COP2: Continuously Observing Protocol Performance
As enterprises move to a cloud-first approach, their network becomes crucial to their daily operations and has to be continuously monitored. Although passive monitoring can be convenient from a deployment viewpoint, inferring the state of each connection can cause them to miss important information (e.g., starvation). Furthermore, the increasing usage of fully encrypted protocols (e.g., QUIC encrypts headers), possibly over multiple paths (e.g., MPTCP), keeps diminishing the applicability of such techniques to future networks. We propose a new monitoring framework, Flowcorder, which leverages information already maintained by the end-hosts and records Key Performance Indicators (KPIs) from their transport protocols. More specifically, we present a generic approach which inserts lightweight eBPF probes at runtime in the protocol implementations. These probes extract KPIs from the per-connection states, and eventually export them over IPFIX for analysis. We present an application of this technique to the Linux kernel TCP stack and demonstrate its generality by extending it to support MPTCP. Our performance evaluation confirms that its overhead is negligible. Finally, we present live measurements collected with Flowcorder in a campus network, highlighting some insights provided by our framework.
READ FULL TEXT