Presentation on theme: "INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Measurement John Hicks TransPAC2 Indiana University APAN Conference – Singapore 19-July-2006."— Presentation transcript:
INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Measurement John Hicks TransPAC2 Indiana University Jhicks@iu.edu APAN Conference – Singapore 19-July-2006
INDIANAUNIVERSITYINDIANAUNIVERSITY Overview TransPAC2 measurement goal Arbor system measurement stats Arbor system portal Arbor system WSDL Arbor system SOAP interface 10G PC plans Questions
INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 measurement goals TP2 is funded by the NSF and we are required to provide accounting of how TP2 is facilitating international scientific cooperation. TP2 is using Arbor Networks Peakflow SP system statistics and reporting capabilities for flow, BGP and security analysis. TP2 has three basic measurement goals: Provide public access to general statistics and data concerning the TP2 network link. Provide access to private data to trusted groups or individuals using the TP2 link. Provide a HP testing facility for application and network researchers.
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP system The Arbor systems Peakflow SP system is a traffic analysis engine the works on a collection of routers. By default, the collection of routers is aggregated into a one network. General queries (no filters) return summaries of the entire network. Query filters provide one means of narrowing return data. Other scoping mechanisms are available.
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP queries The Peakflow system collects flow and BGP data and provides a facility to query and filter desired data for a particular time slice. Peakflow SP is designed around XML queries. There is currently a limit of two filters for each query. Desired data can be further scoped by different query types. Example: filter on entity 1 (entity 1 could contain multiple routers) data, then on TCP ports (port #1, port#2, port#3, …)
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP router query types Router query types include the following:
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP Raw Flow queries Raw flow query types include the following:
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP BGP queries BGP queries include: Diff - Reports a list of BGP change reports Raw - Reports a list of raw routes Summary - Reports the summary of BGP changes matching a filter
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP The Peakflow SP system can return graphs and raw data for each type of query. Queries can be automatically run at schedules times (like cron). Query reports can be email to individuals or groups (including graphs and data). Email example:
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP offers a customer facing portal that provides access to some of the SP data. Portal data views are scoped to a subset of the systems data. Portals are a good way to provide private access to costumer data. One problem with portals is that scoping data is very course. For example: If a costumer sees an anomaly (large traffic from /24) in the data from a query and determines that it is coming from an interface not in the costumers scope. Further investigation is prohibited. If the system provides access to this interface then all interfaces are available. Peakflow SP portals
INDIANAUNIVERSITYINDIANAUNIVERSITY To solve this problem, we are using the Peakflow wsdl to provide more refined scoping of data. The Peakflow SP wsdl provide the following: getAlertGraph - For a given alert id, returns a graph of the total alert traffic per customer interface over the life of the alert. sqlQuery - Returns an SQL query in XML format. getTrafficData - Returns detailed sample data for items matching the query. Data is returned XML format. getTrafficGraph - Returns a graph of the data items matching the supplied query parameters. Peakflow SP WSDL/SOAP
INDIANAUNIVERSITYINDIANAUNIVERSITY getAlertSummaries - Returns summary information about the most recent count alerts, starting at offset alerts from the most recent alert. The optional filter can specify the name of a customer managed object. Peakflow SP WSDL/SOAP
INDIANAUNIVERSITYINDIANAUNIVERSITY getAlertInterfaces - Returns a detailed listing of all routers interfaces involved in the specified alert. Peakflow SP WSDL/SOAP
INDIANAUNIVERSITYINDIANAUNIVERSITY getAlertInterfaceDetails - Returns detailed information about router interfaces involved in the specified alert. getAlertInterfacesXML - Same as getAlertInterfaces but in XML format. getAlertRouterInterfacesXML - Same as getAlertRouterInterfaces but in XML format. getReport - Returns multiple graphs in one tar.gz file. getAlertStatisticsRaw - Returns raw statistics about requested alert. Peakflow SP WSDL/SOAP
INDIANAUNIVERSITYINDIANAUNIVERSITY Peakflow SP currently provides a single Zonesecret to access the system remotely via SOAP. Scoping of data is done on the proxy server. Web presentation is currently done with PHP but other technologies such as AJAX are being explored. DB backend also under investigation. Proxy server code will be made available once private zonesecret can be secured. Costume interfaces are easily rolled out for private data. Customer Peakflow Proxy
INDIANAUNIVERSITYINDIANAUNIVERSITY HP measurement machine TransPAC2 recently purchased a 10G capable machine with the following specifications: This machine will be use to test the TransPAC2 (Tokyo XP, NICT/KDDI) link and into Abilene (HOPI nodes). Further testing will continue as more 10G resources become available. Installation should be completed by August 2006.
INDIANAUNIVERSITYINDIANAUNIVERSITY Questions or Comments John Hicks Indiana University email@example.com