Presentation is loading. Please wait.

Presentation is loading. Please wait.

Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, Brian Tierney Princeton University,

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, Brian Tierney Princeton University,"— Presentation transcript:

1 Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, Brian Tierney Princeton University, International Computer Science Institute, Lawrence Berkeley National Laboratory (LBNL) IMC2005 http://www.usenix.org/events/imc05/tech/ A First Look at Modern Enterprise Traffic

2 Enterprise Network Traffic Internet traffic has been studied a lot Not many studies regarding internal enterprise traffic Study of internal network traffic of an enterprise and compare it with the wide area traffic

3 Enterprise Network Traffic Measurements taken at 2 Central Routers (One at a time) Pentium 4 2.2Ghz running FreeBSD 4.10 4 NIC cards, capture unidirectional traffic Measurement equipment able to capture 2 interfaces at a time 2 subnets at a time

4 Enterprise Network Traffic Trace consists Over 100 Hours of packet traces 8000 Internal Hosts 47000 External Hosts

5 Goals: Understand the makeup of internal network traffic (from the network layer to the application layer) Gain sense of the patterns of locality Characterize application traffic in terms of how intranet traffic differs from Internet traffic characteristics Characterize applications heavily used inside the enterprise but rarely outside Gain Understanding of the load being imposed on modern enterprise networks

6 Overview of Traces

7 Network Protocols detected in traces IP is the dominant Layer 3 Protocol

8 Transport Layer Protocols TCP is dominant in Packets UDP is dominant in connections.

9 Application Breakdown

10 Unicast Payload and Connections WEB email Net-file Backup Bulk name Interactive Windows Streaming Net-mgmt Misc Other-tcp Other-udp Most traffic is internal. Most of the external traffic is web Most internal traffic in bytes is net-file and backup, but the number of connections for these categories are very small Name resolution traffic small, but large number of connections

11 Origins and Destinations 71-79% of traffic is within the network 2-3% originates from inside with destination outside 6-11% originates from hosts outside with destination inside 5-10% is multicast sourced within the network, 4-7% is multicast sourced externally

12 Applications Web traffic has more external traffic than internal Email also both internal and external SMTP and Secure IMAP dominate the email protocols used POP3, LDAP Name Services DNS, Netbios, Service Locator, RPC Handful of servers account for most of the DNS traffic.

13 Application Enterprise Specific Traffic Windows Services SMB/CIFS NFS NCP DCE/RPC CIFS Breakdown

14 Windows Services DCE/RPC Functions NFS Functions

15 Backup Services Veritas Dantz Large volume of traffic between small number of hosts.

16 Summary This study provides a broad view of the enterprise traffic Limitations: Data is specific to one Site Each Site is unique General Idea about internal traffic Sets the foundations for more deep studies of internal network traffic

17

Download ppt "Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, Brian Tierney Princeton University,"

Similar presentations

A First Look at Modern Enterprise Traffic

A First Look at Modern Enterprise Traffic
Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.

Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.
1 LAN Traffic Measurements Carey Williamson Department of Computer Science University of Calgary.

1 LAN Traffic Measurements Carey Williamson Department of Computer Science University of Calgary.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 WAN Traffic Measurements There have been several studies of wide area network traffic.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.

Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Web Server Administration

Web Server Administration
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.

The Internet Ed Lazowska Bill & Melinda Gates Chair in Computer Science & Engineering University of Washington August 2010.
Copyright © 2005 Department of Computer Science CPSC 641 Winter 20111 LAN Traffic Measurements Some of the first network traffic measurement papers were.

Copyright © 2005 Department of Computer Science CPSC 641 Winter LAN Traffic Measurements Some of the first network traffic measurement papers were.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.

1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
Networking protocols Unit objective: Identify TCP/IP properties, and identify common ports and protocols.

Networking protocols Unit objective: Identify TCP/IP properties, and identify common ports and protocols.
Module 1: Reviewing the Suite of TCP/IP Protocols.

Module 1: Reviewing the Suite of TCP/IP Protocols.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Addressing Networking for Home and Small Businesses – Chapter 5.
CS 447 Networks and Data Communication

CS 447 Networks and Data Communication
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

Similar presentations

Ads by Google