KNOM Tutorial Internet Traffic Measurement and Analysis. Sue Bok Moon Dept. of Computer Science
|
|
- Mariah Casey
- 8 years ago
- Views:
Transcription
1 KNOM Tutorial 2003 Internet Traffic Measurement and Analysis Sue Bok Moon Dept. of Computer Science
2 Overview Definition of Traffic Matrix 4Traffic demand, delay, loss Applications of Traffic Matrix 4Engineering, research, SLAs Challenges in Obtaining Traffic Matrix 4Limitation of NetFlow and active probes 4Challenges in measurement and modeling Summay & Future Work 2
3 Definition of Traffic Matrix What is a traffic matrix? 4A matrix built on metric of interest 4Traffic demand matrix How much traffic flows from point A to point B Granularity: PoP, router, link, prefix 4Delay matrix How much delay from point A to point B Granularity: PoP, router, link, end hosts 4Loss matrix How many packets are dropped from point A to point B Granularity: PoP, router, end hosts 3
4 Example : AT&T Latency Matrix CAM CHI DAL DEN LA NY ATL CAM CHI Current Average : 35 msec DAL DEN LA 61 NY Latency in milliseconds 4
5 Traffic Demand Matrix Not part of SLAs 4Hard to obtain 4Few available publicly 5
6 Delay Matrix Usually a matrix of average delay of pings between routers of random selection per PoP 4Average of all PoP-to-PoP delays => SLA At end hosts 4Easy to get using pings between hosts of interest 6
7 Loss Matrix Usually a matrix of average loss rate of pings between routers of random selection per PoP 4Average of all PoP-to-PoP loss rates => SLA At end hosts 4Easy to get using pings between hosts of interest 7
8 Applications of Traffic Matrix Marketing/Sales 4How much traffic does customer A send from point #1 to point #2? Where should customer A buy more capacity from us? 4Is most traffic originating in Korea stay within Korea? What is the trend in international traffic growth? 4What is the performance that customer A sees? Do we have an edge over our competitors? 8
9 Applications of Traffic Matrix Network Operators 4Capacity Planning How much traffic do we have from point A to point B? How much capacity should we add? When should we add more capacity? 4Network Engineering Where is the hot spot? From SNMP What if a link fails from point A to point B? What if we move traffic from point A to point B? 9
10 Applications of Traffic Matrix Customers: SLAs 4What quality of service am I getting? How much delay do I get from ISP A? How much loss do I experience from ISP A? Can I get delay under X ms from ISP A? What is the most popular destination of my traffic? 10
11 Applications of Traffic Matrix Researchers 4Traffic modeling How does TM evolve over time? What is the fanout factor of traffic? How much more capacity do we expect between point A and point B? 4Example: IP over WDM Given physical topology of routers and optical nodes, what is the best virtual topology? Based on traffic demand matrix 11
12 Challenges in Obtaining Traffic Matrix Traffic Demand Matrix 4resource requirements in routers # of concurrently active flows 4resource requirements in measurement infrastructure production rate of flow statistics 4traffic characterization packet/byte rate of original traffic rate o f occurrence of original flows average packet/bytes per original flow 12
13 Resource Requirements Router Memory Resource in Measurement Infrastructure NetFlow data Resource in Router Fast link Server Analysis Traffic reports Network Network Operation Center 13
14 Most Popular Tools of Choice? NetFlow for traffic demand matrix ping for delay and loss matrix 14
15 NetFlow Cisco s proprietary tool 4Not an IETF standard Basic idea 4Based on (src ip, src port, dst ip, dst port, proto) 4Records byte/packet/duration per flow 4Cannot keep up with high speed links 4Can sample every N th packet 15
16 NetFlow Sampling Original Packets time flow #1 flow #2 flow #3 Sampled Packets (every 1/N, N=3) time 16
17 Limitation of NetFlow Scalability 4Historically NetFlow had a performance issue 4Never deployed at the core 4Number of flows in case of DDoS attacks beyond capacity Network melt down 17
18 Number of Active Flows on a OC-48 Link 18
19 Limitation of NetFlow Representativeness 4Can we estimate # of total flows from # of sampled flows accurately? 4Can we estimate # of total WWW flows from # of sampled WWW flows accurately? 4Metrics of interest: # of flows, flow rate, 4Packet sampling reduce effective packet rate save cost: slower memory sufficient (DRAM vs SRAM) 19
20 NetFlow Sampling Original Packets time flow #1 flow #2 flow #3 Sampled Packets (every 1/N, N=3) Flow Splitting time 20
21 Comparison of sparse and non-sparse applications Flow definition 45-tuple = (src ip, src port, dst ip, dst port, proto) 4interflow timeout = T Increase timeout T 4potentially less splitting 4fewer measured flows, more active flows Sparse vs. non-sparse flows 4napster vs. www 4# of mean active flows change differently over T 4No simple model of rate and # active flows based on aggregate traffic rates 4Model sparse and non-sparse flows separately [Duffield03] 21
22 Challenges in Delay Monitoring Not much is known about delay within ISP 4People think they know delay, but... 4Cisco SAA implementation on GSR did not consider clock synchronization, and outputs meaningless numbers Too many paths to cover 4hop-by-hop addition not yet possible 22
23 Limitation of Active Probes Representativeness [Choi04] 4Average? Median? 23
24 Suitable Statistic: Percentile! Min Med Avg Mode detection is hard 4 Difficult to distinguish small from big 4 Don t know how many ahead of them High-percentile 4 represents upper bound for most delay 4 requires a very small number of probes to estimate 99% percentile 24
25 Sampling for Demand Matrix Periodic sampling does not answer: 4What are the top 10 flows? 4What is the most dominant application and who is the heaviest user? 4What is the total # of packet for every flow? 25
26 Hash Function Mapping from a very large space to a smaller space 4h: X Y where X >> Y 4IP address to 10-bit hashed key 45-tuple address to 30-bit hashed key Load factor = collision probability 26
27 What are the top 10 flows? 27
28 Sampling for Elephants [Estan02] All packets Every n-th packet Update entry or create a new one Large flow memory Update existing entry Has entry? no Pass with p ~ size create new entry Small flow memory 28
29 Sampling for Elephants [Estan02] h1 h2 h3 All Large? Flow Memory 29
30 What is the most dominant application and who is the heaviest user? 30
31 Who is using my link? 31
32 Looking at the traffic Too much data for a human Do something smarter! 32
33 Looking at traffic aggregates Src. Dest. IP IP Src. Dest. net Dest. Source IPport Dest. Protoc ol Src. port net netran Destination IP Traffic Aggregating on kindividual packet header fields Ran Source Traffi gives useful results but Which Ran jeff.dorm.bigu.e Destination 11.9% Traffic 4 Traffic reports 1k are not Web port Where network du network always at the right 42.1% cdoes the uses granularity (e.g. individual IP address, subnet, traffic etc.) web come and from? which 4 Cannot show aggregates 12 Kazaa tracy.dorm.bigu. library.bigu.edu 6.7% defined over one multiple kazaa? 3.12% 27.5% 3 Ssh fields (e.g. which network 2 uses 6.3% cs.bigu.edu which application) 18.1% The traffic analysis 3 tool risc.cs.bigu.edu dorm.bigu.edu should automatically 2.83% 17.8% find aggregates over the Most right fields traffic at goes the right granularity to the dorms Dest. port What apps are used? 33
34 Ideal traffic report Traffic aggregate Web traffic Web traffic to library.bigu.edu Web traffic from ICMP traffic from sloppynet.badu.edu to jeff.dorm.bigu.edu Traffic 42.1% 26.7% 13.4% 11.9% Web is the dominant This The paper library application is This about That s a is heavy a giving Denial the of network administrator a big flash user of Service insightful web attack traffic!! reports crowd! 34
35 Traffic Clusters and Reports Traffic clusters are multidimentional aggregates. Traffic reports give volume of chosen clusters Only those over threshold are reported To avoid redundant data, compress inferrable data (up to error H) Highlight non-obvious aggregates with unexpectedness label 35
36 Structure of regular traffic mix Backups from CAIDA to tape server SD-NAP 4Semi-regular time pattern FTP from SLAC Stanford SD-NAP Scripps web traffic Web & Squid servers Large ssh traffic Steady ICMP probing from CAIDA 36
37 Space-Code Bloom Filter Bloom filter answers set-membership. Space-code bloom filter answers multisetmembership Use a number of virtual Bloom-filters, spread multiplicity information over space. Write-only At OC768, it can work at 5ns SRAM What about storage space at the router? 37
38 What is the total # of packet of every flow? 38
39 Future Work One traffic matrix to rule? 4Can we answer all questions with one matrix? Continuous monitoring 4data export in real-time 4query over streaming data Availability/survivability 4Impliations in SLAs? 39
40 Failures are part of everyday operations Weekly Daily Hourly 40
41 Time between Failures (network-wide) 43%: <1 min 81%: <20 min 41
42 Sources of failures Duration can provide hints, e.g., 4long (>1hour): fiber cuts, severe failures 4medium (>10min): router/line card failures 4short (>1min): line card resets 4very short (<1min): software problems, optical equipment glitches Other hints 4shared equipment (routers, optical) 4 router logs (e.g., SONET alarms), etc. 42
43 Network-wide Failure Duration cumulative fraction of failures 40 % in 1-60sec 40 % in 1-15min 10 % in 15-60min 10 % >1h 43
44 References [Duffield03] N. Duffield, C. Lund, M. Thorup, Properties and Prediction of Flow Properties from Sampled Packet Streams, ACM SIGCOMM IMC, Miami, Oct., 2003 [Choi04] B.Y. Choi, S. Moon, Z.L. Zhang, C. Diot, Analysis of Point-to-Point Packet Delay in an Operational Network, IEEE INFOCOM, Hong Kong, Mar.,
8. 網路流量管理 Network Traffic Management
8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error
More informationPage 1. Outline EEC 274 Internet Measurements & Analysis. Traffic Measurements. Motivations. Applications
Outline EEC 274 Internet Measurements & Analysis Spring Quarter, 2006 Traffic Measurements Traffic measurements What metrics are we interested in? Measurement and analysis methodologies Traffic characterization
More informationResearch on Errors of Utilized Bandwidth Measured by NetFlow
Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic
More informationNetwork Performance Monitoring at Small Time Scales
Network Performance Monitoring at Small Time Scales Konstantina Papagiannaki, Rene Cruz, Christophe Diot Sprint ATL Burlingame, CA dina@sprintlabs.com Electrical and Computer Engineering Department University
More informationMonitoring Large Flows in Network
Monitoring Large Flows in Network Jing Li, Chengchen Hu, Bin Liu Department of Computer Science and Technology, Tsinghua University Beijing, P. R. China, 100084 { l-j02, hucc03 }@mails.tsinghua.edu.cn,
More informationInternet2 NetFlow Weekly Reports
Internet2 NetFlow Weekly Reports Stanislav Shalunov Internet2 Fall Member Meeting, Indianapolis, 2003-10-13 What is NetFlow? Originally a Cisco proprietary technology Now supported by other vendors and
More informationThe Ecosystem of Computer Networks. Ripe 46 Amsterdam, The Netherlands
The Ecosystem of Computer Networks Ripe 46 Amsterdam, The Netherlands Silvia Veronese NetworkPhysics.com Sveronese@networkphysics.com September 2003 1 Agenda Today s IT challenges Introduction to Network
More informationNetwork Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery
Why Measure the Network? Network Measurement Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 ScienLfic discovery Characterizing traffic, topology, performance Understanding
More informationNetwork Monitoring Using Traffic Dispersion Graphs (TDGs)
Network Monitoring Using Traffic Dispersion Graphs (TDGs) Marios Iliofotou Joint work with: Prashanth Pappu (Cisco), Michalis Faloutsos (UCR), M. Mitzenmacher (Harvard), Sumeet Singh(Cisco) and George
More informationApplication of Netflow logs in Analysis and Detection of DDoS Attacks
International Journal of Computer and Internet Security. ISSN 0974-2247 Volume 8, Number 1 (2016), pp. 1-8 International Research Publication House http://www.irphouse.com Application of Netflow logs in
More informationNetwork Monitoring and Traffic CSTNET, CNIC
Network Monitoring and Traffic Analysis in CSTNET Chunjing Han Aug. 2013 CSTNET, CNIC Topics 1. The background of network monitoring 2. Network monitoring protocols and related tools 3. Network monitoring
More informationInternet Traffic Measurement
Internet Traffic Measurement Internet Traffic Measurement Network Monitor Placement Measurement Analysis Tools Measurement Result Reporting Probing Mechanism Vantage Points Edge vs Core Hardware vs Software
More informationBloom Filter based Inter-domain Name Resolution: A Feasibility Study
Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Konstantinos V. Katsaros, Wei Koong Chai and George Pavlou University College London, UK Outline Inter-domain name resolution in ICN
More informationBuilding a Better NetFlow
Building a Better NetFlow Cristian Estan cestan@cs.ucsd.edu Ken Keys kkeys@caida.org David Moore, dmoore@caida.org George Varghese varghese@cs.ucsd.edu ABSTRACT Network operators need to determine the
More informationNfSen Plugin Supporting The Virtual Network Monitoring
NfSen Plugin Supporting The Virtual Network Monitoring Vojtěch Krmíček krmicek@liberouter.org Pavel Čeleda celeda@ics.muni.cz Jiří Novotný novotny@cesnet.cz Part I Monitoring of Virtual Network Environments
More informationABSTRACT Acknowledgments List of Abbreviations Contents ABSTRACT 3 Acknowledgments 5 List of Abbreviations 7 List of Figures 15 List of Tables 23 1 Introduction 25 2 Motivation and background 29 3 Overview
More informationPlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services
PlanetSeer: Internet Path Failure Monitoring and Characterization in Wide-Area Services Ming Zhang, Chi Zhang Vivek Pai, Larry Peterson, Randy Wang Princeton University Motivation Routing anomalies are
More informationLimitations of Packet Measurement
Limitations of Packet Measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing
More informationNetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com
NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK
More informationSLA para aplicaciones en redes WAN. Alvaro Cayo Urrutia
SLA para aplicaciones en redes WAN Alvaro Cayo Urrutia Quién es FLUKE NETWORKS? Enterprise SuperVision (ESV) Soluciones portátiles de prueba y análisis LAN y WAN distribuidas Infrastructure SuperVision
More informationHybrid network traffic engineering system (HNTES)
Hybrid network traffic engineering system (HNTES) Zhenzhen Yan, Zhengyang Liu, Chris Tracy, Malathi Veeraraghavan University of Virginia and ESnet Jan 12-13, 2012 mvee@virginia.edu, ctracy@es.net Project
More informationNetFlow probe on NetFPGA
Verze #1.00, 2008-12-12 NetFlow probe on NetFPGA Introduction With ever-growing volume of data being transferred over the Internet, the need for reliable monitoring becomes more urgent. Monitoring devices
More informationIdentifying functional and Performance related issues in a network based on Auto Test Packet generation
Identifying functional and Performance related issues in a network based on Auto Test Packet generation Kanakati Sravan Kumar M.Tech Student Department of CSE Sri Venkateswara Engineering College-Suryapet
More informationChuck Cranor, Ted Johnson, Oliver Spatscheck
Gigascope: How to monitor network traffic 5Gbit/sec at a time. Chuck Cranor, Ted Johnson, Oliver Spatscheck June, 2003 1 Outline Motivation Illustrative applications Gigascope features Gigascope technical
More informationIntroduction to Cisco IOS Flexible NetFlow
Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity
More informationLayer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers
Layer 4-7 Server Load Balancing Security, High-Availability and Scalability of Web and Application Servers Foundry Overview Mission: World Headquarters San Jose, California Performance, High Availability,
More informationStateful Firewalls. Hank and Foo
Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation
More informationNetwork congestion control using NetFlow
Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.
More informationSoftware-Defined Traffic Measurement with OpenSketch
Software-Defined Traffic Measurement with OpenSketch Lavanya Jose Stanford University Joint work with Minlan Yu and Rui Miao at USC 1 1 Management is Control + Measurement control - Access Control - Routing
More informationExperimentation driven traffic monitoring and engineering research
Experimentation driven traffic monitoring and engineering research Amir KRIFA (Amir.Krifa@sophia.inria.fr) 11/20/09 ECODE FP7 Project 1 Outline i. Future directions of Internet traffic monitoring and engineering
More informationHP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide
HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide Abstract This guide contains comprehensive information for network administrators, engineers, and operators working with
More informationAdaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks
Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks Yan Hu Dept. of Information Engineering Chinese University of Hong Kong Email: yhu@ie.cuhk.edu.hk D. M. Chiu
More informationPANDORA FMS NETWORK DEVICES MONITORING
NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,
More informationIP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview
This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,
More informationWireshark Developer and User Conference
Wireshark Developer and User Conference Using NetFlow to Analyze Your Network June 15 th, 2011 Christopher J. White Manager Applica6ons and Analy6cs, Cascade Riverbed Technology cwhite@riverbed.com SHARKFEST
More informationCisco Configuring Commonly Used IP ACLs
Table of Contents Configuring Commonly Used IP ACLs...1 Introduction...1 Prerequisites...2 Hardware and Software Versions...3 Configuration Examples...3 Allow a Select Host to Access the Network...3 Allow
More informationPANDORA FMS NETWORK DEVICE MONITORING
NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,
More informationSBSCET, Firozpur (Punjab), India
Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based
More informationand reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs
ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationData Analysis Load Balancer
Data Analysis Load Balancer Design Document: Version: 1.0 Last saved by Chris Small April 12, 2010 Abstract: The project is to design a mechanism to load balance network traffic over multiple different
More informationCisco IOS MPLS Management Technology Overview. Enabling Innovative Services. February 2004. 2004 Cisco Systems, Inc. All rights reserved.
Cisco IOS MPLS Management Technology Overview Enabling Innovative Services February 2004 1 Agenda Introduction Problems, challenges, requirements Technology Overview Summary 2 Service Provider Problems
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationBuilding a Better NetFlow
Building a Better NetFlow Cristian Estan cestan@cs.ucsd.edu Ken Keys kkeys@caida.org David Moore, dmoore@caida.org George Varghese varghese@cs.ucsd.edu ABSTRACT Network operators need to determine the
More informationAn apparatus for P2P classification in Netflow traces
An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA
More informationNetwork Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw
Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring
More informationMPLS-TP. Future Ready. Today. Introduction. Connection Oriented Transport
MPLS-TP Future Ready. Today Introduction As data traffic started dominating telecom networks, there was a need for transport data networks, as opposed to transport TDM networks. Traditional transport technologies
More informationStrategies to Protect Against Distributed Denial of Service (DD
Strategies to Protect Against Distributed Denial of Service (DD Table of Contents Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks...1 Introduction...1 Understanding the Basics
More informationNetwork Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík
Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior
More informationReport of Independent Auditors
Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 720 931 4000 Fax: +1 720 931 4444 www.ey.com Report of Independent Auditors To the Management of NTT America, Inc.: We have
More informationNetwork Tomography and Internet Traffic Matrices
Network Tomography and Internet Traffic Matrices Matthew Roughan School of Mathematical Sciences 1 Credits David Donoho Stanford Nick Duffield AT&T Labs-Research Albert
More informationNetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.
NetFlow use cases ICmyNet / NetVizura, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda ICmyNet / NetVizura overview Use cases / case studies Statistics per exporter/interfaces Traffic Patterns NREN
More informationMultihoming and Multi-path Routing. CS 7260 Nick Feamster January 29. 2007
Multihoming and Multi-path Routing CS 7260 Nick Feamster January 29. 2007 Today s Topic IP-Based Multihoming What is it? What problem is it solving? (Why multihome?) How is it implemented today (in IP)?
More informationViete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA
Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.
More informationBEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS
BEHAVIORAL SECURITY THREAT DETECTION STRATEGIES FOR DATA CENTER SWITCHES AND ROUTERS Ram (Ramki) Krishnan, Brocade Communications Dilip Krishnaswamy, IBM Research Dave Mcdysan, Verizon AGENDA Introduction
More informationApplication Latency Monitoring using nprobe
Application Latency Monitoring using nprobe Luca Deri Problem Statement Users demand services measurements. Network boxes provide simple, aggregated network measurements. You cannot always
More informationA New Approach to Developing High-Availability Server
A New Approach to Developing High-Availability Server James T. Yu, Ph.D. School of Computer Science, Telecommunications, and Information Systems DePaul University jyu@cs.depaul.edu ABSTRACT This paper
More informationLab 4.1.2 Characterizing Network Applications
Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1
More informationpt360 FREE Tool Suite Networks are complicated. Network management doesn t have to be.
pt360 FREE Tool Suite Networks are complicated. Network management doesn t have to be. pt360 FREE Tool Suite - At a Glance PacketTrap Networks November, 2009 PacketTrap's pt360 FREE Tool Suite consolidates
More informationAn overview on Internet Measurement Methodologies, Techniques and Tools
An overview on Internet Measurement Methodologies, Techniques and Tools AA 2012/2013 emiliano.casalicchio@uniroma2.it (Agenda) Lezione 24/04/2013 Part 1 Intro basic concepts ISP Traffic exchange (peering)
More informationMonitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation
Monitoring the Dynamics of Network Traffic by Recursive Multi-dimensional Aggregation Midori Kato Keio University katoon@sfc.wide.ad.jp Kenjiro Cho IIJ/Keio University kjc@iijlab.net Michio Honda NEC Europe
More informationSignature-aware Traffic Monitoring with IPFIX 1
Signature-aware Traffic Monitoring with IPFIX 1 Youngseok Lee, Seongho Shin, and Taeck-geun Kwon Dept. of Computer Engineering, Chungnam National University, 220 Gungdong Yusonggu, Daejon, Korea, 305-764
More informationNetwork forensics 101 Network monitoring with Netflow, nfsen + nfdump
Network forensics 101 Network monitoring with Netflow, nfsen + nfdump www.enisa.europa.eu Agenda Intro to netflow Metrics Toolbox (Nfsen + Nfdump) Demo www.enisa.europa.eu 2 What is Netflow Netflow = Netflow
More informationEdge Configuration Series Reporting Overview
Reporting Edge Configuration Series Reporting Overview The Reporting portion of the Edge appliance provides a number of enhanced network monitoring and reporting capabilities. WAN Reporting Provides detailed
More informationCisco IOS Flexible NetFlow Technology
Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application
More informationSoftware Defined Networking What is it, how does it work, and what is it good for?
Software Defined Networking What is it, how does it work, and what is it good for? slides stolen from Jennifer Rexford, Nick McKeown, Michael Schapira, Scott Shenker, Teemu Koponen, Yotam Harchol and David
More informationFlow Analysis. Make A Right Policy for Your Network. GenieNRM
Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do
More informationBased on Computer Networking, 4 th Edition by Kurose and Ross
Computer Networks Ethernet Hubs and Switches Based on Computer Networking, 4 th Edition by Kurose and Ross Ethernet dominant wired LAN technology: cheap $20 for NIC first widely used LAN technology Simpler,
More informationThe Power of SA as a SLM Tool
1 1 The Power of SA as a SLM Tool Building Scalable SLM Solutions Session 2 Agenda Customer Requirements Solution Overview Available Capabilities Example Deployment Summary 3 Customer Requirements 4 Customer
More informationManagement of lambda paths
Management of lambda paths by Tiago Fioreze Supervisor: Aiko Pras Institution: University of Twente Outline You are here! Outline Background information Current management approaches Self-management of
More informationNetFlow Aggregation. Feature Overview. Aggregation Cache Schemes
NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to
More informationLoad Balancing Mechanisms in Data Center Networks
Load Balancing Mechanisms in Data Center Networks Santosh Mahapatra Xin Yuan Department of Computer Science, Florida State University, Tallahassee, FL 33 {mahapatr,xyuan}@cs.fsu.edu Abstract We consider
More informationDirectory Enabled Distributed Packet Filtration System
Directory Enabled Distributed Packet Filtration System A Scalable and High Performance Security Architecture Siddhartha Gavirneni sgavirne@eecs.ku.edu Electrical Engineering and Computer Science Networking
More informationReal-Time Handling of Network Monitoring Data Using a Data-Intensive Framework
Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework Aryan TaheriMonfared Tomasz Wiktor Wlodarczyk Chunming Rong Department of Electrical Engineering and Computer Science University
More informationGet Your FIX: Flow Information export Analysis and Visualization
Get Your FIX: Flow Information export Analysis and Visualization Joint Techs Workshop, Madison, Wisconsin, July 19, 2006 Dave Plonka plonka@doit.wisc.edu Division of Information Technology, Computer Sciences
More informationIP Network Monitoring and Measurements: Techniques and Experiences
IP Network Monitoring and Measurements: Techniques and Experiences Philippe Owezarski LAAS-CNRS Toulouse, France Owe@laas.fr 1 Outline 4 Introduction 4 Monitoring problematic 8Only based on network administration
More informationTraffic Monitoring in a Switched Environment
Traffic Monitoring in a Switched Environment InMon Corp. 1404 Irving St., San Francisco, CA 94122 www.inmon.com 1. SUMMARY This document provides a brief overview of some of the issues involved in monitoring
More informationSmart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1
Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the
More informationAvaya ExpertNet Lite Assessment Tool
IP Telephony Contact Centers Mobility Services WHITE PAPER Avaya ExpertNet Lite Assessment Tool April 2005 avaya.com Table of Contents Overview... 1 Network Impact... 2 Network Paths... 2 Path Generation...
More informationDr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu. DDoS and IP Traceback. Overview
DDoS and IP Traceback Dr. Arjan Durresi Louisiana State University, Baton Rouge, LA 70803 durresi@csc.lsu.edu Louisiana State University DDoS and IP Traceback - 1 Overview Distributed Denial of Service
More informationNetwork Management & Monitoring
Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)
More informationIPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-01
IPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-01 Tianfu Fu futianfu@huawei.com Dacheng Zhang dacheng.zdc@alibaba-inc.com Liang Xia (Frank) frank.xialiang@huawei.com Min Li
More informationAnalyzing Large DDoS Attacks Using Multiple Data Sources
Analyzing Large DDoS Attacks Using Multiple Data Sources Z. Morley Mao, Vyas Sekar, Oliver Spatscheck, Jacobus van der Merwe, Rangarajan Vasudevan University of Michigan, zmao,ranga @eecs.umich.edu Carnegie
More informationSmart WWW Traffic Balancing
Smart WWW Traffic Balancing Erol Gelenbe Ricardo Lent Juan Arturo Nunez School of Electrical Engineering & Computer Science University of Central Florida Introduction The Internet is one of the biggest
More informationDDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT
DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad
More informationVoice Over IP. MultiFlow 5048. IP Phone # 3071 Subnet # 10.100.24.0 Subnet Mask 255.255.255.0 IP address 10.100.24.171. Telephone.
Anritsu Network Solutions Voice Over IP Application Note MultiFlow 5048 CALL Manager Serv # 10.100.27 255.255.2 IP address 10.100.27.4 OC-48 Link 255 255 25 IP add Introduction Voice communications over
More informationHow To Understand and Configure Your Network for IntraVUE
How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of
More informationEthernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心
Ethernet-based Software Defined Network (SDN) Cloud Computing Research Center for Mobile Applications (CCMA), ITRI 雲 端 運 算 行 動 應 用 研 究 中 心 1 SDN Introduction Decoupling of control plane from data plane
More informationManagement by Network Search
Management by Network Search Misbah Uddin, Prof. Rolf Stadler KTH Royal Institute of Technology, Sweden Dr. Alex Clemm Cisco Systems, CA, USA November 11, 2014 ANRP Award Talks Session IETF 91 Honolulu,
More informationPlugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help
Plugging Network Security Holes using NetFlow Loopholes in todays network security solutions and how NetFlow can help About ManageEngine Network Servers & Applications Desktop ServiceDesk Windows Infrastructure
More informationNetwork traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010
Network traffic monitoring and management Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring
More informationZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationA VoIP Traffic Monitoring System based on NetFlow v9
A VoIP Traffic Monitoring System based on NetFlow v9 Chang-Yong Lee *1, Hwan-Kuk Kim, Kyoung-Hee Ko, Jeong-Wook Kim, Hyun- Cheol Jeong Korea Information Security Agency, Seoul, Korea {chylee, rinyfeel,
More informationPolicy Based Forwarding
Policy Based Forwarding Tech Note PAN-OS 4.1 Revision A 2012, Palo Alto Networks, Inc. www.paloaltonetworks.com Contents Overview... 3 Security... 3 Performance... 3 Symmetric Routing... 3 Service Versus
More informationCisco Bandwidth Quality Manager 3.1
Cisco Bandwidth Quality Manager 3.1 Product Overview Providing the required quality of service (QoS) to applications on a wide-area access network consistently and reliably is increasingly becoming a challenge.
More informationTE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)
1/28 2/28 TE in action S-38.3192 Verkkopalvelujen tuotanto S-38.3192 Network Service Provisioning Networking laboratory 3/28 4/28 Concept of Traffic Engineering (TE) Traffic Engineering (TE) (Traffic Management)
More informationDESIGN AND VERIFICATION OF LSR OF THE MPLS NETWORK USING VHDL
IJVD: 3(1), 2012, pp. 15-20 DESIGN AND VERIFICATION OF LSR OF THE MPLS NETWORK USING VHDL Suvarna A. Jadhav 1 and U.L. Bombale 2 1,2 Department of Technology Shivaji university, Kolhapur, 1 E-mail: suvarna_jadhav@rediffmail.com
More informationNetwork Monitoring Comparison
Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even
More informationObfuscation of sensitive data in network flows 1
Obfuscation of sensitive data in network flows 1 D. Riboni 2, A. Villani 1, D. Vitali 1 C. Bettini 2, L.V. Mancini 1 1 Dipartimento di Informatica,Universitá di Roma, Sapienza. E-mail: {villani, vitali,
More information18: Enhanced Quality of Service
18: Enhanced Quality of Service Mark Handley Traditional best-effort queuing behaviour in routers Data transfer: datagrams: individual packets no recognition of flows connectionless: no signalling Forwarding:
More information