Monitoring individual traffic flows within the ATLAS TDAQ network
|
|
- Gilbert Kennedy
- 8 years ago
- Views:
Transcription
1 Home Search Collections Journals About Contact us My IOPscience Monitoring individual traffic flows within the ATLAS TDAQ network This content has been downloaded from IOPscience. Please scroll down to see the full text J. Phys.: Conf. Ser ( View the table of contents for this issue, or go to the journal homepage for more Download details: IP Address: This content was downloaded on 03/09/2015 at 11:42 Please note that terms and conditions apply.
2 Monitoring Individual Traffic Flows within the ATLAS TDAQ Network R Sjoen 1,4, S Stancu 2,3, M Ciobotaru 2,3, S M Batraneanu 1,2, L Leahu 1,2, B Martin 1 and A Al-Shabibi 1,5 1 CERN, 1211 Geneva 23, Switzerland 2 Politehnica University of Bucharest, Romania 3 University of California, Irvine, USA 4 Bergen University College, Norway 5 University of Heidelberg, Germany rune.velle.sjoen@cern.ch Abstract. The ATLAS data acquisition system consists of four different networks interconnecting up to 2000 processors using up to 200 edge switches and five multi-blade chassis devices. The architecture of the system has been described in [1] and its operational model in [2]. Classical, SNMP-based, network monitoring provides statistics on aggregate traffic, but for performance monitoring and troubleshooting purposes there was an imperative need to identify and quantify single traffic flows. sflow [3] is an industry standard based on statistical sampling which attempts to provide a solution to this. Due to the size of the ATLAS network, the collection and analysis of the sflow data from all devices generates a data handling problem of its own. This paper describes how this problem is addressed by making it possible to collect and store data either centrally or distributed according to need. The methods used to present the results in a relevant fashion for system analysts are discussed and we explore the possibilities and limitations of this diagnostic tool, giving an example of its use in solving system problems that arise during the ATLAS data taking. 1. Introduction We describe the concept of statistical sampling followed by a description of the system architecture. The developed system consists of a collector, a processor, a storage solution, a service exposing the data and a web interface. After describing the general architecture, we discuss every component in the system in more detail using a bottom-up approach. Finally there is a discussion of data presentation techniques and examples of typical use. 2. Statistical Sampling The concept of statistical sampling involves capturing and examining a relatively small subset of the total amount of data flowing through a network, and still being able to make fairly accurate assumptions and observations about the traffic. All the devices in the ATLAS data acquisition network support the sflow standard. One of the design goals of this standard is to be able to accurately monitor traffic in high speed networks, without being overwhelmed by the volume of data that needs to be processed and stored. c 2010 IOP Publishing Ltd 1
3 We can define an individual traffic flow in a network as a set of packets belonging to a single conversation between two nodes during a certain period of time. The ability to identify individual traffic flows in a network enables powerful techniques for debugging. Implementing statistical packet sampling within the ATLAS data acquisition network gives us the ability to identify and examine the causes of unknown traffic patterns. sflow[3] is an industry standard which enables an Ethernet switch to take a sample of the packets traversing it and send them to a collector for permanent storage. The packet samples are analyzed in software and conversations at different network layers can be individually traced. The sflow standard describes the mechanism used by the agents and allows implementation in hardware as well as software. sflow samples every n-th packet on average, the sampling process uses randomness in order to prevent capturing perodic patters. As every switch in ATLAS supports sflow in hardware, there is the potential to concurrently monitor over 4000 ports. Since even brief transactions can be important, we operate sflow at high sampling rates, up to one sample per 256 packets, which together with the large number of ports in the system generates a data handling problem of its own. There are other technologies for high-speed traffic monitoring such as NetFlow[4], which was originally developed by Cisco to collect IP traffic information, NetFlow looks at all the packets and adds their properties to the frame and byte counters of the flow records before sending these records to a NetFlow collector at regular intervals. Since NetFlow agents are implemented in software, this approach can be very computationally expensive for the devices, especially when there are many short-lived traffic flows. Closer to sflow and statistical sampling there is Sampled NetFlow, which samples every n-th packet where the value of n can either be deterministic or random. We tested several of the solutions that were already available[5], including commercial products such as InMon s [6] Traffic Sentinel, and non-commercial and open source products such as sflowtrend also from InMon and ntop[7]. While some of the tested solutions were simply not flexible and scalable enough, the more powerful commercial solutions did not offer the ability to provide tight integration with our other in-house developed tools due to the proprietary nature of the data storage formats. Developing our own solution also enables potential use of the network topology already discovered by other tools when analyzing the data. 3. System architecture The system we developed (Figure 1) consists of the following components s implemented on the devices we want to monitor, the agents sample packets and send them to the collector. No other packet processing is done by the device. receives and temporarily stores the samples received from the devices it monitors. The samples arrive packed in sflow datagrams. extracts information from the collected packet samples and prepares the data for permanent storage. MySQL database as a data storage service stores the processed data in a permanent location. service provides a clean API for accessing the data storage. interface front-end to the data which allows the user to make queries and display plots using sflow data. To increase flexibility in terms of resource allocation the collector and processor are modular components and can be decoupled if this proves necessary, an example is having multiple processors working for a single collector. The different models of distribution are presented in section
4 Figure 1. Overview of the system architecture 3.1. Data collection The process of collecting data involves receiving and temporarily storing samples until they are ready to be processed. The devices send flow samples and counter samples inside sflow datagrams (UDP). A datagram may contain multiple samples. We currently operate our devices at a sampling rate of 256 which can be considered a high sampling rate for high throughput networks. This effectively means that on average every 256 th packet passing through each interface on the sflow enabled devices is sampled. The flow samples received from the switches contain a copy of the first 128 bytes of the packet. We can use this data to extract information about the traffic flow the packet itself is a part of. All of our devices sample the raw header of the packets, so we have all the necessary information from each layer of the TCP/IP model. In addition to the packet header, a sample contains layer 2 switching information, i.e inbound and outbound physical interfaces used by the packet. The collector is a dual-threaded application written in C. The collecting thread is responsible for collecting all the samples and storing them into fixed-size dynamically allocated buffers. When a buffer is full, or an interval expires, this buffer is passed to the processing thread which processes the samples in the buffer and distributes the samples into POSIX shared memory objects, one object per agent address(device). The collector keeps an open handle to the memory object for the current interval. When a new interval starts the handle is closed and a message with information about the object is put into a POSIX message queue. The collector then creates a new object and starts collecting there. The interval size is configurable, allowing us to modify the granularity of the data we collect. This method will allow the collecting thread to store more samples than the processing thread 3
5 is able to save, for short periods of time, depending on the available memory. The maximum amount of memory to use by the collector is configurable. The processing daemon waits for a message from the collector by polling the message queue. The message contains the necessary information to process the samples received. Processing the temporarily stored samples is addressed in section 3.2. In order to get information about short-lived traffic flows, both in heavy and light load conditions we want to collect as many samples as we can. According to the sflow standard the agents may implement throttling features that permanently reduce the sampling rate in case the load gets too high. Not all agents write this into the logs and it is not necessarily easily detectable. We currently address this issue by resetting the sampling rates statically at regular intervals. At a later time we will explore the possibility of dynamically changing sampling rates Pushing vs pulling SNMP data In addition to packet sampling, the in the switch sends the values of the SNMP counters in the switch to the collector at regular intervals in the form of counter samples. It will do so using best-effort approach within a predefined maximum time limit and try to piggy-back these counter samples in the datagrams together with the flow samples. If this cannot be done it will send the counter sample in a separate datagram when the maximum time is reached. By using this method of collecting SNMP data from the switch we will be able to move away from the normal request-response scenario of pulling SNMP information from the switch by asking for it. In addition to significantly reducing the work needed to collect this information from the devices, this will also decrease the bandwidth used by monitoring tools in the network. There is no additional work required using this approach except receiving and storing the counter samples Data processing This process involves retrieving the temporarily stored samples from the collector, processing them, and extracting the information we are interested in. We define a conversation as a stream of frames and bytes between two nodes. On layer 2 the key for a unique conversation is a tuple that consists of the source and destination hardware address. This also goes for layer 3 except that the Internet address is used instead of the hardware address. On layer 4 a unique conversation is represented by a 4-tuple consisting of the source and destination address including the source and destination port. These keys, in addition to the ingress and egress interface id s, define the master key which we use to identify the conversation. This key is then used to sum up the bytes and frames from the sampled packets to their respective conversations. Currently we are only processing and storing byte and frame counters for each conversation, but this can be extended to include for example flag counters for TCP and protocol distribution counters for layer 2 and layer 3. Basically any data found in the first 4 layers of the TCP/IP model can be extracted and stored. By processing and grouping the samples into time intervals we can define the granularity of the data we collect. By doing this we can greatly reduce the amount of data that needs to be stored. This eliminates the direct proportionality between the sampling rate and the size of the stored data, allowing us to increase the sampling rate to gain more accurate information. We discuss the size of the stored data in more detail in section Storing data Sustained high sampling rates requires the sampled packets to be processed and stored in a timely fashion. We explored different methods of storing the data both sample-based and conversationbased. 4
6 Currently all the counter samples we receive are stored into the same database as the data extracted from the flow samples, but since the counter samples are sent at relatively fixed intervals we also have the option to decouple flow and counter samples and store the counter values in round robin databases (RRD) Sample based storage Storing the samples involves collecting the datagrams from the agents, unpacking them and storing the samples received from each agent in separate locations. No further processing is done until the data is needed. This is a simple but very inefficient way to store the data with regards to the total size. Because the data has not been processed in any way, additional delays will occur when it needs to be processed and displayed to the user. The total size of the data to store is dependent on two factors, the number of flow samples received and the number of ports which are sending counter samples. As the sampling rate is increased the effect of the counter samples becomes less significant and the size we need to store becomes directly proportional to the number of flow samples received Conversation based storage When storing conversations we do most of the processing in the before the data is requested by the user and this involves extracting the information we need at a pre-defined granularity. The granularity determines the detail at which we can examine the collected data. With a granularity of, say, 1 minute we collect data for that minute before processing it and extracting the information. This method of storage does not directly depend on the sampling rate, but on the expected number of conversations expected to be seen on every port in any single interval. There may be many samples within the time period but the number of conversations is only a function of the system, and not of the sampling. As a consequence the quantity of data that needs to be stored is significantly reduced in comparison to the sample based storage method Comparison between sample based and conversation based storage We can see that even in an almost idle network, where the traffic mostly consists of basic control and monitoring traffic (Figure 2), there is a significant improvement on the size of the data we need to store. When the network load increases, and the network is busy during data taking, this difference becomes even bigger (Figure 3). As traffic increases in the network, we will get more samples, but they will mostly belong to the conversations already seen, which means that they will not affect the data rate at which we store data. This means that as the traffic increases in the network, the data growth rates for the two storage types will diverge Storage solution The storage solution needs to be able to handle high speed continuous inserts. On the current solution, we are using an open source database, MySQL, as a backend for storing data. The configuration of the database server has been optimized for this purpose. The most important optimizations include the following: Increasing the maximum size for bulk inserts which is a very effective way of reducing the time and resources required to insert a large amount of rows. Instead of inserting every row as it becomes available we build a large query and do multiple insertions in the same query. This will also reduce the amount of open/close operations on the database table which are time consuming hard-disk access operations. Increasing the size of the key buffer allows the server to store table indexes in memory. By disabling the option to instantly flush transactions to disk we gain performance during write operations in exchange for data security. 5
7 90 80 Samples Conversations Samples Conversations Data rate (KB/s) Data rate (KB/s) Time (minutes) Time (minutes) Figure 2. A graph showing the data rate difference between storing raw samples and processed data in an almost idle network Figure 3. A graph showing the data rate difference between storing raw samples and processed data in a busy network The buffer pool determines how much data can be cached. Increasing this results in less disk I/O operations Data presentation This involves retrieving the stored data from the data storage facility, formatting it and presenting it in whatever form the user wants. The main goal is being able to perform post-mortem analysis of past events. We want to be able to examine who was using the bandwidth, contributing to the link utilization and how specific conversations developed over time. This information can be used to discover problems in the network. The information in the data collected can also be used to find links with errors, links operating at the wrong line speed and other information but these features can also be accomplished by using other standard tools. To make the collected data available to the end user we have implemented a web interface (Figure 4) that is part of the 3-tier architecture of the front-end system (Figure 1) where the database represents the data tier, the logic tier is represented by a web service providing access to the database while doing post-processing, formatting and other tasks. The presentation tier is the web interface itself. The interface gives the user the ability to select a switch or a single port, and define the TCP/IP layer and time interval to examine. After these values have been selected it shows the conversations which has been sampled during the selected interval. From this point the user can select between different ways of visually representing the data such as pie charts that show link utilization and line charts that illustrate how conversations develop over time. The web interface has been implemented using the Google Toolkit (GWT). This provides us with a powerful and cross-browser compatible interface with little extra effort. As a simple initial implementation for displaying graphs in the web interface we have used the Google Charts application programming interface. At a later time we will examine solutions to replace the current implementation with a more interactive graphing solution. The interface will get the data asynchronously via a Python [8] module served by Apache [9]. This module will take care of retrieving the data from the database and preparing it to be displayed in the web interface. This preparation involves different things such as resolving host and service names. This module exports a clean API to the world and makes it available for 6
8 Figure 4. Screen-shot of the web interface other applications to make use of the data. The data returned by the module is in JavaScript Object Notation (JSON) JSON format, which is a lightweight data interchange format that the Google Toolkit, by design, supports very well Distributing the system Because the system developed is inherently modular, it can be distributed in several different ways depending on the needs. The system in it simplest form with no distribution (Figure 5) has one collector feeding a processor which stores the data into a single location. It is also highly dependent on the performance of the system it is running on. At the moment we are operating with a nondistributed system and it has proven capable of handling the data rates during tests, however we are currenty operating at approximately 40% of the total number of nodes. In addition to adding more nodes, new nodes also have an increased number of cores leading to more processes running on each nodes which in turn leads to more conversations per node. Therefore we are looking at several different methods of distribution. We can distribute the collecting/processing process while still collecting to a centralized repository (Figure 6). This is the optimal solution when operating at high sampling rates with a limited number of possible conversations between each pair of nodes. In this case the work which is required to collect and process the samples outweighs the work required to insert the processed data into storage. In the Atlas TDAQ Network there are two switches and one local file server per rack, with each rack containing approximately 30 processors. We can run an /processor in each rack, resulting in distributed collection and processing. This will significantly reduce the bandwidth consumed by sflow since samples will not have to be aggregated to the single collector, but is processed in each rack leaving only the extracted information to be sent to the data storage. A fully distributed system (Figure 7) can also be implemented by giving each node its 7
9 Data storage Data storage service service interface interface Figure 5. A non distributed system Figure 6. A partially distributed system Data storage Data storage service interface Figure 7. A fully distributed system own database for storage and leaving the responsibility of requesting the correct data to the web service. If we need to store large amounts of data from a large number of devices with a long history, or the database server of the partially-distributed system cannot handle the load, this is a way to address that problem. The functionality required for the web service to enable full distribution will require extra application logic in the web service, and will be implemented if proven necessary. This distribution model will also increase the response time when communicating with the web service. 4. Example 1 By inspecting the plots generated from our network monitoring tools (Figure 8) we are able to identify unknown or unexpected traffic patterns but we have no way to extract more information about them. 8
10 Figure 8. Traffic plot from SNMP data By using the collected sflow data, we are able to extract information on the approximate bandwidth usage per host during the selected interval (Figure 9), as well as information about the TCP conversations made by each host. By examining the conversation plot we are able to determine which application is generating this traffic by looking for known port numbers. Figure 9. Bandwidth usage per host Figure 10. TCP conversations over time 5. Example 2 While checking for anomalous traffic a continuous traffic load on one port was noticed (Figure 11). The traffic led to machines that had nothing to do with data taking and tracking down the source across several hops of the general purpose network would have been extremely tedious. Figure 11. Unknown control core traffic Figure 12. Bandwidth usage per host However analysing the conversations across the busy core port with sflow immediately showed that a test PC was running some diagnostic procedure on local file servers (Figure 12). 9
11 6. Conclusion Network traffic sampling has been an industry technology for nearly two decades. It s typically employed with fairly low sampling rates (e.g. 1:8192) for continuous sampling and only specific ports would be subject to high rates (e.g. 1:512) for specific diagnostic purposes. However, the whole Atlas TDAQ network needs to be continuously monitored and the flows understood so as to achieve the maximum throughput under many different modes of operation and this in turns places a requirement for high rate sampling on every port. To achieve this we have developed a modular architecture that permitted both the rapid deployment of the prototype system and allows for staged task distribution to meet future load increases. Much attention has been paid to the GUI and event display as well as integration into the experimental monitoring system. As a result of this, the intuitive interface allows even non-expert users to easily obtain the desired results. The fact that we can continuously monitor every port means that all the statistics are on hand the moment a problem is detected and diagnosis can be performed immediately. References [1] S. Stancu, M. Ciobotaru, C. Meirosu, L. Leahu, and B. Martin, Networks for the ATLAS Trigger and Data Acquisition, Computing in High Energy and Nuclear Physics, Mumbai, India, [2] S.M. Batraneanu, A. Al-Shabibi, M. Ciobotaru, M. Ivanovici, L. Leahu, B. Martin and S. Stancu, Operational Model of the ATLAS TDAQ Network, Proc. IEEE Real Time 2007 Conference, Chicago, USA, May [3] P. Phaal, S. Panchen, and N. McKee, InMon Corporation s sflow: A method for monitoring traffic in switched and routed networks, T ech. rep., RFC 3176, Sept [4] Cisco IOS NetFlow. [Online]. Available: [5] sflow Collectors. [Online]. Available: [6] Inmon Corporation [Online]. Available: [7] Network Top (ntop) [Online]. Available [8] Python Programming Language. [Online]. Available: [9] Apache HTTP Server Project. [Online]. Available: 10
Network at CERN. Large Scale
Monitoring i the ATLAS TDAQ Network at CERN Lucian LEAHU Brasov, 15/01/2009 Large Scale 3000 nodes, 200 edge switches, 5 core routers 6000 ports 2 1 Plus physicists! Network dimensioned to meet requirements
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationNetwork traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010
Network traffic monitoring and management Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring
More informationResearch on Errors of Utilized Bandwidth Measured by NetFlow
Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic
More informationEmerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.
Emerald Network Collector Version 4.0 Emerald Management Suite IEA Software, Inc. Table Of Contents Purpose... 3 Overview... 3 Modules... 3 Installation... 3 Configuration... 3 Filter Definitions... 4
More informationCisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004
Cisco NetFlow TM Briefing Paper Release 2.2 Monday, 02 August 2004 Contents EXECUTIVE SUMMARY...3 THE PROBLEM...3 THE TRADITIONAL SOLUTIONS...4 COMPARISON WITH OTHER TECHNIQUES...6 CISCO NETFLOW OVERVIEW...7
More informationPLANNING FOR PREDICTABLE NETWORK PERFORMANCE IN THE ATLAS TDAQ
PLANNING FOR PREDICTABLE NETWORK PERFORMANCE IN THE ATLAS TDAQ C. Meirosu *#, B. Martin *, A. Topurov *, A. Al-Shabibi Abstract The Trigger and Data Acquisition System of the ATLAS experiment is currently
More informationWorld-wide online monitoring interface of the ATLAS experiment
World-wide online monitoring interface of the ATLAS experiment S. Kolos, E. Alexandrov, R. Hauser, M. Mineev and A. Salnikov Abstract The ATLAS[1] collaboration accounts for more than 3000 members located
More informationImproving Quality of Service
Improving Quality of Service Using Dell PowerConnect 6024/6024F Switches Quality of service (QoS) mechanisms classify and prioritize network traffic to improve throughput. This article explains the basic
More informationHP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide
HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with
More informationNetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com
NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK
More informationOpenFlow Based Load Balancing
OpenFlow Based Load Balancing Hardeep Uppal and Dane Brandon University of Washington CSE561: Networking Project Report Abstract: In today s high-traffic internet, it is often desirable to have multiple
More informationAgenda. sflow intro. sflow architecture. sflow config example. Summary
sflow Features Agenda sflow intro. sflow architecture sflow config example Summary 1 What is sflow? sflow is a technology for monitoring traffic in data networks containing switches and routers. S9700
More informationNSC 93-2213-E-110-045
NSC93-2213-E-110-045 2004 8 1 2005 731 94 830 Introduction 1 Nowadays the Internet has become an important part of people s daily life. People receive emails, surf the web sites, and chat with friends
More informationHigh-Speed Network Traffic Monitoring Using ntopng. Luca Deri @lucaderi
High-Speed Network Traffic Monitoring Using ntopng Luca Deri @lucaderi Some History In 1998, the original ntop has been created. It was a C-based app embedding a web server able to capture traffic and
More informationUKCMG Industry Forum November 2006
UKCMG Industry Forum November 2006 Capacity and Performance Management of IP Networks Using IP Flow Measurement Agenda Challenges of capacity and performance management of IP based networks What is IP
More informationNetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6
(Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means
More informationAlliedWare Plus OS How To Use sflow in a Network
AlliedWare Plus OS How To Use sflow in a Network Introduction sflow is an industry-standard sampling system that is embedded in Allied Telesis' high-performing Layer 3 switches. sflow enables you to use
More informationA Summary of Network Traffic Monitoring and Analysis Techniques
http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_monitoring/index.html 1 of 9 A Summary of Network Traffic Monitoring and Analysis Techniques Alisha Cecil, acecil19@yahoo.com Abstract As company intranets
More informationRecommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document
Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document Produced by AMRES NMS Group (AMRES BPD 104) Author: Ivan Ivanović November 2011 TERENA 2010. All rights reserved.
More informationNetwork Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw
Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring
More informationTDAQ Analytics Dashboard
14 October 2010 ATL-DAQ-SLIDE-2010-397 TDAQ Analytics Dashboard A real time analytics web application Outline Messages in the ATLAS TDAQ infrastructure Importance of analysis A dashboard approach Architecture
More informationFlow Analysis Versus Packet Analysis. What Should You Choose?
Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation
More informationGaining Operational Efficiencies with the Enterasys S-Series
Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction
More informationEWeb: Highly Scalable Client Transparent Fault Tolerant System for Cloud based Web Applications
ECE6102 Dependable Distribute Systems, Fall2010 EWeb: Highly Scalable Client Transparent Fault Tolerant System for Cloud based Web Applications Deepal Jayasinghe, Hyojun Kim, Mohammad M. Hossain, Ali Payani
More informationHow To Understand Network Performance Monitoring And Performance Monitoring Tools
http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, paul.moceri@gmail.com Abstract The growing
More informationAvaya ExpertNet Lite Assessment Tool
IP Telephony Contact Centers Mobility Services WHITE PAPER Avaya ExpertNet Lite Assessment Tool April 2005 avaya.com Table of Contents Overview... 1 Network Impact... 2 Network Paths... 2 Path Generation...
More informationINCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS
WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by
More informationNetFlow-Lite offers network administrators and engineers the following capabilities:
Solution Overview Cisco NetFlow-Lite Introduction As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require
More informationATLAS job monitoring in the Dashboard Framework
ATLAS job monitoring in the Dashboard Framework J Andreeva 1, S Campana 1, E Karavakis 1, L Kokoszkiewicz 1, P Saiz 1, L Sargsyan 2, J Schovancova 3, D Tuckett 1 on behalf of the ATLAS Collaboration 1
More informationChapter 1 Reading Organizer
Chapter 1 Reading Organizer After completion of this chapter, you should be able to: Describe convergence of data, voice and video in the context of switched networks Describe a switched network in a small
More informationThe Value of Flow Data for Peering Decisions
The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this
More informationEUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH CERN ACCELERATORS AND TECHNOLOGY SECTOR A REMOTE TRACING FACILITY FOR DISTRIBUTED SYSTEMS
EUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH CERN ACCELERATORS AND TECHNOLOGY SECTOR CERN-ATS-2011-200 A REMOTE TRACING FACILITY FOR DISTRIBUTED SYSTEMS F. Ehm, A. Dworak, CERN, Geneva, Switzerland Abstract
More informationImproved metrics collection and correlation for the CERN cloud storage test framework
Improved metrics collection and correlation for the CERN cloud storage test framework September 2013 Author: Carolina Lindqvist Supervisors: Maitane Zotes Seppo Heikkila CERN openlab Summer Student Report
More informationNetFlow Aggregation. Feature Overview. Aggregation Cache Schemes
NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to
More informationIntroduction to Netflow
Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationMaintaining Non-Stop Services with Multi Layer Monitoring
Maintaining Non-Stop Services with Multi Layer Monitoring Lahav Savir System Architect and CEO of Emind Systems lahavs@emindsys.com www.emindsys.com The approach Non-stop applications can t leave on their
More informationTransformation of honeypot raw data into structured data
Transformation of honeypot raw data into structured data 1 Majed SANAN, Mahmoud RAMMAL 2,Wassim RAMMAL 3 1 Lebanese University, Faculty of Sciences. 2 Lebanese University, Director of center of Research
More informationTraffic Monitoring in a Switched Environment
Traffic Monitoring in a Switched Environment InMon Corp. 1404 Irving St., San Francisco, CA 94122 www.inmon.com 1. SUMMARY This document provides a brief overview of some of the issues involved in monitoring
More informationNetwork Monitoring and Management NetFlow Overview
Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationTraffic monitoring with sflow and ProCurve Manager Plus
An HP ProCurve Networking Application Note Traffic monitoring with sflow and ProCurve Manager Plus Contents 1. Introduction... 3 2. Prerequisites... 3 3. Network diagram... 3 4. About the sflow protocol...
More informationFlow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 RSPAN CONFIGURATION... 2-1 CHAPTER 3 SFLOW CONFIGURATION...
Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST 1.3 MIRROR EXAMPLES 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-1... 1-2... 1-3 CHAPTER
More informationDetection of illegal gateways in protected networks
Detection of illegal gateways in protected networks Risto Vaarandi and Kārlis Podiņš Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia firstname.lastname@ccdcoe.org 1. Introduction In this
More informationpc resource monitoring and performance advisor
pc resource monitoring and performance advisor application note www.hp.com/go/desktops Overview HP Toptools is a modular web-based device management tool that provides dynamic information about HP hardware
More informationEnabling NetFlow on Virtual Switches ESX Server 3.5
Technical Note Enabling NetFlow on Virtual Switches ESX Server 3.5 NetFlow is a general networking tool with multiple uses, including network monitoring and profiling, billing, intrusion detection and
More informationThe Lagopus SDN Software Switch. 3.1 SDN and OpenFlow. 3. Cloud Computing Technology
3. The Lagopus SDN Software Switch Here we explain the capabilities of the new Lagopus software switch in detail, starting with the basics of SDN and OpenFlow. 3.1 SDN and OpenFlow Those engaged in network-related
More informationZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationSolarWinds Certified Professional. Exam Preparation Guide
SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationMonitoring Network Traffic using ntopng
Monitoring Network Traffic using ntopng Luca Deri Outlook What are the main activities of ntop.org? ntop s view on network monitoring. From ntop to ntopng. ntopng architecture and design.
More informationIntegrated Traffic Monitoring
61202880L1-29.1F November 2009 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of
More informationManaging your Red Hat Enterprise Linux guests with RHN Satellite
Managing your Red Hat Enterprise Linux guests with RHN Satellite Matthew Davis, Level 1 Production Support Manager, Red Hat Brad Hinson, Sr. Support Engineer Lead System z, Red Hat Mark Spencer, Sr. Solutions
More informationLog Management with Open-Source Tools. Risto Vaarandi rvaarandi 4T Y4H00 D0T C0M
Log Management with Open-Source Tools Risto Vaarandi rvaarandi 4T Y4H00 D0T C0M Outline Why do we need log collection and management? Why use open source tools? Widely used logging protocols and recently
More informationTraffic Monitoring using sflow
Making the Network Visible www.sflow.org Traffic Monitoring using sflow With the ever-increasing reliance on network services for business critical applications, the smallest change in network usage can
More informationBeyond Monitoring Root-Cause Analysis
WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based
More informationCase Study: Instrumenting a Network for NetFlow Security Visualization Tools
Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at
More informationNetFlow FlowAnalyzer Overview
CHAPTER 1 FlowAnalyzer Overview This chapter describes the FlowAnalyzer system and its components. This system is used to read, analyze, and display switching data collected by the FlowCollector application.
More informationFOXBORO. I/A Series SOFTWARE Product Specifications. I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 OVERVIEW
I/A Series SOFTWARE Product Specifications Logo I/A Series Intelligent SCADA SCADA Platform PSS 21S-2M1 B3 The I/A Series Intelligent SCADA Platform takes the traditional SCADA Master Station to a new
More informationPANDORA FMS NETWORK DEVICE MONITORING
NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,
More informationUnderstanding Slow Start
Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom
More informationWHITE PAPER September 2012. CA Nimsoft For Network Monitoring
WHITE PAPER September 2012 CA Nimsoft For Network Monitoring Table of Contents EXECUTIVE SUMMARY 3 Solution overview 3 CA Nimsoft Monitor specialized probes 3 Network and application connectivity probe
More informationPANDORA FMS NETWORK DEVICES MONITORING
NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,
More informationQoSpy an approach for QoS monitoring in DiffServ Networks.
QoSpy an approach for QoS monitoring in DiffServ Networks. Ulrich Hofmann Alessandro Anzaloni Ricardo de Farias Santos. anzaloni@ele.ita.br Instituto Tecnológico de Aeronaútica São José dos Campos-SP-Brazil
More informationSimple Network Management Protocol
CHAPTER 4 This chapter gives an overview of (SNMP). It contains the following sections: Overview, page 4-1 SNMP Versioning, page 4-2 SNMP and Cisco Unified CM Basics, page 4-3 SNMP Basic Commands, page
More informationThe flow back tracing and DDoS defense mechanism of the TWAREN defender cloud
Proceedings of the APAN Network Research Workshop 2013 The flow back tracing and DDoS defense mechanism of the TWAREN defender cloud Ming-Chang Liang 1, *, Meng-Jang Lin 2, Li-Chi Ku 3, Tsung-Han Lu 4,
More informationLoad Balancing. Final Network Exam LSNAT. Sommaire. How works a "traditional" NAT? Un article de Le wiki des TPs RSM.
Load Balancing Un article de Le wiki des TPs RSM. PC Final Network Exam Sommaire 1 LSNAT 1.1 Deployement of LSNAT in a globally unique address space (LS-NAT) 1.2 Operation of LSNAT in conjunction with
More informationFlow Analysis. Make A Right Policy for Your Network. GenieNRM
Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do
More informationManaging Dynamic Configuration
White Paper Immediate Network Synchronization with Low Overhead: Cisco Prime Network Reduced Polling VNE Cisco Prime Network's near real-time model relies on accurate information about the managed network
More informationFlow Based Traffic Analysis
Flow based Traffic Analysis Muraleedharan N C-DAC Bangalore Electronics City murali@ncb.ernet.in Challenges in Packet level traffic Analysis Network traffic grows in volume and complexity Capture and decode
More informationNetwork congestion control using NetFlow
Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.
More informationJ-Flow on J Series Services Routers and Branch SRX Series Services Gateways
APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring
More informationQuestion: 3 When using Application Intelligence, Server Time may be defined as.
1 Network General - 1T6-521 Application Performance Analysis and Troubleshooting Question: 1 One component in an application turn is. A. Server response time B. Network process time C. Application response
More informationWhat is VLAN Routing?
Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one
More informationWhatsUpGold. v12.3.1. NetFlow Monitor User Guide
WhatsUpGold v12.3.1 NetFlow Monitor User Guide Contents CHAPTER 1 WhatsUp Gold NetFlow Monitor Overview What is NetFlow?... 1 How does NetFlow Monitor work?... 2 Supported versions... 2 System requirements...
More informationConfiguring SNMP and using the NetFlow MIB to Monitor NetFlow Data
Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data NetFlow is a technology that provides highly granular per-flow statistics on traffic in a Cisco router. The NetFlow MIB feature provides
More informationIntegrated Traffic Monitoring
61202880L1-29.1E July 2008 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of the
More informationSolarWinds Technical Reference
SolarWinds Technical Reference Best Practices for Troubleshooting NetFlow Introduction... 1 NetFlow Overview... 1 Troubleshooting NetFlow Service Status Issues... 3 Troubleshooting NetFlow Source Issues...
More informationGigabit Ethernet Packet Capture. User s Guide
Gigabit Ethernet Packet Capture User s Guide Copyrights Copyright 2008 CACE Technologies, Inc. All rights reserved. This document may not, in whole or part, be: copied; photocopied; reproduced; translated;
More informationMonitoring and analyzing audio, video, and multimedia traffic on the network
Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University
More informationRemote I/O Network Determinism
Remote I/O Network Determinism September 2011 by David Doggett & Manuel J. Palomino Make the most of your energy Summary Executive Summary... p 3 Introduction... p 4 Network Determinism vs Overall Performance...
More informationObjectives of Lecture. Network Architecture. Protocols. Contents
Objectives of Lecture Network Architecture Show how network architecture can be understood using a layered approach. Introduce the OSI seven layer reference model. Introduce the concepts of internetworking
More informationSNMP OIDs. Content Inspection Director (CID) Recommended counters And thresholds to monitor. Version 3.12.00 January, 2011
Content Inspection Director (CID) SNMP OIDs Recommended counters And thresholds to monitor Version 3.12.00 January, 2011 North America Radware Inc. 575 Corporate Dr., Lobby 1 Mahwah, NJ 07430 Tel: (888)
More informationHow To Mirror On An Ipfix On An Rspan Vlan On A Pc Or Mac Or Ipfix (Networking) On A Network On A Pnet 2.2.2 (Netnet) On An Uniden (Netlan
Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST... 1-1 1.3 MIRROR EXAMPLES... 1-2 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-3 CHAPTER
More informationNetFlow v9 Export Format
NetFlow v9 Export Format With this release, NetFlow can export data in NetFlow v9 (version 9) export format. This format is flexible and extensible, which provides the versatility needed to support new
More informationInternet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
More informationFlow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 SFLOW CONFIGURATION... 2-1 CHAPTER 3 RSPAN CONFIGURATION...
Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST... 1-1 1.3 MIRROR EXAMPLES... 1-2 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-3 CHAPTER
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationUsing The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept
Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept What You Will Learn Understanding bandwidth traffic and resource consumption is vital to enhanced and
More informationMonitoring the Grid at local, national, and global levels
Home Search Collections Journals About Contact us My IOPscience Monitoring the Grid at local, national, and global levels This content has been downloaded from IOPscience. Please scroll down to see the
More informationNetFlow Performance Analysis
NetFlow Performance Analysis Last Updated: May, 2007 The Cisco IOS NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device. Network
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationTHE MANAGEMENT INFRASTRUCTURE OF A NETWORK MEASUREMENT SYSTEM FOR QOS PARAMETERS
THE MANAGEMENT INFRASTRUCTURE OF A NETWORK MEASUREMENT SYSTEM FOR QOS PARAMETERS Alexandru BIKFALVI, Paul PĂTRAŞ, Cristian Mihai VANCEA, Virgil DOBROTĂ Technical University of Cluj-Napoca, Communications
More informationImplementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led
Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led Course Description Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements,
More informationMonitoring Traffic manager
Monitoring Traffic manager eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
More informationSIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
1 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Mohammad S. Hasan Agenda 2 Looking at Today What is a management protocol and why is it needed Addressing a variable within SNMP Differing versions Ad-hoc Network
More informationHow to Make the Client IP Address Available to the Back-end Server
How to Make the Client IP Address Available to the Back-end Server For Layer 4 - UDP and Layer 4 - TCP services, the actual client IP address is passed to the server in the TCP header. No further configuration
More informationConfiguring NetFlow Secure Event Logging (NSEL)
73 CHAPTER This chapter describes how to configure NSEL, a security logging mechanism that is built on NetFlow Version 9 technology, and how to handle events and syslog messages through NSEL. The chapter
More informationPerformance of Software Switching
Performance of Software Switching Based on papers in IEEE HPSR 2011 and IFIP/ACM Performance 2011 Nuutti Varis, Jukka Manner Department of Communications and Networking (COMNET) Agenda Motivation Performance
More informationQuick Start for Network Agent. 5-Step Quick Start. What is Network Agent?
What is Network Agent? The Websense Network Agent software component uses sniffer technology to monitor all of the internet traffic on the network machines that you assign to it. Network Agent filters
More information