SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST.

Slides:



Advertisements
Similar presentations
Basic Concepts of a Computer Network
Advertisements

SHARKFEST ‘10 | Stanford University | June 14–17, 2010 Operating a Flexible Network Monitoring Infrastructure June 17, 2010 Dr Stephen Donnelly Core Software.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Decreasing Incident Response Time ______________________________ Benefits of Packet Capture & Real-time NetFlow Generation Boni Bruno, CISSP, CISM, CGEIT.
High Speed Total Order for SAN infrastructure Tal Anker, Danny Dolev, Gregory Greenman, Ilya Shnaiderman School of Engineering and Computer Science The.
StreamBlade SOE TM Initial StreamBlade TM Stream Offload Engine (SOE) Single Board Computer SOE-4-PCI Rev 1.2.
Communication Subsystems Physical Link Data Link Network Transport Physical Link Data Link Network Transport Session System 1System 2 Typical layers in.
Transport Layer Services –Reliable Delivery –or Not! Protocols –Internet: TCP, UDP –ISO: TP0 thru TP4.
I/O Channels I/O devices getting more sophisticated e.g. 3D graphics cards CPU instructs I/O controller to do transfer I/O controller does entire transfer.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
The Power of Lossless Packet Capture & Real-time Netflow SANS Tool Talk Boni Bruno, CISSP, CISM, CGEIT Technical Director.
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
Networking LAN (Local Area Network) A network is a collection of computers that communicate with each other through a shared network medium. LANs are.
Chapter 1 Introduction Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
Sven Ubik, Petr Žejdl CESNET TNC2008, Brugges, 19 May 2008 Passive monitoring of 10 Gb/s lines with PC hardware.
Introducing Network Standards Open Systems Interconnection (OSI) Model IEEE 802.x Standard Device Drivers and OSI 1.
Christopher Bednarz Justin Jones Prof. Xiang ECE 4986 Fall Department of Electrical and Computer Engineering University.
SHARKFEST ‘10 | Stanford University | June 14–17, 2010 To the Terabyte and Beyond! Leveraging Pilot and Wireshark to Analyze Truly Massive Packet Traces.
COEN 252 Computer Forensics
AS Computing F451 F451 Data Transmission. What data is transmitted? Phone SMS Radio TV Internet.
Network Server Performance and Scalability June 9, 2005 Scott Rixner Rice Computer Architecture Group
Mapping of scalable RDMA protocols to ASIC/FPGA platforms
Layered Protocol. 2 Types of Networks by Logical Connectivity Peer to Peer and Client-Server Peer-to-peer Networks  Every computer can communicate directly.
Networking Basics Lesson 1 Introduction to Networks.
Local Area Network By Bhupendra Ratha, Lecturer
A First Look at Traffic on Smartphones Hossein Falaki Dimitrios Lymberopoulos Ratul Mahajan Srikanth Kandula Deborah Estrin.
High Performance Computing & Communication Research Laboratory 12/11/1997 [1] Hyok Kim Performance Analysis of TCP/IP Data.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Networking LAN (Local Area Network)  A network is a collection of computers that communicate with each other through a shared network medium.  LANs.
The NE010 iWARP Adapter Gary Montry Senior Scientist
RiceNIC: A Reconfigurable and Programmable Gigabit Network Interface Card Jeff Shafer, Dr. Scott Rixner Rice Computer Architecture:
CCNA 2 Week 1 Routers and WANs. Copyright © 2005 University of Bolton Welcome Back! CCNA 2 deals with routed networks You will learn how to configure.
Securing and Monitoring 10GbE WAN Links Steven Carter Center for Computational Sciences Oak Ridge National Laboratory.
Microsoft Sync Framework Content flow for the enterprise.
Increasing Web Server Throughput with Network Interface Data Caching October 9, 2002 Hyong-youb Kim, Vijay S. Pai, and Scott Rixner Rice Computer Architecture.
Parallelization and Characterization of Pattern Matching using GPUs Author: Giorgos Vasiliadis 、 Michalis Polychronakis 、 Sotiris Ioannidis Publisher:
1 Public DAFS Storage for High Performance Computing using MPI-I/O: Design and Experience Arkady Kanevsky & Peter Corbett Network Appliance Vijay Velusamy.
4/19/20021 TCPSplitter: A Reconfigurable Hardware Based TCP Flow Monitor David V. Schuehler.
Vladimír Smotlacha CESNET High-speed Programmable Monitoring Adapter.
Department of Computer Science and Engineering Applied Research Laboratory Architecture for a Hardware Based, TCP/IP Content Scanning System David V. Schuehler.
A record and replay mechanism using programmable network interface cards Laurent Lefèvre INRIA / LIP (UMR CNRS, INRIA, ENS, UCB)
An Introduction to Networking
Intel Research & Development ETA: Experience with an IA processor as a Packet Processing Engine HP Labs Computer Systems Colloquium August 2003 Greg Regnier.
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 1.Introduction.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
1 Chapter Overview Modems The Internet and Web Browsers.
1 Chapter Overview Networking requirements Network types and topologies Network cabling Local area network (LAN) communication Maintaining and troubleshooting.
Precision Measurements with the EVERGROW Traffic Observatory Péter Hága István Csabai.
July 19th, 2004 Joint Techs, Columbus, OH 1 Monitoring the 10 Gigabit Abilene Backbone Jörg Micheel.
Research Unit for Integrated Sensor Systems and Oregano Systems Cern Timing Workshop 2008 Patrick Loschmidt, Georg Gaderer, and Nikolaus Kerö.
ECE 456 Computer Architecture Lecture #9 – Input/Output Instructor: Dr. Honggang Wang Fall 2013.
Sven Ubik, Aleš Friedl CESNET TNC 2009, Malaga, Spain, 11 June 2009 Experience with passive monitoring deployment in GEANT2 network.
WISDOM Project (WP5/6) Martin Koyabe FORTH, Crete June 4-5 th 2009.
1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.
BUILDING AND IMPLEMENT A EMBEDDED WEB SERVER BASE ON TCP/IP STACK WITH A SoC PLATFORM Professor : CHI-JO WANG Name : Bui Quang Hoa (M982b211)
Computer and Internet Basics
Packet Switching Networks & Frame Relay
Chapter 5 Network and Transport Layers
mOS: An open middlebox platform with programmable network stacks
A Deterministic End to End Performance Verification Architecture
Protocols and networks in the TCP/IP model initially.
Data Link Issues Relates to Lab 2.
An Introduction to Computer Networking
Network Systems and Throughput Preservation
Requirements Definition
Presentation transcript:

SHARKFEST '09 | Stanford University | June 15–18, 2009 Now and Then, How and When? June 16 th, 2009 Stephen Donnelly Technologist | Endace Technology SHARKFEST '09 Stanford University June 15-18, 2009

SHARKFEST '09 | Stanford University | June 15–18, 2009 Endace Potted history – 1996 The University of Waikato – 2001 Endace created – 2005 Publically Listed Specialists in packet capture – High data/packet rates – Accurate time stamping – Wide variety of network interfaces

SHARKFEST '09 | Stanford University | June 15–18, 2009 Network Monitoring Interfaces DAG cards cover many network technologies 8000 bps to bps TDM - T1/E1/J1 PDH - T3/E3 SONET/SDH - OC-3, 12, 48, 192, 768 InfiniBand – SDR, DDR

SHARKFEST '09 | Stanford University | June 15–18, 2009 Platforms and Appliances Open Platforms – Full access Managed Appliances – Packet Capture – Trace Replay – Applied Watch IDS – Flow Export – Lawful Intercept – CACE Pilot

SHARKFEST '09 | Stanford University | June 15–18, 2009 Lossless Packet Capture Capture all packets on link – Categorize – Filter – Present to user Debugging Security Forensics Lawful Intercept

SHARKFEST '09 | Stanford University | June 15–18, 2009 Network Interface Cards Designed to provide inexpensive network connectivity for diverse applications – Web, , File transfer Generally applications are the bottleneck – E.g. a web server generating content Protocols are fault tolerant so NIC need not be LAN traffic is bursty

SHARKFEST '09 | Stanford University | June 15–18, 2009 NIC Device Model NIC Tx Descriptor Ring Rx Descriptor Ring Packet Buffers Driver Network Stack Packet Filter Libpcap Application

SHARKFEST '09 | Stanford University | June 15–18, 2009 Performance Testing Simple Libpcap app counting packets – Packets Captured vs. Applied – CPU Load Single processor core AMD Opteron 248 (2.2GHz) 2GB DDR 400 DRAM Linux

SHARKFEST '09 | Stanford University | June 15–18, 2009

DAG cards Optimized for packet capture and replay – Efficient transfer to and from user applications Capture 100% of received packets – Full or partial packet capture – Account for any packet loss that does occur Record accurate timestamps – Synchronized clocks for timestamp comparisons ERF Format with rich per-packet metadata

SHARKFEST '09 | Stanford University | June 15–18, 2009 DAG 8.1SX

SHARKFEST '09 | Stanford University | June 15–18, 2009 Features only on subset of cards DAG Internals FPGA 1 to n Network Physical Layer Interface/s LEDs Sync Connector Clock Oscillator Network Interface / Framer Power Supply Circuits CPLD ROM JTAG / Test Connector/s ProcessorRAM Coprocessor Bus Connector FIFO

SHARKFEST '09 | Stanford University | June 15–18, 2009 DAG Stream Buffer Large Static Ring Buffers – 4MB to 2GB each Window-based Handshaking – Minimize per-packet overhead Memory-mapped to User space – Zero copy

SHARKFEST '09 | Stanford University | June 15–18, 2009 DAG Device Model DAG Tx StreamRx Stream Driver Network Stack Packet Filter Libpcap Application Rx Stream Libdag

SHARKFEST '09 | Stanford University | June 15–18, 2009 Extensible Record Format

SHARKFEST '09 | Stanford University | June 15–18, 2009

Accurate time stamps Debugging/Benchmarking/Optimization – QoS/SLA – Service response time – Storage networks – Network equipment – HPC Financial services – Time=Money, Latency=Risk

SHARKFEST '09 | Stanford University | June 15–18, 2009 Resolution NetworkPacket Rate (64 Byte) Packet Time (64 Byte) Byte Time 10BASE-T14,88067,200ns800ns 100BASE-TX148,8096,720ns80ns 1000BASE-SX1,488,095672ns8ns 10GBASE-SR14,880, ns0.8ns OC-768c (POS)69,721, ns0.2ns 100GBASE-SR10148,809,5206.7ns0.08ns

SHARKFEST '09 | Stanford University | June 15–18, 2009 Reference Clocks GPS – Worldwide – Clear view of sky CDMA – Works indoors – Limited coverage – Unknown distance to tower Radio (Shortwave) – Limited by RF Propagation

SHARKFEST '09 | Stanford University | June 15–18, 2009 Reference Clock Sources ReferenceAccuracy (Est.) GPS100ns CDMA10,000ns Radio1,000,000ns

SHARKFEST '09 | Stanford University | June 15–18, 2009 Clock Transports TransportAccuracy (Est.) Hardware100ns IEEE 1588 (LAN)1,000ns NTP (LAN)1,000,000ns NTP (WAN)10,000,000ns

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.