KNOM Tutorial Internet Traffic Measurement and Analysis. Sue Bok Moon Dept. of Computer Science

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "KNOM Tutorial 2003. Internet Traffic Measurement and Analysis. Sue Bok Moon Dept. of Computer Science"

Transcription

1 KNOM Tutorial 2003 Internet Traffic Measurement and Analysis Sue Bok Moon Dept. of Computer Science

2 Overview Definition of Traffic Matrix 4Traffic demand, delay, loss Applications of Traffic Matrix 4Engineering, research, SLAs Challenges in Obtaining Traffic Matrix 4Limitation of NetFlow and active probes 4Challenges in measurement and modeling Summay & Future Work 2

3 Definition of Traffic Matrix What is a traffic matrix? 4A matrix built on metric of interest 4Traffic demand matrix How much traffic flows from point A to point B Granularity: PoP, router, link, prefix 4Delay matrix How much delay from point A to point B Granularity: PoP, router, link, end hosts 4Loss matrix How many packets are dropped from point A to point B Granularity: PoP, router, end hosts 3

4 Example : AT&T Latency Matrix CAM CHI DAL DEN LA NY ATL CAM CHI Current Average : 35 msec DAL DEN LA 61 NY Latency in milliseconds 4

5 Traffic Demand Matrix Not part of SLAs 4Hard to obtain 4Few available publicly 5

6 Delay Matrix Usually a matrix of average delay of pings between routers of random selection per PoP 4Average of all PoP-to-PoP delays => SLA At end hosts 4Easy to get using pings between hosts of interest 6

7 Loss Matrix Usually a matrix of average loss rate of pings between routers of random selection per PoP 4Average of all PoP-to-PoP loss rates => SLA At end hosts 4Easy to get using pings between hosts of interest 7

8 Applications of Traffic Matrix Marketing/Sales 4How much traffic does customer A send from point #1 to point #2? Where should customer A buy more capacity from us? 4Is most traffic originating in Korea stay within Korea? What is the trend in international traffic growth? 4What is the performance that customer A sees? Do we have an edge over our competitors? 8

9 Applications of Traffic Matrix Network Operators 4Capacity Planning How much traffic do we have from point A to point B? How much capacity should we add? When should we add more capacity? 4Network Engineering Where is the hot spot? From SNMP What if a link fails from point A to point B? What if we move traffic from point A to point B? 9

10 Applications of Traffic Matrix Customers: SLAs 4What quality of service am I getting? How much delay do I get from ISP A? How much loss do I experience from ISP A? Can I get delay under X ms from ISP A? What is the most popular destination of my traffic? 10

11 Applications of Traffic Matrix Researchers 4Traffic modeling How does TM evolve over time? What is the fanout factor of traffic? How much more capacity do we expect between point A and point B? 4Example: IP over WDM Given physical topology of routers and optical nodes, what is the best virtual topology? Based on traffic demand matrix 11

12 Challenges in Obtaining Traffic Matrix Traffic Demand Matrix 4resource requirements in routers # of concurrently active flows 4resource requirements in measurement infrastructure production rate of flow statistics 4traffic characterization packet/byte rate of original traffic rate o f occurrence of original flows average packet/bytes per original flow 12

13 Resource Requirements Router Memory Resource in Measurement Infrastructure NetFlow data Resource in Router Fast link Server Analysis Traffic reports Network Network Operation Center 13

14 Most Popular Tools of Choice? NetFlow for traffic demand matrix ping for delay and loss matrix 14

15 NetFlow Cisco s proprietary tool 4Not an IETF standard Basic idea 4Based on (src ip, src port, dst ip, dst port, proto) 4Records byte/packet/duration per flow 4Cannot keep up with high speed links 4Can sample every N th packet 15

16 NetFlow Sampling Original Packets time flow #1 flow #2 flow #3 Sampled Packets (every 1/N, N=3) time 16

17 Limitation of NetFlow Scalability 4Historically NetFlow had a performance issue 4Never deployed at the core 4Number of flows in case of DDoS attacks beyond capacity Network melt down 17

18 Number of Active Flows on a OC-48 Link 18

19 Limitation of NetFlow Representativeness 4Can we estimate # of total flows from # of sampled flows accurately? 4Can we estimate # of total WWW flows from # of sampled WWW flows accurately? 4Metrics of interest: # of flows, flow rate, 4Packet sampling reduce effective packet rate save cost: slower memory sufficient (DRAM vs SRAM) 19

20 NetFlow Sampling Original Packets time flow #1 flow #2 flow #3 Sampled Packets (every 1/N, N=3) Flow Splitting time 20

21 Comparison of sparse and non-sparse applications Flow definition 45-tuple = (src ip, src port, dst ip, dst port, proto) 4interflow timeout = T Increase timeout T 4potentially less splitting 4fewer measured flows, more active flows Sparse vs. non-sparse flows 4napster vs. www 4# of mean active flows change differently over T 4No simple model of rate and # active flows based on aggregate traffic rates 4Model sparse and non-sparse flows separately [Duffield03] 21

22 Challenges in Delay Monitoring Not much is known about delay within ISP 4People think they know delay, but... 4Cisco SAA implementation on GSR did not consider clock synchronization, and outputs meaningless numbers Too many paths to cover 4hop-by-hop addition not yet possible 22

23 Limitation of Active Probes Representativeness [Choi04] 4Average? Median? 23

24 Suitable Statistic: Percentile! Min Med Avg Mode detection is hard 4 Difficult to distinguish small from big 4 Don t know how many ahead of them High-percentile 4 represents upper bound for most delay 4 requires a very small number of probes to estimate 99% percentile 24

25 Sampling for Demand Matrix Periodic sampling does not answer: 4What are the top 10 flows? 4What is the most dominant application and who is the heaviest user? 4What is the total # of packet for every flow? 25

26 Hash Function Mapping from a very large space to a smaller space 4h: X Y where X >> Y 4IP address to 10-bit hashed key 45-tuple address to 30-bit hashed key Load factor = collision probability 26

27 What are the top 10 flows? 27

28 Sampling for Elephants [Estan02] All packets Every n-th packet Update entry or create a new one Large flow memory Update existing entry Has entry? no Pass with p ~ size create new entry Small flow memory 28

29 Sampling for Elephants [Estan02] h1 h2 h3 All Large? Flow Memory 29

30 What is the most dominant application and who is the heaviest user? 30

31 Who is using my link? 31

32 Looking at the traffic Too much data for a human Do something smarter! 32

33 Looking at traffic aggregates Src. Dest. IP IP Src. Dest. net Dest. Source IPport Dest. Protoc ol Src. port net netran Destination IP Traffic Aggregating on kindividual packet header fields Ran Source Traffi gives useful results but Which Ran jeff.dorm.bigu.e Destination 11.9% Traffic 4 Traffic reports 1k are not Web port Where network du network always at the right 42.1% cdoes the uses granularity (e.g. individual IP address, subnet, traffic etc.) web come and from? which 4 Cannot show aggregates 12 Kazaa tracy.dorm.bigu. library.bigu.edu 6.7% defined over one multiple kazaa? 3.12% 27.5% 3 Ssh fields (e.g. which network 2 uses 6.3% cs.bigu.edu which application) 18.1% The traffic analysis 3 tool risc.cs.bigu.edu dorm.bigu.edu should automatically 2.83% 17.8% find aggregates over the Most right fields traffic at goes the right granularity to the dorms Dest. port What apps are used? 33

34 Ideal traffic report Traffic aggregate Web traffic Web traffic to library.bigu.edu Web traffic from ICMP traffic from sloppynet.badu.edu to jeff.dorm.bigu.edu Traffic 42.1% 26.7% 13.4% 11.9% Web is the dominant This The paper library application is This about That s a is heavy a giving Denial the of network administrator a big flash user of Service insightful web attack traffic!! reports crowd! 34

35 Traffic Clusters and Reports Traffic clusters are multidimentional aggregates. Traffic reports give volume of chosen clusters Only those over threshold are reported To avoid redundant data, compress inferrable data (up to error H) Highlight non-obvious aggregates with unexpectedness label 35

36 Structure of regular traffic mix Backups from CAIDA to tape server SD-NAP 4Semi-regular time pattern FTP from SLAC Stanford SD-NAP Scripps web traffic Web & Squid servers Large ssh traffic Steady ICMP probing from CAIDA 36

37 Space-Code Bloom Filter Bloom filter answers set-membership. Space-code bloom filter answers multisetmembership Use a number of virtual Bloom-filters, spread multiplicity information over space. Write-only At OC768, it can work at 5ns SRAM What about storage space at the router? 37

38 What is the total # of packet of every flow? 38

39 Future Work One traffic matrix to rule? 4Can we answer all questions with one matrix? Continuous monitoring 4data export in real-time 4query over streaming data Availability/survivability 4Impliations in SLAs? 39

40 Failures are part of everyday operations Weekly Daily Hourly 40

41 Time between Failures (network-wide) 43%: <1 min 81%: <20 min 41

42 Sources of failures Duration can provide hints, e.g., 4long (>1hour): fiber cuts, severe failures 4medium (>10min): router/line card failures 4short (>1min): line card resets 4very short (<1min): software problems, optical equipment glitches Other hints 4shared equipment (routers, optical) 4 router logs (e.g., SONET alarms), etc. 42

43 Network-wide Failure Duration cumulative fraction of failures 40 % in 1-60sec 40 % in 1-15min 10 % in 15-60min 10 % >1h 43

44 References [Duffield03] N. Duffield, C. Lund, M. Thorup, Properties and Prediction of Flow Properties from Sampled Packet Streams, ACM SIGCOMM IMC, Miami, Oct., 2003 [Choi04] B.Y. Choi, S. Moon, Z.L. Zhang, C. Diot, Analysis of Point-to-Point Packet Delay in an Operational Network, IEEE INFOCOM, Hong Kong, Mar.,

8. 網路流量管理 Network Traffic Management

8. 網路流量管理 Network Traffic Management 8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error

More information

Page 1. Outline EEC 274 Internet Measurements & Analysis. Traffic Measurements. Motivations. Applications

Page 1. Outline EEC 274 Internet Measurements & Analysis. Traffic Measurements. Motivations. Applications Outline EEC 274 Internet Measurements & Analysis Spring Quarter, 2006 Traffic Measurements Traffic measurements What metrics are we interested in? Measurement and analysis methodologies Traffic characterization

More information

Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on Errors of Utilized Bandwidth Measured by NetFlow Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

More information

Network Performance Monitoring at Small Time Scales

Network Performance Monitoring at Small Time Scales Network Performance Monitoring at Small Time Scales Konstantina Papagiannaki, Rene Cruz, Christophe Diot Sprint ATL Burlingame, CA dina@sprintlabs.com Electrical and Computer Engineering Department University

More information

Monitoring Large Flows in Network

Monitoring Large Flows in Network Monitoring Large Flows in Network Jing Li, Chengchen Hu, Bin Liu Department of Computer Science and Technology, Tsinghua University Beijing, P. R. China, 100084 { l-j02, hucc03 }@mails.tsinghua.edu.cn,

More information

Internet2 NetFlow Weekly Reports

Internet2 NetFlow Weekly Reports Internet2 NetFlow Weekly Reports Stanislav Shalunov Internet2 Fall Member Meeting, Indianapolis, 2003-10-13 What is NetFlow? Originally a Cisco proprietary technology Now supported by other vendors and

More information

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery Why Measure the Network? Network Measurement Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 ScienLfic discovery Characterizing traffic, topology, performance Understanding

More information

Network Monitoring Using Traffic Dispersion Graphs (TDGs)

Network Monitoring Using Traffic Dispersion Graphs (TDGs) Network Monitoring Using Traffic Dispersion Graphs (TDGs) Marios Iliofotou Joint work with: Prashanth Pappu (Cisco), Michalis Faloutsos (UCR), M. Mitzenmacher (Harvard), Sumeet Singh(Cisco) and George

More information

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands

The Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands The Ecosystem of Computer Networks Ripe 46 Amsterdam, The Netherlands Silvia Veronese NetworkPhysics.com Sveronese@networkphysics.com September 2003 1 Agenda Today s IT challenges Introduction to Network

More information

Network Monitoring and Traffic CSTNET, CNIC

Network Monitoring and Traffic CSTNET, CNIC Network Monitoring and Traffic Analysis in CSTNET Chunjing Han Aug. 2013 CSTNET, CNIC Topics 1. The background of network monitoring 2. Network monitoring protocols and related tools 3. Network monitoring

More information

NfSen Plugin Supporting The Virtual Network Monitoring

NfSen Plugin Supporting The Virtual Network Monitoring NfSen Plugin Supporting The Virtual Network Monitoring Vojtěch Krmíček krmicek@liberouter.org Pavel Čeleda celeda@ics.muni.cz Jiří Novotný novotny@cesnet.cz Part I Monitoring of Virtual Network Environments

More information

Application of Netflow logs in Analysis and Detection of DDoS Attacks

Application of Netflow logs in Analysis and Detection of DDoS Attacks International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in

More information

Internet Traffic Measurement

Internet Traffic Measurement Internet Traffic Measurement Internet Traffic Measurement Network Monitor Placement Measurement Analysis Tools Measurement Result Reporting Probing Mechanism Vantage Points Edge vs Core Hardware vs Software

More information

Bloom Filter based Inter-domain Name Resolution: A Feasibility Study

Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Konstantinos V. Katsaros, Wei Koong Chai and George Pavlou University College London, UK Outline Inter-domain name resolution in ICN

More information

Limitations of Packet Measurement

Limitations of Packet Measurement Limitations of Packet Measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing

More information

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers Layer 4-7 Server Load Balancing Security, High-Availability and Scalability of Web and Application Servers Foundry Overview Mission: World Headquarters San Jose, California Performance, High Availability,

More information

Building a Better NetFlow

Building a Better NetFlow Building a Better NetFlow Cristian Estan cestan@cs.ucsd.edu Ken Keys kkeys@caida.org David Moore, dmoore@caida.org George Varghese varghese@cs.ucsd.edu ABSTRACT Network operators need to determine the

More information

ABSTRACT Acknowledgments List of Abbreviations Contents ABSTRACT 3 Acknowledgments 5 List of Abbreviations 7 List of Figures 15 List of Tables 23 1 Introduction 25 2 Motivation and background 29 3 Overview

More information

Hybrid network traffic engineering system (HNTES)

Hybrid network traffic engineering system (HNTES) Hybrid network traffic engineering system (HNTES) Zhenzhen Yan, Zhengyang Liu, Chris Tracy, Malathi Veeraraghavan University of Virginia and ESnet Jan 12-13, 2012 mvee@virginia.edu, ctracy@es.net Project

More information

PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services

PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton University Motivation Routing anomalies are

More information

Experimentation driven traffic monitoring and engineering research

Experimentation driven traffic monitoring and engineering research Experimentation driven traffic monitoring and engineering research Amir KRIFA (Amir.Krifa@sophia.inria.fr) 11/20/09 ECODE FP7 Project 1 Outline i. Future directions of Internet traffic monitoring and engineering

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with

More information

SLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia

SLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia SLA para aplicaciones en redes WAN Alvaro Cayo Urrutia Quién es FLUKE NETWORKS? Enterprise SuperVision (ESV) Soluciones portátiles de prueba y análisis LAN y WAN distribuidas Infrastructure SuperVision

More information

Network congestion control using NetFlow

Network congestion control using NetFlow Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.

More information

Cisco Configuring Commonly Used IP ACLs

Cisco Configuring Commonly Used IP ACLs Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow

More information

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,

More information

Star topology. Ethernet. Ethernet Frame Structure (more) Ethernet Frame Structure. Ethernet uses CSMA/CD. Unreliable, connectionless service

Star topology. Ethernet. Ethernet Frame Structure (more) Ethernet Frame Structure. Ethernet uses CSMA/CD. Unreliable, connectionless service thernet dominant wired LN technology: cheap $0 for 00Mbs! first widely used LN technology Simpler, cheaper than token LNs and TM Kept up with speed race: 0 Mbps 0 bps Star topology us topology popular

More information

NetFlow probe on NetFPGA

NetFlow probe on NetFPGA Verze #1.00, 2008-12-12 NetFlow probe on NetFPGA Introduction With ever-growing volume of data being transferred over the Internet, the need for reliable monitoring becomes more urgent. Monitoring devices

More information

Chuck Cranor, Ted Johnson, Oliver Spatscheck

Chuck Cranor, Ted Johnson, Oliver Spatscheck Gigascope: How to monitor network traffic 5Gbit/sec at a time. Chuck Cranor, Ted Johnson, Oliver Spatscheck June, 2003 1 Outline Motivation Illustrative applications Gigascope features Gigascope technical

More information

Identifying functional and Performance related issues in a network based on Auto Test Packet generation

Identifying functional and Performance related issues in a network based on Auto Test Packet generation Identifying functional and Performance related issues in a network based on Auto Test Packet generation Kanakati Sravan Kumar M.Tech Student Department of CSE Sri Venkateswara Engineering College-Suryapet

More information

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

More information

Stateful Firewalls. Hank and Foo

Stateful Firewalls. Hank and Foo Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation

More information

Software-Defined Traffic Measurement with OpenSketch

Software-Defined Traffic Measurement with OpenSketch Software-Defined Traffic Measurement with OpenSketch Lavanya Jose Stanford University Joint work with Minlan Yu and Rui Miao at USC 1 1 Management is Control + Measurement control - Access Control - Routing

More information

Data Analysis Load Balancer

Data Analysis Load Balancer Data Analysis Load Balancer Design Document: Version: 1.0 Last saved by Chris Small April 12, 2010 Abstract: The project is to design a mechanism to load balance network traffic over multiple different

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks

Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks Yan Hu Dept. of Information Engineering Chinese University of Hong Kong Email: yhu@ie.cuhk.edu.hk D. M. Chiu

More information

PANDORA FMS NETWORK DEVICES MONITORING

PANDORA FMS NETWORK DEVICES MONITORING NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,

More information

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK

More information

Wireshark Developer and User Conference

Wireshark Developer and User Conference Wireshark Developer and User Conference Using NetFlow to Analyze Your Network June 15 th, 2011 Christopher J. White Manager Applica6ons and Analy6cs, Cascade Riverbed Technology cwhite@riverbed.com SHARKFEST

More information

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior

More information

BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS

BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS Ram (Ramki) Krishnan, Brocade Communications Dilip Krishnaswamy, IBM Research Dave Mcdysan, Verizon AGENDA Introduction

More information

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January 29. 2007

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January 29. 2007 Multihoming and Multi-path Routing CS 7260 Nick Feamster January 29. 2007 Today s Topic IP-Based Multihoming What is it? What problem is it solving? (Why multihome?) How is it implemented today (in IP)?

More information

SBSCET, Firozpur (Punjab), India

SBSCET, Firozpur (Punjab), India Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based

More information

PANDORA FMS NETWORK DEVICE MONITORING

PANDORA FMS NETWORK DEVICE MONITORING NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,

More information

MPLS-TP. Future Ready. Today. Introduction. Connection Oriented Transport

MPLS-TP. Future Ready. Today. Introduction. Connection Oriented Transport MPLS-TP Future Ready. Today Introduction As data traffic started dominating telecom networks, there was a need for transport data networks, as opposed to transport TDM networks. Traditional transport technologies

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

Network Tomography and Internet Traffic Matrices

Network Tomography and Internet Traffic Matrices Network Tomography and Internet Traffic Matrices Matthew Roughan School of Mathematical Sciences 1 Credits David Donoho Stanford Nick Duffield AT&T Labs-Research Albert

More information

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump Network forensics 101 Network monitoring with Netflow, nfsen + nfdump www.enisa.europa.eu Agenda Intro to netflow Metrics Toolbox (Nfsen + Nfdump) Demo www.enisa.europa.eu 2 What is Netflow Netflow = Netflow

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

An apparatus for P2P classification in Netflow traces

An apparatus for P2P classification in Netflow traces An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA

More information

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Flow Analysis. Make A Right Policy for Your Network. GenieNRM Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do

More information

Building a Better NetFlow

Building a Better NetFlow Building a Better NetFlow Cristian Estan cestan@cs.ucsd.edu Ken Keys kkeys@caida.org David Moore, dmoore@caida.org George Varghese varghese@cs.ucsd.edu ABSTRACT Network operators need to determine the

More information

Based on Computer Networking, 4 th Edition by Kurose and Ross

Based on Computer Networking, 4 th Edition by Kurose and Ross Computer Networks Ethernet Hubs and Switches Based on Computer Networking, 4 th Edition by Kurose and Ross Ethernet dominant wired LAN technology: cheap $20 for NIC first widely used LAN technology Simpler,

More information

Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework

Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework Aryan TaheriMonfared Tomasz Wiktor Wlodarczyk Chunming Rong Department of Electrical Engineering and Computer Science University

More information

Strategies to Protect Against Distributed Denial of Service (DD

Strategies to Protect Against Distributed Denial of Service (DD Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics

More information

Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview

Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview DDoS and IP Traceback Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu Louisiana State University DDoS and IP Traceback - 1 Overview Distributed Denial of Service

More information

Voice Over IP. MultiFlow 5048. IP Phone # 3071 Subnet # 10.100.24.0 Subnet Mask 255.255.255.0 IP address 10.100.24.171. Telephone.

Voice Over IP. MultiFlow 5048. IP Phone # 3071 Subnet # 10.100.24.0 Subnet Mask 255.255.255.0 IP address 10.100.24.171. Telephone. Anritsu Network Solutions Voice Over IP Application Note MultiFlow 5048 CALL Manager Serv # 10.100.27 255.255.2 IP address 10.100.27.4 OC-48 Link 255 255 25 IP add Introduction Voice communications over

More information

Application Latency Monitoring using nprobe

Application Latency Monitoring using nprobe Application Latency Monitoring using nprobe Luca Deri Problem Statement Users demand services measurements. Network boxes provide simple, aggregated network measurements. You cannot always

More information

An overview on Internet Measurement Methodologies, Techniques and Tools

An overview on Internet Measurement Methodologies, Techniques and Tools An overview on Internet Measurement Methodologies, Techniques and Tools AA 2012/2013 emiliano.casalicchio@uniroma2.it (Agenda) Lezione 24/04/2013 Part 1 Intro basic concepts ISP Traffic exchange (peering)

More information

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心

Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane

More information

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o. NetFlow use cases ICmyNet / NetVizura, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda ICmyNet / NetVizura overview Use cases / case studies Statistics per exporter/interfaces Traffic Patterns NREN

More information

Management by Network Search

Management by Network Search Management by Network Search Misbah Uddin, Prof. Rolf Stadler KTH Royal Institute of Technology, Sweden Dr. Alex Clemm Cisco Systems, CA, USA November 11, 2014 ANRP Award Talks Session IETF 91 Honolulu,

More information

How To Understand and Configure Your Network for IntraVUE

How To Understand and Configure Your Network for IntraVUE How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of

More information

Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation

Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation Midori Kato Keio University katoon@sfc.wide.ad.jp Kenjiro Cho IIJ/Keio University kjc@iijlab.net Michio Honda NEC Europe

More information

A New Approach to Developing High-Availability Server

A New Approach to Developing High-Availability Server A New Approach to Developing High-Availability Server James T. Yu, Ph.D. School of Computer Science, Telecommunications, and Information Systems DePaul University jyu@cs.depaul.edu ABSTRACT This paper

More information

Signature-aware Traffic Monitoring with IPFIX 1

Signature-aware Traffic Monitoring with IPFIX 1 Signature-aware Traffic Monitoring with IPFIX 1 Youngseok Lee, Seongho Shin, and Taeck-geun Kwon Dept. of Computer Engineering, Chungnam National University, 220 Gungdong Yusonggu, Daejon, Korea, 305-764

More information

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.

More information

An Efficient Algorithm for Measuring Medium- to Large-sized Flows in Network Traffic

An Efficient Algorithm for Measuring Medium- to Large-sized Flows in Network Traffic An Efficient Algorithm for Measuring Medium- to Large-sized Flows in Network Traffic Ashwin Lall Georgia Inst. of Technology Mitsunori Ogihara University of Miami Jun (Jim) Xu Georgia Inst. of Technology

More information

Report of Independent Auditors

Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 720 931 4000 Fax: +1 720 931 4444 www.ey.com Report of Independent Auditors To the Management of NTT America, Inc.: We have

More information

Optimizing Data Center Networks for Cloud Computing

Optimizing Data Center Networks for Cloud Computing PRAMAK 1 Optimizing Data Center Networks for Cloud Computing Data Center networks have evolved over time as the nature of computing changed. They evolved to handle the computing models based on main-frames,

More information

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to

More information

The Power of SA as a SLM Tool

The Power of SA as a SLM Tool 1 1 The Power of SA as a SLM Tool Building Scalable SLM Solutions Session 2 Agenda Customer Requirements Solution Overview Available Capabilities Example Deployment Summary 3 Customer Requirements 4 Customer

More information

pt360 FREE Tool Suite Networks are complicated. Network management doesn t have to be.

pt360 FREE Tool Suite Networks are complicated. Network management doesn t have to be. pt360 FREE Tool Suite Networks are complicated. Network management doesn t have to be. pt360 FREE Tool Suite - At a Glance PacketTrap Networks November, 2009 PacketTrap's pt360 FREE Tool Suite consolidates

More information

Lab 4.1.2 Characterizing Network Applications

Lab 4.1.2 Characterizing Network Applications Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1

More information

Quality of Service for VoIP

Quality of Service for VoIP Quality of Service for VoIP WCS November 29, 2000 John T. Chapman Cisco Distinguished Engineer Broadband Products and Solutions Course Number Presentation_ID 1999, Cisco Systems, Inc. 1 The QoS Matrix

More information

Edge Configuration Series Reporting Overview

Edge Configuration Series Reporting Overview Reporting Edge Configuration Series Reporting Overview The Reporting portion of the Edge appliance provides a number of enhanced network monitoring and reporting capabilities. WAN Reporting Provides detailed

More information

Network Monitoring Comparison

Network Monitoring Comparison Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even

More information

Software Defined Networking What is it, how does it work, and what is it good for?

Software Defined Networking What is it, how does it work, and what is it good for? Software Defined Networking What is it, how does it work, and what is it good for? slides stolen from Jennifer Rexford, Nick McKeown, Michael Schapira, Scott Shenker, Teemu Koponen, Yotam Harchol and David

More information

Internet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks

Internet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks Internet Peering, IPv6, and NATs Mike Freedman V22.0480-005 Networks Internet Peering Review: Routing Internet has a loose hierarchy of domains Hosts now local router Local routers know site routers Site

More information

HP Intelligent Management Center

HP Intelligent Management Center HP Intelligent Management Center Network Traffic Analyzer Administrator Guide Part number: 5998-1364 Software version: IMC NTA 5.2 (E0401) Document version: 5PW102-20121220 Legal and notice information

More information

Load Balancing Mechanisms in Data Center Networks

Load Balancing Mechanisms in Data Center Networks Load Balancing Mechanisms in Data Center Networks Santosh Mahapatra Xin Yuan Department of Computer Science, Florida State University, Tallahassee, FL 33 {mahapatr,xyuan}@cs.fsu.edu Abstract We consider

More information

18: Enhanced Quality of Service

18: Enhanced Quality of Service 18: Enhanced Quality of Service Mark Handley Traditional best-effort queuing behaviour in routers Data transfer: datagrams: individual packets no recognition of flows connectionless: no signalling Forwarding:

More information

DATA COMMUNICATOIN NETWORKING

DATA COMMUNICATOIN NETWORKING DATA COMMUNICATOIN NETWORKING Instructor: Ouldooz Baghban Karimi Course Book: Computer Networking, A Top-Down Approach, Kurose, Ross Slides: - Course book Slides - Slides from Princeton University COS461

More information

Management of lambda paths

Management of lambda paths Management of lambda paths by Tiago Fioreze Supervisor: Aiko Pras Institution: University of Twente Outline You are here! Outline Background information Current management approaches Self-management of

More information

IP Network Monitoring and Measurements: Techniques and Experiences

IP Network Monitoring and Measurements: Techniques and Experiences IP Network Monitoring and Measurements: Techniques and Experiences Philippe Owezarski LAAS-CNRS Toulouse, France Owe@laas.fr 1 Outline 4 Introduction 4 Monitoring problematic 8Only based on network administration

More information

Smart WWW Traffic Balancing

Smart WWW Traffic Balancing Smart WWW Traffic Balancing Erol Gelenbe Ricardo Lent Juan Arturo Nunez School of Electrical Engineering & Computer Science University of Central Florida Introduction The Internet is one of the biggest

More information

Get Your FIX: Flow Information export Analysis and Visualization

Get Your FIX: Flow Information export Analysis and Visualization Get Your FIX: Flow Information export Analysis and Visualization Joint Techs Workshop, Madison, Wisconsin, July 19, 2006 Dave Plonka plonka@doit.wisc.edu Division of Information Technology, Computer Sciences

More information

Obfuscation of sensitive data in network flows 1

Obfuscation of sensitive data in network flows 1 Obfuscation of sensitive data in network flows 1 D. Riboni 2, A. Villani 1, D. Vitali 1 C. Bettini 2, L.V. Mancini 1 1 Dipartimento di Informatica,Universitá di Roma, Sapienza. E-mail: {villani, vitali,

More information

Computer Networks and the Internet

Computer Networks and the Internet ? Computer the IMT2431 - Data Communication and Network Security January 7, 2008 ? Teachers are Lasse Øverlier and http://www.hig.no/~erikh Lectures and Lab in A126/A115 Course webpage http://www.hig.no/imt/in/emnesider/imt2431

More information

Facility Usage Scenarios

Facility Usage Scenarios Facility Usage Scenarios GDD-06-41 GENI: Global Environment for Network Innovations December 22, 2006 Status: Draft (Version 0.1) Note to the reader: this document is a work in progress and continues to

More information

Chapter 10 Traffic Measurements, Flows and Parameters

Chapter 10 Traffic Measurements, Flows and Parameters Chapter 10 Traffic Measurements, Flows and Parameters Magda El Zarki Dept. of CS Univ. of CA, Irvine Email: elzarki@uci.edu http://www.ics.uci.edu/~magda Outline Measurements How, types and errors Flows

More information

Directory Enabled Distributed Packet Filtration System

Directory Enabled Distributed Packet Filtration System Directory Enabled Distributed Packet Filtration System A Scalable and High Performance Security Architecture Siddhartha Gavirneni sgavirne@eecs.ku.edu Electrical Engineering and Computer Science Networking

More information

Cisco IOS MPLS Management Technology Overview. Enabling Innovative Services. February 2004. 2004 Cisco Systems, Inc. All rights reserved.

Cisco IOS MPLS Management Technology Overview. Enabling Innovative Services. February 2004. 2004 Cisco Systems, Inc. All rights reserved. Cisco IOS MPLS Management Technology Overview Enabling Innovative Services February 2004 1 Agenda Introduction Problems, challenges, requirements Technology Overview Summary 2 Service Provider Problems

More information

Big, Fast Routers. Router Architecture

Big, Fast Routers. Router Architecture Big, Fast Routers Dave Andersen CMU CS 15-744 Data Plane Router Architecture How packets get forwarded Control Plane How routing protocols establish routes/etc. 1 Processing: Fast Path vs. Slow Path Optimize

More information

IPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-01

IPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-01 IPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-01 Tianfu Fu futianfu@huawei.com Dacheng Zhang dacheng.zdc@alibaba-inc.com Liang Xia (Frank) frank.xialiang@huawei.com Min Li

More information

Contents. Connection Guide. What is Dante?... 2. Connections... 4. Network Set Up... 6. System Examples... 9. Copyright 2015 ROLAND CORPORATION

Contents. Connection Guide. What is Dante?... 2. Connections... 4. Network Set Up... 6. System Examples... 9. Copyright 2015 ROLAND CORPORATION Contents What is Dante?............................................. 2 Outline.................................................. 2 Fundamental............................................ 3 Required Network

More information

Network Management & Monitoring

Network Management & Monitoring Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to

More information

Cisco.Selftestengine.642-813.v2013-11-30.by.Amy.32q

Cisco.Selftestengine.642-813.v2013-11-30.by.Amy.32q Cisco.Selftestengine.642-813.v2013-11-30.by.Amy.32q Number: 642-813 Passing Score: 825 Time Limit: 120 min File Version: 14.5 http://www.gratisexam.com/ Exam Code: 642-813 Exam Name: Cisco implementing

More information