© 2009 Carnegie Mellon University Is there any value in bulk network traces? Sid Faber Member of the Technical Staff CERT/SEI.

Slides:

Advertisements

Similar presentations

Network Aware Forward Caching Presenter: Alexandre Gerber Jeffrey Erman, Mohammad T. Hajiaghayi, Dan Pei, Oliver Spatscheck AT&T Labs Research April 24.

Advertisements

A First Look at Modern Enterprise Traffic

Pouya Ostovari and Jie Wu Computer and Information Sciences

A Transport Protocol for Content-Centric Networking with Explicit Congestion Control Feixiong Zhang, Yanyong Zhang (Rutgers Univ.), Alex Reznik (InterDigital),

Fundamentals of Multimedia Part III: Multimedia Communications and Networking Chapter 15 : Network Services and Protocols for Multimedia Communications.

New Scenarios for Portable Media Usage David Proctor Hardware Lead Microsoft Portable Media Centers.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers Tsung-i (Mark) Huang Jaspal Subhlok University of Houston GAN ’ 05 / May 10, 2005.

Resilient Peer-to-Peer Streaming Paper by: Venkata N. Padmanabhan Helen J. Wang Philip A. Chou Discussion Leader: Manfred Georg Presented by: Christoph.

Streaming Video Traffic: Characterization and Network Impact Kobus van der Merwe Shubho Sen Chuck Kalmanek

EE442—Multimedia Networking Jane Dong California State University, Los Angeles.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.

Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.

Measurement and Monitoring Nick Feamster Georgia Tech.

1 WAN Measurements Carey Williamson Department of Computer Science University of Calgary.

Junxian Huang 1 Feng Qian 2 Yihua Guo 1 Yuanyuan Zhou 1 Qiang Xu 1 Z. Morley Mao 1 Subhabrata Sen 2 Oliver Spatscheck 2 1 University of Michigan 2 AT&T.

Fundamentals of Computer Networks ECE 478/578 Lecture #2 Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University of Arizona.

Add image. 3 “ Content is NOT king ” today 3 40 analog cable digital cable Internet 100 infinite broadcast Time Number of TV channels.

CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

Daniel Johnson. Playing a media file stored on a remote server on a local client.

1 mmdump Reference: “mmdump: A Tool for Monitoring Internet Multimedia Traffic” J. van der Merwe, R. Cceres, Y-H. Chu, C. Sreenan. ACM SIGCOMM Computer.

Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.

Dividing the Pizza An Advanced Traffic Billing System An Advanced Traffic Billing System Christopher Lawrence Burke The University of Queensland.

Protocol(TCP/IP, HTTP) 송준화 조경민 2001/03/13. Network Computing Lab.2 Layering of TCP/IP-based protocols.

CPSC 441: Multimedia Networking1 Outline r Scalable Streaming Techniques r Content Distribution Networks.

1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

© 2006 Cisco Systems, Inc. All rights reserved. Module 4: Implement the DiffServ QoS Model Lesson 4.2: Using NBAR for Classification.

Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.

1 Transport Layer Lecture 7 Imran Ahmed University of Management & Technology.

Making the Best of the Best-Effort Service (2) Advanced Multimedia University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot.

CSE679: Computer Network Review r Review of the uncounted quiz r Computer network review.

Doc.: IEEE /0648r0 Submission May 2014 Chinghwa Yu et. al., MediaTekSlide 1 Performance Observation of a Dense Campus Network Date:

Lab 2: TCP /IP communication Southern Methodist University Bryan Rodriguez.

Multicast instant channel change in IPTV systems 1.

Internet Measurment Multimedia 1. Properties Challenges Tools State of the Art 2.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

ECEN “Internet Protocols and Modeling”, Spring 2012 Course Materials: Papers, Reference Texts: Bertsekas/Gallager, Stuber, Stallings, etc Class.

Detection of Routing Loops and Analysis of Its Causes Sue Moon Dept. of Computer Science KAIST Joint work with Urs Hengartner, Ashwin Sridharan, Richard.

April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.

Open-Eye Georgios Androulidakis National Technical University of Athens.

Chapter 3: Transport Layer Our goals: r understand principles behind transport layer services: m multiplexing/demultipl exing m reliable data transfer.

Critical Path Analysis of TCP Transactions Authors:Paul Barford (University of Wisconsin-Madison) Mark Crovella (University of Boston) Member, IEEE Source:IEEE/ACM.

Transport Layer3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach Featuring the Internet, 3 rd edition. Jim Kurose, Keith Ross Addison-Wesley,

1 Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

S305 – Network Infrastructure Chapter 5 Network and Transport Layers.

By Natasha Owusu-Amankrah

Transport Protocols.

Midterm Review Chapter 1: Introduction Chapter 2: Application Layer

Internet Signal Processing: Next Steps Dr. Craig Partridge BBN Technologies.

Performance Limitations of ADSL Users: A Case Study Matti Siekkinen, University of Oslo Denis Collange, France Télécom R&D Guillaume Urvoy-Keller, Ernst.

2: Transport Layer 11 Transport Layer 1. 2: Transport Layer 12 Part 2: Transport Layer Chapter goals: r understand principles behind transport layer services:

Network Models. 2.1 what is the Protocol? A protocol defines the rules that both the sender and receiver and all intermediate devices need to follow,

Video Streaming vs Video Casting

Chapter 5 Network and Transport Layers

Introduction to TCP/IP networking

Due: a start of class Oct 12

Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers

Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.

Due: a start of class Oct 26

Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.

Overview What is Multimedia? Characteristics of multimedia

CPSC 641: WAN Measurement Carey Williamson

Carey Williamson Department of Computer Science University of Calgary

Transport Layer Identification of P2P Traffic

Presentation transcript:

© 2009 Carnegie Mellon University Is there any value in bulk network traces? Sid Faber Member of the Technical Staff CERT/SEI

2 Is there value in bulk network traces? Yes. Any questions?

3 What problem are you trying to solve? Trends Particular protocols Specific applications or use cases Existence When did something come on line? Who uses a service? Resiliency How networks react to an event Education

4 Let’s try an example. Hypothesis: Internet bandwidth grows by ~40% annually Past trends were spurred by audio downloads, then streaming audio, then video clips. Now we’re seeing adoption of online TV, and high definition video. Is video driving current bandwidth increases? Where are we at on the adoption curve? How will it impact my network?

5 Research plan Understand streaming protocols Find features that can identify the protocols Look for data to support the research Apply the data to the problem

6 Watch Three YouTube Videos

7 SYN (circle) FIN (square) RST (x) Activity (dot) Volume Scale Byte Volume (blue, source) Byte Volume (green, dest) Packet Count (dotted line, no scale)

8 Watch CNN Live

9 Listen to Three Songs on Pandora

10 Listen to Live365

11 Some useful general features Overall Bandwidth File Delivery protocols vs. Streaming protocols TCP flag patterns Use of Content Distribution Networks Service port (e.g, HTTP or Shockwave)

12 Search for data sources Criteria Ongoing data feeds Large scale trends across many network types Some Possibilities Internet2 MAWI DITL

13 Data Sources - Internet2 The Internet2 Observatory NetFlow v5 in flow-tools format Sampled 1:100 9 collection points Anonymized: lower 11 bits set to 0

14 Data Sources - MAWI Measurement and Analysis on the WIDE Internet Sample point F 150Mbps link 15 minute snapshot each day Unsampled Anonymized

15 Other Data Sources DITL Backscatter data Storm Center Daily Feed [DatCat]

16 Challenges: Anonymization Creates a data silo Prevents linking in any other IP data sets DNS Data Geolocation / ownership data Blacklists Not necessarily bad for our research Many providers use content distro networks Key features are address-independent Challenges from anonymization are well understood

17 Challenges: Sampling It’s often unavoidable Short term results are unpredictable Very significant for our research We’re very interested in bandwidth utilization Mitigated somewhat because we’re looking at high volumes Let’s take a closer look

18 Watch Three YouTube Videos: Original Data Data Sampled Artificially at 1:100

19 Watch CNN Live Original Data Data Sampled Artificially at 1:100

20 Challenges: Flow To this point, we’ve been essentially working with packets. Let’s take a look at the impact of applying flow aggregation and timeouts.

21 YouTube Videos Create flows with timeouts: 15s active 300s inactive

22 CNN Live Create flows with timeouts: 15s active 300s inactive

23 The example, revisited Is video driving current bandwidth increases? Where are we at on the adoption curve? How will it impact my network? We can work around anonymization Sampled data makes the problem very challenging Working with flow (rather than packets) adds more complexity

24 Back to the point of the presentation The question: Is there value in bulk network traces? The answer: Yes. A caveat: The data sources have to be tuned to the research

25 Conclusion A challenge: What research do you want to do with bulk network traces? How can / should we drive bulk network data collection?

26 Thank You Sid Faber