The law of measurement
Measurement is to use data to describe the observed phenomenon according to a certain law, that is, to make a quantitative description of things. Measurement is the quantification process of non-quantitative objects.
Measurement elements
1. The measurement object, that is, the measurement object. It is the thing or phenomenon that exists in the objective world, and it is the object that we want to use numbers or symbols to express, explain, and explain.
2. Measurement content, that is, a certain attribute or characteristic of the measurement object. In fact, in any kind of measurement, although the object we measure is an object, the content of the measurement is not the object itself, but the characteristics or attributes of the object.
3. Measurement rules, that is, the operating rules for expressing various attributes or characteristics of things with numbers and symbols. It can also be said that it is a specific operating procedure and a standard for distinguishing different characteristics or attributes.
4. Numbers and symbols are the tools used to express the measurement results. For example, 120cm, 350 yuan.
Research Fields
Network measurement and analysis are mainly divided into three research fields:
(1) Measurement. Accurately capture quantitative Internet and its activities Measurement data. Generally, the main parameters of network measurement include RTT, path data, bandwidth, delay, bottleneck, frequency of burst traffic, degree of congestion, dynamic bottleneck, site reachability, throughput, bandwidth utilization, packet loss Rate, server and network equipment response time, maximum network traffic, network service quality QoS (including image, data, voice and other service quality), etc. It should be pointed out that in the network-level measurement, there is a type of measurement that needs to be measured Attributes are inherent to the network, such as its topology, connection capacity, and delay; another type of attribute reflects the current state of the network, such as queuing delay, connection availability, and routing dynamics.
(2) Model This is the core issue of performance evaluation-the establishment of formal network description and simulation. The effective application of this model can realize the prediction of future network behavior.
(3) Control. Use of measurement and The knowledge obtained by modelling can realize the reasonable configuration and use of Internet resources. Measure the topology of the network, dynamically describe the large-scale network structure, and analyze the performance of the network according to the changes of the network, and the network efficiency and
Behavior evaluation has at least the following applications:
(1) Network monitoring. Including monitoring of network operation, monitoring of network resources, and network performance (such as business throughput, delay, loss, etc.) Packet rate, RTT, bandwidth utilization, network scalability (scalability, etc.) monitoring, etc., and can submit fault and abnormal event reports, and make corresponding evaluations.
(2) Network quality control and assistance Network management. Such as discovering and correcting pathological routes, formulating strategies for network routing based on long-term observed routing data, self-organizing network resources after the network is destroyed, etc.
(3) Preventing large-scale network attacks At the same time, it provides necessary network mapping and traffic analysis for information attack countermeasures. By monitoring network behaviors on a large scale, it is possible to find network abnormalities, provide early warning methods for preventing large-scale network attacks, and enable the country to have more macro control over network management
(4) Network measurement can also be applied to the comparison of quality of service (QoS) of different Internet service providers (Internet service provider, ISP), mobile IP location discovery, proxy server The automatic selection and many other aspects.
(5) Provide a research basis for simulating Internet environment, protocol design and evaluation, and dynamic network survivability analysis.
(6) For Internet traffic Engineering (trafficengineering) and networkbehavior (networkbehavior) research provides basic supporting evidence and Verification platform.
Standard classification
There are many classification standards for network measurement. According to the measurement method, it is divided into active measurement and passive measurement; according to the number of measurement points, it is divided into single Point measurement and multi-point measurement; according to the knowledge of the measured person, it is divided into cooperative measurement and non-cooperative measurement; according to the protocol used in the measurement, it is divided into measurement based on BGP protocol, measurement based on TCP/IP protocol, and measurement based on TCP/IP protocol. SNMP protocol measurement; according to the content of the measurement, it is divided into topology measurement and performance measurement.
In the active measurement method, the network is studied by sending data to the network, observing the results, and the time required to send the data. Behavior. Actively measure the actual traffic sent to the network, and use these traffic measurements to reflect the parameters of the services provided by the network to other users, including round-triptime (RTT) and packet loss rate. Most projects that people do involve To active measurement.
In the passive measurement mode, a probe that records network activity is connected to the network. In most cases, it is connected to the connection between network nodes, and the A piece of information about the business traffic connected to it.
In terms of the number of measurement points, network measurement is divided into single-point and multi-point measurement. At the beginning of the research, many tasks belong to single-point measurement, but because of the measurement capability Limited, the information collected is not comprehensive, and distributed multi-point measurement has emerged, especially multi-point active measurement. Using data obtained from multiple detection points, it can synthesize large-scale network data and cross routing that cannot be obtained from a single point. Information.
A typical example of single-point testing is the Internet Mapping project of Bell Labs, which is a non-cooperative measurement. The project successfully described the topological changes of the two networks in Yugoslavia and Kosovo during the Kosovo War. This shows that in IP network measurement, single-point non-cooperative measurement has a fairly strong network detection capability. This is also a model of network measurement in the military field.
In terms of topology measurement, most projects show Logical topology diagram. With the expansion of the measurement range, the scale and structure of the entire map also expand. At this time, people often hope to correspond to the actual geographic location, that is, the topological map with geographic information. Skitter (CAIDA) is aimed at The path information collected from several source points to thousands of target points is used to visualize the topology and performance attributes, and the research on the geographic information map of AS has been carried out.
In terms of performance measurement, Many related projects have been carried out. The measurement content includes throughput, delay, packet loss rate, and analysis of network reliability, stability, and reachability. This aspect is to maintain and manage a specific network to ensure Service quality, on the other hand, is to predict network performance, such as NPACI'sNetworkWeatherService[5] periodically monitors and dynamically predicts (various network and computing resources) network performance at certain time intervals. Collect a certain moment of The data is used to predict the TCP/IP end-to-end throughput and delay in the next period of time through a numerical model, which is mainly used for the scheduling of large-scale computing on the WAN.
Research direction
( 1) IP topology measurement. The main measurement methods are divided into two categories: based on SNMP protocol and based on ICMP protocol. The former mainly obtains the topology relationship by accessing the MIB library. Due to the authority, it is suitable for the network with jurisdiction. Measurement, so it is difficult to promote the application. The latter is realized by Tracert, which can be used for large-scale network measurement on the Internet, but when firewall software is installed on the network, it cannot be measured.
The process is as follows: first get The network IP address is segmented, and then the route tracking technology is used to obtain the IP addresses of all routers that a data packet has gone through from the source IP address to the destination IP address, and all the IP addresses of a certain network are routed to get the network all The IP address and interconnection relationship of routers. Route tracking technology is implemented based on the following principles: First, send a udp packet to an unreachable port (usually a port above 10000) of the destination IP address with TTL=1. This packet After passing the first router, it will be discarded by the router. At the same time, the router will send an ICMP packet to the source host to notify that the packet is lost. By unlocking the ICMP packet, you can get the IP address of the router.
Then, we send a udp packet to the destination IP address with TTL=2, and repeat the above operation until the type of the returned ICMP packet is that the destination port is unreachable, indicating that the destination host has been reached, so that we can get from the local machine to the destination. The IP address of the router that the host passes through. All routers support this implementation. According to the path summary table obtained by the data collection module, a routing IP topology diagram reflecting the logical connection relationship can be directly generated, combined with the geographic location of each IP, It can generate a city coverage topology map.
(2) AS topology measurement. In general, the method of generating an AS-level topology map can be summarized as an AS map based on BGP routing information, an AS map based on Traceroute, and There are three types of AS-level topology graphs that are synthesized by topology generators based on certain characteristics. Among them, the first method is more common. This method has two measurement methods, passive measurement and active measurement. The former is used in key routing nodes. Obtain BGP data packets, and then use finite state automata technology to process the captured BGPupdate messages; the latter prepares a router by itself, runs the BGP protocol, and negotiates with the ISP to establish a BGP peer-to-peer connection with the corresponding router. Receiving routing update messages without forwarding user data, which requires the correct configuration of the corresponding routers by both peers. Based on a large amount of measurement data, an AS topology connection diagram is generated. Through the AS topology connection diagram, you can intuitively understand the AS connections Relationship, analyze which AS plays an important role, not only It can provide guidance for the access of new ASs, and it can also provide guidance for computer attack and defense in the future information warfare.
(3) Network performance measurement and analysis based on TCP/IP protocol. In order to investigate the network The stability, accessibility, reliability and network service quality of the network, the performance parameters that need to be measured periodically and continuously include packet loss rate, RTT, traffic, average hops of the path, etc.; on this basis, time-based analysis The dynamic changes of various indicators on each path, using the space as the main line to analyze the overall situation of the entire network at a certain time, such as the distribution of the total number of nodes at different levels of delay, etc., analyze the end-to-end routing changes (or the number of hops) Routing changes), etc. Other analysis also includes data mining (datamining) on the detected data, or using existing models (Petri net, self-similarity, queuing theory) to study its self-similar characteristics. Due to the measurement of network performance The real-time requirements are high, so the detection frequency is often very large, but it must be ensured not to cause a large additional load on the network, and pay attention to hiding the detection trace.
(4) Comprehensive analysis of network operation situation Based on the measurement data collected from multiple monitoring points and at different time periods, a comprehensive situational and strategic map of the tested network is generated, which truly realizes "strategic strategy and decisiveness than a thousand miles away". In addition to the real-time playback function with different levels of attributes, this map It is also possible to perform traffic abnormalities and fault alarms through color marking, sound prompts, etc., to provide early warning methods for preventing large-scale network attacks, and at the same time, from the perspective of network attacks, research and development of hidden and efficient distributed network reconnaissance measurement methods. In addition. , Conduct comprehensive analysis, provide users with QoS index, pathological routing report, provide first-hand basis for correcting pathological routing, formulating network routing strategies, and self-organizing network resources after network damage.
(5 ) Visualization of measurement and analysis results. The visualization of network measurement and analysis results is a key link. Through research, the use of graphical user interface GUI, arbitrary zooming and dragging of electronic maps, multi-layer representation of electronic maps, histograms, and two Dimensional, three-dimensional coordinate curves, fan-shaped graphs, tables, reports, two-dimensional plane graphics, three-dimensional three-dimensional graphics [8] and other means, combined with GIS technology, hierarchical, draggable, interactive hierarchical display of the situation map, intuitive, Visually show the measurement and analysis results. The compromise is that it is necessary to display the data in the library comprehensively and objectively, but also to have a good visual effect.
(6) Network behavior modeling, network simulation, Network trend prediction. Network topology discovery and measurement have become the main methods for studying network behavior. The measurement of network behavior is the basis of the entire network behavior research. The modeling and analysis of network behavior can use queuing theory, Petri nets, and Markov chains. , Poisson process and other theories. Due to the complexity, variability, and heterogeneity of the Internet environment, modeling analysis and simulation analysis of network behavior have become difficult.
(7) The architecture of network measurement. With the passage of time, network measurement will continue to expand and upgrade, so at the beginning of the design and implementation, it is necessary to fully consider the scalability, scalability, compatibility, and fault tolerance of the measurement system.