Home Contact Resources Services About Us

Passive Performance Monitoring of Network Transport

The goal of this effort is real-time, always on, passive monitoring of key network metrics that impact application performance. Passive approaches make use of the existing packet stream without adding or modifying packets, thus recording what actual applications experience rather than what artificial probe traffic sees.

Transport Level Passive Ping (pping)

We originally used this technique to validate TSDE (below), but quickly found it to be useful in its own right. We have rolled a basic version into its own C++ program and are making it available as open source (GPLv2.0) to encourage work on passive monitoring. Our version works on TCP packets and can be extended to any transport protocol with a timestamp (or similar) field. Using the very nice libtins library simplified application to both IPv4 and IPv6, and can ease the addition of future protocols. The passive ping tool works for both live capture and pcap file reading; its description and a link to the code are here.

Transport Segment Delay Estimator (TSDE)

Funded by a U.S. Department of Energy Small Business Innovation Research (SBIR) grant (Phases I and II), Pollere has first focused on measuring and isolating network delay.

The delay experienced by application packets is a powerful Internet diagnostic. Network problems (like bufferbloat or high loss rates) and end-node problems (like receiver or sender window limits) are both visible in packet round trip delays. Round trip delays have long been measured by end-node protocols to diagnose and repair loss. But this high quality diagnostic information is only available to the end nodes while other network elements have made do with less capable measures such as the ping matrices produced by an active probing mesh.

Pollere has developed tools that extract high-quality round-trip and one-way delay information from passively collected application packet samples. The sampling can be done anywhere in the network and doesn't require samples from both directions of a flow (e.g., the tools work in the presence of asymmetric routing and multipath). Because the information is mined from application traffic, it measures everything that happens to the that traffic. So, for example, samples taken on the one end of a campus peering link could be used not only to identify prefixes experiencing significant bufferbloat but also to localize the delay, determining whether the bottleneck was inside the campus network, in the measuring ISP, or on the path to the remote destination.

More information on TSDE

We took our prototype TSDE for a spin in a home network and monitored some video streams. See our Listening with TSDE note. (If you find misconceptions and misperceptions, we are happy to be better informed.)

Listening with a Transparent Bridge

Recent talks on measurements using TSDE and on passive monitoring in general are available on our Presentations page.

For more information on TSDE, contact info@pollere.net.


About Us | Services | Resources | Contact | Home

Copyright © 2012-2017, Pollere, Inc. All Rights Reserved.