Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.

Slides:



Advertisements
Similar presentations
Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
Advertisements

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
M A Wajid Tanveer Infrastructure M A Wajid Tanveer
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Introduction 2 1: Introduction.
Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
Traffic Engineering With Traditional IP Routing Protocols
Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.
OSI Model.
Inside the Internet. INTERNET ARCHITECTURE The Internet system consists of a number of interconnected packet networks supporting communication among host.
Service Providers & Data Link & Physical layers Week 4 Lecture 1.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Internet Bandwidth Measurement Techniques Muhammad Ali Dec 17 th 2005.
1 TCP Traffic Analysis in cooperation with Motorola Todd DeSantis and David Loose Advisor: Professor Mark Claypool Co-Advisor: Professor Robert Kinicki.
5/12/05CS118/Spring051 A Day in the Life of an HTTP Query 1.HTTP Brower application Socket interface 3.TCP 4.IP 5.Ethernet 2.DNS query 6.IP router 7.Running.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Network Measurement Bandwidth Analysis. Why measure bandwidth? Network congestion has increased tremendously. Network congestion has increased tremendously.
N ETWORK M ONITORING. D EFINITIONS Network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems.
TCP/IP Reference Model Host To Network Layer Transport Layer Application Layer Internet Layer.
Ch. 28 Q and A IS 333 Spring Q1 Q: What is network latency? 1.Changes in delay and duration of the changes 2.time required to transfer data across.
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.
Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.
Lecture 1, 1Spring 2003, COM1337/3501Computer Communication Networks Rajmohan Rajaraman COM1337/3501 Textbook: Computer Networks: A Systems Approach, L.
Prentice HallHigh Performance TCP/IP Networking, Hassan-Jain Chapter 3 Performance Measurement of TCP/IP Networks.
Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
Advanced Network Architecture Research Group 2001/11/149 th International Conference on Network Protocols Scalable Socket Buffer Tuning for High-Performance.
Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.
Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.
Computers Are Your Future Tenth Edition Chapter 8: Networks: Communicating & Sharing Resources Copyright © 2009 Pearson Education, Inc. Publishing as Prentice.
1.1 What is the Internet What is the Internet? The Internet is a shared media (coaxial cable, copper wire, fiber optics, and radio spectrum) communication.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
Software Defined Networking: Traffic Monitoring and Analysis
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 2. Network Monitoring Metrics.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Introduction Slide 1 A Communications Model Source: generates.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.
IP Network Performance Measurements Bruce Morgan AARNet Pty Ltd.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 2 Module 9 Basic Router Troubleshooting.
NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.
1 Using Netflow data for forecasting Les Cottrell SLAC and Fawad Nazir NIIT, Presented at the CHEP06 Meeting, Mumbai India, February
1 IP : Internet Protocol Computer Network System Sirak Kaewjamnong.
1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.
Computer Security Workshops Networking 101. Reasons To Know Networking In Regard to Computer Security To understand the flow of information on the Internet.
PRESENTATION ON:- INTER NETWORK Guided by: Presented by:- Prof. Ekta Agrwal Dhananjay Mishra Prafull Jain Vinod Kumawat.
HighSpeed TCP for High Bandwidth-Delay Product Networks Raj Kettimuthu.
Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.
Networking Fundamentals. Basics Network – collection of nodes and links that cooperate for communication Nodes – computer systems –Internal (routers,
William Stallings Data and Computer Communications
Trajectory Sampling for Direct Traffic Oberservation N.G. Duffield and Matthias Grossglauser IEEE/ACM Transactions on Networking, Vol. 9, No. 3 June 2001.
Open-Eye Georgios Androulidakis National Technical University of Athens.
Fall 2001CS 6401 Introduction to Networking Outline Networking History Statistical Multiplexing Performance Metrics.
Standards Activities on Traffic Measurement. 2 Outline Applications requiring traffic measurement Packet capturing and flow measurement Existing protocols.
PART1: IP SLA Voice Performance Measurement and related technologies 1.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 1.Introduction.
정하경 MMLAB Fundamentals of Internet Measurement: a Tutorial Nevil Brownlee, Chris Lossley, “Fundamentals of Internet Measurement: a Tutorial,” CMG journal.
Network Performance.
1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.
1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.
POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.
Network Traffic Monitoring and Analysis - Shisheer Teli CCCF.
Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.
100% Exam Passing Guarantee & Money Back Assurance
Network and Services Management
Chapter 6: Network Layer
Chapter 8: Monitoring the Network
Requirements Definition
Presentation transcript:

Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong

2  Introduction – Motivation Needs of Service Providers  Understand the behavior of their networks  Provide fast, high-quality, reliable service to satisfy customers and thus reduce churn rate  Plan for network deployment and expansion  SLA monitoring, network security Needs of Customers  Want to get their money’s worth  Fast, reliable, high-quality, secure, virus-free Internet access

3  Generic Monitoring Metrics Availability  Connectivity  Functionality Loss  One way loss  Round trip loss Delay  One way delay  Round trip delay  Delay variance Throughput  Bandwidth  Utilization

4  3. Monitoring Approaches Active Monitoring Passive Monitoring

5  Network Monitoring Active Approach Performed by sending test traffic into network 1) Generate Test packet periodically or on-demand 2) Measure performance of test packet or response 3) Take the statistics Impose extra traffic on network and distort its behavior in the process Used to monitor network performance  e.g., Availability, Delay, Loss

6  Network Monitoring (cont’d) Passive Approach Carried out by observing normal network traffic 1) Collect network flow from device or generate it after capturing 2) Perform analysis for the purpose Using high-performance computing device (harder as traffic rates increase) Used to perform traffic characterization analysis  Spatial, temporal and composition Network Link

7  Comparison of Monitoring Approaches Active monitoring Passive monitoring ConfigurationMulti-pointSingle or multi- point Data sizeSmallLarge Network overhead Additional traffic- Device overhead - No overhead if splitter is used PurposeDelay, packet loss, availability Throughput, traffic pattern CPU Requirement Low to ModerateHigh

8  Active Monitoring Techniques ICMP-based method  Diagnose network problems  Availability / Round-trip delay / Round-trip packet loss TCP-based method  One-way bandwidth / Round trip bandwidth  Bulk transfer rate UDP-based method  One-way packet loss / Round trip bandwidth

9  Measurement Method Example via Ping Ping (ICMP) – Availability, RT Loss, RTT Delay Measurement Test Machine Measurement Test Machine Gigabit Ethernet Backbone Network RSM Period : 10 min. Packet Size : 40 bytes Packet Generator (ICMP) Customer SLA DB

10  Measurement Method Example via TCP TCP – Throughput Measurement Source Machine Measurement Source Machine Measurement Destination Machine Measurement Destination Machine NTP Synchronized hosts TCP local time : t1 local time : t2 t1 t2 Throughput (Mbps) = t2( ㎲ ) – t1( ㎲ ) 10 5 x KB

11  Measurement Method Example via UDP UDP – One Way Loss Measurement Source Machine Measurement Source Machine Measurement Destination Machine Measurement Destination Machine NTP Synchronized hosts UDP 100 KB One way Loss = x 100 (%) Sent Packet Counts Received Packet Counts 1 Packet (1000 Byte)

12  Passive Monitoring - Packet Capturing Packets can be captured using Port Mirroring or Network Splitter (Tap) Mirroring Probe system Splitting Probe system Port MirroringNetwork Splitter (Tap) How it worksCopies all packets passing on a port to another port Splits the signal and send a signal to original path and another to probe AdvantageNo extra hardware required No processing overhead on router/switch DisadvantageProcessing overhead on router/switch Splitter hardware required

13  Passive Monitoring - Sampling If the rate is too high to capture all packets reliably, there is no alternative but to sample the packets Sampling algorithms: every Nth packet or fixed time interval (a) 2:1 sampling (b) 1 msec sampling 0 msec1 msec2 msec3 msec4 msec

14  5. Passive Monitoring - Flow Generation Flow is a collection of packets with the same {SRC and DST IP address, SRC and DST port number, protocol number, TOS} Flow data can be collected from routers directly, or standalone flow generator having packet capturing capability Popular flow formats  NetFlow (Cisco), sFlow (sFlow.org), IPFIX (IETF) Issues in flow generation  What information should be included in a flow data?  How to generate flow data from raw packet information efficiently?  How to save bulk flow data into DB or binary file in a collector?  How long should the data be preserved? flow 4flow 1flow 2flow 3

15  Passive Monitoring - Flow Technology: NetFlow Cisco IOS NetFlow technology  is an integral part of Cisco IOS software that collects and measures data as it enters specific routers or switch interfaces  enables to perform IP traffic flow analysis without custom probes  3 key components in a NetFlow system Flow Exporter Flow Collector Network Data Analyzer (Flow Analyzer)  Routers supporting NetFlow – Cisco, Foundry routers Vendors providing NetFlow Data Analyzer  Cisco  IFeelNet (  20+ companies (

16  Passive Monitoring - Flow Technology: sFlow sFlow is described in RFC 3176: “InMon's sFlow: A Method for Monitoring Traffic in Switched and Routed Networks” sFlow is a monitoring technology that gives visibility into the use of networks, enabling performance optimization, accounting/billing for usage, and defense against security threats sFlow provides a means of embedding traffic monitoring in high-speed switches and routers sFlow samples packets using statistical sampling theory Devices Supporting sFlow  Foundry Networks BigIron, FastIron, NetIron Series  InMon’s sFlow Probe

17  Passive Monitoring - Traffic Analysis Spatial aspect  The patterns of traffic flow relative to the network topology  Important for proper network design and planning  Identification of bottleneck & avoidance of congestion  Example: Flow aggregation by src, dst IP address or AS number Temporal aspect  The stochastic behavior of a traffic flow, usually described in statistical terms  Important for resource management and traffic control  Important for traffic shaping and caching policies  Example: Packet or byte per hour, day, week, month Composition of traffic  A breakdown of traffic according to the contents, application, packet length, flow duration  Helps to explain its temporal and spatial characteristics  Example: game, streaming media traffic for a week from peer ISP

18  Traffic Monitoring R&D, Standards Activities R&D Groups  NLANR  CAIDA  SLAC NMTF Standard Activities  IETF RTFM (Real Time Flow Measurement)  IETF IPFIX (IP Flow Information Export)  IETF RMONMIB (Remote Network Monitoring)  IETF IPPM (IP Performance Metrics) Conferences & Workshops  Passive & Active Measurement Workshop (PAM) PAM2000, PAM2001, PAM 2002, PAM2003  Internet Measurement Workshop (IMW) Sponsored by ACM SICCOMM IMW2001, IMW2002, IMW2003

19  Questions ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.