NLANR’s Network Analysis Infrastructure and OCXmon activities Hans-Werner Braun NLANR (UCSD/SDSC) hwb@nlanr.net http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Goals and objectives Creating an infrastructure to support measurements and analysis collection of header traces (passive) performance measurements (active, AMP) use of SNMP derived data routing and topology stability Undertaking of research activities Support outside researchers with data and other help Creation of analysis and visualization tools Aggregate various data sets for correlation Result reporting for the high performance networking environment 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

NAI system NLANR network analysis infrastructure Coral monitor (red) Active measurements (green) vBNS SNMP data Routing data source (BGP) Data archival storage backend 12GB DDS3 tape, WORM, CD-RW, DVD-RAM (or green if encrypted) storage and computation storage, computation, and external presentations compute engine (varies) External network access (web, ftp, email, ….) 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Central machines nai.nlanr.net server for initial data collection 160 GB, 256MB memory, dual 450MHz PII moat.nlanr.net external web server four analysis computation engines each: 18GB, 256MB memory, 450MHz PII 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

File and compute servers nai.nlanr.net moat.nlanr.net Analysis computing engines 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Coral/OCXmon (passive traffic collection and analysis at optical carrier speeds) completely noninvasive, no impact on forwarding paths aggregated traffic signature at a measurement point detailed characteristics of individual transactions 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Coral components OC3 connection end-point OC3mon intelligent subsystem system memory host system bus optical interconnection optical splitters host collection and analysis process 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Optical splitters 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net OC3mon machine 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Passive measurements -- available interfaces Ethernet (10/100) (now) DS3 (interfaces available) UofWaikato, NZ, Ian Graham FDDI (now) off the shelve FDDI cards OC3 (now) ATM, FORE OC12 (now) ATM, Applied Telecom, CAIDA Coralreef OC12 (now ATM, prototype POS), UofWaikato, NZ, Ian Graham OC48 (mid-2000) developed by CAIDA/MCI 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Status of passive measurements activities Current situation: 11 active OC3mon sites 1 FDDI monitor (currently used for OC3mon) 2 OC12mon sites 2 pairs of so far unused DS3mon cards Near to medium term future: creating two DS3mon machines deploying approximately 25 more OCXmon machines using the DAG3 technology POS and ATM capability in collaboration with Abilene/I2 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Passive measurement deployment status U. of Washington U. of Michigan Michigan State U. STARTAP/APAN Argonne Nat. Lab Ohio State U. NCAR U. Colorado, Boulder NCSA U. of Pennsylvania FIX-West Old Dominion U. AIX/MAE-West or NREN NASA-Ames CSU, San Bernardino Vanderbilt U. MCNC North Carolina State U. U. of North Carolina Duke U. UCLA SDSC, U. California, San Diego Rice U. Baylor College of Medicine U. of Houston Texas A&M U. U. of Florida Miami U. Florida State U. FDDImon OC3mon OC12mon collaboration discussions 28 May 1999 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Analysis results: http://moat.nlanr.net/Datacube File structure: origin project date time Datacube structure: project date time origin date project time date origin time project origin date time project origin time date origin project time 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Further (somewhat dated) analysis available online: http://moat.nlanr.net/OC3analysis - analysis of an aggregation point data (similar to what will be available for the HPC aggregation points or gigaPoPs) http://moat.nlanr.net/PBHA - analysis of packets, bit volume, and host activity on a link. http://moat.nlanr.net/SF - analysis of TCP flags (useful for both Internet researchers and vendors) http://moat.nlanr.net/DNS - analysis of traffic by protocol -- with respect to UDP, specifically DNS traffic. http://moat.nlanr.net/PLRL - analysis of the behavior of sequences of packets or packet run lengths is important to the design and development of next generation internetworking hardware and software http://moat.nlanr.net/BGPAddr and http://moat.nlanr.net/ASPL - analyses of the interconnectivity of Autonomous Systems http://moat.nlanr.net/IPaddrocc - analysis of the 32 bit (IP v4) Internet address space 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Result visualization strategies distributed real-time visualization central analysis/ at local monitor real-time visualization requirements fast data visualization (including animating) 3D visualization engines based on OpenGL distributed server/client data generation/analysis separate from visualization lead: Jeff Brown (specifically for “cichlid”) 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Cichlid server/client model (non-local data generator) Client/user OpenGL based visualization engine Server (non-local data generator) Server (non-local data generator) 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

cichlid visualization 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

IP use and plen matrices 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Cichlid for Windows 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Network Analysis Infrastructure -- http://www.nlanr.net Collaborations availability of network workload and performance data and software to gain more insight into the Internet fabric opportunity to involve more students and faculty; thesis projects hosting of visiting researchers local (UCSD) student involvement faculty and staff collaborations with other sites collaborators have to be self-guided to a large extend 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net

Upcoming workshops at UCSD/SDSC 29/30 June 1999 collaboration between sites hosting measurement machines discussions among technical people focus on high performance networking environments vBNS, I2/Abilene, NGI, … help define needs for data/analysis from existing measurement infrastructure 1 July 1999 strategic needs for network analysis in high performance networking environments, issues and opportunities discussions among people with significant network analysis experience focus on multi-provider high performance networking environments 4 May 2019 Network Analysis Infrastructure -- http://www.nlanr.net