Traffic analysis at short time-scales: an empirical case study from a 3G cellular network (original) (raw)
Related papers
Observations at short time-scales from the edge of a cellular data network
The availability of synchronized traces captured at different links allows the extraction of one-way delays for the network section in between. In principle one-way delay statistics van be used as quality indicators and serve as a basis to detect drifts and troubles within the network, or simply to validate the its health. Since packet delays depends not only on the status of the network but also on the arriving traffic rate, any meaningful delay analysis must go hand in hand with the analysis of the traffic patterns at short time scales. In this work we report on the traffic and delay patterns observed at short timescales at the edge of a cellular mobile network. We describe the methodological aspects and present a set of results from an operational network. We find that the aggregate traffic rate yields large impulses and investigate on their causes. Specifically, we find that high-rate sequential scanners represent a common source of traffic impulses, and discuss the potential im...
Explorative analysis of one-way delays in a mobile 3G network
2008 16th IEEE Workshop on Local and Metropolitan Area Networks, 2008
In this paper we investigate the dynamics of one-way delays in an operational mobile core network. Our final goal is to develop anomaly detection schemes for the packet delay process in order to reveal network and equipment problems. This requires a preliminary exploration of the delay process in the core network, which we undertake in this study.
Analysis of TCP Bottleneck Footprints in Traces from live 3G Networks
In this paper we evaluate four different metrics for non intrusive bottleneck detection based on TCP counters. Three using a reference and one being reference free. This work is based on the full TCP statistics recorded on five days over the last one and a half year within the live core network of a mobile network operator in Austria. We used two of the datasets, which had a known bottleneck in place as a reference for the metrics. We generated scatterplots, so called footprints, using the number of packets and the number of retransmissions for each user in the peak hours around 7-11 p.m. for all traces. Based on the bottleneck reference we tested the metrics for the detection probability of a bottleneck event. All four metrics detected the bottleneck with no problem, also the throughput figures between 2006 and 2007 had increased. The performance of a simple correlation performance was similar to other metrics based on more sophisticated functions.
Towards Anomaly Detection in One-Way Delay Measurements for 3G Mobile Networks: A Preliminary Study
Lecture Notes in Computer Science, 2008
In this paper we investigate the dynamics of one-way delays in an operational mobile core network. Our ultimate motivation is to develop anomaly detection schemes for the packet delay process in order to reveal network and equipment problems. This requires an online measurement system capable of collecting and processing delay statistics in realtime. We present an experimental deployment of such a measurement system in an operational General Packet Radio System (GPRS)/Universal Mobile Telecommunications System (UMTS) network and elaborate on some practical implementation issues. We present some measurement results for the Serving GPRS Support Nodes (SGSN) of UMTS and GPRS. We find that the delay at a UMTS-SGSN is moderately influenced by user mobility, while flow control and user mobility are considerably impacting the delay process at a GPRS-SGSN. We show that simple summary indicators can be extracted from the delay statistics, as a combination of percentiles and threshold-crossing probabilities. Such indicators can be used for the purpose of detecting abnormal delay deviations, pointing to problems in the network equipments.
Diagnosis of capacity bottlenecks via passive monitoring in 3G networks: An empirical analysis
Computer Networks, 2007
In this work we address the problem of inferring the presence of a capacity bottleneck from passive measurements in a 3G network. The study is based on one month of packet traces collected in the UMTS core network of mobilkom austria AG & Co KG, the leading mobile telecommunications provider in Austria, EU. During the measurement period a bottleneck link in the UMTS core network was revealed and removed, therefore the traces enable the accurate analysis and comparison of the traffic behavior in the two network conditions: with and without a capacity bottleneck. Two approaches to bottleneck detection are investigated. The first one is based on the signal analysis of the marginal rate distribution of the traffic aggregate along one day cycle. Since TCP-controlled traffic dominates the overall traffic mix, the presence of a bottleneck strains the aggregate rate distribution and compresses it against the capacity limit during the peak hour. The second approach is based on the analysis of several TCP performance parameters, e.g. estimated frequency of retransmissions. Such statistics are unstable due to the presence of few top users, but this effect can be counteracted with simple filtering methods. Both approaches are validated via simulations. Our results show that both approaches can be used to provide early warning about future occurrences of capacity bottlenecks, and can complement other existing monitoring tools in the operation of a production network. 4
Connection-level analysis and modeling of network traffic
2001
Most network traffic analysis and modeling studies lump all connections together into a single flow. Such aggregate traffic typically exhibits long-range-dependent (LRD) correlations and non-Gaussian marginal distributions. Importantly, in a typical aggregate traffic model, traffic bursts arise from many connections being active simultaneously. In this paper, we develop a new framework for analyzing and modeling network traffic that moves beyond aggregation by incorporating connection-level information.
Examining TCP Short Flow Performance in Cellular Networks Through Active and Passive Measurements
Proceedings of the 5th Workshop on All Things Cellular: Operations, Applications and Challenges, 2015
In this study we examine the conditions in a current cellular network by examining data passively collected in the core of a cellular operator during a 24-hour period. More than 2 billion traffic measurement data points from over 500,000 cellular users are analyzed. The analysis characterizes the Time-of-Day (ToD) variations for traffic intensity and session length and serves as a complement to the active measurements also performed. A comprehensive active measurement campaign was completed in the HSDPA+ and LTE networks of the four major Swedish operators. We collect around 50,000 data points from stationary cellular modems and analyze the ToD variation pattern for underlying network layer metrics such as delay and throughput. In conjunction with the time-varying session size distribution obtained from the passive measurements, we then analyze the ToD impact on TCP flows of varying sizes. The ToD effects are examined using time series analysis with Lomb-Scargle periodograms and differential Bayesian Information Criterion to allow comparison of the relative impact of the network ToD effects. The results show that ToD effects are predominantly impacting longer-running flows, and although short flows are also impacted they are mostly constrained by other issues such as protocol efficiency.
Lecture Notes in Computer Science, 2010
In this work we discuss the use of passive measurements of TCP performance indicators in support of network operation and troubleshooting, presenting a case-study from a real 3G cellular network. From the analysis of TCP handshaking packets measured in the core network we infer Round-Trip-Times (RTT) on both the client and server sides separately for UMTS/HSPA and GPRS/EDGE sections. We also keep track of the relative share of packet pairs which did not lead to a valid RTT sample, e.g. due to loss and/or retransmission events, and use this metric as an additional performance signal. In a previous work we identified the risk of measurement bias due to early retransmission of TCP SYNACK packets by some popular servers. In order to mitigate this problem we introduce here a novel algorithm for dynamic classification and filtering of early retransmitters. We present a few illustrative cases of abrupt-change observed in the real network, based on which we derive some lessons learned about using such data for detecting anomalies in a real network. Thanks to such measurements we were able to discover a hidden congestion bottleneck in the network under study.
On the Analysis of Communication and Computer Networks by Traffic Flow Measurements
IEEE Transactions on Instrumentation and Measurement, 2007
This paper investigates the potential contributions of traffic flow measurements in monitoring and network diagnostics. The basic idea is that information of diagnostic relevance may be obtained from the detection of local anomalies in a traffic trace. For this purpose, this paper introduces a novel approach in the analysis of aggregate traffic, based on the determination of empirical rate-interval curves (RICs). These curves allow an analysis of flow quantiles versus time scale, which is helpful both in the investigation of the scaling properties of network traffic and in diagnostics. RIC-based analyses of traffic measurements taken from different networks are presented and show that the proposed approach appears to be effective in evidencing potential flow anomalies.