Inferring TCP connection characteristics through passive measurements

Abstract

We propose a passive measurement methodology to infer and keep track of the values of two important variables as- sociated with a TCP connection: the sender's congestion window (cwnd) and the connection round trip time (RTT). Together, these variables provide a valuable diagnostic of end-user-perceived network performance. Our methodology is validated via both simulation and concurrent active measurements, and is shown to be able to handle various flavors of TCP. Given our passive approach and measurement points within a Tier-1 network provider, we are able to analyze more than 10 million connections, with senders located in more than 45% of the autonomous systems in today's Internet. Our results indicate that sender throughput is frequently limited by a lack of data to send, that the TCP congestion control flavor often has minimal impact on throughput, and that the vast majority of connections do not experience significant variations in RTT during their lifetime. higher transfer rate, if more data were available); by carefully observing the manner in which cwnd changes in response to loss, one can identify non-conformant TCP senders, or the particular conformant flavor of TCP (e.g., Tahoe, Reno, New Reno); by monitoring RTTs, one can characterize RTT variability within and among flows, and determine the extent to which application-level adaptivity is needed to cope with variable network delays. Our work makes several important contributions. Our first contribution is methodological. We develop a passive method- ology to infer a sender's congestion window by observing TCP segments passing through a measurement point. The measurement point itself can be anywhere between the sender and the receiver. We only require that packets can be observed from both directions of the TCP connection, a requirement our previous work (11) has shown to not be overly restrictive. In case the connection experiences losses, our methodology's estimate of cwnd is sensitive to the TCP congestion control flavor (Tahoe, Reno, or New Reno) that best matches the sender's observed behavior. We also propose a simple RTT estimation technique based on the estimated value of cwnd. Our second contribution is in terms of the measurements made, and the application of our methodology to the traces gathered within the Sprint IP backbone. We present results on the distributions of congestion window sizes and RTTs in the observed TCP connections. Our study is unique in that it examines a remarkably large and diverse number of TCP connections. Given our passive methodology and measurement points within a Tier-1 network provider, we are able to analyze more than 10 million connections, with senders located in more than 45% of the autonomous systems in today's Internet. We find that sender throughput is frequently limited by lack of data to send, i.e., that lack of data, rather than network congestion, is often a limiting factor. We find that the majority of TCP connections reach a maximum congestion window on the order of 10 segments but that 50 to 60% of the packets belong to connections with windows larger than 10 segments. We find that connections do not generally experi- ence large RTT variations in their lifetime. For example, for approximately 80-85% of the connections, the ratio between the 95th percentile RTT value and the 5th percentile RTT value is less than 3; in absolute terms, the RTT variation during a connection's lifetime is less than 1 second for 75- 80% of the connections. Finally, we find that TCP congestion