1 Technical Report UCAM-CL-TR-571 ISSN Number 571 Computer Laboratory Multi-layer network monitoring and analysis James Hall July JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone
2 c 2003 James Hall This technical report is based on a dissertation submitted April 2003 by the author for the degree of Doctor of Philosophy to the University of Cambridge, King s College. Some figures in this document are best viewed in colour. If you received a black-and-white copy, please consult the online version if necessary. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: Series editor: Markus Kuhn ISSN
3 Abstract Passive network monitoring offers the possibility of gathering a wealth of data about the traffic traversing the network and the communicating processes generating that traffic. Significant advantages include the non-intrusive nature of data capture and the range and diversity of the traffic and driving applications which may be observed. Conversely there are also associated practical difficulties which have restricted the usefulness of the technique: increasing network bandwidths can challenge the capacity of monitors to keep pace with passing traffic without data loss, and the bulk of data recorded may become unmanageable. Much research based upon passive monitoring has in consequence been limited to that using a sub-set of the data potentially available, typically TCP/IP packet headers gathered using Tcpdump or similar monitoring tools. The bulk of data collected is thereby minimised, and with the possible exception of packet filtering, the monitor s available processing power is available for the task of collection and storage. As the data available for analysis is drawn from only a small section of the network protocol stack, detailed study is largely confined to the associated functionality and dynamics in isolation from activity at other levels. Such lack of context severely restricts examination of the interaction between protocols which may in turn lead to inaccurate or erroneous conclusions. The work described in this dissertation attempts to address some of these limitations. A new passive monitoring architecture Nprobe is presented, based upon off the shelf components and which, by using clusters of probes, is scalable to keep pace with current high bandwidth networks without data loss. Monitored packets are fully captured, but are subject to the minimum processing in real time needed to identify and associate data of interest across the target set of protocols. Only this data is extracted and stored. The data reduction ratio thus achieved allows examination of a wider range of encapsulated protocols without straining the probe s storage capacity. Full analysis of the data harvested from the network is performed off-line. The activity of interest within each protocol is examined and is integrated across the range of protocols, allowing their interaction to be studied. The activity at higher levels informs study of the lower levels, and that at lower levels infers detail of the higher. A technique for dynamically modelling TCP connections is presented, which, by using data from both the transport and higher levels of the protocol stack, differentiates between the effects of network and endprocess activity. The balance of the dissertation presents a study of Web traffic using Nprobe. Data collected from the IP, TCP, HTTP and HTML levels of the stack is integrated to identify the patterns of network activity involved in downloading whole Web pages: by using the links contained in HTML documents observed by the monitor, together with data extracted from the HTML headers of downloaded contained objects, the set of TCP connections used, and the way in which browsers use them, are studied as a whole. An analysis of the degree and distribution of delay is presented and contributes to the understanding of performance as perceived by the user. The effects of packet loss on whole page download times are examined, particularly those losses occurring early in the lifetime of connections before reliable estimations of round trip times are established. The implications of such early packet losses for pages downloads using persistent connections are also examined by simulations using the detailed data available.
5 5 Acknowledgements I must firstly acknowledge the very great contribution made by Micromuse Ltd., without whose financial support for three years it would not have been possible for me to undertake the research leading to this dissertation, and to the Computer Laboratory whose further support allowed me to complete it. Considerable thanks is due to my supervisor, Ian Leslie, for procuring my funding, for his advice and encouragement, his reading and re-reading of the many following chapters, his suggestions for improvement and, perhaps above all, his gift for identifying central issues on the occasions when I have become bogged down in the minutiae. Thanks also to Ian Pratt who is responsible for many of the concepts underlying the Nprobe monitor, and who has been an invaluable source of day-to day and practical advice and guidance. Although the work described here has been largely an individual undertaking, it could not have proceeded satisfactorily without the background of expertise, discussion, imaginative ideas and support provided by my past and present colleagues in the Systems Research Group. Special mention must be made of Derek McAuley who initially employed me, of Simon Cosby, who encouraged me to make the transition from research assistant to PhD student, and of James Bulpin for his ever-willing help in the area of system administration: to them, to Steve Hand, Tim Harris, Keir Fraser, Jon Crowcroft, Dickon Reed, Andrew Moore, and to all the others, I am greatly indebted. Many others in the wider community of the Computer Laboratory and University Computing Service have also made a valuable contribution: to Margaret Levitt for her encouragement over the years, to Chris Cheney and Phil Cross for their assistance in providing monitoring facilities, to Martyn Johnson and Piete Brookes for accommodating unusual demands upon the Laboratory s systems, and to many others, I offer my thanks. Thank you to those who have rendered assistance in proof-reading the final draft of this dissertation: to Anna Hamilton, and to some of those mentioned above you know who you are. Very special love and thanks goes to my wife, Jenny, whose continual encouragement and support has underpinned all of my efforts. She has taken on a vastly disproportionate share of our domestic and child-care tasks, despite her own work, and has endured much undeserved neglect to allow me to concentrate on my work. My love and a big thank-you also go to Charlie and Sam who have seen very much less of their daddy than they have deserved, and to Jo and Luke, my boys, with whom I have recently sunk fewer pints than I should. Finally, the rôle of an unlikely player deserves note. In the early 1980 s I was unwillingly conscripted into the ranks of Maggie s army the hundreds of thousands made unemployed in one of the cruelest and most regressive pieces of social engineering ever to be inflicted upon this country. For many it spelled unemployment for the remainder of their working lives. With time on my hands I embarked upon an Open University degree, the first step on a path which lead to the Computer Laboratory, the Diploma in Computer Science, and eventually to the writing of this dissertation I was one of the fortunate ones.
7 7 Table of Contents 1 Introduction 21 2 Background and Related Work 31 3 The Nprobe Architecture 45 4 Post-Collection Analysis of Nprobe Traces 79 5 Modelling and Simulating TCP Connections Non-Intrusive Estimation of Web Server Delays Using Nprobe Observation and Reconstruction of World Wide Web Page Downloads Page Download Times and Delay Conclusions and Scope for Future Work 193 A Class Generation with SWIG 201 B An Example of Trace File Data Retrieval 205 C Inter-Arrival Times Observed During Web Server Latency Tests 213 Bibliography 219
9 9 Contents Table of Contents 7 List of Figures 14 List of Tables 16 List of Code Fragments and Examples 17 List of Acronyms 18 1 Introduction Introduction Motivation The Value of Network Monitoring Passive and Active Monitoring Challenges in Passive Monitoring Multi-Protocol Monitoring and Analysis Interrelationship and Interaction of Protocols Widening the Definition of a Flow Towards a More Capable Monitor Aims Structure of the Dissertation Background and Related Work Data Collection Tools and Probes Wide-Deployment Systems System Management and Data Repositories Monitoring at Ten Gigabits per Second and Faster Integrated and Multi-Protocol Approaches Flows to Unknown Ports Measurement Accuracy Studies Based upon Passively Monitored Data A Brief Mention of some Seminal Studies Studies of World Wide Web Traffic and Performance Summary
10 10 Contents 3 The Nprobe Architecture Design Goals Design Overview Principal Components Rationale Implementation Packet Capture Scalability On-Line Packet Processing and Data Extraction Data Output Protocol Compliance and Robustness Error Handling, Identification of Phenomena of Interest and Feedback into the Design Trace and Monitoring Process Metadata Hardware and Deployment Probe Performance Security and Privacy Summary Post-Collection Analysis of Nprobe Traces A Generic Framework for Post-Collection Data Analysis Modularity and Task-Driven Design The Framework Components The Data Retrieval Interface Data Retrieval Components Data Retrieval Data Analysis Protocol Analysis Classes Discrete Protocol Analysis Protocol-Spanning Analysis Associative Analysis Classes Analysis Classes as Toolkit Components Accumulation of Analysis Results Memory Constraints Analysis Logs, Results and Presentation An Analysis Summary Tool Summaries of Analysis Results Visualisation The Data Plotter TCP Connection and Browser Activity Visualisation Visualisation as an Analysis Design Tool Assembling the Components Issues of Data Bulk, Complexity and Confidence Data Bulk The Anatomy of a Small Trace and Its Analysis Data and Analysis Complexity Determinants of Validity Indicators of Validity and Confidence in the Absence of Formal Proof Visualisation as an Informal Indicator of Confidence
11 Contents An Assessment of Python as the Analysis Coding Language Python and Object Orientation Difficulties Associated with the Use of Python Summary Modelling and Simulating TCP Connections Analytical Models The Limitations of Steady State Modelling Characterisation of TCP Implementations and Behaviour Analysis of Individual TCP Connections Modelling the Activity of Individual TCP Connections The Model as an Event Driven Progress Packet Transmission and Causality Monitor Position and Interpretation of Packet Timings Unidirectional and Bidirectional Data Flows Identifying and Incorporating Packet Loss Packet Re-Ordering and Duplication Slow Start and Congestion Avoidance Construction of the Activity Model Enhancement of the Basic Data-Liberation Model The Model Output Simulation of Individual TCP Connections Assessment of the Impact of Packet Loss Construction of the Simulation Simulation Output Visualisation Validation of Activity Models and Simulations Summary and Discussion Non-Intrusive Estimation of Web Server Delays Using Nprobe Motivation and Experimental Method Use of the Activity Model Assessment Using an Artificially Loaded Server Client and Local Server with Small Round Trip Times Client and Remote Server with Larger Round Trip Times HTTP/1.1 Persistent Connections Discussion of the Experimental Results Observation of Real Web Traffic to a Single Site Summary Observation and Reconstruction of World Wide Web Page Downloads The Desirability of Reconstructing Page Downloads The Anatomy of a Page Download Reconstruction of Page Download Activity Limitations of Packet-Header Traces Reconstruction Using Data from Multiple Protocol Levels Constructing the Reference Tree
12 12 Contents Referrers, Links and Redirection Multiple Links, Repeated Downloads and Browser Caching Aborted Downloads Relative References, Reference Scopes and Name Caching Self-Refreshing Objects Unresolved Connections and Transactions Multiple Browser Instances and Web Cache Requests Timing Data Integration with Name Service Requests Visualisation Web Traffic Characterisation Summary Page Download Times and Delay Factors Contributing to Overall Download Times The Contribution of Object Delay to Whole Page Download Times Differentiating Single Object and Page Delays Assessing the Degree of Delay The Distribution of Object Delay within a Page Download The Effect of Early Packet Loss on Page Download Time Delay in Downloading from a Site with Massive Early Packet Loss Comparison with a General Traffic Sample Implications of Early Packet Loss for Persistent Connections Summary Conclusions and Scope for Future Work Summary Assessment Conclusion The Original Contribution of this Dissertation Scope for Future Work Further Analysis of Web Activity Nprobe Development A Class Generation with SWIG 201 A.1 Interface Definition A.2 Tailoring Data Representation in the Interface B An Example of Trace File Data Retrieval 205 B.1 A Typical Data-Reading Function B.2 Use of Retrieval Interface Classes B.3 Using the FileRec Class to Minimize Memory Use C Inter-Arrival Times Observed During Web Server Latency Tests 213 C.1 Interpretation of Request and Response Inter-Arrival Times C.2 Inter-Arrival Times for Client and Local Server with Small Round Trip Times 214 C.3 Inter-Arrival Times for Client and Distant Server with Larger Round Trip Times216
13 Contents 13 C.3.1 Using Non-Persistent Connections C.3.2 Using Persistent Pipelined Connections Bibliography 219
14 14 List of Figures 2.1 The Windmill probe architecture Control flow of the BLT tool HTTP header extraction software The principal components of Nprobe Nprobe scalability Generalised state storage unit arrangement Nprobe data dump format Nprobe data analysis Data retrieval from Nprobe trace file records TCP connection visualisation Web browser activity visualisation Distribution of HTTP object sizes and number of delivery segments Distribution of server return codes Data liberations, ACK obligations, flights and rounds Causative packet associations, lags, application-level delays and partial round trip times Base, state and application-level models The effect of receiver acknowledgement strategies Calculation of bottleneck bandwidths Growth in rounds as a result of packet loss Local server: load, calculated server latency and prtt, and delay function Local server: detail of individual server delays Distant server: load, calculated server latency and prtt, and delay function Distant server with pipelined requests on a persistent connection: load, calculated server latency and prtt, and delay function Activity on a pipelined persistent connection Details of pipelined connection activity News server: calculated latency and prtt News server: measurement context Detail of a typical page download Close detail of Figure The complete page download Detail of download redirection A self-refreshing object
15 List of Figures The contribution of single object delays to overall page download time News server: whole page download times News server: server latency and prtts News server: components of early-loss delay The contribution of early delay to page downloads using persistent connections Page download times for the pages downloaded from the news site using simulated persistent connections A.1 SWIG Trace file interface generation C.1 Local server: inter-arrival times C.2 Distant server: inter-arrival times
16 16 List of Tables 3.1 Serialization delays for a range of packet payload sizes The anatomy of a small trace Principal distinctions between tcpanaly and the activity model Calculation of additional latency in pipelined request bursts Summary of delays and cumulative object delays News site: summary of page download times Traces 2 4: summary of page download times News site: summary of trace and delays Summary of trace and delays: Traces 2 4 (general Web traffic)
17 17 List of Code Fragments and Examples 3.1 Encapsulation of extracted data Recording variable-length data Stepping through pipelined HTTP connections HTML links buffer and management structures Grouping packets into flights B.1 Trace file data retrieval B.2 Instantiation and reuse of retrieval interface classes B.3 Minimizing memory use by storing record locations
18 18 List of Acronyms AMP ATM BGP BLT vbns BPF C CAIDA CDN CGI CPA CPU CWND DAG DAU DNS DRR ECN FDDI FTP Gbps GPS Active Measurement Project (NLANR) Asynchronous Transfer Mode Border Gateway Protocol Bi-Layer Tracing Very High Performance Backbone Network Service Berkeley Packet Filter The C Programming Language Cooperative Association for Internet Data Analysis Content Distribution Network Common Gateway Interface Critical Path Analysis Central Processing Unit Congestion WiNDow (TCP) Directed Acyclic Graph Data Association Unit (Nprobe) Domain Name Service Data Reduction Ratio Explicit Congestion Notification Fiber Distributed Data Interface File Transfer Protocol Gigabits per second Global Positioning System
19 List of Acronyms 19 HPC HTML HTTP IAB ICMP IGMP I/O IP IPMON IPSE ISP IW High Performance Connection (Networks) Hypertext Markup Language Hypertext Transfer Protocol Instantaneous ACK Bandwidth (TCP) Internet Control Message Protocol Internet Group Management Protocol Input/Output Internet Protocol IP MONitoring Project (Sprintlabs) Internet Protocol Scanning Engine Internet Service Provider Initial Window (TCP) SuperJANET United Kingdom Joint Academic NETwork LAN LLC MAC MBps Mbps MIB MSS NAI NDA NFS NIC NIMI NLANR OCx PC PCI Local Area Network Logical Link Control Media Access Control Megabytes per second Megabits per second Management Information Base Maximum Segment Size (TCP) Network Analysis Infrastructure Non Disclosure Agreement Network Filing System Network Interface Card National Internet Measurement Infrastructure (NLANR) National Laboratory for Applied Network Research Optical Carrier level x Personal Computer Peripheral Component Interconnect
20 20 List of Acronyms PDT PMA POP QOS RAID RFC RLP RTSP RTT prtt SACK SMTP SNMP SONET SSTHRESH SSU SWIG TCP UCCS UDP URI URL WAN WAWM WWW Payload Delivery Time (TCP) Passive Measurement and Analysis (NLANR) Point of Presence Quality of Service Redundant Array of Inexpensive Disks Request for Comment Radio Link Protocol Real Time Streaming Protocol Round Trip Time partial Round Trip Time Selective ACKnowledgement (TCP) Simple Mail Transfer Protocol Simple Network Management Protocol Synchronous Optical NETwork Slow-Start THRESHold (TCP) State Storage Unit (Nprobe) Simplified Wrapper and Interface Generator Transmission Control Protocol University of Cambridge Computing Service User Datagram Protocol Uniform Resource Indicator Uniform Resource Locator Wide Area Network Wide Area Web Measurement Project World Wide Web
21 Chapter 1 Introduction Computer networks in general, whether serving the local, medium or wide area, and in particular, the globally spanning aggregation known as the Internet (henceforth referred to simply as the network) remain in a period of unprecedented and exponential growth. This growth is not only in terms of the number of communicating hosts, links and switching or routing nodes; but also encompasses new technologies and modes of use, new demands and expectations by users, and new protocols to support and integrate the functioning of the whole. Heavy demands are made by new overlaying technologies (e.g. streamed audio and video) which carry with them additional requirements for timely delivery and guaranteed loss rates the concept of Quality of Service (QOS) becomes significant; the growth of distributed computing makes new demands in terms of reliability. Sheer growth in the size of the network and volume of traffic carried places strain on the existing infrastructure and drives new physical technologies, routing paradigms and management mechanisms. Within this context the ability to observe the dynamic functioning of the network becomes critical. The complexity of interlocking components at both physical and abstract levels has outstripped our capacity to properly understand how they inter-operate, or to exactly predict the outcome of changes to existing, or the introduction of new, components. 1.1 Introduction The thesis of this dissertation may be summarised thus: observation of the network and the study of its functioning have relied upon tools which, largely for practical reasons, are of limited capability. Research relying upon these tools may in consequence be restricted in its scope or accuracy, or even determined, by the bounded set of data which they can make available. New tools and techniques are needed which, by providing a richer set of data, will contribute to enhanced understanding of application performance and the system as a whole, its constituent components, and in particular the interaction of the sub-systems represented by the network protocol stack.
22 22 Introduction The hypothesis follows that such improved tools are feasible, and is tested by the design and implementation of a new monitoring architecture Nprobe which is then used in two case studies which would not have been possible without such a tool. 1.2 Motivation This section outlines the motivation underlying passive network monitoring and the development of more capable tools by which it can be carried out. The following sections (1.3 and 1.4) introduce the desirability of monitoring a wider range of protocols and suggest the attributes desirable in a monitor which would have this capability The Value of Network Monitoring The term network monitoring describes a range of techniques by which it is sought to observe and quantify exactly what is happening in the network, both on the microcosmic and macrocosmic time scales. Data gathered using these techniques provides an essential input towards: Performance tuning: identifying and reducing bottlenecks, balancing resource use, improving QOS and optimising global performance. Troubleshooting: identifying, diagnosing and rectifying faults. Planning: predicting the scale and nature of necessary additional resources. Development and design of new technologies: Understanding of current operations and trends motivates and directs the development of new technologies. Characterisation of activity to provide data for modelling and simulation in design and research. Understanding and controlling complexity: to understand the interaction between components of the network and to confirm that functioning, innovation, and new technologies perform as predicted and required. The introduction of persistent HTTP connections, for instance, was found in some cases to reduce overall performance [Heidemann97a]. Identification and correction of pathological behaviour Passive and Active Monitoring The mechanisms employed to gather data from the network are classified as passive or active, although both may be used in conjunction.
23 1.2 Motivation Passive Monitoring Passively monitored data is collected from some element of a network in a non-intrusive manner. Data may be directly gathered from links on-line monitoring using probes 1 (e.g. tcpdump) to observe passing traffic, or from attached hosts (usually routers/switches or servers, e.g. netflow [Cisco-Netflow], Hypertext Transfer Protocol (HTTP) server logs). In the first case the data may be collected in raw form (i.e. the unmodified total or part content of passing packets) or may be summarised (e.g. as protocol packet headers). All or a statistical sample of the traffic may be monitored. In the second case the data is most commonly a summary of some aspect of the network traffic seen, or server activity (e.g. traffic flows [netflow], Web objects served, or proportion of cache hits). Data thus collected is typically stored for later analysis, but may be the subject of real-time analysis, or forwarded to collection/analysis servers for further processing. The strength of passive monitoring is that no intrusion is made into the traffic/events being monitored, and further in the case of on-line monitoring by probes attached to a network attached directly to network links that the entire set of data concerning the network s traffic and functioning is potentially available. The weakness, particularly as network bandwidths and the volume of traffic carried increase, is that it becomes difficult to keep up with the passing traffic (in the processing power required both to collect the data and to carry out any contemporaneous processing) and that the volume of data collected becomes unmanageable Active Monitoring Active network monitoring, on the other hand, is usually concerned with investigating some aspect of the network s performance or functioning by means of observing the effects of injecting traffic into the network. Injected traffic takes the form appropriate to the subject of investigation (e.g. Internet Control Message Protocol (ICMP) ping packets to establish reachability, HTTP requests to monitor server response times). The data gathered is largely pertinent only to the subject of investigation, and may be discarded at the time of collection, or may be stored for global analysis. Specificity of injected traffic and results may limit the further usefulness of the data gathered. There is always the risk that the injected traffic, being obtrusive, may in itself colour results or that incorrect or inappropriate framing may produce misleading data Challenges in Passive Monitoring When considering passive monitoring, issues of maximising potential information yield and minimising data loss arise. 1 Here and elsewhere in this dissertation the term probe is used to describe a data capture software system, and the computer on which it runs, connected to a network for monitoring purposes.
3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel
Experiences with a Multi-Protocol network monitor Andrew Moore Intel Research Fellow Computer Laboratory University of Cambridge In collaboration with: Ian Pratt, Jon Crowcroft, James Hall, Tim Granger,
Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected
Infrastructure for active and passive measurements at 10Gbps and beyond Best Practice Document Produced by UNINETT led working group on network monitoring (UFS 142) Author: Arne Øslebø August 2014 1 TERENA
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
Protocols Precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet Protocol (bottom level) all packets shipped from network to network as IP packets
Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.
Cisco Bandwidth Quality Manager 3.1 Product Overview Providing the required quality of service (QoS) to applications on a wide-area access network consistently and reliably is increasingly becoming a challenge.
Layer 3 Network + Dedicated Internet Connectivity Client: One of the IT Departments in a Northern State Customer's requirement: The customer wanted to establish CAN connectivity (Campus Area Network) for
Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements
Key Components of WAN Optimization Controller Functionality Introduction and Goals One of the key challenges facing IT organizations relative to application and service delivery is ensuring that the applications
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
PART OF THE PICTURE: The / Communications Architecture 1 PART OF THE PICTURE: The / Communications Architecture BY WILLIAM STALLINGS The key to the success of distributed applications is that all the terminals
1 VMWARE WHITE PAPER Introduction This paper outlines the considerations that affect network throughput. The paper examines the applications deployed on top of a virtual infrastructure and discusses the
TECHNICAL NOTE VMware Infrastructure 3 SAN Conceptual and Design Basics VMware ESX Server can be used in conjunction with a SAN (storage area network), a specialized high speed network that connects computer
CHAPTER 2 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 22 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 2.1 INTRODUCTION As the main emphasis of the present research work is on achieving QoS in routing, hence this
Computer Networks CS321 Dr. Ramana I.I.T Jodhpur Dr. Ramana ( I.I.T Jodhpur ) Computer Networks CS321 1 / 22 Outline of the Lectures 1 Introduction OSI Reference Model Internet Protocol Performance Metrics
Sage ERP Accpac Online Mac Resource Guide Thank you for choosing Sage ERP Accpac Online. This Resource Guide will provide important information and instructions on how you can get started using your Mac
Sage 300 ERP Online (Formerly Sage ERP Accpac Online) Mac Resource Guide Updated June 1, 2012 Page 1 Table of Contents 1.0 Introduction... 3 2.0 Getting Started with Sage 300 ERP Online using a Mac....
Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls
Improving the Performance of TCP Using Window Adjustment Procedure and Bandwidth Estimation R.Navaneethakrishnan Assistant Professor (SG) Bharathiyar College of Engineering and Technology, Karaikal, India.
COMPUTER NETWORKS NETWORK ARCHITECTURE AND PROTOCOLS The Need for Standards Computers have different architectures, store data in different formats and communicate at different rates Agreeing on a particular
TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) *Slides adapted from a talk given by Nitin Vaidya. Wireless Computing and Network Systems Page
IP Telephony Contact Centers Mobility Services WHITE PAPER Avaya ExpertNet Lite Assessment Tool April 2005 avaya.com Table of Contents Overview... 1 Network Impact... 2 Network Paths... 2 Path Generation...
Using TrueSpeed VNF to Test TCP Throughput in a Call Center Environment TrueSpeed VNF provides network operators and enterprise users with repeatable, standards-based testing to resolve complaints about
Core Syllabus C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS Version 2.6 June 2006 EUCIP CORE Version 2.6 Syllabus. The following is the Syllabus for EUCIP CORE Version 2.6, which
Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to
Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions
TCP/IP Protocol Suite Marshal Miller Chris Chase Robert W. Taylor (Director of Information Processing Techniques Office at ARPA 1965-1969) "For each of these three terminals, I had three different sets
Objectives of Lecture Network Architecture Show how network architecture can be understood using a layered approach. Introduce the OSI seven layer reference model. Introduce the concepts of internetworking
Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network
Data Communication Networks and Converged Networks The OSI Model and Encapsulation Layer traversal through networks Protocol Stacks Converged Data/Telecommunication Networks From Telecom to Datacom, Asynchronous
IP SAN Best Practices A Dell Technical White Paper PowerVault MD3200i Storage Arrays THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES.
Allocating Network Bandwidth to Match Business Priorities Speaker Peter Sichel Chief Engineer Sustainable Softworks email@example.com MacWorld San Francisco 2006 Session M225 12-Jan-2006 10:30 AM -
White Paper Synopsis of the Data Streaming Logical Specification (Phase I) Based on: RapidIO Specification Part X: Data Streaming Logical Specification Rev. 1.2, 08/2004 Abstract The Data Streaming specification
D A N T E I N P R I N T #10 Technical Options for a European High-Speed Backbone Michael Behringer This paper was presented by Michael Behringer at JENC, the annual conference of TERENA (RARE), held in
Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer
Lecture 1 An Introduction to Networking Chapter 1, pages 1-22 Dave Novak BSAD 146, Introduction to Networking School of Business Administration University of Vermont Lecture Overview Brief introduction
Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office
Part I: The problem specifications NTNU The Norwegian University of Science and Technology Department of Telematics Note! The problem set consists of two parts: Part I: The problem specifications pages
52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
TECHNOLOGY CONNECTED Advances with System Area Network Speeds Data Transfer between Servers with A new network switch technology is targeted to answer the phenomenal demands on intercommunication transfer
Service Definition Introduction This Service Definition describes Nexium s from the customer s perspective. In this document the product is described in terms of an overview, service specification, service
Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with
Local Area What s a LAN? A transmission system, usually private owned, very speedy and secure, covering a geographical area in the range of kilometres, comprising a shared transmission medium and a set
Performance Management for Next- Generation Networks Definition Performance management for next-generation networks consists of two components. The first is a set of functions that evaluates and reports
Requirements of Voice in an IP Internetwork Real-Time Voice in a Best-Effort IP Internetwork This topic lists problems associated with implementation of real-time voice traffic in a best-effort IP internetwork.
Dissertation Title: SOCKS5-based Firewall Support For UDP-based Application Author: Fung, King Pong MSc in Information Technology The Hong Kong Polytechnic University June 1999 i Abstract Abstract of dissertation
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
Measuring IP Performance Geoff Huston Telstra What are you trying to measure? User experience Responsiveness Sustained Throughput Application performance quality Consistency Availability Network Behaviour
Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com
http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, firstname.lastname@example.org Abstract The growing
Names & Addresses EE 122: IP Forwarding and Transport Protocols Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ (Materials with thanks to Vern Paxson, Jennifer Rexford, and colleagues at UC Berkeley)
1 Network Reference Models - OSI Reference Model - A computer network connects two or more devices together to share information and services. Multiple networks connected together form an internetwork.
Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the
Leased Line + Remote Dial-in connectivity Client: One of the TELCO offices in a Southern state. The customer wanted to establish WAN Connectivity between central location and 10 remote locations. The customer
Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified
NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,
Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Introduction to Communications Networks Communications networks Communications networks are used to transport information (data)
PRAMAK 1 Optimizing Data Center Networks for Cloud Computing Data Center networks have evolved over time as the nature of computing changed. They evolved to handle the computing models based on main-frames,
Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
Tool Optimization Technical Brief Benefits Extend the usage life of tools and avoid costly upgrades Increase the accuracy and results of data analysis Extend capacity of storage media by optimizing data
Transparent Optimization of Grid Server Selection with Real-Time Passive Network Measurements Marcia Zangrilli and Bruce Lowekamp Overview Grid Services Grid resources modeled as services Define interface
Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols
Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic
White Paper Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services What You Will Learn IT departments are increasingly relying on best-in-class
PASSIVE MONITORING OF INTERNET TRAFFIC AT SUPERCOMPUTING 98 Brynjar Åge Viken e mail: email@example.com, firstname.lastname@example.org National Laboratory for Applied Network Research, Measurement and Operations
Overview of TCP/IP System Administrators and network administrators Why networking - communication Why TCP/IP Provides interoperable communications between all types of hardware and all kinds of operating
Network Management Basics > FCAPS Model Chapter 18. Network Management Basics This chapter covers the following topics: FCAPS Model Network Management Architecture Network Management Protocols An Introduction
Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop R. David Idol Department of Computer Science University of North Carolina at Chapel Hill email@example.com http://www.cs.unc.edu/~mxrider
Quantum StorNext Product Brief: Distributed LAN Client NOTICE This product brief may contain proprietary information protected by copyright. Information in this product brief is subject to change without
AKAMAI WHITE PAPER Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling Delivering Dynamic Web Content in Cloud Computing Applications 1 Overview
Table of contents 1 Quality of Service...3 1.1 What is QoS?...3 1.2 Requirements for QoS...3 1.3 A QoS network scenario...3 2 QoS models...4 2.1 The IntServ model...4 2.2 The DiffServ model...5 2.3 The
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Chair for
Computer Networks A group of two or more computer systems linked together. There are many [types] of computer networks: Peer To Peer (workgroups) The computers are connected by a network, however, there