Download presentation
Presentation is loading. Please wait.
Published byImogen Barker Modified over 9 years ago
1
Sven Ubik, Aleš Friedl CESNET TNC 2009, Malaga, Spain, 11 June 2009 Experience with passive monitoring deployment in GEANT2 network
2
Active monitoring: - send and receive test packets Passive monitoring: - capture and analyze real traffic Network infrastructure monitoring: - collect information from network equipment Monitoring approaches
3
Advantages: - non-intrusive - provides information about real traffic, e.g.: load dynamics protocols and applications anomalies, attacks real packet loss (very difficult to test actively) Difficulties: - compute-intensive Passive monitoring
4
Pilot deployment in GN2 Partners - ACAD (BG), CESNET (CZ), PIONIER (PL), SWITCH (CH) GEANT2-NREN border links - 3x 10G, 1x 1G Central user interface htpps://perfmon.geant2.net
5
Hardware Tapping the line - optical splitter, router mirroring port Packet capture card - Ethernet NIC, approx < 300 Mb/s - monitoring card (DAG, Napatech, COMBO, Xena) zero CPU load for line-rate packet copy some acceleration on card PC - fast memory is most important
6
Software Linux + driver of packet capture card Middleware - DiMAPI (Distributed Monitoring API) - abstraction level for programmers - portability to various packet capture cards - transparent HW acceleration Monitoring applications ABWLoad dynamics, protocols and applications PacketlossPacket loss in real traffic BurstTraffic burstiness TbwtoolsThroughput tests with diagnostics Perfmon + ServmonStatus and resources monitoring
7
ABW L3 & L4 protocols L7 protocols L7 protocols classified by trackflib library DiMAPI libraries of „monitoring functions“ easily replaceable different algorithms and different accelerating HW can be used
8
Packet loss ~10 -5 can affect TCP and applications seriously If we send 100 test packets / second (quite a lot), it takes ~1000 seconds to detect such loss! How to measure full-mesh loss (scalability)? What applications and what users were affected by loss? How to measure loss bursts? Packet loss – monitoring issues
9
Packetloss - idea Compare number of packets in expired flows at network boundaries
10
User interface + Many tabular statistics + List of flows affected by losses Expired flows (each station) Matched flows (each pair of stations) Packet loss count Packet loss rate
11
Conclusion Link load in each direction - 1-hour averages 300 Mb/s – 2.5 Gb/s - 1-minute averages 700 Mb/s – 3.6 Gb/s - 1-second averages up to 9.6 Gb/s Approx. 5 Gb/s of sustained live traffic can be processed by our applications on one monitoring station with 2 CPU cores utilized Approx. 4*10 -6 packets dropped by the system For username and password see: http://wiki.geant2.net/bin/view/JRA1/Jra1WorkingArea
12
Future work Lightweight application detection - replacement tracking libraries in DiMAPI Packet loss monitoring based on (sampled) Netflow records - currently Packetloss uses extra information Less expensive options to 10 Gb/s monitoring cards - MTPP (Modular Traffic Processing Platform) 40 Gb/s monitoring - own 40 Gb/s prototype More partners!
13
Thank you for your attention! ubik@cesnet.cz
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.