Merit Network: Connecting People and Organizations Since 1966 CALEA Compliance – A Feasibility Study October 25, 2006 Mary Eileen McLaughlin Director –

Slides:

Advertisements

Similar presentations

How to Set Up, Secure and Manage A Network

Advertisements

Merit’s CALEA Compliance Architecture and Platform, “OpenCALEA” Mary Eileen McLaughlin, Merit - Director Technical Operations Manish Karir, Merit - Research.

ARP Traffic Study Jim Rees, Manish Karir Research and Development Merit Network Inc.

Measurements of Congestion Responsiveness of Windows Streaming Media (WSM) Presented By:- Ashish Gupta.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

CStream: Neighborhood Bandwidth Aggregation For Better Video Streaming Thangam Vedagiri Seenivasan Advisor: Mark Claypool Reader: Robert Kinicki 1 M.S.

Performance Analysis of Orb Rabin Karki and Thangam V. Seenivasan 1.

Copyright © 2005 Department of Computer Science CPSC 641 Winter WAN Traffic Measurements There have been several studies of wide area network traffic.

Wide Area Networks School of Business Eastern Illinois University © Abdou Illia, Spring 2007 (Week 11, Thursday 3/22/2007)

Multiple constraints QoS Routing Given: - a (real time) connection request with specified QoS requirements (e.g., Bdw, Delay, Jitter, packet loss, path.

Network Traffic Measurement and Modeling CSCI 780, Fall 2005.

1 Chapter 8 Local Area Networks - Internetworking.

04/26/2004CSCI 315 Operating Systems Design1 Computer Networks.

Reduced TCP Window Size for VoIP in Legacy LAN Environments Nikolaus Färber, Bernd Girod, Balaji Prabhakar.

Stanford University August 22, 2001 TCP Switching: Exposing Circuits to IP Pablo Molinero-Fernández Nick McKeown Stanford University.

Reduced TCP Window Size for Legacy LAN QoS Niko Färber July 26, 2000.

Hardware & Software Needed For LAN and WAN

TCP/IP Reference Model Host To Network Layer Transport Layer Application Layer Internet Layer.

Low Latency Wireless Video Over Networks Using Path Diversity John Apostolopolous Wai-tian Tan Mitchell Trott Hewlett-Packard Laboratories Allen.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Xen and the Art of Virtualization. Introduction  Challenges to build virtual machines Performance isolation  Scheduling priority  Memory demand  Network.

GigE Knowledge. BODE, Company Profile Page: 2 Table of contents  GigE Benefits  Network Card and Jumbo Frames  Camera - IP address obtainment  Multi.

CS332 Ch. 28 Spring 2014 Victor Norman. Access delay vs. Queuing Delay Q: What is the difference between access delay and queuing delay? A: I think the.

September RTC-Mon Enabling High-Speed and Extensible Real-Time Communications Monitoring Diego Costantini, Felipe Huici

Doc.: IEEE /0984r0 Submission September 2008 John R. Barr, Motorola, Inc.Slide 1 Bluetooth test cases with n 40 MHz Date: Authors:

Practical TDMA for Datacenter Ethernet

NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.

Data Communications and Networking

Ivanovici1 MAPLD 2005 / 152 Assessing Application Performance in Degraded Network Environments – An FPGA-based Approach – Mihai Ivanovici CERN, Geneva.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Chapter 2 Network Design Essentials Instructor: Nhan Nguyen Phuong.

Slide 1 What is a Computer Network? A computer network is a linked set of computer systems capable of sharing computer power and resources such as printers,

COEN 252 Computer Forensics

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

PREPARED BY :-  HIMANSHU MINZ  VIKAS UPADHYAY VOCATIONAL TRAINING AT BSNL,DURG BATCH 4 SESSION 2014.

Networks for Distributed Systems n network types n Connection-oriented and connectionless communication n switching technologies l circuit l packet.

COEN 252 Computer Forensics Collecting Network-based Evidence.

IWAN 2005 November – Sophia Antipolis, France Towards the Design of an Industrial Network Node M.Chaudier, J.P Gelas, L.Lefèvre INRIA/LIP Ecole.

Dynamic channel allocation in wireless ad-hoc networks Anup Tapadia Liang Chen Shaan Mahbubani.

 What is a network and how does it function with computer systems? It is a collection of computers and devices that communicate with one another over.

A Measurement Based Memory Performance Evaluation of High Throughput Servers Garba Isa Yau Department of Computer Engineering King Fahd University of Petroleum.

COMT 2201 Digital Subscriber Loops COMT Switching The network moves information between two subscribers Normally, subscribers do not have direct.

Investigating the Performance of Audio/Video Service Architecture II: Broker Network Ahmet Uyar & Geoffrey Fox Tuesday, May 17th, 2005 The 2005 International.

ﺑﺴﻢﺍﷲﺍﻠﺭﺣﻣﻥﺍﻠﺭﺣﻳﻡ. Group Members Nadia Malik01 Malik Fawad03.

NETWORK HARDWARE CABLES NETWORK INTERFACE CARD (NIC)

Chapter 24 Transport Control Protocol (TCP) Layer 4 protocol Responsible for reliable end-to-end transmission Provides illusion of reliable network to.

Unit III Bandwidth Utilization: Multiplexing and Spectrum Spreading In practical life the bandwidth available of links is limited. The proper utilization.

“OpenCALEA” Pragmatic Cost Effective CALEA Compliance Manish Karir, Merit - Research and Development.

Net 221D:Computer Networks Fundamentals

Local Area Networks: Monil Adhikari. Primary Function of a LAN File serving – large storage disk drive acts as a central storage repository Print serving.

Doc.: IEEE /1263r2 Submission Dec 2009 Z. Chen, C. Zhu et al [Preliminary Simulation Results on Power Saving] Date: Authors: Slide.

An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.

Networks and Distributed Systems Sarah Diesburg Operating Systems COP 4610.

Computer Network Architecture Lecture 3: Network Connectivity Devices.

LECTURE 12 NET301 11/19/2015Lect NETWORK PERFORMANCE measures of service quality of a telecommunications product as seen by the customer Can.

The Difference Between Router and Switch Not everyone knows: ADVANTAGES OF SWITCH:  Switches offer higher performance than bridges and hubs.  Switches.

Studies of LHCb Trigger Readout Network Design Karol Hennessy University College Dublin Karol Hennessy University College Dublin.

Computer Networks and Internet. 2 Objectives Computer Networks Computer Networks Internet Internet.

1 Evaluation of Cooperative Web Caching with Web Polygraph Ping Du and Jaspal Subhlok Department of Computer Science University of Houston presented at.

CHAPTER -II NETWORKING COMPONENTS CPIS 371 Computer Network 1 (Updated on 3/11/2013)

Routing Semester 2, Chapter 11. Routing Routing Basics Distance Vector Routing Link-State Routing Comparisons of Routing Protocols.

GGF 17 - May, 11th 2006 FI-RG: Firewall Issues Overview Document update and discussion The “Firewall Issues Overview” document.

PRESENTED BY K.ROJA KUMARI 09A21A04B4. contents Introduction Definition Why DTM DTM basics DTM advantage Principles of DTM DTM channels DTM services Conclusion.

iperf a gnu tool for IP networks

“OpenCALEA” Pragmatic Cost Effective CALEA Compliance

Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers

CPSC 641: WAN Measurement Carey Williamson

Network Architecture By Dr. Shadi Masadeh 1.

Carey Williamson Department of Computer Science University of Calgary

Requirements Definition

Presentation transcript:

Merit Network: Connecting People and Organizations Since 1966 CALEA Compliance – A Feasibility Study October 25, 2006 Mary Eileen McLaughlin Director – Networking Merit Network, Inc.

Merit Network: Connecting People and Organizations Since 1966 Overview Merit believes it will need to be “Gateway compliant” for CALEA –Will need to have a device at the ingress/egress points of our network –In other words, where traffic enters or leaves AS- 237 –About 9 sites including private peering points We wanted to see if we could develop an architecture that –Met what we see today as the law’s requirements –Was cost effective and practical We’re not talking the legal pros/cons, or the expectations of law, or challenges

Merit Network: Connecting People and Organizations Since 1966 Goals of Experimental Framework Build a modest packet capture platform –Based on simple hardware and open-source software Test ability to capture a single data stream – In the presence of a moderate amount of background traffic Measure performance –Packet loss –Make decision on just how good performance has to be for Merit to say it is in conformance with the law cont.

Merit Network: Connecting People and Organizations Since 1966 Goals of Experimental Framework cont. Where will this solution ‘break’ –Or, until what level of aggregate bandwidth usage is this solution functional How well might this solution work with 10G cards compared to price/performance of commercial solutions Testing only traffic capture functionality, not –Transfer to law enforcement device –Re-aggregation of traffic –Other

Merit Network: Connecting People and Organizations Since 1966

Hardware/Software Dell Precision GX260 Workstation, 2 GIGE interfaces for management and sampling Pentium 4 3GHz 1GB RAM 7200 RPM disk Gentoo Linux OS Tcpdump/tethereal for packet capture -- both depend on pcap library –Testing whether tcpdump can handle the data rates Iperf as the traffic generator Some custom wrapper software to make it easier to manage the data collection activity

Merit Network: Connecting People and Organizations Since 1966 Experiment Architecture Merit Building Switch Traffic Capture Device Merit LAN IPERF Sink IPERF Source Ameritech SBC Cogent Merit DSL Mirror Port Fiber Out to net

Merit Network: Connecting People and Organizations Since 1966 Experiment Methodology Background traffic for the duration of the test: ~ Mbps (Sunday evening load), repeat for higher traffic load ~400Mbps (Monday afternoon) Phase 1 test: –Send data from source to sink using iperf –Attempt to capture traffic stream at capture device at Merit building –Measure actual number of packets transmitted at the source and compare with number of full packets captured –Measure for Short / medium / large TCP flow

Merit Network: Connecting People and Organizations Since sec Expt (~ 200Mbps Load) Pkts Sent Pkts Captured % Pkt Loss Avg Test Traffic Data Rate: ~380Kbps Avg Transfer: ~ 500KB

Merit Network: Connecting People and Organizations Since min Expt (~200Mbps Load) Pkts SentPkts Captured % Pkt Loss Avg Test Traffic Data Rate: ~390Kbps Avg Transfer: ~ 14.1MB

Merit Network: Connecting People and Organizations Since min Expt (~200Mbps Load) Pkts SentPkts Captured % Pkt Loss Avg Test Traffic Data Rate: ~390Kbps Avg Transfer: ~ 83MB

Merit Network: Connecting People and Organizations Since min Expt (~400Mbps Load) Pkts SentPkts Captured % Pkt Loss Avg Test Traffic Data Rate: ~393Kbps Avg Transfer: ~ 14.1MB

Merit Network: Connecting People and Organizations Since 1966 Preliminary Conclusions and Discussion At a load of roughly 200Mbps there are less than 1% (0.006% %) of the packets missing at the capture device –This seems to hold at least up to an aggregate load level of 400Mbps (bidirectional traffic mirrored onto a single port) But what about VoIP (UDP)? How does our lost packets compare with what might normally happen to a datastream across the same datapath? –A UDP stream along the same path at 380Kbps experienced roughly 1.5% packet loss –Thus, less than 1% packet loss for our mirrored traffic is well within a “normal” range –Should be sufficient for law enforcement

Merit Network: Connecting People and Organizations Since 1966 Discussion and Next Steps Simple hardware/software holds promise for at least the lower rate uplink capacities (definitely for OC3, GIGE type rates) Need to repeat experiments, systematically, and at different (higher) loads Future work includes –Examining 10Gig cards –Multiple sites concurrently; possibly on-campus –Price/performance comparison with commercial offerings, e.g., ENDACE hardware solution Perhaps have a combination of build & buy