Internet Traffic Measurement



Similar documents
Craig Labovitz, Scott Iekel-Johnson, Danny McPherson Arbor Networks Jon Oberheide, Farnam Jahanian University of Michigan

Cisco IOS Flexible NetFlow Technology

PANDORA FMS NETWORK DEVICE MONITORING

Details. Some details on the core concepts:

Internet Traffic and Content Consolidation

ATLAS Internet Observatory Bandwidth Bandwagon: An ISOC Briefing Panel November 11, 2009, Hiroshima, Japan

PANDORA FMS NETWORK DEVICES MONITORING

Assignment One. ITN534 Network Management. Title: Report on an Integrated Network Management Product (Solar winds 2001 Engineer s Edition)

Internet Traffic Evolution

STATEMENT OF CRAIG LABOVITZ, PHD Co-Founder and CEO of DeepField Before the House Judiciary Committee Subcommittee on Regulatory Reform, Commercial

IP Network Monitoring and Measurements: Techniques and Experiences

Trends in Internet Traffic Patterns Darren Anstee, EMEA Solutions Architect

Open Source in Network Administration: the ntop Project

NetFlow/IPFIX Various Thoughts

Development of Monitoring Tools for Measuring Network Performances: A Passive Approach

Frequently Asked Questions

Internet Management and Measurements Measurements

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

Packet Flow Analysis and Congestion Control of Big Data by Hadoop

How To Monitor A Network On A Network With Bro (Networking) On A Pc Or Mac Or Ipad (Netware) On Your Computer Or Ipa (Network) On An Ipa Or Ipac (Netrope) On

Network Monitoring Comparison

R2. The word protocol is often used to describe diplomatic relations. How does Wikipedia describe diplomatic protocol?

A Survey of Enterprise Middlebox Deployments

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

A Summary of Network Traffic Monitoring and Analysis Techniques

Hadoop Technology for Flow Analysis of the Internet Traffic

Study of Network Performance Monitoring Tools-SNMP

CSE 3214: Computer Network Protocols and Applications

Address Resolution Protocol (ARP)

Introduction Chapter 1. Uses of Computer Networks

Networking 4 Voice and Video over IP (VVoIP)

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

SSVVP SIP School VVoIP Professional Certification

A Link Load Balancing Solution for Multi-Homed Networks

Auditing the LAN with Network Discovery

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Elevating Data Center Performance Management

Introduction. The Inherent Unpredictability of IP Networks # $# #

Network Terminology Review

Local-Area Network -LAN

WHITE PAPER. Extending Network Monitoring Tool Performance

IPDR vs. DPI: The Battle for Big Data

Restorable Logical Topology using Cross-Layer Optimization

Research on Errors of Utilized Bandwidth Measured by NetFlow

Virtualizing the SAN with Software Defined Storage Networks

Computer Networks CS321

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Network Monitoring. Sebastian Büttrich, NSRC / IT University of Copenhagen Last edit: February 2012, ICTP Trieste

Monitoring high-speed networks using ntop. Luca Deri

Beyond Monitoring Root-Cause Analysis

Network Management Deployment Guide

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

Inter-domain Routing

Multi-Homing Dual WAN Firewall Router

Application of Netflow logs in Analysis and Detection of DDoS Attacks

Facility Usage Scenarios

SSVP SIP School VoIP Professional Certification

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

WhatsUp Gold v11 Features Overview

Measuring Internet Evolution or... If we don t Measure, we don t Know What s Happening! Measurement WG, APAN 26, Queenstown, 2008

EKT 332/4 COMPUTER NETWORK

The old Internet. Software in the Network: Outline. Traditional Design. 1) Basic Caching. The Arrival of Software (in the network)

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Network Probe. Figure 1.1 Cacti Utilization Graph

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

This topic lists the key mechanisms use to implement QoS in an IP network.

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Infrastructure for active and passive measurements at 10Gbps and beyond

mbits Network Operations Centrec

Network Virtualization and Application Delivery Using Software Defined Networking

Network Performance Monitoring at Small Time Scales

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

From Fieldbus to toreal Time Ethernet

Implementing Network Monitoring Tools

How To Set Up Foglight Nms For A Proof Of Concept

Cisco. A Beginner's Guide Fifth Edition ANTHONY T. VELTE TOBY J. VELTE. City Milan New Delhi Singapore Sydney Toronto. Mc Graw Hill Education

Packet Sampling and Network Monitoring

Detection of Distributed Denial of Service Attack with Hadoop on Live Network

Network Monitoring and Traffic CSTNET, CNIC

WhatsUpGold. v3.0. WhatsConnected User Guide

An Evaluation of Peering and Traffic Engineering in the Pan- African Research and Education Network

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Overview of Network Measurement Tools

REVERSE ENGINEERING THE YOUTUBE VIDEO DELIVERY CLOUD. Vijay Kumar Adhikari, Sourabh Jain, Yingying Chen, and Zhi-Li Zhang

Cable Modems. Definition. Overview. Topics. 1. How Cable Modems Work

CCNA Discovery Chapter Four

SolarWinds. Understanding SolarWinds Charts and Graphs Technical Reference

PLANEAMENTO E GESTÃO DE REDES INFORMÁTICAS COMPUTER NETWORKS PLANNING AND MANAGEMENT

Transcription:

Internet Traffic Measurement

Internet Traffic Measurement Network Monitor Placement Measurement Analysis Tools Measurement Result Reporting Probing Mechanism Vantage Points

Edge vs Core

Hardware vs Software

Online vs Offline Realtime: Off-the-shelf tools Offline: Custom analysis scripts

Passive vs Active

Single vs Multiple Viewpoints Measurements from multiple viewpoints important for representativeness. Combine active and passive measurements

1 Internet Traffic Measurement Aniket Mahanti I. INTERNET TRAFFIC MEASUREMENT Internet measurement can be categorized based on network monitor placement (edge network vs core network), measurement/analysis tools used (hardware-based vs software-based), probing mechanism (passive vs active), and the number of vantage points (single viewpoint vs multiple viewpoints) [2], [3], [8]. A. Edge Network vs Core Network Figure 1 shows a schematic diagram of the Internet and its entities. ISPs are organized into three tiers: Tier-1 (continental backbone networks), Tier-2 (regional networks), and Tier-3 (access networks). Tier-1 ISPs are large organizations that peer with other Tier-1 ISPs to form an Internet backbone network. Examples of Tier-1 ISPs are AT&T and Tata Communications. Tier-2 ISPs peer with other Tier-2 ISPs and purchase connectivity from Tier-1 ISPs. An example of a Tier-2 ISP is Comcast. Tier-3 ISPs act as resellers, and purchase connectivity from other networks (Tier-1 or Tier- 2) to connect to the Internet. Customers buy access to the Internet from Tier-3 ISPs through various access technologies such as cable, DSL, fiber optic, or WiMAX. Previously, content providers were generally connected to the Internet through Tier-2 ISPs. This trend seems to be changing, with large content providers (such as Google) building their own private WAN and connecting directly with lower tier ISPs as well being connected directly to Tier-1 networks [6], [7]. Fig. 1. Edge networks and the Internet core Internet measurements can be performed at various locations in the Internet. Measurements can be performed at individual end systems (left side of Figure 1) to understand performance, service quality, and usage. End user host machines can be easily instrumented with software to capture incoming and outgoing traffic. Several commercial and customizable tools (e.g., tcpdump 1, Wireshark 2 ) exist for this purpose. While these measurements serve a limited purpose when the sample size is small, such measurements are a good starting point for performing large-scale studies. Also, these studies are often performed for understanding the characteristics of new access technologies. For example, Falaki et al. [4] studied smartphone traffic characteristics with 1 http://www.tcpdump.org/ 2 http://www.wireshark.org/ the data collected from 43 users. On the other end (right side of Figure 1), server logs from content providers can provide several insights into the trends of Internet traffic. Such data are considered proprietary and are not shared outside the enterprise. Internet measurements can be taken at edge networks such as campus or enterprise networks. These networks consist of several thousands of users, although their demographic may be skewed towards one category of users (e.g., students in a campus network). Such measurements provide a large data sample to understand Internet traffic characteristics. Measurements at edge networks are easier to undertake because these networks are maintained by a single organization. Clearance to capture traffic containing private information may be easier to obtain. Internet measurements in the core network are more difficult, primarily due to administrative, privacy, and proprietary concerns. ISPs collect logs of traffic flowing through their routers, however, such data is considered proprietary and are not shared outside the organization. Data from core networks aggregates traffic from hundreds of thousands of users, and traffic is more representative due to the inherent diversity of users. B. Hardware-based vs Software-based Analysis Internet traffic measurement tools can be classified into hardware-based or software-based tools. Hardware-based tools such as network analyzers are specialized equipment for measuring and analyzing traffic in a network. Off-the-shelf network analyzers come with measurement devices (such as wireless probes or high-speed network cards) and software for real-time analysis and visualization of Internet traffic (e.g., WildPackets OmniPeek Network Analyzer 3 ). Such products are often geared towards network operators for managing and troubleshooting networking issues, and may not be wellsuited for research purposes. Software-based tools such as tcpdump, Wireshark, Bro 4, and ntop 5 are widely used by networking researchers for Internet measurement. Such tools use kernel-level modification to network interfaces of commodity network cards to capture traffic. This approach is inexpensive and provides greater functionality for customizing measurement and analysis. Custom analysis scripts are available (and scalable) for analyzing huge volumes of data, which may not be possible with commercial applications. This approach also allows for offline traffic analysis, which is useful for traffic characterization and allows for appropriate privacy considerations to be taken into account. Online analysis is more suited for time-sensitive applications such as intrusion detection or application identification. 3 http://www.wildpackets.com/products/omnipeek network analyzer 4 http://bro-ids.org/ 5 http://www.ntop.org/

2 C. Passive vs Active Measurement Passive network measurement is performed by listening to all traffic passing through routers or hosts. This approach requires that the traffic passing through is unaltered and there is minimal disruption to the operation of the network. Passive measurement at an edge network is done by connecting a network monitor to the edge router. All incoming and outgoing traffic to the edge network is replicated and sent to the network monitor. Fig. 3. Active measurement Fig. 2. Passive measurement surement perturbs the flow of normal traffic. It is used to understand end-to-end performance like latency and bandwidth availability. Well-known active measurement tools are ping and traceroute. Another example of active measurement is requesting a Web page from a Web server to measure the load time. Active measurements typically do not require large storage, and it is used to complement passive measurements. Privacy is also not a concern with active measurement. The type of probe packet (using User Datagram Protocol (UDP) instead of Internet Control Message Protocol (ICMP)), size of the probe packet, time of request, and frequency of requests are important factors in active measurements. Figure 2 illustrates the principles of passive measurement. Depending on the size of an organization, passive measurement involves capturing large amounts of data. Data storage is of crucial concern. Collecting the most appropriate data can reduce the size of the resulting dataset; instead of collecting full packet traces with payload, only the transport-layer and application-layer headers may be saved [1]. Sampling may be employed if analysis of the full data is not required [3]. Compression of the data can also drastically reduce the size of the resulting datasets. Compression also assists when exporting the data from the network monitor to the storage server. The time of export should be chosen appropriately to have minimum disruption to normal operation of the network. Due to the non-intrusive nature of passive measurements, they provide an accurate representation of network traffic. Passive measurement mechanisms are also built into routers, switches, and other network devices. These mechanisms, such as Management Information Base (MIB) and Simple Network Management Protocol (SNMP) polling, only provide coarse-grained aggregate information, like total bytes transferred, total lost packets, and interface statistics [3]. These statistics are collected by polling the devices at coarsegrained time intervals (e.g., 5 min). The large polling time intervals and lack of detailed information make this approach infeasible for continuous monitoring and export of data. Privacy is an important concern in passive Internet measurement. Appropriate measures should be put in place such that individual users cannot be identified and associated with the data collected. This entails translating user-identifiable information such as IP address or Medium Access Control (MAC) address into an anonymous user id. This step may be performed during data collection or when post-processing the data. Active measurements involve generating special probe traffic from one host to another host. Probe traffic could contain small UDP packets with little or no payload. Figure 3 illustrates the principles of active measurement. Active mea- D. Single Viewpoint vs Multiple Viewpoint Performing measurements from multiple observational viewpoints is important for understanding the big picture behind performance, traffic characteristics, and usage of Internet applications. Both passive and active measurements can be used in tandem to measure different aspects of Internet applications and networked systems. Measurements from multiple viewpoints enhance the representativeness of the results by reducing skews and anomalies in the data. For example, to study traffic characteristics of Web applications (e.g., YouTube), passive measurements can be performed at edge networks to understand local usage characteristics, along with active measurements (through Application Programming Interface (API) calls) to glean global usage trends [5]. REFERENCES [1] M. Arlitt and C. Williamson. Understanding Web Server Configuration Issues. Software: Practice and Experience, 34(2):163 186, 2004. [2] M. Crovella and B. Krishnamurthy. Internet Measurement: Infrastructure, Traffic and Applications. Wiley, 2006. [3] N. Duffield. Sampling for Passive Internet Measurement: A Review. Statistical Science, 19(3):472 498, 2004. [4] H. Falaki, D. Lymberopoulos, R. Mahajan, S. Kandula, and D. Estrin. A First Look at Traffic on Smartphones. In Proc. ACM SIGCOMM Internet Measurement Conference, Melbourne, Australia, November 2010. [5] P. Gill, M. Arlitt, Z. Li, and A. Mahanti. Youtube Traffic Characterization: A View from the Edge. In Proc. ACM SIGCOMM Conference on Internet Measurement, San Diego, USA, October 2007. [6] P. Gill, M. Arlitt, Z. Li, and A. Mahanti. The Flattening Internet Topology: Natural Evolution, Unsightly Barnacles or Contrived Collapse? In Proc. Passive and Active Measurement Conference, Cleveland, USA, April 2008. [7] C. Labovitz, S. Johnson, D. McPherson, J. Oberheide, and F. Jahanian. Internet Inter-domain Traffic. In Proc. ACM SIGCOMM Conference, New Delhi, India, August/September 2010. [8] C. Williamson. Internet Traffic Measurement. IEEE Internet Computing, 5(6):70 74, November/December 2001.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information