In today's networks, network operators (e.g. ISPs, web service providers, etc.) have little direct visibility into a users' network experience at an end hosts of a network connection. Although network operators monitor network routers and links, the information gathered from such monitoring does not translate into direct knowledge of the end-to-end health of a network connection.
For network operators, known techniques of analysis and diagnosis involving network topography leverage information from multiple IP-level paths to infer network health. These techniques typically rely on active probing and they focus on a server-based “tree” view of the network rather than on the more realistic client-based “mesh” view of the network.
Some network diagnosis systems such as PlanetSeer are server-based systems that focus on just the IP-level path to locate Internet faults by selectively invoking active probing from multiple vantage points in a network. Because these systems are server-based, the direction of the active probing is the same as the dominant direction of data flow. Other tools such as NetFlow and Route Explorer enable network administrators to passively monitor network elements such as routers. However, these tools do not directly provide information on the end-to-end health of the network.
On the other hand, users at end hosts of a network connection usually have little information about or control over the components (such as routers, proxies, and firewalls) along end-to-end paths of network connections. As a result, these end-host users typically do not know the causes of problems they encounter or whether the cause is affecting other users as well.
There are tools users employ to investigate network problems. These tools (e.g., Ping, Traceroute, Pathchar, Tulip) typically trace the paths taken by packets to a destination. They are mostly used to debug routing problems between end hosts in the network connection. However, many of these tools only capture information from the viewpoint of a single end host or network entity, which limits their ability to diagnose problems. Also, these tools only focus on entities such as routers and links that are on the IP-level path, whereas the actual cause of a problem might be higher-level entities such as proxies and servers. Also, these tools actively probe the network, generating additional traffic that is substantial when these tools are employed by a large number of users on a routine basis.
Reliance of these user tools on active probing of network connections is problematic for several reasons. First, the overhead of active probing is often high, especially if large numbers of end hosts are using active probing on a routine basis. Second, active probing does not always pinpoint the cause of failure. For example, an incomplete tracing of the path of packets in a network connection may be due to router or server failures, or alternatively could be caused simply by the suppression by a router or a firewall of a control and error-reporting message such as those provided by the Internet Control Message Protocol (ICMP). Third, the detailed information obtained by client-based active probing (e.g., a route tracer) may not pertain to the dominant direction of data transfer, which is typically from the server to the client.
Thus, there is a need for strategies to monitor and diagnose network so problems from the viewpoint of end hosts in communications paths that do not rely on active probing.