Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Computer Networking Lecture 20 – Queue Management and QoS.

Network Performance Measurement

TCP Congestion Control Dina Katabi & Sam Madden nms.csail.mit.edu/~dina 6.033, Spring 2014.

Congestion Control: TCP & DC-TCP Swarun Kumar With Slides From: Prof. Katabi, Alizadeh et al.

Advanced Computer Networking Congestion Control for High Bandwidth-Delay Product Environments (XCP Algorithm) 1.

On Modeling Feedback Congestion Control Mechanism of TCP using Fluid Flow Approximation and Queuing Theory　 Hisamatu Hiroyuki Department of Infomatics.

1 Measurement based traffic engineering Poul Heegaard, Telenor R&D / NTNU Dept. Telematics.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Multiple constraints QoS Routing Given: - a (real time) connection request with specified QoS requirements (e.g., Bdw, Delay, Jitter, packet loss, path.

Requirements Capture and Specification IACT424/924 Corporate Network Design and Implementation.

High speed TCP’s. Why high-speed TCP? Suppose that the bottleneck bandwidth is 10Gbps and RTT = 200ms. Bandwidth delay product is packets (1500.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

Self-Similarity in Network Traffic Kevin Henkener 5/29/2002.

Study of Distance Vector Routing Protocols for Mobile Ad Hoc Networks Yi Lu, Weichao Wang, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue.

Computer Networking Lecture 17 – Queue Management As usual: Thanks to Srini Seshan and Dave Anderson.

FTDCS 2003 Network Tomography based Unresponsive Flow Detection and Control Authors Ahsan Habib, Bharat Bhragava Presenter Mohamed.

Internet Bandwidth Measurement Techniques Muhammad Ali Dec 17 th 2005.

Routers with Small Buffers Yashar Ganjali High Performance Networking Group Stanford University

Bro: A System for Detecting Network Intruders in Real-Time Presented by Zachary Schneirov CS Professor Yan Chen.

Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.

Lecture 11 Intrusion Detection (cont)

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.

The Effects of Systemic Packets Loss on Aggregate TCP Flows Thomas J. Hacker May 8, 2002 Internet 2 Member Meeting.

Sven Ubik, Petr Žejdl CESNET TNC2008, Brugges, 19 May 2008 Passive monitoring of 10 Gb/s lines with PC hardware.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 2. Network Monitoring Metrics.

GridNM Network Monitoring Architecture (and a bit about my phd) Yee-Ting Li, 1 st Year UCL, 17 th June 2002.

Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.

1 Lecture 14 High-speed TCP connections Wraparound Keeping the pipeline full Estimating RTT Fairness of TCP congestion control Internet resource allocation.

Comparison of Public End-to-End Bandwidth Estimation tools on High-Speed Links Alok Shriram, Margaret Murray, Young Hyun, Nevil Brownlee, Andre Broido,

Comparison of Public End-to-End Bandwidth Estimation tools on High- Speed Links Alok Shriram, Margaret Murray, Young Hyun, Nevil Brownlee, Andre Broido,

Chapter 8: Internet Operation. Network Classes Class A: Few networks, each with many hosts All addresses begin with binary 0 Class B: Medium networks,

CS551: End-to-End Packet Dynamics Paxon’99 Christos Papadopoulos (

QoS monitoring -- Nicolas Simar Monitoring Infrastructure SEQUIN workshop, Amsterdam, 1 February 2002 Nicolas Simar DANTE.

Sven Ubik, Petr Zejdl, Vladimir Smotlacha TNC-2006, Catania, Hardware anonymization.

Pavel Cimbál, Sven Ubik CESNET TNC2005, Poznan, 9 June 2005 Tools for TCP performance debugging.

Vladimír Smotlacha CESNET High-speed Programmable Monitoring Adapter.

Efficient Cache Structures of IP Routers to Provide Policy-Based Services Graduate School of Engineering Osaka City University

A Bandwidth Estimation Method for IP Version 6 Networks Marshall Crocker Department of Electrical and Computer Engineering Mississippi State University.

Service Level Monitoring. Measuring Network Delay, Jitter, and Packet-loss  Multi-media applications are sensitive to transmission characteristics of.

1 Evaluating NGI performance Matt Mathis

CS640: Introduction to Computer Networks Aditya Akella Lecture 15 TCP – III Reliability and Implementation Issues.

1 SIGCOMM ’ 03 Low-Rate TCP-Targeted Denial of Service Attacks A. Kuzmanovic and E. W. Knightly Rice University Reviewed by Haoyu Song 9/25/2003.

Performance Engineering E2EpiPEs and FastTCP Internet2 member meeting - Indianapolis World Telecom Geneva October 15, 2003

Debugging end-to-end performance in commodity operating system Pavel Cimbál, CTU, Sven Ubik, CESNET,

1 Virtual Dark IP for Internet Threat Detection Akihiro Shimoda & Shigeki Goto Waseda University

Chapter 11.4 END-TO-END ISSUES. Optical Internet Optical technology Protocol translates availability of gigabit bandwidth in user-perceived QoS.

Development of a QoE Model Himadeepa Karlapudi 03/07/03.

TCP transfers over high latency/bandwidth networks & Grid DT Measurements session PFLDnet February 3- 4, 2003 CERN, Geneva, Switzerland Sylvain Ravot

Internet Measurement and Analysis Vinay Ribeiro Shriram Sarvotham Rolf Riedi Richard Baraniuk Rice University.

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Télécom R&D Guillaume Urvoy-Keller, Ernst.

Connect. Communicate. Collaborate GN2 Activities and the LOBSTER Project Nicolas Simar, DANTE TNC 2005, Poznan, June 2005.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

Sven Ubik, Aleš Friedl CESNET TNC 2009, Malaga, Spain, 11 June 2009 Experience with passive monitoring deployment in GEANT2 network.

Access Link Capacity Monitoring with TFRC Probe Ling-Jyh Chen, Tony Sun, Dan Xu, M. Y. Sanadidi, Mario Gerla Computer Science Department, University of.

Tango1 Considering End-to-End QoS Constraints in IP Network Design and Planning M.Ajmone Marsan, M. Garetto, E. Leonardi. M. Mellia, E. Wille Dipartimento.

Ethernet Packet Filtering – Part 2 Øyvind Holmeide 10/28/2014 by.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Snort – IDS / IPS.

Empirically Characterizing the Buffer Behaviour of Real Devices

FAST TCP : From Theory to Experiments

Achieving reliable high performance in LFNs (long-fat networks)

Presentation transcript:

Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective

NRENs Traffic on NREN links: backbone physical capacity 1-10 Gb/s typical long-term load 50 Mb/s – 1.5 Gb/s typical daily fluctuations 1:5 – flat throughput limited mostly by TCP congestion control reacting to router queue overflows

NREN performance monitoring Implications for performance monitoring: network is on the verge of over-provisioning and will probably remain so we need to monitor network behaviour closely in short-timescales monitoring must work reliably at high speeds

Monitoring methods Three primary ways of performance monitoring: Processing data from network components Active monitoring Passive monitoring

Data from network components router counters read by SNMP flow records Pros: per-link statistics (good space granularity) Cons: delayed update of MIB database (poor time granularity) flow records unreliable due to router overload and software bugs

SNMP counters 60-second averages: short term fluctuations

SNMP counters, cont. 1-second averages: unusable due to delayed MIB update

Active monitoring Pros: easy way to monitor one-way delay and jitter can provide definitive confirmation that high data rate can be passed through network Cons: Need to ping responsive points (not routers) Heavy-weighted throughput measurement stresses user traffic Light-weighted throughput “estimation” still not reliable

Passive monitoring Pros: observes properties experienced by real user traffic, rather than by artificially injected traffic non-intrusive Cons: difficult at high speeds

SCAMPI project SCAMPI – “SCAleable Monitoring Platform for the Internet” Concentrates on passive monitoring Should overcome network speed / PC CPU speed gap by hardware offloading Should allow easy writing of portable monitoring applications

Applications Packet capture Accounting Flow-based reporting Threshold alerting QoS monitoring Network intrusion detection system Flow-based IDS Denial of service attack detection

QoS monitoring Currently monitored characteristics: Short-timescale link load One-way delay Packet loss rate

Link utilization 10 ms averages

Packet loss rate - active Can we measure realistic packet loss rate actively? 100 testing packets per second => thousands of packets per second for continuous full mesh measurement seconds or 3 hours required to detect packet loss rate of 10E-6 (assuming fluid traffic model) If a testing packet is lost, can we imply packet loss rate? Comparison of active and SNMP loss monitoring: [Barford+Sommers, 2003]

Packet loss rate – other methods SNMP counters: unreliable (unlike byte counters) Passive: Capture packets on border connections Sampling possible, but reduces precision Can provide precise short-timescale information about low packet loss rates

Conclusion Short-timescale monitoring is needed to understand network behaviour Passive monitoring can provide more realistic results than active monitoring Passive monitoring at gigabit speeds requires hardware support with built-in monitoring functions, such as SCAMPI adapters

Sven Ubik Thank you for your attention

Backup slides

Types of network monitoring: operational performance security Network monitoring

Delay to routers difficult We should not fill router queues, because: No increase in throughput over using „wire pipe“ Filled-up queues are sensitive to losses caused by cross-traffic Can we determine bottleneck router by observing RTT increase? Interface before 9th link Interface after 9th link

SCAMPI adapter 1GE and 10GE Header filtering Sampling Payload searching Statistics

Header filter and payload string search: fd=mapi_create_flow("/dev/scampi/0"); mapi_apply_function(fd, BPF_FILTER, "src port 2001"); ctr_id1=mapi_apply_function(fd, PKT_COUNTER); mapi_apply_function(fd, STR_SEARCH, "malicious string", 0, 1500); ctr_id2=mapi_apply_function(fd, PKT_COUNTER); mapi_connect(fd); while(1) { sleep(1); mapi_read_results(fd, ctr_id1, &ctr_num1); mapi_read_results(fd, ctr_id2, &ctr_num1); /* … */ } Using MAPI