1AT&T Labs - Research SNMP Simple Network Measurements Please! Matthew Roughan

Slides:



Advertisements
Similar presentations
AT&T Labs - Research An Information-Theoretic Approach to Traffic Matrix Estimation Yin Zhang, Matthew Roughan, Carsten Lund – AT&T Research David Donoho.
Advertisements

1 EL736 Communications Networks II: Design and Algorithms Class1: Introduction Yong Liu 09/05/2007.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Figures in Chapter 1. Learning objectives After studying this chapter, you should be able to; Define logistics and supply chain management. Describe logistics.
1 Aman Shaikh UCSC SHS IMW A Case-study of OSPF Behavior in a Large Enterprise Network Aman Shaikh, UCSC Chris Isett, Siemens Health Services Albert.
1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.
A Flexible Model for Resource Management in Virtual Private Networks Presenter: Huang, Rigao Kang, Yuefang.
1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.
Traffic Engineering With Traditional IP Routing Protocols
1 Traffic Engineering for ISP Networks Jennifer Rexford IP Network Management and Performance AT&T Labs - Research; Florham Park, NJ
Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Multi-Scale Analysis for Network Traffic Prediction and Anomaly Detection Ling Huang Joint work with Anthony Joseph and Nina Taft January, 2005.
Who Talks to Whom: Using BGP Data for Scaling Interdomain Resource Reservation Ping Pan and Henning Schulzrinne Columbia University ISMA Workshop – Leiden,
Traffic Matrix Estimation: Existing Techniques and New Directions A. Medina (Sprint Labs, Boston University), N. Taft (Sprint Labs), K. Salamatian (University.
Measurement and Monitoring Nick Feamster Georgia Tech.
Measuring Performance Chapter 12 CSE807. Performance Measurement To assist in guaranteeing Service Level Agreements For capacity planning For troubleshooting.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
A Signal Analysis of Network Traffic Anomalies Paul Barford, Jeffrey Kline, David Plonka, and Amos Ron.
Testing Intrusion Detection Systems: A Critic for the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory By.
Remote Network Monitoring (RMON)
Understanding Network Failures in Data Centers: Measurement, Analysis and Implications Phillipa Gill University of Toronto Navendu Jain & Nachiappan Nagappan.
AGG-NANOG IP Network Traffic Engineering Albert Greenberg Internet and Networking Systems Research Lab AT&T Labs - Research; Florham Park, NJ See.
On a New Internet Traffic Matrix (Completion) Problem
1University of Adelaide Network Tomography and Internet Traffic Matrices Matthew Roughan School of Mathematical Sciences University of Adelaide.
Not All Microseconds are Equal: Fine-Grained Per-Flow Measurements with Reference Latency Interpolation Myungjin Lee †, Nick Duffield‡, Ramana Rao Kompella†
Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.
A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin – Madison Summer, 2002.
1.  TCP/IP network management model: 1. Management station 2. Management agent 3. „Management information base 4. Network management protocol 2.
TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.
Tomo-gravity Yin ZhangMatthew Roughan Nick DuffieldAlbert Greenberg “A Northern NJ Research Lab” ACM.
Coarse-Grained Traffic Analysis in ISP Networks A Router-Based Approach Christian Martin Verizon.
Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.
Shannon Lab 1AT&T – Research Traffic Engineering with Estimated Traffic Matrices Matthew Roughan Mikkel Thorup
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ
Dividing the Pizza An Advanced Traffic Billing System An Advanced Traffic Billing System Christopher Lawrence Burke The University of Queensland.
Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,
1 The Research on Analyzing Time- Series Data and Anomaly Detection in Internet Flow Yoshiaki HARADA Graduate School of Information Science and Electrical.
Using Measurement Data to Construct a Network-Wide View Jennifer Rexford AT&T Labs—Research Florham Park, NJ
The Science of Prediction Location Intelligence Conference April 4, 2006 How Next Generation Traffic Services Will Impact Business Dr. Oliver Downs, Chief.
NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.
POSTECH DP&NM Lab 1 Remote Network Monitoring (RMON)
1 Network Management: SNMP The roots of education are bitter, but the fruit is sweet. - Aristotle.
EGEE is a project funded by the European Union under contract IST Bandwidth Measurements Loukik Kudarimoti Network Engineer, DANTE JRA4 Meeting,
Mr C Johnston ICT Teacher BTEC IT Unit 05 - Lesson 03 Network Topologies.
Network Anomography Yin Zhang – University of Texas at Austin Zihui Ge and Albert Greenberg – AT&T Labs Matthew Roughan – University of Adelaide IMC 2005.
BGP topics to be discussed in the next few weeks: –Excessive route update –Routing instability –BGP policy issues –BGP route slow convergence problem –Interaction.
Metadata Management of Terabyte Datasets from an IP Backbone Network: Experience and Challenges Sue B. Moon and Timothy Roscoe.
April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.
Mr C Johnston ICT Teacher
1AT&T Labs - Research SNMP Simple Network Measurements Please! Matthew Roughan (+many others)
Network Management CCNA 4 Chapter 7. Monitoring the Network Connection monitoring takes place every day when users log on Ping only shows that the connection.
Development of a QoE Model Himadeepa Karlapudi 03/07/03.
Company LOGO Network Management Architecture By Dr. Shadi Masadeh 1.
Network Anomography Yin Zhang Joint work with Zihui Ge, Albert Greenberg, Matthew Roughan Internet Measurement.
1 Long-Range Dependence in a Changing Internet Traffic Mix STATISTICAL and APPLIED MATHEMATICAL SCIENCES INSTITUTE Félix Hernández-Campos Don Smith Department.
1 Sheer volume and dynamic nature of video stresses network resources PIE: A lightweight latency control to address the buffer problem issue Rong Pan,
IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.
1 Monitoring: from research to operations Christophe Diot and the IP Sprintlabs ipmon.sprintlabs.com.
1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.
Building SDN-ready high bandwidth IXP M.Sc.E.E. Goran Slavić
Distributed Network Monitoring in the Wisconsin Advanced Internet Lab Paul Barford Computer Science Department University of Wisconsin – Madison Spring,
Manajemen Jaringan, Sukiswo ST, MT 1 Remote Network Monitoring (RMON) Sukiswo
PART1 Data collection methodology and NM paradigms 1.
Lec 5: SNMP Network Management
Predicting Interface Failures For Better Traffic Management.
Network and Services Management
Use of Time-Series Data in Strategic Managerial Decisions
Use of Simplex Satellite Configurations to support Internet Traffic
Chapter-5 Traffic Engineering.
Presentation transcript:

1AT&T Labs - Research SNMP Simple Network Measurements Please! Matthew Roughan

2AT&T Labs - Research Outline zPart I: SNMP traffic data ySimple Network Management Protocol yWhy? How? What? zPart II: Modeling yPutting time series and traffic modeling together xTraffic modeling deals with stationary processes (typically) xTime series gives us a way of getting a stationary process xBut the analysis requires an understanding of the traffic model yApplications, and algorithms

3AT&T Labs - Research Part I: SNMP Traffic Data

4AT&T Labs - Research Data Availability – Traffic Data

5AT&T Labs - Research Data Availability – packet traces Packet traces limited availability – like a high zoom snap shot special equipment needed (O&M expensive even if box is cheap) lower speed interfaces (only recently OC48 available, no OC192) huge amount of data generated

6AT&T Labs - Research Data Availability – flow level data Flow level data not available everywhere – like a home movie of the network historically poor vendor support (from some vendors) large volume of data (1:100 compared to traffic) feature interaction/performance impact

7AT&T Labs - Research Data Availability – SNMP SNMP traffic data – like a time lapse panorama MIB II (including IfInOctets/IfOutOctets) is available almost everywhere manageable volume of data no significant impact on router performance

8AT&T Labs - Research SNMP zAdvantages yComparatively simple yRelatively low volume yIt is used already (lots of historical data) zDisadvantages yData quality – an issue with any data source xAmbiguous xMissing data xIrregular sampling yOctets counters only tell you link utilizations xHard to get a traffic matrix xCan’t tell what type of traffic xCan’t easily detect DoS, or other unusual events yCoarse time scale (>1 minute typically) xLack of well tested relationship between coarse time-scale averages and performance (hence active perf. measurement)

9AT&T Labs - Research Datasets zSNMP yOC48 tool xHistorical view of high speed and peering links from CBB yAT&T Broadband xA sample of broadband access traffic yCompass xThe whole CBB, not just traffic, also router view zRelated datasets yNetflow (see Carsten Lund, Fred True) xDrill down to see what sort of traffic yNetdb (see Joel Gottlieb) xNetwork topology and configuration data

10AT&T Labs - Research SNMP traffic data SNMP Polls SNMP Octets Counter poller router poll data Like an Odometer Management system agent

11AT&T Labs - Research Irregularly sampled data zWhy? yMissing data (transport over UDP, often in-band) yDelays in polling (jitter) yPoller sync xMultiple pollers xStaggered polls zWhy care? yTime series analysis yComparisons between links xDid traffic shed from link A go to link B xCalculation of traffic matrices yTotals (e.g. total traffic to Peer X) yCorrelation to other data sources xDid event BGP route change at time T effects links A,B,C,…

12AT&T Labs - Research Applications zCapacity planning yNetwork at the moment is “hand-crafted” yWant to automate processes yProvisioning for failure scenarios requires adding loads zTraffic engineering yEven if done by hand, you need to see results yBGP zEvent detection yDetect network problems zBusiness cases yHelp sales and marketing make cases zBilling y95 th percentile billing

13AT&T Labs - Research Part II: Modeling zPutting together theory from yTime series analysis yTraffic theory zTo SNMP data yIn particular for backbone traffic

14AT&T Labs - Research Total traffic into a city for 2 weeks

15AT&T Labs - Research Model zTraffic data has several components yTrend, T t xLong term changes in traffic ySeasonal (periodic) component, S t xDaily and weekly cycles yStationary stochastic component, W t xNormal variation yTransient anomalies, I t xDoS, Flash crowds, Rerouting (BGP, link failures) zmany ways you could combine these components ystandard time series analysis xSum X t = T t + S t + W t + I t xProduct X t = T t S t W t I t xBox-Cox transform

16AT&T Labs - Research A Simple Model (for backbone traffic) zBased on Norros model zNon-stationary mean zStochastic component unspecified (for the moment)

17AT&T Labs - Research Why this model? zBehaves as expected under multiplexing zGood model for backbone traffic yLots of multiplexing zSimple, estimable parameters, flexible, can make predictions, data supports it

18AT&T Labs - Research What does a model get you? zDecomposition yMA for trend (window > period of seasonal component) ySMA for seasonal component (average at same time of day/week) ySeveral methods for segmenting I t zAnomaly detection zInterpolation yLinear, or wavelet based for short gaps (<3 hours) yModel based for long gaps (>3 hours) zHow smooth is backbone traffic (is it LRD) zCapacity planning yEstimation of traffic matrices

19AT&T Labs - Research Example: decomposition Data => Decomposition

20AT&T Labs - Research Example: interpolation zModel based vs linear

21AT&T Labs - Research Example: anomaly detection zWavelet based

22AT&T Labs - Research Conclusion zSNMP is a good data source yAvailable everywhere yYou need to do some work to extract useful data zTraffic model gives you more yA framework for other algorithms yA way to decide what information is important yA way of seeing how smooth traffic really is xEffect of multiplexing zThere is still more info. to get ypacket traces, flow data, … zAlgorithms are applicable to other traffic data zFor more details have a look at