Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective.

Published byDayna Williamson Modified over 8 years ago

Similar presentations

Presentation on theme: "Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective."— Presentation transcript:

1 Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective

2 NRENs Traffic on NREN links: backbone physical capacity 1-10 Gb/s typical long-term load 50 Mb/s – 1.5 Gb/s typical daily fluctuations 1:5 – flat throughput limited mostly by TCP congestion control reacting to router queue overflows

3 NREN performance monitoring Implications for performance monitoring: network is on the verge of over-provisioning and will probably remain so we need to monitor network behaviour closely in short-timescales monitoring must work reliably at high speeds

4 Monitoring methods Three primary ways of performance monitoring: Processing data from network components Active monitoring Passive monitoring

5 Data from network components router counters read by SNMP flow records Pros: per-link statistics (good space granularity) Cons: delayed update of MIB database (poor time granularity) flow records unreliable due to router overload and software bugs

6 SNMP counters 60-second averages: short term fluctuations

7 SNMP counters, cont. 1-second averages: unusable due to delayed MIB update

8 Active monitoring Pros: easy way to monitor one-way delay and jitter can provide definitive confirmation that high data rate can be passed through network Cons: Need to ping responsive points (not routers) Heavy-weighted throughput measurement stresses user traffic Light-weighted throughput “estimation” still not reliable

9 Passive monitoring Pros: observes properties experienced by real user traffic, rather than by artificially injected traffic non-intrusive Cons: difficult at high speeds

10 SCAMPI project SCAMPI – “SCAleable Monitoring Platform for the Internet” Concentrates on passive monitoring Should overcome network speed / PC CPU speed gap by hardware offloading Should allow easy writing of portable monitoring applications

11 Applications Packet capture Accounting Flow-based reporting Threshold alerting QoS monitoring Network intrusion detection system Flow-based IDS Denial of service attack detection

12 QoS monitoring Currently monitored characteristics: Short-timescale link load One-way delay Packet loss rate

13 Link utilization 10 ms averages

14 Packet loss rate - active Can we measure realistic packet loss rate actively? 100 testing packets per second => thousands of packets per second for continuous full mesh measurement 10000 seconds or 3 hours required to detect packet loss rate of 10E-6 (assuming fluid traffic model) If a testing packet is lost, can we imply packet loss rate? Comparison of active and SNMP loss monitoring: [Barford+Sommers, 2003]

15 Packet loss rate – other methods SNMP counters: unreliable (unlike byte counters) Passive: Capture packets on border connections Sampling possible, but reduces precision Can provide precise short-timescale information about low packet loss rates

16 Conclusion Short-timescale monitoring is needed to understand network behaviour Passive monitoring can provide more realistic results than active monitoring Passive monitoring at gigabit speeds requires hardware support with built-in monitoring functions, such as SCAMPI adapters

17 Sven Ubik ubik@cesnet.cz Thank you for your attention

18 Backup slides

19 Types of network monitoring: operational performance security Network monitoring

20 Delay to routers difficult We should not fill router queues, because: No increase in throughput over using „wire pipe“ Filled-up queues are sensitive to losses caused by cross-traffic Can we determine bottleneck router by observing RTT increase? Interface before 9th link Interface after 9th link

21 SCAMPI adapter 1GE and 10GE Header filtering Sampling Payload searching Statistics

22 Header filter and payload string search: fd=mapi_create_flow("/dev/scampi/0"); mapi_apply_function(fd, BPF_FILTER, "src port 2001"); ctr_id1=mapi_apply_function(fd, PKT_COUNTER); mapi_apply_function(fd, STR_SEARCH, "malicious string", 0, 1500); ctr_id2=mapi_apply_function(fd, PKT_COUNTER); mapi_connect(fd); while(1) { sleep(1); mapi_read_results(fd, ctr_id1, &ctr_num1); mapi_read_results(fd, ctr_id2, &ctr_num1); /* … */ } Using MAPI

Download ppt "Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.
15-441 Computer Networking Lecture 20 – Queue Management and QoS.

Computer Networking Lecture 20 – Queue Management and QoS.
Network Performance Measurement

Network Performance Measurement
TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.

TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.
Congestion Control: TCP & DC-TCP Swarun Kumar With Slides From: Prof. Katabi, Alizadeh et al.

Congestion Control: TCP & DC-TCP Swarun Kumar With Slides From: Prof. Katabi, Alizadeh et al.
Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.
On Modeling Feedback Congestion Control Mechanism of TCP using Fluid Flow Approximation and Queuing Theory  Hisamatu Hiroyuki Department of Infomatics.

On Modeling Feedback Congestion Control Mechanism of TCP using Fluid Flow Approximation and Queuing Theory  Hisamatu Hiroyuki Department of Infomatics.
1 Measurement based traffic engineering Poul Heegaard, Telenor R&D / NTNU Dept. Telematics.

1 Measurement based traffic engineering Poul Heegaard, Telenor R&D / NTNU Dept. Telematics.
Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Multiple constraints QoS Routing Given: - a (real time) connection request with specified QoS requirements (e.g., Bdw, Delay, Jitter, packet loss, path.

Multiple constraints QoS Routing Given: - a (real time) connection request with specified QoS requirements (e.g., Bdw, Delay, Jitter, packet loss, path.
Requirements Capture and Specification IACT424/924 Corporate Network Design and Implementation.

Requirements Capture and Specification IACT424/924 Corporate Network Design and Implementation.
High speed TCP’s. Why high-speed TCP? Suppose that the bottleneck bandwidth is 10Gbps and RTT = 200ms. Bandwidth delay product is 166666 packets (1500.

High speed TCP’s. Why high-speed TCP? Suppose that the bottleneck bandwidth is 10Gbps and RTT = 200ms. Bandwidth delay product is packets (1500.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
Self-Similarity in Network Traffic Kevin Henkener 5/29/2002.

Self-Similarity in Network Traffic Kevin Henkener 5/29/2002.
Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.

Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.
15-441 Computer Networking Lecture 17 – Queue Management As usual: Thanks to Srini Seshan and Dave Anderson.

Computer Networking Lecture 17 – Queue Management As usual: Thanks to Srini Seshan and Dave Anderson.
FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.

FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.

Similar presentations

Ads by Google