TAAD - A Tool for Traffic Analysis and Automatic Diagnosis Kathy L. Benninger NLANR/Pittsburgh Supercomputing Center.

Slides:

Advertisements

Similar presentations

Martin Suchara, Ryan Witt, Bartek Wydrowski California Institute of Technology Pasadena, U.S.A. TCP MaxNet Implementation and Experiments on the WAN in.

Advertisements

Michele Pagano – A Survey on TCP Performance Evaluation and Modeling 1 Department of Information Engineering University of Pisa Network Telecomunication.

1 School of Computing Science Simon Fraser University CMPT 771/471: Internet Architecture & Protocols TCP-Friendly Transport Protocols.

Pushing Up Performance for Everyone Matt Mathis 7-Dec-99.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

Introduction to Network Analysis and Sniffer Pro

1 Trace collection in the UNC-CH DiRT lab The UNIVERSITY of NORTH CAROLINA at CHAPEL HILL.

CoralReef:Analysis Tools platform for passive network monitoring collection of coral tools

1 Secure Detection and Isolation of TCP-unfriendly Flows Shuo Chen (Summer Intern) Jose C. Brustoloni (Mentor) Network Software Research Department Bell.

TDC365 Spring 2001John Kristoff - DePaul University1 Internetworking Technologies Transmission Control Protocol (TCP)

Congestion Control Tanenbaum 5.3, /12/2015Congestion Control (A Loss Based Technique: TCP)2 What? Why? Congestion occurs when –there is no reservation.

Internet Traffic Patterns Learning outcomes –Be aware of how information is transmitted on the Internet –Understand the concept of Internet traffic –Identify.

AQM for Congestion Control1 A Study of Active Queue Management for Congestion Control Victor Firoiu Marty Borden.

Modeling TCP Throughput Jeng Lung WebTP Meeting 11/1/99.

1 Modeling and Taming Parallel TCP on the Wide Area Network Dong Lu,Yi Qiao Peter Dinda, Fabian Bustamante Department of Computer Science Northwestern.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

High-performance bulk data transfers with TCP Matei Ripeanu University of Chicago.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Stream Control Transmission Protocol 網路前瞻技術實驗室陳旻槿.

Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.

Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Transport Protocols Slide 1 Transport Protocols.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Practical Networking. Introduction  Interfaces, network connections  Netstat tool  Tcpdump: Popular network debugging tool  Used to intercept and.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

In-Band Detection of Virtual Machines Estefan Ortiz & Cory Hayes Computer Science and Engineering Graduate Operating Systems December 16,

Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective.

The Effects of Systemic Packets Loss on Aggregate TCP Flows Thomas J. Hacker May 8, 2002 Internet 2 Member Meeting.

Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.

Lect3..ppt - 09/12/04 CIS 4100 Systems Performance and Evaluation Lecture 3 by Zornitza Genova Prodanoff.

COEN 252 Computer Forensics

1 Understanding VoIP from Backbone Measurements Marco Mellia, Dario Rossi Robert Birke, and Michele Petracca INFOCOM 07’, Anchorage, Alaska, USA Young.

SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.

Advanced Computer Networks1 Efficient Policies for Carrying Traffic Over Flow-Switched Networks Anja Feldmann, Jenifer Rexford, and Ramon Caceres Presenters:

COEN 252 Computer Forensics Collecting Network-based Evidence.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 4. Active Monitoring Techniques.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.

Chapter 12 Transmission Control Protocol (TCP)

1 TCP: Reliable Transport Service. 2 Transmission Control Protocol (TCP) Major transport protocol used in Internet Heavily used Completely reliable transfer.

CSE679: Computer Network Review r Review of the uncounted quiz r Computer network review.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,

Efficient Cache Structures of IP Routers to Provide Policy-Based Services Graduate School of Engineering Osaka City University

The TCP-ESTATS-MIB Matt Mathis John Heffner Raghu Reddy Pittsburgh Supercomputing Center Rajiv Raghunarayan Cisco Systems J. Saperia JDS Consulting, Inc.

1 Evaluating NGI performance Matt Mathis

Deadline-based Resource Management for Information- Centric Networks Somaya Arianfar, Pasi Sarolahti, Jörg Ott Aalto University, Department of Communications.

1 CS 4396 Computer Networks Lab TCP – Part II. 2 Flow Control Congestion Control Retransmission Timeout TCP:

1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.

The Macroscopic behavior of the TCP Congestion Avoidance Algorithm.

ECE 4110 – Internetwork Programming

TCP. TCP ACK generation [RFC 1122, RFC 2581] Event at Receiver Arrival of in-order segment with expected seq #. All data up to expected seq # already.

TCP Traffic Characteristics—Deep buffer Switch

TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).

CIS679: UDP and Multimedia r Review of last lecture r UDP and multimedia.

“OpenCALEA” Pragmatic Cost Effective CALEA Compliance

The Devil and Packet Trace Anonymization

Distributed Network Traffic Feature Extraction for a Real-time IDS

Fast Pattern-Based Throughput Prediction for TCP Bulk Transfers

Securing the Network Perimeter with ISA 2004

The Transport Layer Chapter

CS4470 Computer Networking Protocols

Chapter 6: Network Layer

Network Administration CNET-443

Internet and Intranet Protocols and Applications

Java Embedded Network Intrusion Security

Transport Layer Unit 5.

CoralReef:Analysis Tools platform for passive network monitoring collection of coral tools

Requirements Definition

Transport Layer Identification of P2P Traffic

Presentation transcript:

TAAD - A Tool for Traffic Analysis and Automatic Diagnosis Kathy L. Benninger NLANR/Pittsburgh Supercomputing Center

NLANR/PSC D 2 Outline Context for development of TAAD Characteristics of the tool Performance model Output description and interpretation OCXmon Practical considerations

NLANR/PSC D 3 Context TAAD is being developed by the NLANR network research group based at the Pittsburgh Supercomputing Center NCNE Pittsburgh GigaPoP based at PSC Coexistence of NLANR group and the NCNE Pittsburgh GigaPoP provides ample opportunity for development and test.

NLANR/PSC D 4 Context (cont’d) Need for tool to support NLANR/PSC’s TCP Trace-based Performance Diagnosis Flowchart –Analysis of heavily aggregated traffic –Automatic problem detection and partial diagnosis Availability of OCXmon data collection

NLANR/PSC D 5 Tool Characteristics Searches aggregate traffic for miss-tuned microflows Tool for GigaPoP operators Examines traffic from GigaPoP viewpoint, but detects end-system problems

NLANR/PSC D 6 Tool Characteristics (cont’d) Uses model developed in “The Macroscopic Behavior of the TCP Congestion Avoidance Algorithm” [Mathis, Semke, Mahdavi, Ott, CCR July 1996] Compares actual TCP performance to performance predicted by the Model

NLANR/PSC D 7 Tool Characteristics (cont’d) Diagnosis of bulk flows Does not pinpoint why performance is poor Evolving...

NLANR/PSC D 8 Macroscopic Performance Model Rate = Estimated data rate (bytes/second) MSS = Maximum Segment Size (bytes) RTT = Round Trip Time (seconds) p = Segment loss rate (probability) C = Proportionality constant (typically 0.7)

NLANR/PSC D 9 TAAD Calculation

NLANR/PSC D 10 Model used by TAAD GainRatio = Indicates potential performance improvement p = Analogous to loss rate, but derived from number of packets successfully delivered between recovery events MeasuredRate = Data rate (bytes/second) RTT = Round Trip Time (seconds) MSS = Maximum Segment Size (bytes)

NLANR/PSC D 11 TAAD Output Fields Source addresses and ports Destination addresses and ports Start time and duration of flow Counts of packets and bytes GainRatio and OpportunitySize

NLANR/PSC D 12 TAAD Output Interpretation If GainRatio –is ~ 1, flow performance is close to Model –is > 1, indicates a non-IP bottleneck –is >> 1, invites tuning to improve performance –is < 1 means cheating!

NLANR/PSC D 13 TAAD Output Interpretation (cont’d) OpportunitySize is GainRatio scaled by number of packets –Indicates how much data could have been transmitted in the same amount of time on a properly tuned connection –Output flows are sorted by OpportunitySize –Flows with largest OpportunitySize offer largest payoff with tuning

NLANR/PSC D 14 Sample Output

NLANR/PSC D 15 OC3mon Available though development efforts of –NLANR/MOAT project at SDSC –MCI’s OCXmon activity –CAIDA’s CoralReef software suite Passive network monitoring tool

NLANR/PSC D 16 OC3mon (cont’d) Data format –Trace files collected in Coral.crl format –Analysis output of TAAD is ASCII Collects packet headers Does not collect payload

NLANR/PSC D 17 Operation Five minute trace on one or two interfaces New trace capture begins while previous five minutes of data is analyzed Data volume (per interface, mid-day) –Capture.crl file ~ 40MB/minute –Analysis output filesize ~ 25K/minute

NLANR/PSC D 18 Operational Issues Data Policy –Amount of data –Security and privacy –Legal liability Run time –ATM card(s) devoted to continuous capture –Recommend dedicated machine

NLANR/PSC D 19 Resource requirement Currently running on one Intel 450MHz CPU –CPU ~2% load during trace capture –CPU ~75-80% load during analysis (and continued trace) –wall-clock time for analysis is < 1 minute for a 5 minute trace capture (~200MB trace file) 6GB disk sufficient for summary data

NLANR/PSC D 20 Future Verification and release Adaptation for use with other trace tools Additional tools to create a TAAD toolset

NLANR/PSC D 21 Conclusion TAAD is intended to help meet the need for a tool to automate the analysis and diagnosis of aggregated bulk flows. The analysis and diagnosis is based on comparing modeled and actual performance Output is intended to be a pointer for where to direct tuning efforts for maximum benefit

NLANR/PSC D 22 References Macroscopic paper – TCP Tuning – TAAD – CoralReef –