Passive Performance Monitoring of Network Transport
The goal of this effort is real-time, always on, passive
monitoring of key network metrics that impact application performance.
Passive approaches make use of the existing packet stream without
adding or modifying packets, thus
recording what actual applications
experience rather than what artificial probe traffic sees.
Transport Level Passive Ping (pping)
We originally used this technique to validate TSDE (below),
but quickly found it to be useful in its own right.
We have rolled a basic version into its own C++ program
and are making it available as open source (GPLv2.0) to
encourage work on passive monitoring. Our version works on TCP packets
and can be extended to any transport protocol with a timestamp (or similar) field.
Using the very nice
library simplified application to both IPv4 and IPv6,
and can ease the addition of future protocols.
The passive ping tool
works for both live capture and pcap file reading;
its description and a link to the code are
Transport Segment Delay Estimator (TSDE)
Funded by a U.S. Department of Energy Small Business Innovation Research
(SBIR) grant (Phases I and II), Pollere has first focused on measuring
and isolating network delay.
The delay experienced by application packets is a powerful Internet
diagnostic. Network problems (like bufferbloat or high loss rates) and
end-node problems (like receiver or sender window limits) are both
visible in packet round trip delays. Round trip delays have long been
measured by end-node protocols to diagnose and repair loss. But this
high quality diagnostic information is only available to the end nodes
while other network elements have made do with less capable measures
such as the ping matrices produced by an active probing mesh.
Pollere has developed tools that extract high-quality round-trip and
one-way delay information from passively collected application packet
samples. The sampling can be done anywhere in the network and doesn't
require samples from both directions of a flow (e.g., the tools work in
the presence of asymmetric routing and multipath). Because the
information is mined from application traffic, it measures everything
that happens to the that traffic. So, for example, samples taken on the
one end of a campus peering link could be used not only to identify
prefixes experiencing significant bufferbloat but also to localize the
delay, determining whether the bottleneck was inside the campus network,
in the measuring ISP, or on the path to the remote destination.
More information on TSDE
We took our prototype TSDE for a spin in a home network and monitored
some video streams.
See our Listening with TSDE note.
(If you find misconceptions and misperceptions,
we are happy to be better informed.)
Listening with a Transparent Bridge
Recent talks on measurements using TSDE and on passive monitoring in general
are available on our
For more information on TSDE, contact firstname.lastname@example.org.