# Limitations of Packet Measurement

Save this PDF as:

Size: px
Start display at page:

## Transcription

1 Limitations of Packet Measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing faster: Move to kernel space Distributed collection & processing Dedicated hardware

2 Sampling For packet-based measurements: Systematic sampling (every nth) (bad!) Random sampling: n-to-n sampling Dynamic sampling: e.g. sample big flows more often For flow-based measurements, too! Packet sampling Flow sampling SURFnet: netflow with 1:100 packet sampling

3 Estimating Distributions From Sample Statistics How to reverse the effects of sampling? Example: 1. Create flows based on packets sampled with ratio 1:10 2. Observe flows with byte size b 1,b 2,b 3, 3. What were the original byte sizes b 1,b 2,b 3,? 4. Estimation: b i = 10 b 1 5. Right?

4 Sampling Error How does sampling influence the results? (sampling error) Results are only statistical estimations with a certain confidence Depends on many factors: Nature of data (packets or flows) Sampling method (periodic, random, ) Sampling rate Characteristics of the sampled process (distribution, )

5 Sampled Flows A flow could be splitted into two: Original packet sequence: a b c d e Assume: Time between b and d larger than timeout used by flow collector to determine end of flow If c is not sampled: two flows ab and de! High sampling ratio: Small flows have a significant probability not to be sampled at all Result is biased towards large flows Periodic sampling: Fails if periodicities in the data Example: back-to-back communications

6 Example: Flows with Periodic Sampling (from: Estimating Flow Distributions from Sampled Flow Statistics, 2003)

7 Example: Sampling Small Flows (from: Estimating Flow Distributions from Sampled Flow Statistics, 2003)

8 Limitations of packet measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing faster: Move to kernel space Distributed collection & processing Dedicated hardware

9 Dedicated Hardware Exist for packet measurements and flow measurements Jobs that could be handled by hardware: Protocol analysis (analysis of IP packet payload) Filtering (as a pre-processing step) Analysis (run analysis algorithms over the packet) For flows: building flow records

10 How Flow Exporters Work 1 When packet arrives: 1. Calculate hash value for packet 2. Lookup in hash table whether flow exists Yes: update flow information (number of bytes, packets, ) No: create new flow entry Entry from table is removed and flow record is exported if Inactivity Timeout: no new packets for a flow since x seconds Activity Timeout: flow is active but older than y seconds Flow record Flow

11 How Flow Exporters Work 2 Usually more complex: Out of memory: forced flow export Don t export single flow records: wait until several flows records are ready for export Cache levels Can be implemented in software or hardware Loss of data: Packet arrival rate too high Flow export rate too high

12 Example: Hardware Flow Exporter From: Hardware-accelerated flow exporter FlowMon: The accelerated model can capture 6 million packets/s providing full 4 x 1 Gbps throughput under all conditions.

13 Storing and Processing Traffic Measurements

14 Storing and Processing Traffic Measurements UT, 2007: Average bandwidth: 652 Mb/s Maximum bandwidth: 1010 Mb/s Volume (packets): 21.6 TB in 2 days Flows (no sampling): 983 Million flows in 2 day Surfnet, 2007: Average bandwidth: 7730 Mb/s Maximum bandwidth: Mb/s Volume (packets): TB in 2 days Flows (1:100 sampling): Million flows in 2 days

15 Online vs. Offline Analysis Online: process data continuously, faster than arrival rate. Often, only a portion of the data (last n seconds) or no data at all is stored Simple example: protocol usage statistics Offline: store data and analyze it afterwards Needed if restriction on time (analysis algorithm too complex) or space (large amounts of data to be analyzed)

16 Nfsen Combination of offline and online approach Graphical web-based front end for nfdump netflow tools Flow data exported by router(s) is collected by capture deamon(s) and stored in round robin database(s) in pieces of several minutes Nfdump/nfsen allow to browse, search, filter, etc. (syntax similar to tcpdump) Profiles supported Extendable by plugins

17 Nfsen: Screenshot (from: nfsen.sourceforge.net)

18 Nfsen: Plugins

19 Relational Databases Advantages: Standard software Performant server-side processing of queries (stored procedures) Use existing interfaces to programming languages Example of SQL query: SELECT ipv4_dst,count(*) c FROM data WHERE port_dst=80 AND protocol=6 GROUP BY ipv4_dst ORDER BY c DESC

20 Relational Databases: Example Netflow data of UT measurement (2 days) stored in MySQL database MyISAM engine (transactions, constraints, etc. not needed) Table: Columns: start/end time, IP src/dst, port src/dst, protocol, Data size: 49.6 GB ~ 53 Bytes/row In total 10 indexes: start time, src, dst, Total index size: 86.9 GB

21 Distributed Relational Databases MySQL cluster (from: MySQL reference manual)

22 Stream databases Continuous sequence of data instead of tables Queries operate on streams and return a table by applying a sliding window to the input or again a stream. Example: GSQL query in Gigascope SELECT tb, srcip, sum(len) FROM IPv4 WHERE protocol=6 GROUP BY time/60 as tb, srcip HAVING count(*)>5 Speed: several Gbs

23 Temporal Aggregation Temporal aggregation is a basic operation in data processing Example: A plot showing the number of transfered bytes for each month of the year Expensive operation if all data (every packet, every flow, ) is stored Simple solution: calculate aggregates (sums, ) online and only store the results But: which granularity to use? Fine: too much data Coarse: usefulness limited

24 Temporal Aggregation Using Multiple Granularities From: Temporal Aggregation over Data Streams using Multiple Granularities, Zhang et al., Idea: Recent data more interesting than old data use different granularities for old and recent data Maintain different indexes for each segment, integrated as a unified index

25 Adaptive Aggregation No fixed aggregation granularity A new measurement record is created if value aggregated so far differs from last measurement record by a given Example: (from: Adaptive Distributed Monitoring with Accuracy Objectives, 2006)

26 Hadoop, Google s MapReduce Designed to run on hundred or thousands of nodes Execution: 1. Data is split into pieces and distributed over nodes ( splits ) 2. Worker processes read data from splits and apply the map function. Result: (key,value) pairs. 3. Worker processes sort the intermediate data according to the key and apply the reduce function to each set of values with same key. Result: output data. 4. (Do another MapReduce call)

27 MapReduce: Example Data: flow data Goal: count number of flows per source IP address Map: Emit a pair (key=source IP,value=1) for each flow record in a split Reduce: For all pairs with same source IP, sum up the values. Result data: list of pairs (source IP,total count)

28 Hadoop, Google s MapReduce: Overview (from: MapReduce: Simplified Data Processing on Large Clusters, OSDI 04)

29 Many other approaches P2P-based distributed analysis Flow record query language (Jacobs University Bremen)

30 Network Tomography and Geolocation

31 Network Tomography Learn the internal characteristics of a network from external observations Why in that way? Internal data is often not available. Example:Internet Decentralized management Splitted up in subnetworks Examples: Bandwidth estimation Topology identification

32 Bandwidth Estimation Applications of bandwidth estimation: Network administrator: find bottlenecks, find corrupt lines, Video streaming: adapt compression rate P2P: find best peer

33 Bandwidth Estimation with Packet Pair Probing

34 Topology Identification Determine the topology of the network Applications of topology identification: Optimize routing Optimize virtual overlay networks (e.g. P2P) Optimize data delivery: What is the closest cache server to this particular client? Attacks Simple way: traceroute (only works if the network cooperates)

35 Topology Identification with Sandwich Probe Measurement (from: Maximum Likelihood Network Topology Identification from Edge-based Unicast Measurements, 2002)

36 Topology Identification with Sandwich Probe Measurement Every link shared by the paths from the start node to the two destination nodes will increase d Approach: 1. Make many measurements from one start node to several destination nodes 2. Use statistical techniques to calculate the most probable tree connecting the start nodes with the destination nodes Assumption: cross-traffic has zero-mean effect

37 Geolocation Identify the real-world geographical location of a network host Sources of information: IP address, GPS (if available), WiFi Applications: Provide location-specific information to user (where is the next...?) Tracking (parcel tracking, criminal prosecution, ) Advertisement Simple approach: map IP address to geographical location

38 Geolocation with CBG Idea: measure delays to reference hosts with known position (from: Constraint-Based Geolocation of Internet Hosts, 2004)

39 WiFi-based Geolocation of Internet Hosts Approach: Companies collect information on geographical positions of WiFi networks (Skyhook, Google Streetview cars, ) Client sends list of WLANs that it currently receives to the service provider Geographical position is calculated + also works inside buildings + no special hardware (GPS) required - requires dense deployment of WiFi

### 8. 網路流量管理 Network Traﬃc Management

8. 網路流量管理 Network Traﬃc Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error

### Introduction to Netflow

Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

### NfSen Plugin Supporting The Virtual Network Monitoring

NfSen Plugin Supporting The Virtual Network Monitoring Vojtěch Krmíček krmicek@liberouter.org Pavel Čeleda celeda@ics.muni.cz Jiří Novotný novotny@cesnet.cz Part I Monitoring of Virtual Network Environments

### Beyond Monitoring Root-Cause Analysis

WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based

### Watch your Flows with NfSen and NFDUMP 50th RIPE Meeting May 3, 2005 Stockholm Peter Haag

Watch your Flows with NfSen and NFDUMP 50th RIPE Meeting May 3, 2005 Stockholm Peter Haag 2005 SWITCH What I am going to present: The Motivation. What are NfSen and nfdump? The Tools in Action. Outlook

### Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop R. David Idol Department of Computer Science University of North Carolina at Chapel Hill david.idol@unc.edu http://www.cs.unc.edu/~mxrider

### Network congestion control using NetFlow

Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.

### NetFlow Performance Analysis

NetFlow Performance Analysis Last Updated: May, 2007 The Cisco IOS NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device. Network

### Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

### J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring

### GPU-Based Network Traffic Monitoring & Analysis Tools

GPU-Based Network Traffic Monitoring & Analysis Tools Wenji Wu; Phil DeMar wenji@fnal.gov, demar@fnal.gov CHEP 2013 October 17, 2013 Coarse Detailed Background Main uses for network traffic monitoring

### Network Monitoring and Traffic CSTNET, CNIC

Network Monitoring and Traffic Analysis in CSTNET Chunjing Han Aug. 2013 CSTNET, CNIC Topics 1. The background of network monitoring 2. Network monitoring protocols and related tools 3. Network monitoring

### Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,

### NetFlow-Lite offers network administrators and engineers the following capabilities:

Solution Overview Cisco NetFlow-Lite Introduction As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require

### Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

### Internet Infrastructure Measurement: Challenges and Tools

Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with

### Practical Experience with IPFIX Flow Collectors

Practical Experience with IPFIX Flow Collectors Petr Velan CESNET, z.s.p.o. Zikova 4, 160 00 Praha 6, Czech Republic petr.velan@cesnet.cz Abstract As the number of Internet applications grows, the number

### Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump www.enisa.europa.eu Agenda Intro to netflow Metrics Toolbox (Nfsen + Nfdump) Demo www.enisa.europa.eu 2 What is Netflow Netflow = Netflow

### WAN Optimization, Web Cache, Explicit Proxy, and WCCP. FortiOS Handbook v3 for FortiOS 4.0 MR3

WAN Optimization, Web Cache, Explicit Proxy, and WCCP FortiOS Handbook v3 for FortiOS 4.0 MR3 FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP v3 13 January 2012 01-433-96996-20120113

### Network Traffic Analysis using HADOOP Architecture. Zeng Shan ISGC2013, Taibei zengshan@ihep.ac.cn

Network Traffic Analysis using HADOOP Architecture Zeng Shan ISGC2013, Taibei zengshan@ihep.ac.cn Flow VS Packet what are netflows? Outlines Flow tools used in the system nprobe nfdump Introduction to

### Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools William Yurcik* Yifan Li SIFT Research Group National Center for Supercomputing Applications (NCSA) University of Illinois at

### Connecting North Carolina s Future Today. Application Monitoring: ClassScape Case Study. NCSU Centennial Networking Lab

Connecting North Carolina s Future Today Application Monitoring: ClassScape Case Study John Bass NCSU Centennial Networking Lab Carla S. Hunt MCNC 1 Overview About MCNC and the School Connectivity Initiative

### Beyond Monitoring Root-Cause Analysis

WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based

### First Midterm for ECE374 03/09/12 Solution!!

1 First Midterm for ECE374 03/09/12 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam

### nfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH

18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH Some operational questions, popping up now and then: Do you see this peek on port 445 as well? What caused this peek on your

### TCP - Introduction. Features of TCP

TCP - Introduction The Internet Protocol (IP) provides unreliable datagram service between hosts The Transmission Control Protocol (TCP) provides reliable data delivery It uses IP for datagram delivery

### Transport Layer Protocols

Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements

### Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

### Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

### Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

CEN 007C Computer Networks Fundamentals Instructor: Prof. A. Helmy Homework : Network Layer Assigned: Nov. 28 th, 2011. Due Date: Dec 8 th, 2011 (to the TA) 1. ( points) What are the 2 most important network-layer

### Chuck Cranor, Ted Johnson, Oliver Spatscheck

Gigascope: How to monitor network traffic 5Gbit/sec at a time. Chuck Cranor, Ted Johnson, Oliver Spatscheck June, 2003 1 Outline Motivation Illustrative applications Gigascope features Gigascope technical

### An overview of traffic analysis using NetFlow

The LOBSTER project An overview of traffic analysis using NetFlow Arne Øslebø UNINETT Arne.Oslebo@uninett.no 1 Outline What is Netflow? Available tools Collecting Processing Detailed analysis security

### Steelcape Product Overview and Functional Description

Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session

### MLPPP Deployment Using the PA-MC-T3-EC and PA-MC-2T3-EC

MLPPP Deployment Using the PA-MC-T3-EC and PA-MC-2T3-EC Overview Summary The new enhanced-capability port adapters are targeted to replace the following Cisco port adapters: 1-port T3 Serial Port Adapter

### Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.

### CS514: Intermediate Course in Computer Systems

: Intermediate Course in Computer Systems Lecture 7: Sept. 19, 2003 Load Balancing Options Sources Lots of graphics and product description courtesy F5 website (www.f5.com) I believe F5 is market leader

This video looks at how multiple network cards can be combined together to form one virtual network card. The examples used in this video are for Windows Server 2012 R2, however the principles apply to

### Advanced Computer Networks IN2097. 1 Dec 2015

Chair for Network Architectures and Services Technische Universität München Advanced Computer Networks IN2097 1 Dec 2015 Prof. Dr.-Ing. Georg Carle Chair for Network Architectures and Services Department

### Big Data Technology Map-Reduce Motivation: Indexing in Search Engines

Big Data Technology Map-Reduce Motivation: Indexing in Search Engines Edward Bortnikov & Ronny Lempel Yahoo Labs, Haifa Indexing in Search Engines Information Retrieval s two main stages: Indexing process

### Network Traffic Monitoring & Analysis with GPUs

Network Traffic Monitoring & Analysis with GPUs Wenji Wu, Phil DeMar wenji@fnal.gov, demar@fnal.gov GPU Technology Conference 2013 March 18-21, 2013 SAN JOSE, CALIFORNIA Background Main uses for network

### Router Construction. Workstation-Based. Switching Hardware Design Goals throughput (depends on traffic model) scalability (a function of n) Buffering

Workstation-Based Outline Router Construction Switched Fabrics IP Routers Tag Switching Aggregate bandwidth 1/2 of the I/O bus bandwidth capacity shared among all hosts connected to switch example: 1Gbps

### Analyzing 6LoWPAN/ZigBeeIP networks with the Perytons Protocol Analyzer May, 2012

Analyzing 6LoWPAN/ZigBeeIP networks with the Perytons Protocol Analyzer May, 2012 Background While IP protocols are widely spread over broadband wireline and wireless communication means, transferring

### Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework

Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework Aryan TaheriMonfared Tomasz Wiktor Wlodarczyk Chunming Rong Department of Electrical Engineering and Computer Science University

### Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior

### Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently.

TLP:WHITE - Port Evolution Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently. Gerard Wagener 41, avenue de la Gare L-1611 Luxembourg Grand-Duchy

### Internet Management and Measurements Measurements

Internet Management and Measurements Measurements Ramin Sadre, Aiko Pras Design and Analysis of Communication Systems Group University of Twente, 2010 Measurements What is being measured? Why do you measure?

### and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

### Designing High Throughput Networking Silicon for Mobile Data Offload. Using Hardware IP to Accelerate Small Packet Data Streams in epdg

Designing High Throughput Networking Silicon for Mobile Data Offload Using Hardware IP to Accelerate Small Packet Data Streams in epdg INTRODUCTION Network processor design teams are faced with rapidly

### NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK

### PANDORA FMS NETWORK DEVICE MONITORING

NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,

### NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to

### Management of lambda paths

Management of lambda paths by Tiago Fioreze Supervisor: Aiko Pras Institution: University of Twente Outline You are here! Outline Background information Current management approaches Self-management of

### Software Defined Networks

Software Defined Networks Damiano Carra Università degli Studi di Verona Dipartimento di Informatica Acknowledgements! Credits Part of the course material is based on slides provided by the following authors

### Who is Generating all This Traffic?

Who is Generating all This Traffic? Network Monitoring in Practice Luca Deri Who s ntop.org? Started in 1998 as open-source monitoring project for developing an easy to use passive monitoring

### Gaining Operational Efficiencies with the Enterasys S-Series

Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction

### Abstract. 978-1-4244-3487-9/09/\$25.00 c 2009 IEEE

Abstract Network monitoring allows network managers to get a better insight in the network traffic transiting in a managed network. In order to make the tasks of a network manager easier, many network

### Understanding Slow Start

Chapter 1 Load Balancing 57 Understanding Slow Start When you configure a NetScaler to use a metric-based LB method such as Least Connections, Least Response Time, Least Bandwidth, Least Packets, or Custom

### PANDORA FMS NETWORK DEVICES MONITORING

NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,

### NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6

(Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means

### Securing and Accelerating Databases In Minutes using GreenSQL

Securing and Accelerating Databases In Minutes using GreenSQL Unified Database Security All-in-one database security and acceleration solution Simplified management, maintenance, renewals and threat update

### Stress Testing Switches and Routers

Stress Testing Switches and Routers Rev 4 How to perform a simple stress test on a Layer 2 switch device step-by-step. APPLICATION NOTE The Xena testers can verify traffic forwarding performance, protocol

### Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

### Application Delivery Networking

Application Delivery Networking. Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides and audio/video recordings of this class lecture are at: 8-1 Overview

### Log Management with Open-Source Tools. Risto Vaarandi SEB Estonia

Log Management with Open-Source Tools Risto Vaarandi SEB Estonia Outline Why use open source tools for log management? Widely used logging protocols and recently introduced new standards Open-source syslog

### Question: 3 When using Application Intelligence, Server Time may be defined as.

1 Network General - 1T6-521 Application Performance Analysis and Troubleshooting Question: 1 One component in an application turn is. A. Server response time B. Network process time C. Application response

### Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

### A Small-time Scale Netflow-based Anomaly Traffic Detecting Method Using MapReduce

, pp.231-242 http://dx.doi.org/10.14257/ijsia.2014.8.2.24 A Small-time Scale Netflow-based Anomaly Traffic Detecting Method Using MapReduce Wang Jin-Song, Zhang Long, Shi Kai and Zhang Hong-hao School

### Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy

Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy Objectives The purpose of this lab is to demonstrate both high availability and performance using virtual IPs coupled with DNS round robin

### The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands

The Ecosystem of Computer Networks Ripe 46 Amsterdam, The Netherlands Silvia Veronese NetworkPhysics.com Sveronese@networkphysics.com September 2003 1 Agenda Today s IT challenges Introduction to Network

Load Balanced Performance A KEY INGREDIENT FOR FAST, RELIABLE APPLICATIONS Key Attributes Applications have become the center of the business world. We rely on them to reach customers, build products,

### Monitoring and analyzing audio, video, and multimedia traffic on the network

Monitoring and analyzing audio, video, and multimedia traffic on the network Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia AMRES Academic Network of Serbia RCUB - Belgrade University

### Securing and Monitoring BYOD Networks using NetFlow

Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine

### Overview of Network Traffic Analysis

Overview of Network Traffic Analysis Network Traffic Analysis identifies which users or applications are generating traffic on your network and how much network bandwidth they are consuming. For example,

### Using IPM to Measure Network Performance

CHAPTER 3 Using IPM to Measure Network Performance This chapter provides details on using IPM to measure latency, jitter, availability, packet loss, and errors. It includes the following sections: Measuring

### How Comcast Built An Open Source Content Delivery Network National Engineering & Technical Operations

How Comcast Built An Open Source Content Delivery Network National Engineering & Technical Operations Jan van Doorn Distinguished Engineer VSS CDN Engineering 1 What is a CDN? 2 Content Router get customer

### From GWS to MapReduce: Google s Cloud Technology in the Early Days

Large-Scale Distributed Systems From GWS to MapReduce: Google s Cloud Technology in the Early Days Part II: MapReduce in a Datacenter COMP6511A Spring 2014 HKUST Lin Gu lingu@ieee.org MapReduce/Hadoop

### Introduction to Local Area Networks

For Summer Training on Computer Networking visit Introduction to Local Area Networks Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Introduction A local

### Integrated Traffic Monitoring

61202880L1-29.1F November 2009 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of

### The Value of Flow Data for Peering Decisions

The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this

### Application Latency Monitoring using nprobe

Application Latency Monitoring using nprobe Luca Deri Problem Statement Users demand services measurements. Network boxes provide simple, aggregated network measurements. You cannot always

### MikroTik RouterOS Workshop Load Balancing Best Practice. Warsaw MUM Europe 2012

MikroTik RouterOS Workshop Load Balancing Best Practice Warsaw MUM Europe 2012 MikroTik 2012 About Me Jānis Meģis, MikroTik Jānis (Tehnical, Trainer, NOT Sales) Support & Training Engineer for almost 8

### Scala Storage Scale-Out Clustered Storage White Paper

White Paper Scala Storage Scale-Out Clustered Storage White Paper Chapter 1 Introduction... 3 Capacity - Explosive Growth of Unstructured Data... 3 Performance - Cluster Computing... 3 Chapter 2 Current

### Routing Protocols OSPF CHAPTER. The following topics describe supported routing protocols. Topics include OSPF, page 9-1 IS-IS Protocol, page 9-3

CHAPTER 9 The following topics describe supported routing protocols. Topics include OSPF, page 9-1 IS-IS Protocol, page 9-3 OSPF Open Shortest Path First (OSPF) is a link state Internet routing protocol.

### NETWORK TRAFFIC ANALYSIS: HADOOP PIG VS TYPICAL MAPREDUCE

NETWORK TRAFFIC ANALYSIS: HADOOP PIG VS TYPICAL MAPREDUCE Anjali P P 1 and Binu A 2 1 Department of Information Technology, Rajagiri School of Engineering and Technology, Kochi. M G University, Kerala

### Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking

Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking Burjiz Soorty School of Computing and Mathematical Sciences Auckland University of Technology Auckland, New Zealand

### NFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag

NFSEN - Update 13th TF-CSIRT Meeting 23. September 2004 Malta Peter Haag 2004 SWITCH NFSEN ( NetFlow Sensor ) 12th TF-CSIRT Meeting Hamburg: 2004 SWITCH 2 NFSEN http://www.terena.nl/tech/task-forces/tf-csirt/meeting12/nfsen-haag.pdf

### IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine

1 IP - The Internet Protocol Magda El Zarki Dept. of CS UC Irvine Email: elzarki@uci.edu http://www.ics.uci.edu/~magda 2 Overview IP (Internet Protocol) is a Network Layer Protocol. Several versions most

### Netflow For Incident Detection 1

Netflow For Incident Detection 1 Michael Scheck / Cisco CSIRT mscheck@cisco.com Introduction Netflow is often deployed for network billing, auditing, and accounting. However, Netflow can also be for incident

### NetFlow Analysis with MapReduce

NetFlow Analysis with MapReduce Wonchul Kang, Yeonhee Lee, Youngseok Lee Chungnam National University {teshi85, yhlee06, lee}@cnu.ac.kr 2010.04.24(Sat) based on "An Internet Traffic Analysis Method with

### 5 Performance Management for Web Services. Rolf Stadler School of Electrical Engineering KTH Royal Institute of Technology. stadler@ee.kth.

5 Performance Management for Web Services Rolf Stadler School of Electrical Engineering KTH Royal Institute of Technology stadler@ee.kth.se April 2008 Overview Service Management Performance Mgt QoS Mgt

### Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004

5 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004 1 43 Last lecture Lecture room hopefully all got the message lecture on tuesday and thursday same

### Network Traffic Monitoring and Analysis with GPUs

Network Traffic Monitoring and Analysis with GPUs Wenji Wu, Phil DeMar wenji@fnal.gov, demar@fnal.gov GPU Technology Conference 2013 March 18-21, 2013 SAN JOSE, CALIFORNIA Background Main uses for network

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to

### Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept

Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept What You Will Learn Understanding bandwidth traffic and resource consumption is vital to enhanced and

### Mapping the Internet

Mapping the Internet Seminar Communication Systems Spring Semester 2013 Department of Informatics, University of Zurich Tobias Klauser Zurich, 30 May 2013 T. Klauser Mapping the Internet