Jigsaw solving the puzzle of enterprise 802 11 analysis
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis PowerPoint PPT Presentation


  • 61 Views
  • Uploaded on
  • Presentation posted in: General

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis. Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage. Enterprise 802.11?. Easy. Blanket the building with 802.11 APs for 100% coverage. A familiar story. “The wireless is being flaky.”.

Download Presentation

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Jigsaw solving the puzzle of enterprise 802 11 analysis

Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis

Yu-Chung ChengJohn Bellardo, Peter Benko, Alex C. Snoeren,

Geoff Voelker, Stefan Savage


Enterprise 802 11

Enterprise 802.11?

Easy. Blanket the building with 802.11 APs for 100% coverage


A familiar story

A familiar story...

“The wireless is being flaky.”

“Flaky how?”

“Well, my connections got dropped earlier and now things seem very sloooow.”

“OK, we will take a look”

Employee

“Wait, wait … it’s ok now”

“Mmm… well let us know if you have any more problems.”

Support

Now what?


What are the problems

What are the problems?

  • Contention with nearby wireless devices?

  • Bad AP channel assignments?

  • Microwave ovens?

  • Congestions in the Internet?

  • Bad interaction between TCP and 802.11?

  • Rogue access points?

  • Poor choice of APs (weak signal)?

  • Incompatible user software/hardware?

  • 802.11 DoS attack?!

Need to monitor the wireless network across time, locations, channels, and protocol layers


How to monitor 802 11

How to monitor 802.11?


Jigsaw

Jigsaw

  • Measure real large wireless networks

    • Collect every possible information

      • PHY/Link/IP/TCP/App layer trace

      • Collect every single wireless packet

    • Need many sniffers for 100% coverage

  • Provide global view of wireless networks across time, locations, channels, and protocol layers


New cse building at ucsd

New CSE building at UCSD

  • 150k square feet

    • 4 floors

  • >500 occupants

    • 150 faculty/staff

    • 350 students

  • Building-wide WiFi

    • 39 access points

    • 802.11b/g

      • Channel 1, 6, 11

    • 10 - 90 active clients anytime

    • Daily traffic ~5 GB


Ucsd passive monitor system

UCSD passive monitor system

  • Overlays existing WiFi network

    • Series of passive sniffers

    • Blanket deployment over 4 floors

  • 39 sensor pods (156 radios)

    • 4 radios per pod, cover all channels in use

    • Captures all 802.11 activities

      • Including CRC/PHY events

    • Stream back over wired network to a centralized storage


Jigsaw design

Jigsaw design

Traces synchronization and unification

L2 state reconstruction

TCP flow reconstruction


Synchronization

TSF diff of two sniffers

TSF diff (us)

Time (s)

Synchronization

  • Create a virtual global clock

    • To keep unification working

    • Critical evidence for analysis

      • If A and B are transmitting at the same time they could interfere

      • If A starts transmitting after B has started then A can’t hear B

  • Require fine time-scales (10-50us)

    • NTP is >100 usec accuracy

    • 802.11 HW clocks (TSF) have 100PPM stability


Traces synchronization and unification

Traces synchronization and unification

  • Sniffers label packets w/ local timestamp (TSF)

  • Need a global clock

  • Estimate the offset between TSF and the global clock for each sniffer


Trace unification ideal

Trace unification (ideal)

Time


Trace unification reality

JFrame 1

JFrame 2

JFrame 3

JFrame 4

JFrame 5

Trace unification (reality)

Jigsawunifiedtrace

Time


Challenge sync at large scale

1

2

3

4

∆t1

∆t2

To

Challenge: sync at large-scale

  • How to bootstrap?

    • Goal: estimate the offset between TSF and the global clock for each sniffer

    • Time reference from one sniffer to the other

  • Sync across channels

    • Dual radios on same sniffer slaved to same clock

  • Manage TSF clock skews

    • Continuously re-adjust offsets when unifying frames


Jigsaw in action

Jigsaw in action

  • Jigsaw unifies 156 traces into one global trace

  • Covers 99% of AP frames, 96% of client frames


Jigsaw solving the puzzle of enterprise 802 11 analysis

PHY errors

CRC errors

L2-ACK

Beacon

Synchronized

Valid packets


Jigsaw syncs 99 frames 20us

Jigsaw syncs 99% frames < 20us

  • Measure sync. quality by max dispersion per Jframe

  • 20 us is important threshold

    • 802.11 back-off time is 20 us

    • 802.11 inter frame time is 50 us

    • Sufficient to infer many 802.11 events


Hidden terminal problems

Hidden terminal problems

  • Infer transmission failure by absence of ACK

  • Estimate conditional probability of loss given simultaneous transmission by some hidden-terminal

  • How much packet is lost due to hidden-terminal?

?

sender

receiver

hidden terminal


Hidden terminal problems1

Hidden Terminal Problems

  • 10% of sender-receiver pairs have over 10% losses due to hidden terminals


Trace analysis

TCP loss rate in wireless vs. in Internet

802.11 b/g interactions

ARP Broadcast Storms

Microwave Ovens

Trace analysis


Moving forward

Moving forward

  • Developed “Jigsaw” that allows

    • 24x7 monitor system in UCSD CSE w/ 156 sniffers

    • Global fine-grained view of large wireless network (time, locations, channels)

    • Jigsaw software will be available shortly

  • Ongoing work

    • Root cause diagnoses of end-to-end performance in wireless networks

    • Standard wireless problem analysis

      • Ex. Exposed terminal problems


Jigsaw solving the puzzle of enterprise 802 11 analysis

Q & A

Live traffic monitoring and more information at http://wireless.ucsdsys.net


  • Login