Presentation is loading. Please wait.

Presentation is loading. Please wait.

Coarse-Grained Traffic Analysis in ISP Networks A Router-Based Approach Christian Martin Verizon.

Published byCory Fowler Modified over 8 years ago

Similar presentations

Presentation on theme: "Coarse-Grained Traffic Analysis in ISP Networks A Router-Based Approach Christian Martin Verizon."— Presentation transcript:

1 Coarse-Grained Traffic Analysis in ISP Networks A Router-Based Approach Christian Martin Verizon

2 Traditional ISP Traffic Analysis Resource Utilization CPU, port utilization, memory Traffic Characterization Flow information (src prt, dst if, src addr, etc) What kind of traffic is flowing across my network? In what ratios and magnitudes? How do new application phenomena affect traffic dynamics (eg. Napster, Everquest) Network Performance RTT, Packet Loss Are there problem areas in my network that I should be addressing?

3 Modern ISP Traffic Analysis Node-Node coarse-grained volumetric statistics. Traffic Engineering, metric assignment, billing ISP ISP and ISP {ISP i,ISP i+1,…, ISP n } traffic volumes Peerseeking Traffic characterization Topological and routing data correlation Need routing table to really understand traffic patterns. Otherwise all we know is what, not why or how. Network Performance Temporal Analysis – (Jitter, convergence times, etc) SLAs This analysis is hard!

4 Modern Traffic Analysis (cont’d) Traditional Analysis is denotative (literal) The information we gather has little to no implied meaning  Bits/sec on this interface  Flows/sec of http between these IPs In order to infer meaning, we need one or more heuristics One such heuristic is the routing table Modern Analysis is connotative (implied) The information we need to gather has lots of implied or inferred meaning  Traffic between POP-A and POP-B  Relative increase in ICMP echo-reply traffic between two ASNs

5 Routing Data As a Heuristic Modern Analysis requires an understanding of the routing state of a network Otherwise, the empirical data has no meaning (connotation) Gathering routing information offline and then correlating it to traffic data: Difficult (sensor fusion) Costly (high speed interfaces not cheap) Disruptive (need to insert probes) Inaccurate in the temporal dimension (export) The router has all the ‘information’ that is needed to perform the analysis in real-time

6 The Router as a Traffic Analyzer Modern routers forward data using advanced hardware Legacy software routers were smart, but slow Original ASIC technology was dumb and fast Newer ASICs/PPEs are becoming smart and fast Forwarding engines are derived from routing data While programming the FIB, we may be able to store additional heuristics  Who (Next Hop), What (POP, peer, cust), When (timestamp), Where (AS, router), How much (volume), Why (is my policy accurately applied?) Create buckets, match flags, and increment counters Store in memory for SNMP/other processing, rather than costly export to spinning media for analysis

7 Applicability Coarse-Grained Node-to-Node Analysis How much traffic of a certain class to a certain class, derived from BGP (or other) information Peer-Seeking How much traffic to and from a set of AS-PATHs, with additional flags if needed Fine Grained Analysis (future)? Real-time analysis of data patterns, router-based heuristics, inferencing, reacting? Anything that requires routing information for correlation Match BGP info and port (NNTP between a set of AS’s)

8 Coarse-Grained Node-Node Analysis Here, a node is a router, or cluster, or POP, or an entire AS Use BGP Next-Hop or AS-PATH to define class Program FIB with class, increment when a match occurs Can be done for source match or destination match Simple way to derive arbitrary demand matrices Aggregate Volume Nodes

9 Peerseeking Determine heuristically (or thru flow info) what ASNs you are interested in Create AS-PATH matches, bucketize and count Netflow processing for AS information is expensive Must Sample - sampling accuracy is questionable Aggregate Volume Potential Peer Transit Providers Potential Peer’s other ASNs, customers, etc My ASN

10 Fine Grained Analysis With new imbedded hardware being developed, much of our analysis will be performed on the router Similar to Aggregated Netflow With real time data and robust inferencing software, we may have: Anomaly detection (DoS Attack) Traffic pattern recognition and adjustment By offloading analysis to hardware in the router, we ensure temporal accuracy and reduce the system processing and storage burden on offline tools Data is transient and self-similarities exist. Why store it?

11 Caveats BGP Asymmetry Intradomain should not be a problem Interdomain is a problem, particularly as connectivity becomes rich More useful for transit buyers looking to offload some transit expense No a priori approach to rule setting Need to know what to look for beforehand Requires hardware/software upgrades Ask your vendor when/where this capability is supported

12 Conclusion Routers have all the data in real time ASICs/PPEs are advancing along with traffic volume on (most) networks Inline probes are intrusive and expensive Offline collection and analysis of large data sets is costly and difficult Features are available today on modern hardware Complimentary to flow-based tools, and of course, MIB-II and ifMIB polling

Download ppt "Coarse-Grained Traffic Analysis in ISP Networks A Router-Based Approach Christian Martin Verizon."

Similar presentations

Routing Basics.

Routing Basics.
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
Copyright © sFlow.org. 2004 All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.

Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ

1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ
CSEE W4140 Networking Laboratory Lecture 4: IP Routing (RIP) Jong Yul Kim 02.15.2010.

CSEE W4140 Networking Laboratory Lecture 4: IP Routing (RIP) Jong Yul Kim
CSEE W4140 Networking Laboratory Lecture 4: IP Routing (RIP) Jong Yul Kim 02.11.2009.

CSEE W4140 Networking Laboratory Lecture 4: IP Routing (RIP) Jong Yul Kim
The Sprint IP Monitoring Project and Traffic Dynamics at a Backbone POP Supratik Bhattacharyya Sprint ATL

The Sprint IP Monitoring Project and Traffic Dynamics at a Backbone POP Supratik Bhattacharyya Sprint ATL
Impact of BGP Dynamics on Intra-Domain Traffic Patterns in the Sprint IP Backbone Sharad Agarwal, Chen-Nee Chuah, Supratik Bhattacharyya, Christophe Diot.

Impact of BGP Dynamics on Intra-Domain Traffic Patterns in the Sprint IP Backbone Sharad Agarwal, Chen-Nee Chuah, Supratik Bhattacharyya, Christophe Diot.
User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.

User-level Internet Path Diagnosis R. Mahajan, N. Spring, D. Wetherall and T. Anderson.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis

04/05/20011 ecs298k: Routing in General... lecture #2 Dr. S. Felix Wu Computer Science Department University of California, Davis

Similar presentations

Ads by Google