conclusion Control and security of a two-way active measurement protocol Milan Ivanovic Department of computer science and communication Royal Institute of Technology June 16, 2011 Control and security of a two-way active measurement protocol KTH
conclusion The problem World-wide deployment of packet switched networks. How to reserve network resources? End-to-end probing - Active measurement. Control and security of a two-way active measurement protocol KTH
conclusion Two-way active measurement protocol - TWAMP An active measurement protocol. Standardized by the IETF. Authentication. Encryption. Control. Control and security of a two-way active measurement protocol KTH
conclusion Goals of this degree project Prototype implementation of the TWAMP protocol. Evaluation of the control and security aspects with focus on performance. Unauthenticated mode. Authenticated mode. Encrypted mode. Control and security of a two-way active measurement protocol KTH
conclusion Advantages of packet-switching Digital - All data is sent digitally over the network. Upgradable - Each node has a processing power. Redundancy - Network able to stay up. Efficiency - No need to reserve resources. Control and security of a two-way active measurement protocol KTH
conclusion Drawbacks of a packet-switched network Difficulty to reserve resources. Vern Paxson, one of the first to bring up the question about routing and packet behavior on the internet. In 1996 Paxson presented the paper “End-to-end routing behavior in the Internet”. One year later, “End-to-end Internet packet dynamics”. Control and security of a two-way active measurement protocol KTH
conclusion End-to-end Internet packet dynamics We find wide ranges of behavior, such that we must exercise great caution in regarding any aspect of packet dynamics as "typical". Some common assumptions such as in-order packet delivery, FIFO bottleneck queuing, independent loss events, single congestion time scales, and path symmetries are all violated, sometimes frequently. Control and security of a two-way active measurement protocol KTH
conclusion Active and passive monitoring Passive monitoring - Data collection without influencing or disturbing the network. Protocol usage CRC errors Link utilization Active monitoring - continuous insertion of test-packets into a network. Delay Jitter Packet loss Control and security of a two-way active measurement protocol KTH
conclusion Active measurement protocols IP-SLA - Proprietary protocol used by the Cisco routers and switches. ICMP ECHO - Part of the ICMP protocol, used by many tools such as the ping utility. Prosilient 1xOneWay and 2xOneWay - Proprietary protocol used by the Prosilient probes. TWAMP - Two-way active measurement protocol standardized by the IETF. Based on OWAMP. Control and security of a two-way active measurement protocol KTH
conclusion The TWAMP protocol Based on OWAMP. Created by the IETF due to the fact that there was no standard that allowed for collection of metrics in an inter-operable manner. Two protocols in one. TWAMP-Control TWAMP-Test Logically separated into smaller modules. Control and security of a two-way active measurement protocol KTH
conclusion TWAMP logical modules Session-Sender - Sending endpoint of the TWAMP-Test session. Session-Reflector - Receive the packets from Session-Sender, and return new, modified test-packets. Server - Managing one or more TWAMP-Test sessions. Control-Client - Handles initialization request for the TWAMP-Test sessions. Control and security of a two-way active measurement protocol KTH
conclusion Twamp logical modules Session-Sender Session-Reflector Control-Client TWAMP-Test Server TWAMP-Control Proprietary protocols Control and security of a two-way active measurement protocol KTH
conclusion TWAMP-Control protocol Responsible for dynamic set-up of TWAMP-Test sessions. Runs over the TCP protocol. Request-TW-Session - Request a TWAMP-Test session with specific parameters. Start-Sessions - Notify the Server module that it should start the session. Stop-Session - Notify the Server module that it should stop the session. Control and security of a two-way active measurement protocol KTH
conclusion Initialization and control message exchange TWAMP Client TWAMP Server Server-Greeting Set-Up-Response Request-TW-Session Server-Start Accept-Session Start-Sessions Start-Ack Stop-Sessions TWAMP-Control initialisation messages TWAMP-Control command messages Control and security of a two-way active measurement protocol KTH
conclusion TWAMP-Test protocol Runs over the UDP protocol. Two test-packet formats. Additional information is added when using authentication or encryption. Control and security of a two-way active measurement protocol KTH
conclusion Authentication and Encryption HMAC-SHA1 truncated to 128 bits. AES working on 128-bit size blocks in CBC and ECB mode of operation. Open and secure mode in TWAMP-Control. Mixed security mode extension. Control and security of a two-way active measurement protocol KTH
conclusion Multiple hosts model Separation of the logical modules on different hosts. Easier to manage individual parts. Traffic must be allowed between all hosts. Addition proprietary protocols are needed. Security compensation. Control and security of a two-way active measurement protocol KTH
conclusion Multiple hosts model Probe-1 Probe-2 Main Server Session-Sender Control-Client Session-Reflector Server TWAMP-Control TWAMP-Test Database Result Proprietary protocol Start test session Control and security of a two-way active measurement protocol KTH
conclusion Client-server model Minimized use of proprietary protocols. No need for extra firewall configuration. Secret key only on the client and the server. Simpler to implement and monitor. Control and security of a two-way active measurement protocol KTH
conclusion Client-server model Probe-1 Probe-2 Main Server Session-Sender Control-Client Session-Reflector Server TWAMP-Control TWAMP-Test Database Result Proprietary protocol Control and security of a two-way active measurement protocol KTH
conclusion Design decisions Two prototype programs were created, TWAMP client and TWAMP server. C programming language using the GNU dialect of the C89 standard. TWAMP client - wake-up timer of 1 millisecond. Sacrifices computational power for improved send schedule and improved accuracy of the measurement streams. Control and security of a two-way active measurement protocol KTH
conclusion TWAMP evaluation methods Time measurement. Memory consumption. CPU utilization monitoring. CPU load average monitoring. Control and security of a two-way active measurement protocol KTH
conclusion Time measurement Timing the construction, preparation, reading, sending time of the TWAMP messages. gettimeofday function POSIX.1-2001 standard. Timestamp before and after, difference recorded. TWAMP-Control and TWAMP-Test messages evaluated in the same say. Control and security of a two-way active measurement protocol KTH
conclusion Memory consumption Data collection from the /proc file system by examining the /proc/PID/smaps file. Resident Set Size (RSS) without the shared set size. Control and security of a two-way active measurement protocol KTH
conclusion CPU utilization and load average CPU utilization - The amount of time the CPU is using in order to process program instructions. CPU load average - Defined as the sum of the job queue length and the number of jobs currently running on the CPUs reported over 1-,5- and 15-minute intervals. Measures “responsiveness”. Software vs hardware timestamping. Control and security of a two-way active measurement protocol KTH
conclusion Equipment specification Product: Prosilient P2440 RevA release R5-1-1 Processor: Intel Celeron 1000 MHz Memory: 512M RAM Operating system : Fedora 8, code-named Werewolf Linux kernel : Customized 2.6.24 Linux kernel running with a 1000 HZ timer interrupt value Control and security of a two-way active measurement protocol KTH
conclusion Environment setup and data collection Lab network with 1 Gbit/sec throughput. In order to simulate high load, 100 packets per second were used per test-session. Probes controlled before each test. Scripted data collection. Control and security of a two-way active measurement protocol KTH
conclusion CPU utilization - TWAMP client 0 20 40 60 80 100 120 140 5 10 15 20 25 30 35 CPU utilization in percent Number of active test sessions Twamp client CPU utilization Unauthenticated Authenticated Encrypted Control and security of a two-way active measurement protocol KTH
conclusion CPU utilization - TWAMP server 0 20 40 60 80 100 120 140 0 10 20 30 40 50 60 70 80 CPU utilization in percent Number of active test sessions Twamp reflector CPU utilization Unauthenticated Authenticated Encrypted Control and security of a two-way active measurement protocol KTH
conclusion CPU load average - TWAMP client 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 2 4 6 8 10 12 14 16 18 20 CPU loadavg Number of active test sessions Twamp client loadavg values over 5min inverval Unauthenticated Authenticated Encrypted Control and security of a two-way active measurement protocol KTH
conclusion CPU load average - TWAMP server 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 5 10 15 20 25 30 35 40 45 50 CPU loadavg Number of active test sessions Twamp reflector loadavg values over 5min inverval Unauthenticated Authenticated Encrypted Control and security of a two-way active measurement protocol KTH
conclusion Conclusions Low memory consumption. No significant difference between authenticated and encrypted mode on the TWAMP client and the server. At most 17% and 35 % difference between unauthenticated and encrypted mode on the TWAMP client and the TWAMP server. Control and security of a two-way active measurement protocol KTH
conclusion Improvements AES-NI on Intel CPUs. Kernel implementation. TOS (DSCP) bits not saved. TWAMP-Test using both AES-ECB and AES-CBC. Periodic AES key renewal. Control and security of a two-way active measurement protocol KTH