节点文献
网络状态监测仪中丢包检测算法及其实现的关键问题研究
Packet Loss Detection Algorithm and Key Points of Its Implementation in Network Status Monitor
【作者】 肖寅东;
【导师】 王厚军;
【作者基本信息】 电子科技大学 , 测试计量技术及仪器, 2013, 博士
【摘要】 20世纪70年代以来,计算机网络在社会各行业中得到了广泛应用,起到了极其重要的作用。对计算机网络运行状态的深入观测方法也受到学术界和工业界的密切关注,很多专家、学者相继提出了大量的新算法。网络状态监测仪是一种具备观测内部网络运行状态功能的仪器。该仪器使用被动检测方法对截获的网络包记录进行分析,提取其包含的丢包率、延迟时间等特征信息。其中,准确的对内部网络中存在的丢包现象进行推断是实现该仪器的一个重点和难点。本文针对内部网络丢包检测算法进行了深入探讨,提出了两种基于本地网络往返时间的丢包检测算法,并讨论了在网络状态监测仪中实现丢包检测算法的方案。本文的主要研究工作如下:1.在基于数据包重传机制和基于确认包分析的丢包检测算法的基础上,针对接收数据流中发生本地网络丢包的各种情况进行分析,提出了基于本地网络往返时间的丢包检测算法,并利用本地网络往返时间的极限值对数据包丢失进行判断。从理论分析和实验结果出发,论证该算法在发生虚假快速重传、虚假超时重传、批量丢包和重传过程中丢包等事件时都能正确推断丢失包。2.针对该丢包检测算法对本地网络往返时间极限值过于敏感的特点,本文通过对TCP协议确认包发送机制的分析,建立了本地网络往返时间的解析模型,将其样本集划分为由四类事件触发的子集,讨论了这些样本子集中最重要的三类样本的分布模型及其对应的极值计算方法,提出了基于该本地往返时间模型的丢包检测算法,进一步细化不同事件发生时该检测算法的处理方案。通过讨论得出如下结论:在该检测算法中设置本地网络往返时间的极限值为立即确认极值(即数据包与其到达TCP连接收端主机后立即触发的确认包到达监听设备的时间差极限值)可以保证算法的稳定性;引入超时规则可对网络中出现的超时重传现象进行检测扩大算法的检测范围。3.针对处理网络截获记录需要计算能力大,而中央处理芯片能力相对薄弱的问题,设计了基于状态机的包头提取方法,将大量的网络包解析工作放在硬件电路中实现,并提供了相应的协议扩展机制。该包头提取方法具备处理网络嵌套协议的能力,具有解析带宽大(高达44Gbps),占用资源少的特点,可广泛应用于网络检测、网络安全等对网络协议支持较多、处理能力要求较高的领域。使用双层缓存结构的媒介访问控制器设计方法在不影响性能的前提下,对传统媒介访问控制器进行了改进,在软、硬件上解决了包头提取方法与网络媒介访问控制器之间存在的接口差异问题,满足网络监测仪的设计需求。4.在网络仿真环境和实际截获记录中对基于本地网络丢包检测算法及其改进算法进行了验证,证明这些算法在多种配置的网络环境下,都具有极低的误判率和较高的覆盖率。采样充分时,该算法误判率均小于0.62%,即使在采样数较少的情况下,误判率也可以控制在11.6%以下,这是该算法相对于其他同类检测算法最重要的优势。
【Abstract】 Since1970s, computer network have widely applied to every field in the world,and played an extremely important role. Research and industry community have paidmuch attention on digging network’s internal running status, in which many noveltymethods were proposed and adopted. Network Status Monitor(NSM) is a kind ofinstrument which could observe internal status of network. This instrument extractspacket loss and delay characteristic by analyzing the trace file generated by passivecapture method. The challenge is how to exactly infer the loss packet exists in localnetwork.A detection method and its improved version on loss packet based on LocalRound Trip Time(LRTT) was proposed and implemented in NSM. The key point of thiswork can be concluded as follow.1. By extending detection methods based on TCP retransmission mechanism oracknowledgement packet analysis, a new detection method based on extreme value ofLRTT to infer packet loss exists in local network in receiving flow was proposed. Themethod can correctly deal with all kind of packet loss, as spurious fast retransmission,spurious time out retransmission, batch loss and loss in retransmission.2. An analytic model for LRTT was setup through TCP acknowledgemechanism,itdivide LRTT’s samples into for four subsets which were triggered bydifferent events. Three of the subsetscan be modeled with experimental distributionswhich make their extreme value estimation available. Profound discussionon details byadopting those extreme values into previous method can conclude that using extremevalue of immediate acknowledgement as its maximum LRTT and introducing a newtime out rule would improve its stability and detecting range.3. To fulfill the large calculation capabilities of analyzing network packets, a newpacket header extraction method based on finite state machine was designed to moveprinciple workload to FPGA(Field Programmable Gate Array), and provide a flexibleextending mechanism. This method solved the performance shortage of centralprocessing unit and provides ability of extracting nestable shim layer protocol. It isproved that the method support a high extracting bandwidth and low resource usage, which especially suit for the area of network measurement and security. To integrate thispacket header extraction module in traditional Media Access Controller(MAC), wepropose two layeredFIFO (First In First Out) architecture to eliminate thedifferencesbetween their interface both in software and hardware.4. The proposed loss detection methods have been proved in network emulator andreal captured traces as is stability and performance. In various environment, theexperiment results show an extremely low false detection rate and acceptable cover rate,which is an important advantage of our detection method, especially the false detectionrate is below0.62%when samples are sufficient, even in opposite situation the falsedetection still keep as lower as11.6%.