A Method for Coordinated Multi-Domain Traffic Pattern Analysis Presented by: Julio Ibarra, Ernesto Rubi, James Grace, Christian Rodriguez Center for Internet.

Slides:



Advertisements
Similar presentations
Florida International UniversityAMPATH AMPATH Julio E. Ibarra Director, AMPATH CIRN Meeting Washington D.C. June 22, 2002 Pathway.
Advertisements

RedCLARA Status and Projections Florencio Utreras Executive Director of CLARA August 26, 2007.
RedCLARA Status and Projections CLARA May, ALICE Project 18 Latin American Countries and 4 European NRENs Creation of CLARA, the organization of.
Performance Testing - Kanwalpreet Singh.
AMPATH™: Pathway of the Americas Internet2 Member Meeting International Task Force October 13, 2003 Julio Ibarra Principal Investigator and Director
Network Performance Measurement
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Global R&E Network Interconnects: AMPATH Update Ernesto Rubi, Sr. Network Engineer AMPATH International Exchange Florida International University Miami,
Measurements of Congestion Responsiveness of Windows Streaming Media (WSM) Presented By:- Ashish Gupta.
Traffic Engineering With Traditional IP Routing Protocols
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Informed Detour Selection Helps Reliability Boulat A. Bash.
Network Traffic Measurement and Modeling CSCI 780, Fall 2005.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Network Simulation Internet Technologies and Applications.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Reading Report 14 Yin Chen 14 Apr 2004 Reference: Internet Service Performance: Data Analysis and Visualization, Cross-Industry Working Team, July, 2000.
Flow tools APRICOT 2008 Network Management Taipei, Taiwan February 20-24, 2008.
1 ESnet Network Measurements ESCC Feb Joe Metzger
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
National Science Foundation International Research Network Connections Program Kickoff Julio Ibarra, PI Heidi Alvarez, Co-PI Chip Cox, Co-PI John Silvester,
HEPDG 2005 WHREN/LILA & CHEPREO Julio Ibarra, PI Heidi Alvarez, Co-PI Chip Cox, Co-PI John Silvester, Co-PI May 24, 2005.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
NORDUnet NORDUnet The Fibre Generation Lars Fischer CTO NORDUnet.
What is FORENSICS? Why do we need Network Forensics?
Experiences in Design and Implementation of a High Performance Transport Protocol Yunhong Gu, Xinwei Hong, and Robert L. Grossman National Center for Data.
RedCLARA Status and Projections Florencio Utreras Executive Director of CLARA July 28, 2008.
NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.
Florida International UniversityAMPATH AMPATH Julio E. Ibarra Director, AMPATH Global Research Networking Summit Brussels, Belgium.
1 Pan-American Advanced Studies Institute (PASI) Program Grid Computing and Advanced Networking Technologies for e-Science Mendoza, Argentina May 15-21,
RedCLARA: The Research And Education Network Of Latin America Florencio I. Utreras Executive Director Cooperación Latino Americana de Redes Avanzadas (CLARA)
University of the Western Cape Chapter 12: The Transport Layer.
Copyright 2007 Michael W. Lucas slide 1 HTGR- Netflow or, how to know what your network really did without going broke Michael W. Lucas
20 October 2015 Internet2 International Activities Heather Boyles Director, International Relations, Internet2 Internet2 Industry Strategy Council Meeting.
Measurement and Modeling of Packet Loss in the Internet Maya Yajnik.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
NSF IRNC PI Meeting October 6, 2011 Julio Ibarra Center for Internet Augmented Research & Assessment Florida International University Americas Lightpaths.
DYNES Storage Infrastructure Artur Barczyk California Institute of Technology LHCOPN Meeting Geneva, October 07, 2010.
Scavenger performance Cern External Network Division - Caltech Datagrid WP January, 2002.
Florida International UniversityAMPATH AMPATH: Pathway of the Americas Internet2 Member Meeting: International Task Force October 28, 2002 Julio Ibarra.
1 st EELA Grid School Distributed Simulation of Multiple Failure Events on Optical Networks Gustavo S. Pavani 1, Nelson T. Yunaka 2, Tatiana C. Figueiredo.
1 Network Measurement Summary ESCC, Feb Joe Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.
Western-Hemisphere Research and Education Networks Links Interconnecting Latin America Spring 2005 Internet2 Member Meeting International Task Force Julio.
1 08/Dec/01 S. F. Novaes Network in Brazil: Present and Future S. F. Novaes National Research Network Academic Network at São Paulo –Network Traffic –PingER.
Hot Interconnects TCP-Splitter: A Reconfigurable Hardware Based TCP/IP Flow Monitor David V. Schuehler
NSF International Research Network Connections (IRNC) Program I2 Joint Techs Meetings Kevin Thompson NSF CISE/SCI February 15, 2005.
Spring 2006 Internet2 Member Meeting International Task Force Julio Ibarra, PI Heidi Alvarez, Co-PI Chip Cox, Co-PI John Silvester, Co-PI April 24, 2006.
1. Introduction REU 2006-Packet Loss Distributions of TCP using Web100 Zoriel M. Salado, Mentors: Dr. Miguel A. Labrador and Cesar D. Guerrero 2. Methodology.
Xrootd Monitoring and Control Harsh Arora CERN. Setting Up Service  Monalisa Service  Monalisa Repository  Test Xrootd Server  ApMon Module.
“OpenCALEA” Pragmatic Cost Effective CALEA Compliance Manish Karir, Merit - Research and Development.
Department of Computer Science & Engineering 5. Acknowledgments 4. Conclusions 3. Evaluation2. Contribution 1. Introduction REU 2008-Packet Sniffer Jose.
An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.
Development of a QoE Model Himadeepa Karlapudi 03/07/03.
Precision Measurements with the EVERGROW Traffic Observatory Péter Hága István Csabai.
© 2015 Pittsburgh Supercomputing Center Opening the Black Box Using Web10G to Uncover the Hidden Side of TCP CC PI Meeting Austin, TX September 29, 2015.
AmericasPATH to the Inter American Development Bank Washington D.C. March 9, 2001 Pathway of the Americas Julio Ibarra Presents…
Sven Ubik, Aleš Friedl CESNET TNC 2009, Malaga, Spain, 11 June 2009 Experience with passive monitoring deployment in GEANT2 network.
Connect communicate collaborate Performance Metrics & Basic Tools Robert Stoy, DFN EGI TF, Madrid September 2013.
Fall 2005 Internet2 Member Meeting International Task Force Julio Ibarra, PI Heidi Alvarez, Co-PI Chip Cox, Co-PI John Silvester, Co-PI September 19, 2005.
1 Deploying Measurement Systems in ESnet Joint Techs, Feb Joseph Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.
PART1 Data collection methodology and NM paradigms 1.
Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.
Super Computing 2016 Salt Lake City, Utah Nov 15, 2016
Measurement team Hans Ludwing Reyes Chávez Network Operation Center
Network Tools and Utilities
Monitoring Network Bias
ESnet Network Measurements ESCC Feb Joe Metzger
Chapter 8: Monitoring the Network
Pong: Diagnosing Spatio-Temporal Internet Congestion Properties
File Transfer Issues with TCP Acceleration with FileCatalyst
Beyond FTP & hard drives: Accelerating LAN file transfers
Presentation transcript:

A Method for Coordinated Multi-Domain Traffic Pattern Analysis Presented by: Julio Ibarra, Ernesto Rubi, James Grace, Christian Rodriguez Center for Internet Augmented Research and Assessment Florida International University Miami, FL CENIC 08 - ‘Lightpath to the Stars’ March 10, 2008 Award # OCI

Outline Introduction Research Questions Previous Work Solution Findings Future Work 2

Western Hemisphere Research & Education Networks – Links Interconnecting Latin America (WHREN-LILA) 5-year NSF Cooperative Agreement Connectivity to Brazil is supported through a coalition effort through the WHREN-LILA projects –Florida International University (award # ) –Corporation for Education Network Initiatives in California (CENIC) –Project support from the Academic Network of Sao Paulo (award #2003/ ) –CLARA, Latin America –CUDI, Mexico –RNP, Brazil –REUNA, Chile Links Interconnecting Latin America (LILA) –Improves U.S.-Latin America connectivity Western-Hemisphere Research and Education Networks (WHREN) –Coordinating body of providers and users –Leverage participants’ network resources –Enable collaborative science research and advance education 3 3

WHREN-LILA 2.5Gbps circuit + dark fiber segment U.S. landings in Miami and San Diego Latin America landing in Sao Paulo, Tijuana and Miami LILA links are important assets that –support U.S.-Latin America science and education research activities –Major research facilities supporting international science collaborations 4

Project Motivation IRNC program review recommendation to assess appropriate use of network assets Opportunity from the NSF to submit proposal for Research Experience for Undergraduates (REU) program –The REU program supports active research participation by undergraduate students in any of the areas of research funded by the NSF Respond to review recommendation by conducting a study on the possibility collecting netflow data on the LILA links 5

Acknowledgments This research is funded by the National Science Foundation, Research Experience for Undergraduates award OCI CENIC and the Conference organizers WHREN-LILA, AMPATH infrastructure, CHEPREO, Global CyberBridges, science application support, education, outreach and community building efforts are made possible by funding and support from: –National Science Foundation (NSF) awards OCI , MPS , OISE , OCI , OCI , IIS , OISE ,, OISE –Florida International University –Latin American Research and Education community –The many national and international collaborators who support our efforts 6

Previous work – Design/Implementation NSF (STI): Research Experience for Undergraduates Award No NetFlow based network monitoring (implemented): –Built-in historical component –Platform independent analysis interface (MonALISA). Single AS view (20080) Cisco (NetFlow) and Juniper (cflowd) data exported to single Collector Pre-Processing of NetFlow data before exporting it to ApMon/MonALISA Emphasis on Integration / Interoperability: –Scalable/Distributed Monitoring platform (MonALISA / UDP ApMon) –Open-source traffic analysis tools (FlowTools / NetFlow)‏ –Limited understanding of network behaviour outside AS

Pending Inquiry Expand beyond Single Flow TCP data analysis Multiple Source Port/Destination Port Multiple NetFlow collectors using data from geographically distributed routers. Sampled NetFlow –Not enough storage for 1:1 view of packets. (IOS/CPU Concerns) –Issue: Whether reliable inferences can be drawn from sampled 1:100 NetFlow data. –Just what are you missing? –Burst type traffic –Some of the longer flows –1:100 of the longer flows? 8

Research Objectives Increase understanding of the traffic patterns across the LILA links Determine if there are differences in traffic flows from both ends of the link Assess reliability of sampled NetFlow data collected at the end points Detect anomalies or events that could be significant 9

Research Questions What are the differences in traffic flows at both ends of the link? How reliable is the sampled netflow data collected at both ends of the link? How can anomalies be detected from sampled data? 10

Solution Validate Accuracy of Sampled NetFlow Data Collect Data from Endpoints of LILA link ANSP (Sao Paulo, Brazil) Correlate Data from Each Endpoint Miami, US and Sao Paulo, Brazil Draw Conclusions from Correlated Data 11

Path Representation SPRACE Cisco 7609 ANSP WHREN-LILA East (2.4Gb/s) AMPATH ultralog.ampath.netdavinci.ampath.net 12

Verification of Sampled Netflow Using tcpdump and trpr(U.S. Navy), we calculated and graphed the data transfer rate. We then compared these results to the sampled octet count from netflow. Each graph represents the transfer rate at measured from both sides of link. 13

Data Collection from each Endpoint Collection of data from AMPATH network using Netflow flow- capture command. Collect sampled NetFlow data at 15 minute intervals on a 1:100 random sampling rate Capture data from the collector to a local box via flow-capture command Store captured data in a file for correlation. Collection of data from ANSP network using open sourceTCPDump. Run TCPDump and collect packets coming from AMPATH. This data is a 1:1 sampling. Store TCPDump data in a local file for correlation. 14 Collection of data from AMPATH network using Cisco Netflow’s flow capture command. Collect sampled netflow data at 15 minute intervals on a 1:100 random sampling rate. Capture data from the collector to a local box via flow- capture command. Store captured data in a file for correlation. Collection of data from ANSP network using open sourceTCPDu mp. 1.) Run T C P D u m p a n d c o l l e c t p a c k e t s c o m i n g f r o m AMPAT H. T h i s d a t a i s a 1 : 1 s a m p l i n g. 2.) Store T C P D u m p d a t a i n a l o c a l f i l e f o r c o r r e l a t i o n.

Fast Data Transfer Transfers large amounts data over standard TCP streams. Resumes file transfer session without loss, when needed. Uses JAVA NIO library to create transfer. FDT must exist on two servers, one acts as an FDT client the other as an FDT server Proven extremely useful at CERN by setting the record for fastest TCP transfers. Server Example: java -jar fdt.jar [ OPTIONS ] Client Example: java -jar fdt.jar [ OPTIONS ] -c [file1...] -d 15

Fast Data Transfer Output example of 6 FDT flows to simulate Brazil T2 --> U.S. T1: FDT [ ] STARTED... READY 21/02 13:57:57Net In: Mb/sAvg: Mb/s 21/02 13:58:02Net In: Mb/sAvg: Mb/s 21/02 13:58:07Net In: Mb/sAvg: Mb/s 21/02 13:58:12Net In: Mb/sAvg: Mb/s 26.83% ( 58s ) 21/02 13:58:17Net In: Mb/sAvg: Mb/s 33.03% ( 53s ) 21/02 13:58:22Net In: Mb/sAvg: Mb/s 39.22% ( 48s ) ……………………. FDTWriterSession ( 2a c278-4efe-854b-7389cbc900bd ) final stats: Started: Thu Feb 21 13:57:48 EST 2008 Ended: Thu Feb 21 14:00:22 EST 2008 TotalBytes: TotalNetworkBytes: Multiple FDT flows allow for a continuous rate of flow and consistent maximum use of bandwidth. FDT is limited by memory capacity of host because Java consumes many system resources. FDT was used to generate flows similar to flows between Tier2 in Brazil and Tier1 FermiLab in the U.S. 16

Correlate Data from each Endpoint Parsing NetFlow data with flow-cat, flow-nfilter, flow-print and awk flow-cat ft-v | flow-nfilter -f filter -F foo | flow-print | awk '/ / {print $6}' Concatenate flows Filter relevant dataPrint the dataOutput only sampled octet count Correlation of data is done using a variety software designed to interpret both netflow and pcap $./trpr input count exclude udp output Storing graph-able pcap data 17

Analysis of Correlated Data Interpret for detection of anomalies and network events A series of icmp echo packets are sent across LILA The Round-Trip-Time(RTT) is measured at different levels of link activity These correlations are plotted in a RTT vs. Sampled Octet Count graph RTT vs Time is also plotted. Comparing graphs allows the correlation of events happening on both ends of the link. 18

Findings ANSP (Brazil)AMPATH (Miami) SPRACE (Brazil) ICMP RTT Measurements over time to SPRACE, ANSP and AMPATH Effects of Anomalous behavior at SPRACE (Brazil) seen locally at Cisco 7609 (Miami). 108 ms average RTT measured from Miami to the ANSP router and server at SPRACE, both at Sao Paulo Graphs show variation from the mean from three different views as load increases from multiple flows Event occurring at 23:57:21 at SPRACE correlates to event occurring at Miami 19

Conclusions Cisco Netflow data is accurate when compared at both ends of the link with a sampling rate of 1:100 Using correlated data from sampled Netflow and ICMP flows, anomalous behaviour can be detected from one or more of the end points 20

Thank You 21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.