: | dieter-morin |
View: | 30 times |
Download: | 1 times |
Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis
Yu-Chung Cheng
John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage
2
Enterprise 802.11?
Easy. Blanket the building with 802.11 APs for 100% coverage
3
A familiar story...
“The wireless is being flaky.”
“Flaky how?”
“Well, my connections got dropped earlier and now things seem very sloooow.”
“OK, we will take a look”
“Wait, wait … it’s ok now”
“Mmm… well let us know if you have any more problems.”
Now what?
Employee
Support
4
What are the problems? Contention with nearby wireless
devices? Bad AP channel assignments? Microwave ovens? Congestions in the Internet? Bad interaction between TCP and 802.11? Rogue access points? Poor choice of APs (weak signal)? Incompatible user software/hardware? 802.11 DoS attack?! …
Need to monitor the wireless network across time, locations, channels, and protocol layers
5
How to monitor 802.11?
Measurement Limitations
AP traces Only packets that AP sees
1 passive sniffer
Limited coverage
N passive sniffers in 1 channel
Limited frequency (roaming, broadband interference, AP channel assignments)
N passive sniffers of all channels
Need synchronized traces
6
Jigsaw
Measure real large wireless networks Collect every possible information
• PHY/Link/IP/TCP/App layer trace• Collect every single wireless packet
Need many sniffers for 100% coverage Provide global view of wireless
networks across time, locations, channels, and protocol layers
7
New CSE building at UCSD
150k square feet 4 floors
>500 occupants 150 faculty/staff 350 students
Building-wide WiFi 39 access points 802.11b/g
• Channel 1, 6, 11 10 - 90 active
clients anytime Daily traffic ~5
GB
8
UCSD passive monitor system
Overlays existing WiFi network Series of passive
sniffers Blanket deployment over 4
floors 39 sensor pods (156 radios) 4 radios per pod, cover
all channels in use Captures all 802.11
activities• Including CRC/PHY events
Stream back over wired network to a centralized storage
9
Jigsaw design
Traces synchronization and unification
L2 state reconstruction
TCP flow reconstruction
10
Synchronization Create a virtual global
clock To keep unification working
Critical evidence for analysis• If A and B are
transmitting at the same time they could interfere
• If A starts transmitting after B has started then A can’t hear B
Require fine time-scales (10-50us) NTP is >100 usec accuracy 802.11 HW clocks (TSF) have 100PPM stability
Time (s)T
SF
diff
(us
)
TSF diff of two sniffers
11
Traces synchronization and unification Sniffers label packets w/ local timestamp (TSF) Need a global clock Estimate the offset between TSF and the global clock for each
sniffer
12
Trace unification (ideal)
Time
13
Trace unification (reality)
Time
JFrame 1
JFrame 4
JFrame 5
JFrame 3
JFrame 2
Jigsawunifiedtrace
14
Challenge: sync at large-scale
How to bootstrap? Goal: estimate the offset between TSF and the
global clock for each sniffer Time reference from one sniffer to the other
Sync across channels Dual radios on same sniffer slaved to same clock
Manage TSF clock skews Continuously re-adjust offsets when unifying
frames
To
1 2 3 4
∆t1
∆t2
15
Jigsaw in action Jigsaw unifies
156 traces into one global trace
Covers 99% of AP frames, 96% of client frames
Starts Jan 24,2006 (Tuesday)
Duration 24 hr
Total APs 107 (39 CSE)
CSE Clients 1026
Active CSE clients anytime
10 - 90
Total Events 2,700M
PHY/CRC Errors 48%
Valid Frames 52%
JFrames 530M
Events per Jframe
2.97
16
L2-ACK
Beacon
Synchronized
Valid packets
CRC errors
PHY errors
17
Jigsaw syncs 99% frames < 20us
Measure sync. quality by max dispersion per Jframe
20 us is important threshold 802.11 back-off time
is 20 us 802.11 inter frame
time is 50 us Sufficient to infer
many 802.11 events
18
Hidden terminal problems
Infer transmission failure by absence of ACK Estimate conditional probability of loss
given simultaneous transmission by some hidden-terminal
sender receiver hidden terminal
How much packet is lost due to hidden-terminal?
?
19
Hidden Terminal Problems
10% of sender-receiver pairs have over 10% losses due to hidden terminals
20
Trace analysis802.11 b/g interactions
ARP Broadcast Storms
TCP loss rate in wireless vs. in Internet
Microwave Ovens
21
Moving forward Developed “Jigsaw” that allows
24x7 monitor system in UCSD CSE w/ 156 sniffers
Global fine-grained view of large wireless network (time, locations, channels)
Jigsaw software will be available shortly
Ongoing work Root cause diagnoses of end-to-end
performance in wireless networks Standard wireless problem analysis
• Ex. Exposed terminal problems
22
Q & A
Live traffic monitoring and more information at http://wireless.ucsdsys.net