Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Automated slow-start detection for anomaly root cause analysis and BBR identification

  • Published:
Annals of Telecommunications Aims and scope Submit manuscript

Abstract

Network troubleshooting usually requires packet level traffic capturing and analyzing. Indeed, the observation of emission patterns sheds some light on the kind of degradation experienced by a connection. In the case of reliable transport traffic where congestion control is performed, such as TCP and QUIC traffic, these patterns are the fruit of decisions made by the congestion control algorithm (CCA), according to its own perception of network conditions. The CCA estimates the bottleneck’s capacity via an exponential probing, during the so-called “Slow-Start” (SS) state. The bottleneck is considered reached upon reception of congestion signs, typically lost packets or abnormal packet delays depending on the version of CCA used. The SS state duration is thus a key indicator for the diagnosis of faults; this indicator is estimated empirically by human experts today, which is time-consuming and a cumbersome task with large error margins. This paper proposes a method to automatically identify the slow-start state from actively and passively obtained bidirectional packet traces. It relies on an innovative timeless representation of the observed packets series. We implemented our method in our active and passive probes and tested it with CUBIC and BBR under different network conditions. We then picked a few real-life examples to illustrate the value of our representation for easy discrimination between typical faults and for identifying BBR among CCAs variants.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24

Similar content being viewed by others

Data Availability

The packet captures that were collected using the operator (Orange) probes and servers can not be shared due to confidentiel reasonning

Notes

  1. Tool available online at https://193.252.113.227/cgi-bin/ats.cgi.

References

  1. Claise B (2004) Cisco Systems NetFlow Services Export Version 9. RFC Editor. https://doi.org/10.17487/RFC3954. https://www.rfc-editor.org/info/rfc3954

  2. Yu M, Jose L, Miao R (2013) Software defined traffic measurement with OpenSketch. In: Proceedings of the 10th USENIX Conference on Networked Systems Design and Implementation. nsdi’13, pp. 29–42. USENIX Association, USA

  3. Panchen S, McKee N, Phaal P (2001) InMon Corporation’s sFlow: a method for monitoring traffic in switched and routed networks. RFC Editor. https://doi.org/10.17487/RFC3176. https://www.rfc-editor.org/info/rfc3176

  4. Veal B, Li K, Lowenthal D (2005) New methods for passive estimation of TCP roundtrip times. In: Dovrolis C (ed) Passive and Active Network Measurement. Springer, Berlin, Heidelberg, pp 121–134

    Chapter  Google Scholar 

  5. Benko P, Veres A (2002) A passive method for estimating end-to-end TCP packet loss. In: Global Telecommunications Conference, 2002. GLOBECOM ’02. IEEE, vol. 3, pp. 2609–26133. https://doi.org/10.1109/GLOCOM.2002.1189102

  6. Iyengar J, Thomson M (2021) QUIC: a UDP-based multiplexed and secure transport. RFC Editor. https://doi.org/10.17487/RFC9000. https://www.rfc-editor.org/info/rfc9000

  7. Ha S, Rhee I, Xu L (2008) CUBIC: a new TCP-friendly high-speed TCP variant. SIGOPS Oper Syst Rev 42(5):64–74. https://doi.org/10.1145/1400097.1400105

    Article  Google Scholar 

  8. Cardwell N, Cheng Y, Yeganeh SH, Swett I, Jacobson V (2022) BBR congestion control. Internet-Draft draft-cardwell-iccrg-bbr-congestion-control-02, Internet Engineering Task Force (March). Work in Progress. https://datatracker.ietf.org/doc/draft-cardwell-iccrg-bbr-congestion-control/02/

  9. Tlaiss Z, Hamchaoui I, Amigo I, Ferrieux A, Vaton S (2023) Troubleshooting enhancement with automated slow-start detection. In: 2023 26th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), pp. 129–136. https://doi.org/10.1109/ICIN56760.2023.10073485

  10. Floyd S (2000) Congestion control principles. RFC Editor. https://doi.org/10.17487/RFC2914. https://www.rfc-editor.org/info/rfc2914

  11. Mishra A, Sun X, Jain A, Pande S, Joshi R, Leong B (2019) The great internet TCP congestion control census. Proceed ACM Measure Anal Comput Syst 3:1–24. https://doi.org/10.1145/3366693

    Article  Google Scholar 

  12. Balasubramanian P, Huang Y, Olson M (2023) HyStart++: modified slow start for TCP. Internet-Draft draft-ietf-tcpm-hystartplusplus-13, Internet Engineering Task Force (January). Work in Progress. https://datatracker.ietf.org/doc/draft-ietf-tcpm-hystartplusplus/13/

  13. Blanton E, Paxson DV, Allman M (2009) TCP congestion control. RFC Editor. https://doi.org/10.17487/RFC5681. https://www.rfc-editor.org/info/rfc5681

  14. Rüth J, Kunze I, Hohlfeld O (2019) TCP’s initial window–deployment in the wild and its impact on performance. IEEE Trans Netw Serv Manage 16(2):389–402. https://doi.org/10.1109/TNSM.2019.2896335

  15. Stevens WR (1997) TCP slow start, congestion avoidance, fast retransmit, and fast recovery algorithms. RFC Editor. https://doi.org/10.17487/RFC2001. https://www.rfc-editor.org/info/rfc2001

  16. Cardwell N, Cheng Y, Gunn CS, Yeganeh SH, Jacobson V (2017) BBR: congestion-based congestion control. Commun ACM 60(2):58–66. https://doi.org/10.1145/3009824

    Article  Google Scholar 

  17. Sanders C, Smith J (2014) Applied network security monitoring, p. Syngress, Boston. https://doi.org/10.1016/B978-0-12-417208-1.09984-0 . https://www.sciencedirect.com/science/article/pii/B9780124172081099840

  18. Casey E, Altheide C, Daywalt C, de Donno A, Forte D, Holley JO, Johnston A, van der Knijff R, Kokocinski A, Luehr PH, Maguire T, Pittman RD, Rose CW, Schwerha JJ, Shaver D, Smith JR (2010) Handbook of digital forensics and investigation, pp. 1–17. Academic Press, San Diego. https://doi.org/10.1016/B978-0-12-374267-4.00001-X. https://www.sciencedirect.com/science/article/pii/B978012374267400001X

  19. Transmission control protocol. RFC Editor (1981). https://doi.org/10.17487/RFC0793. https://www.rfc-editor.org/info/rfc793

  20. Kary: Understanding the tcptrace time-sequence graph in wireshark. https://packetbomb.com/understanding-the-tcptrace-time-sequence-graph-in-wireshark/

  21. Tlaiss Z (2021) Anomaly root cause diagnosis from active and passive measurement analysis. In: 2021 33th International Teletraffic Congress (ITC-33), pp. 1–3

  22. Hagos DH, Engelstad PE, Yazidi A, Kure O (2018) General TCP state inference model from passive measurements using machine learning techniques. IEEE Access 6:28372–28387. https://doi.org/10.1109/ACCESS.2018.2833107

  23. Padhye J, Floyd S (2001) On inferring TCP behavior. ACM SIGCOMM Comput Commun Rev. doi 10(1145/383059)

  24. Yang P, Luo W, Xu L, Deogun J, Lu Y (2011) TCP congestion avoidance algorithm identification. In: 2011 31st International Conference on Distributed Computing Systems, pp. 310–321. https://doi.org/10.1109/ICDCS.2011.27

  25. Jaiswal S, Iannaccone G, Diot C, Kurose J, Towsley D (2004) Inferring TCP connection characteristics through passive measurements, pp. 1582–15923. https://doi.org/10.1109/INFCOM.2004.1354571

  26. Toshihiko Kato RY, Leelianou Yongxialee Ohzahata S (2016) A study on how to characterize TCP congestion control algorithms from unidirectional packet traces. ICIMP 2016 : The Eleventh International Conference on Internet Monitoring and Protection

  27. Kato T, Yan X, Yamamoto R, Ohzahata S (2018) Identification of TCP congestion control algorithms from unidirectional packet traces, pp. 22–27. https://doi.org/10.1145/3291842.3291922

  28. Zhang Y, Breslau L, Paxson V, Shenker S (2002) On the characteristics and origins of internet flow rates. SIGCOMM Comput Commun Rev 32(4):309–322. https://doi.org/10.1145/964725.633055

    Article  Google Scholar 

  29. Guo C, Yuan L, Xiang D, Dang Y, Huang R, Maltz D, Liu Z, Wang V, Pang B, Chen H, Lin Z-W, Kurien V (2015) Pingmesh: a large-scale system for data center network latency measurement and analysis. SIGCOMM Comput Commun Rev 45(4):139–152. https://doi.org/10.1145/2829988.2787496

    Article  Google Scholar 

  30. Zhu Y, Kang N, Cao J, Greenberg A, Lu G, Mahajan R, Maltz D, Yuan L, Zhang M, Zhao BY, Zheng H (2015) Packet-level telemetry in large datacenter networks. SIGCOMM Comput Commun Rev 45(4):479–491. https://doi.org/10.1145/2829988.2787483

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMT Atlantique, Lab-STICC laboratory, Brest, France

    Ziad Tlaiss, Isabel Amigo & Sandrine Vaton

  2. Orange Labs Networks, Lannion, France

    Alexandre Ferrieux & Isabelle Hamchaoui

Authors
  1. Ziad Tlaiss
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexandre Ferrieux
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Isabel Amigo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Isabelle Hamchaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sandrine Vaton
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ziad Tlaiss.

Ethics declarations

Conflict of interest

The authors declare no competing interests

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tlaiss, Z., Ferrieux, A., Amigo, I. et al. Automated slow-start detection for anomaly root cause analysis and BBR identification. Ann. Telecommun. 79, 149–163 (2024). https://doi.org/10.1007/s12243-023-00982-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12243-023-00982-7

Keywords

Search

Navigation