Software

  1. Alternate Queueing (ALTQ) for BSD UNIX including CBQ, HFSC, PRIQ, WFQ, JoBS, RED, RIO, Blue
  2. Aguri : An Aggregation-based Traffic Profiler
  3. Tele Traffic Tapper (ttt) : Real-time Graphical Remote Traffic Monitor

ALTQ: Alternate Queueing for BSD UNIX (version 3.1)

This is a release of Alternate Queueing for BSD UNIX. ALTQ provides queueing disciplines and other QoS related components required to realize resource-sharing and quality of service. The ALTQ release is intended to be a flexible platform to promote network research and gain field experience.

ALTQ consists of a system framework, QoS components, and management tools. The system framework provides an abstraction of QoS components and interfaces QoS components into the existing operating system.
The QoS components realizes actual service differentiation mechanisms.
The management tools include altq daemon and altqstat monitoring tool.
Note that ALTQ controls only outgoing traffic since queueing disciplines work only on outgoing interfaces.

Now that ALTQ is being developed in the KAME repository, this standalone ALTQ release is back-ported from KAME, and supports only FreeBSD-4.5, NetBSD-1.5.2 and OpenBSD-3.0.
(some tools and documents haven't been merged into KAME, and are available only in this release. OpenBSD-3.0 already integrates ALTQ so that this packages updates the ALTQ part. ALTQ in OpenBSD-current as of February 26 isn't much different from altq-3.1.)

The release includes:

What's New since version 3.0:

  • ECN (Explicit Congestion Notification) RFC3168 support
    • packet marking by ALTQ
    • ECN support in TCP
    • fragment/tunnel handling in IPv4/IPv6
    the latter 2 are provided in a separate patch which can be applied to stock FreeBSD/NetBSD/OpenBSD.
  • JoBS from University of Virginia
    JoBS is a joint buffer management and scheduling algorithm. It provides, on a per-hop basis, absolute and proportional service guarantees to traffic aggregates.
    note that JoBS is still experimental.
    (JoBS is also available in KAME snaps.)
  • more supported drivers
    this release supports most network drivers in FreeBSD/NetBSD/OpenBSD
  • code cleanup/bug fixes

The latest version is altq-3.1. (520KB) release date: 2002/02/28; Errata

a kernel patch for FreeBSD-4.6. release date: 2002/07/08; updated 2002/7/22;
(a merge error which leads to a panic was found in the original patch.

if you downloaded the patch before 7/22, apply this to sys-altq/net/if.c.)

a kernel patch for FreeBSD-4.7. release date: 2002/10/17

a kernel patch for FreeBSD-4.8. release date: 2003/04/18

An experimental FreeBSD-5.x support is available at here.

The KAME development tree also has FreeBSD-5.x support.

ALTQ is integrated into KAME IPv6 and being developed under the KAME CVS repository.
New features and bug fixes are committed first to the KAME repository, and an ALTQ release is created out of the KAME respository.
You can get latest changes through KAME-snap kit.
ALTQ is also available in OpenBSD-3.0 and NetBSD-current.
OpenBSD-3.3 or later has ALTQ integrated into pf (OpenBSD's packet filter) so that you can take advantage of pf's stateful packet filtering and set up ALTQ as part of the pf configuration file. (more on pf:queueing)

ALTQ resources:

[CBQ traffic trace]

This graph shows a trace of ALTQ/CBQ traffic control on 150M ATM.

6 TCP streams oscillate with FIFO queueing. At time 18, CBQ is enabled. The CBQ configuration gives 20Mbps to two TCP streams, 15Mbps to two TCPs, and 10Mbps to 2 TCPs (total 90Mbps); the streams are classified by port number.

Click here for more about ALTQ/CBQ performance.
Click here to see ALTQ/RED and ECN performance.

Aguri: An Aggregation-based Traffic Profiler (version 0.7)

joint work with Ryo Kaizaki
(a beta version for BSD UNIX and doesn't support other platforms very well.)

Aguri is an aggregation-based traffic profiler targeted for near real-time, long-term, and wide-area traffic monitoring.
Aguri adapts itself to spatial traffic distribution by aggregating small volume flows into aggregates, and achieves temporal aggregation by creating a summary of summaries applying the same algorithm to its outputs.
A set of scripts are used for archiving and visualizing summaries in different time scales.
Aguri does not need a predefined rule set and is capable of detecting an unexpected increase of unknown protocols or DoS attacks, which considerably simplifies the task of network monitoring.

Aguri produces four separate profiles for source addresses, destination addresses, source protocols and destination protocols.
IP addresses are designed to be hierarchical and aggregatable so that it is natural to apply aggregation. Both IPv4 and IPv6 are supported in address profiles.
Although protocol numbers are not hierarchical, the same technique can be used to identify port ranges.
We concatenate the IP version, the protocol number and the TCP/UDP port number to create a 32-bit key for a protocol profile.

Aguri monitors network traffic using libpcap(3), and produces a summary when it receives a HUP signal.
Periodic summaries can be obtained by sending HUP signals from cron(8) to the running aguri program.

Archive and Visualization:
Aguri's summary output is in a plain text format.
Scripts are used to archive aguri outputs, and to plot graphs.
Here are sample graphs: a plot graph and a traffic density graph.

The latest version is aguri-0.7. (48KB) release date: 2003/03/13;

Here is a paper on aguri.
Also, sample daily plot graphs from the WIDE backbone are available.

TTT: Tele Traffic Tapper (version 1.8.1)

ttt is yet another descendant of tcpdump but it is capable of real-time, graphical, and remote traffic-monitoring. ttt won't replace tcpdump, rather, it helps you find out what to look into with tcpdump.

ttt monitors the network and automatically picks up the main contributors of the traffic within the time window.
The graphs are updated every second by default.

Features:

  • Automatic Ranking of Protocols and Hosts
  • Real-Time Monitoring
  • Remote Monitoring with IP-Multicast support
  • Accepts tcpdump output
  • IPv6 Aware (experimental)
  • Portable and easy to customize

I have tested this version on FreeBSD-4.9, NetBSD-1.6, Debian-linux-3.0.

Click on ttt-1.8.1.tar.gz to download the program. (135K bytes) release date: 2004/5/20

ttt is part of FreeBSD ports collection and NetBSD packages collection.
libBLT is also in the ports/packages collection.

What's new since 1.8.

  • 1.8.1 is a minor update of 1.8. it fixes prototype mismatches with the latest libpcap.

ttt uses two portable libraries for packet-capturing and graph-drawing.
For packet capturing, "libpcap" of tcpdump from Lawrence Berkeley Laboratory is used. For auto-scale graphs, "libBLT" for Tcl/Tk from AT&T Bell Laboratories is used.
So, if you already have tcpdump and Tcl/Tk on your machine,there would be no problem to install ttt.

Here is a graphical image of ttt.

ALTQ for PPP (version 0.1) (OBSOLETE)

This release is a port of ALTQ (kernel version) to the userland ppp (aka iij-ppp). Since the bottleneck of ppp is the serial link (not the tun interface), alternative queueing is implemented within the ppp program.
This release is an alpha version and is not for general users but to ask for comments and suggestions. Testers are supposed to have control of both ends of a dialup link.
This version supports CBQ and is intended to be used at the server side (upstream side) of a dialup link (the current implementation controls only outgoing packets).
The ppp part is based on the verion in FreeBSD-2.2.6-RELEASE.

Features:

  • a queueing framework as a userland program.
  • supports CBQ that controls the bandwidth use of hierarchically configured classes.
  • RED can be enabled on a class queue basis to keep the queue length short.
  • the native firewall mechanism is enhanced in order to work as a CBQ classifier.

Click on altq4ppp-0.1.tar.gz to download the program. (208K bytes) release date: 1998/06/10

Links to Related Work

CBQ, RED and ECN
CBQ, RED and ECN Home Pages at LBNL by Sally Floyd
RSVP
RSVP Home Page at ISI
HFSC
HFSC Home page at CMU by Hui Zhang
Blue
Blue Home Page at University of Michigan by Wu-chang Feng
JoBS/QoSbox
QoSbox project homepage at the University of Virginia. Includes information about the JoBS queuing discipline.
FreeBSD
FreeBSD Home Page
NetBSD
NetBSD Home Page
OpenBSD
OpenBSD Home Page
BSD ATM
BSD ATM Driver by Chuck Cranor
ATM Switch Tools
ATM Switch Management Tools by Yasutaka Miwa
Netperf
Network performance benchmark
libpcap
Packet Capture Library by LBNL
Sun's RSVP
Sun's RSVP and CBQ related ftp site
diffserv
Differentiated Service WG at IETF
KAME IPv6
KAME IPv6 stack for FreeBSD/NetBSD/BSD/OS
INRIA IPv6
INRIA IPv6 stack for FreeBSD/NetBSD
Mobile IP at NUS
NUS ported ALTQ to linux as part of their Mobile IP research
Kuma Project
a joint effort to build a QoS policy framework

Send bug reports, suggestions, etc. to kjc at iijlab.net.

  • Traffic measurement from ISP backbones

    We are collaborating with several Japanese ISPs to understand the traffic behavior of broadband users.

  • DNS measurement

    This project is an ongoing effort to investigate the root name server performance from various locations of the Internet. We use simple probe programs to measure the responsetime of the root servers. We also measure the response time of the ccTLD servers to compare them with the root servers.

    More information is available from the DNS measurement page.

  • IPv4/IPv6 comparative path analysis

    One of the major hurdles limiting IPv6 adoption is the existence of poorly managed experimental IPv6 sites that negatively affect the perceived quality of the IPv6 Internet. To assist network operators in improving IPv6 networks, we are exploring methods to identify wide-area IPv6 network problems. Our approach makes use of parallel IPv4 and IPv6 connectivity to dual-stacked nodes.

    We identify the existence of an IPv6 path problem by comparing IPv6 delay measurements to IPv4 delay measurements. Our test results indicate that the majority of IPv6 paths have delay characteristics comparable to those of IPv4, although a small number of paths exhibit a much larger delay with IPv6. Thus, we hope to improve the quality of the IPv6 Internet by identifying the worst set of problems.

    Our methodology is simple. We create a list of systems with IPv6 and IPv4 addresses in actual use by monitoring DNS messages. We then measure delay to each address in order to select a few systems per site based on their IPv6:IPv4 response-time ratios. Finally, we run traceroute with Path MTU discovery to the selected systems and then visualize the results for comparative path analysis.

    More information is available from the dualstack path analysis page.

  • Publicly available packet traces from the WIDE backbone

    Packet trace data is essential to study network dynamics, usage characteristics, and growth patterns, as well as various protocol design.
    Despite the increasing demands, it is difficult to obtain packet traces, especially at a backbone network.
    Packet traces could contain user privacy information so that they are usually available only under non-disclosure agreements.

    As a chair of the MAWI (Measurement and Analysis on the WIDE Internet) working group of the WIDE Project, I have been working on building a public traffic trace repository.
    Our challenges include:

    • collecting packet traces from the WIDE backbone network.
      (sampling method, automation, high-speed packet capturing)
    • creating a large set of publicly available traces by removing or scrambling sensitive information.
      (development of tools and scrambling method)
    • development of tools to analyze and visualize packet traces.

    The WIDE traffic data repository contains packet traces from the WIDE backbone.

  • Network data visualization

    Visualization is essential to network traffic analysis.
    We are exploring techniques for visualizing network related information.

  • ALTQ

    Queue management is an essential component in managing network traffic.
    A large number of queueing disciplines have been proposed to date in order to meet a wide range of requirements.
    However, FIFO queueing is the only queueing discipline used in traditional UNIX systems.

    The ALTQ project is aimed at providing a flexible queueing platform in order to promote research and operational experience in the field.
    The ALTQ software release includes a queueing framework and a set of advanced queueing disciplines such as CBQ, HFSC, RED, WFQ BLUE, and RIO. ALTQ also includes traffic conditioning elements for diffserv.
    The ALTQ release for FreeBSD has been publicly available since March 1997, and used by many groups world wide. NetBSD and OpenBSD are also supported.

    The H-FSC implementation in ALTQ is a joint work with Hui Zhang and his group members at CMU during my stay at CMU in July 1999.

PAGE TOP