欢迎关注:1,欢迎关注本博客,你可点击右手边的【QQ邮件订阅】订阅本博客!2,本博客推出江湖救急计划,主要为工作中遇到疑难杂症的兄弟提供远程技术支持和分析,如有需要,请在江湖救急计划页面给我留言!

蚂蚁与TCP

作者:易隐者 发布于:2012-8-29 8:59 Wednesday 分类:其 他

       今天在上看到一帖,很有意思,说是斯坦福大学的研究者发现蚂蚁的行为跟TCP相关特性非常相像,其觅食行为跟TCP的拥塞避免、慢启动、超时机制等暗合,我们先一起来看一下原文吧。

【原文】:

链接:http://jandan.net/2012/08/27/ants-internet.html

人类能做到的一些超炫的事情,其实早就存在了!比如,蚂蚁觅食,就跟网络传送协议(TCP/Internet's Transmission Control Protocol)的方法基本差不多,蚂蚁们一直就这样收集着食物。假如先前的蚂蚁出去好久了都还没带食物回的话,它们就不再外派找吃的了;当初级数据包显示小带宽时,TCP就会节流数据传输。

蚂蚁们也使用TCP的慢启动技术,它们发出派出一小波觅食的蚂蚁,来计算出食物的相对数量(带宽),再调节派出蚂蚁的数目。相似的是,若网络链接超时,源头就会停止传送数据包;若过了20分钟蚂蚁们还没回来,外派停止。

这项发现的研究者之一 Balaji Prabhakar 说,假如蚂蚁的这个行为在网络之前就被发现的话,可能会影响网络的设计。这种觅食方式久经时间考验,可能有很多值得我们学习的地方。鬼知道呢,说不定此刻也还有其它的算法早就存在着,正默默地等着被发现。

【英文原文】:

链接:http://gizmodo.com/5937981/ants-have-been-using-internet-algorithms-for-millions-of-years

Mankind has been able to accomplish some pretty impressive things, but some of them were around long before we figured them out. Ants, for instance, hunt for food in a way that's basically the same as the Internet's Transmission Control Protocol (TCP), and they were doing it long before the Internet was around.

It all has to do with how harvester ants gather their food. The same way that TCP will throttle data transmission if initial packets indicate little bandwidth, harvester ants will send less foragers out for food if the initial ones take too long to come back with grub.

From Stanford News:

[The] rate at which harvester ants – which forage for seeds as individuals – leave the nest to search for food corresponds to food availability.

A forager won't return to the nest until it finds food. If seeds are plentiful, foragers return faster, and more ants leave the nest to forage. If, however, ants begin returning empty handed, the search is slowed, and perhaps called off.

And that's not where the similarities end either. Ants also use TCP's slow start technique, by sending out a wave of foragers (packets) to figure out the relative amount of food (bandwidth) before scaling their numbers up or down. Likewise, the same way a connection will time out if the source stops sending packets, the ants will stop sending out new foragers if none return for 20 minutes.

Balaji Prabhakar, one of the researchers behind the discovery, says that if this behavior had been uncovered pre-Internet, it might have influenced its design. Even so, this foraging process has been seriously time-tested, and there still might be things we can learn from it. In the meantime, who knows what other algorithms might already be out there, quietly waiting to be discovered.

      我顺便把斯坦福大学的研究报道找出来了,链接如下:

http://news.stanford.edu/news/2012/august/ants-mimic-internet-082312.html

斯坦福研究者发现“蚂蚁网”-Stanford researchers discover the 'anternet'

A collaboration between a Stanford ant biologist and a computer scientist has revealed that the behavior of harvester ants as they forage for food mirrors the protocols that control traffic on the Internet.

By Bjorn Carey

Katherine Decktar Harvester ant foragers waiting inside the nest

Harvester ant foragers waiting inside the nest.

On the surface, ants and the Internet don't seem to have much in common. But two Stanford researchers have discovered that a species of harvester ants determine how many foragers to send out of the nest in much the same way that Internet protocols discover how much bandwidth is available for the transfer of data. The researchers are calling it the "anternet."

Deborah Gordon, a biology professor at Stanford, has been studying ants for more than 20 years. When she figured out how the harvester ant colonies she had been observing in Arizona decided when to send out more ants to get food, she called across campus to Balaji Prabhakar, a professor of computer science at Stanford and an expert on how files are transferred on a computer network. At first he didn't see any overlap between his and Gordon's work, but inspiration would soon strike.

"The next day it occurred to me, 'Oh wait, this is almost the same as how [Internet] protocols discover how much bandwidth is available for transferring a file!'" Prabhakar said. "The algorithm the ants were using to discover how much food there is available is essentially the same as that used in the Transmission Control Protocol."

Transmission Control Protocol, or TCP, is an algorithm that manages data congestion on the Internet, and as such was integral in allowing the early web to scale up from a few dozen nodes to the billions in use today. Here's how it works: As a source, A, transfers a file to a destination, B, the file is broken into numbered packets. When B receives each packet, it sends an acknowledgment, or an ack, to A, that the packet arrived.

This feedback loop allows TCP to run congestion avoidance: If acks return at a slower rate than the data was sent out, that indicates that there is little bandwidth available, and the source throttles data transmission down accordingly. If acks return quickly, the source boosts its transmission speed. The process determines how much bandwidth is available and throttles data transmission accordingly.

L.A. CiceroDeborah Gordon

Biologist Deborah Gordon has been studying ants for more than 20 years.

It turns out that harvester ants (Pogonomyrmex barbatus) behave nearly the same way when searching for food. Gordon has found that the rate at which harvester ants – which forage for seeds as individuals – leave the nest to search for food corresponds to food availability.

A forager won't return to the nest until it finds food. If seeds are plentiful, foragers return faster, and more ants leave the nest to forage. If, however, ants begin returning empty handed, the search is slowed, and perhaps called off.

Prabhakar wrote an ant algorithm to predict foraging behavior depending on the amount of food – i.e., bandwidth – available. Gordon's experiments manipulate the rate of forager return. Working with Stanford student Katie Dektar, they found that the TCP-influenced algorithm almost exactly matched the ant behavior found in Gordon's experiments.

"Ants have discovered an algorithm that we know well, and they've been doing it for millions of years," Prabhakar said.

They also found that the ants followed two other phases of TCP. One phase is known as slow start, which describes how a source sends out a large wave of packets at the beginning of a transmission to gauge bandwidth; similarly, when the harvester ants begin foraging, they send out foragers to scope out food availability before scaling up or down the rate of outgoing foragers.

Another protocol, called time-out, occurs when a data transfer link breaks or is disrupted, and the source stops sending packets. Similarly, when foragers are prevented from returning to the nest for more than 20 minutes, no more foragers leave the nest.

Prabhakar said that had this discovery been made in the 1970s, before TCP was written, harvester ants very well could have influenced the design of the Internet.

Gordon thinks that scientists have just scratched the surface for how ant colony behavior could help us in the design of networked systems.

There are 11,000 species of ants, living in every habitat and dealing with every type of ecological problem, Gordon said. "Ants have evolved ways of doing things that we haven't thought up, but could apply in computer systems. Computationally speaking, each ant has limited capabilities, but the collective can perform complex tasks.

"So ant algorithms have to be simple, distributed and scalable – the very qualities that we need in large engineered distributed systems," she said. "I think as we start understanding more about how species of ants regulate their behavior, we'll find many more useful applications for network algorithms."

The work is published in the Aug. 23 issue of PLoS Computational Biology.

       看完这些,你或许会说:“难怪你的这个个人博客叫蚂蚁网。”,我想我又找到了一个取名为“蚂蚁网”的强有力的佐证,但当时取名“蚂蚁网”的时候,我并不知道这个研究成果,我的初衷等哪天得闲想写的时候,我会将其写到《关于》里面。

       大自然总会有很多难以解释清楚的暗合现象,以前我们怎能想到蚂蚁的行为跟TCP的工作机制有关联呢?我又怎能想到我将我的博客取名为“蚂蚁网”后不足半年的时间,竟然因这个研究让其名字跟博客的主要内容关联起来了呢?

       冥冥之中,总有很对东西是难以用理性理解和解释的,而我则相信这些都是注定了的。

阅读全文>>

标签: TCP 蚂蚁 蚂蚁网

评论(0) 引用(0) 浏览(12503)

关于服务器端发送FIN报文之前的数秒等待时间行为的分析

作者:易隐者 发布于:2012-8-21 22:40 Tuesday 分类:网络分析

       就这个问题,我来简单分析一下基于TCP的应用,正常释放TCP连接的行为

       在实际环境下,我们可以抓到各种FIN正常释放连接的报文,大部分交互完毕应用数据之后立即发送FIN报文释放连接,如下图所示:

点击查看原图

       有些交互完毕应用数据后,服务器端立即发送FIN报文,客户端在确认FIN报文之后,发送RST报文,释放TCP连接,这样做主要视为了提高交互的效率,省去了服务器确认客户端FIN报文和客户端等等服务器端确认的过程和时间,如下图所示:

点击查看原图

       有些则如上面兄弟遇到的那个情况,双方在建立TCP连接后,进行应用数据的交互,应用数据交互完毕之后,服务器端并不是立即发送FIN报文,正常释放该TCP连接,而是等待一段时间,看客户端是否有新的应用数据需要交互,如果有,则不需要再建立一个新的TCP连接,直接使用已有连接进行交互,如果超出时间客户端无应用数据交互,则服务器端主动发送FIN报文,正常释放该TCP连接。

       这个过程,是由应用程序控制的,跟操作系统无关。另这种机制一般情况下能够提高应用交互的效率,这个服务器端等待客户端是否有应用数据交互的时间不能算作是应用响应时间。

阅读全文>>

标签: TCP RST 延时 响应时间 应用响应时间 FIN 正常释放 TCP行为 长连接 短连接

评论(2) 引用(0) 浏览(14770)

带有应用层字段的TCP RST报文

作者:易隐者 发布于:2012-8-21 11:09 Tuesday 分类:网络分析

       今天在为一个朋友准备培训材料的时候,某个客户那边捕获的数据包文件中,无意中发现RST报文中竟然带有应用层字段,如下图所示:

点击查看原图

       这是一个SSH的TCP连接,一般而言,对端在收到TCP RST报文后,便会立即释放该TCP连接,这个是传输层控制的,即使RST报文中带有应用层字段,传输层也不会将这个应用层字段提交给应用进程。

       如此来看,这个TCP RST报文带有应用层字段“ Reset cause: Go away, we're not home ”,似乎也没什么意义。

      

阅读全文>>

标签: TCP RST reset 应用字段 培训 SSH

评论(0) 引用(0) 浏览(9833)

某学院专网网站打开慢故障分析案例

作者:易隐者 发布于:2012-8-19 16:58 Sunday 分类:网络分析

故障环境

       某学院的网络拓扑示意图如下所示:

点击查看原图


         说明:
         核心交换机上划分了多个VLAN,防毒墙、防火墙均工作在透明模式下,路由器工作在纯路由模式下。

故障现象
        用户在内网打开专网的网页速度很慢,经常需要5-20秒左右才可以完全打开,有时直接就打不开。

故障分析

1 故障分析说明

       首先通过故障现象,我们可以确认该故障应该属于一个较为高级的故障,这种故障一般都与网络中的延时或者丢包有关,难以通过一些基本的测试或策略的检查来定位故障,我们需要进行一些深度的分析。针对此类延时或丢包故障,我们需要做的就是定位出产生延时或丢包的位置。

点击查看原图

阅读全文>>

标签: 交换机 TCP 网络分析工具 网络分析 数据包分析 对比分析 get 网络慢

评论(5) 引用(0) 浏览(10314)

非标准TCP三次握手建立连接过程一例

作者:易隐者 发布于:2012-8-17 20:23 Friday 分类:案例讨论

          我们都知道,在正常情况下的,TCP的连接建立是通过三次握手过程来完成的,如下图展示的一样:
 

点击查看原图


我们首先来看一个正常的TCP三次握手交互过程的数据报文: 

点击查看原图

通过wireshark的“Flow Graph”功能,我们可以清楚的看到这个TCP会话建立交互的数据据流图: 

点击查看原图


        我在某用户现场捕获的数据报文里,发现了一个非标准的TCP三次握手过程的TCP应用,其在建立TCP连接时,在客户端确认服务器的SYN/ACK报文时,并不是仅仅回应ACK报文,而是直接回应应用数据顺带确认服务器的SYN/ACK报文,如下图所示:  

点击查看原图


其数据流图如下所示: 

点击查看原图

        这种非标准的TCP三次握手过程的TCP应用,能够提高TCP交互的效率,但是实际环境中并不常见,难得遇到,特写在这里供技术兄弟参考。

        以前做防火墙时,听说还存在一些非标准的TCP应用,其在交互时,并不通过SYN三次握手的方式建立连接,而是直接交互应用数据,只是到现在一直并未亲见这种非标准的TCP应用交互,现在想想,这种非标准的TCP应用真的存在吗?或许只是遇到了长期保活的TCP连接交互的情况?这个暂时还真不得而知,如果有遇到这种非标准TCP应用的交互报文的兄弟,记得跟我联系,大家一起长长见识。

阅读全文>>

标签: TCP wireshark SYN 防火墙 非标准TCP 三次握手

评论(2) 引用(0) 浏览(40665)

Powered by 易隐者 基于emlog 皖ICP备12002343号-1