Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taming Internet Traffic Some notes on modeling the wild nature of OD flows Augustin Soule Kavé Salamatian Antonio Nucci Nina Taft Univ. Paris VI Sprintlabs.

Published byBertram Booth Modified over 9 years ago

Similar presentations

Presentation on theme: "Taming Internet Traffic Some notes on modeling the wild nature of OD flows Augustin Soule Kavé Salamatian Antonio Nucci Nina Taft Univ. Paris VI Sprintlabs."— Presentation transcript:

1 Taming Internet Traffic Some notes on modeling the wild nature of OD flows Augustin Soule Kavé Salamatian Antonio Nucci Nina Taft Univ. Paris VI Sprintlabs Intel Berkeley

2 What’s next  Definition of the problem  Overview of the approach  Study of the modeling part  Study of the Tracking part

3 Network monitoring (1)  Network state results from  Traffic demand  OD matrix  Capacity offer  Routing matrix, link capacity, traffic engineering, etc…  Objective of the network operator  To drive the equilibrium point to the most beneficial  By managing the capacity offer  Traffic engineering is the art of managing capacity offer

4 Network monitoring (2)  Monitoring  Capacity offer  Pings, failure monitoring, SNMP reports  Traffic demand ?  Is not observable per se  At least in real time  Have to infer it indirectly  Traffic counts

5 Network monitoring (3)  Monitoring ?  Being able to separate  What is predicted  Expected, under control, normal, …  What is unpredicted  Unexpected, Out of range, abnormal, …  Occam razor view  Express what is predictable by a short model  Describe fully what is unpredictable  Interpretation view  Only what is unpredictable have to be given a sense  What is predictable give no information

6 Architecture of a network monitoring system

7 Overview of the solution  Model the normal behavior of traffic demand  At sufficient granularity level  Relevant granularity for operator ?  Compare observation with prediction made by model  Rise an alarm if a divergence is seen  Wow, I just rediscovered Kalman Filter!

8 What’s a traffic matrix?  Can define variety of matrices  Select timescale  Select node granularity: router, prefix, POP, etc.  Application wise ! City A City B City C City A City B City C origin destination 25 Mbps

9 Notation: Problem Formulation Link1 Link2 Link3. Link L = OD AB OD AC OD AD. 0 1 1/2 0 0 0 0 0 1 0 0.. routing matrix Y = A X Have linear system: YA X from SNMP link counts from IGP link weights issue: # links underconstrained system => infinite # of solutions

10 OD Traffic Dynamics (1)

11 OD traffic dynamics (2)  Temporal correlations  Diurnal, weekly, monthly, etc..  Spatial correlation  Same Origin Pop  Same destination PoP  Create a dynamic LTI model for OD flows capturing temporal and spatial dependences  X(t+1) = C*X(t)+W(t)  W(t) account for model unprecision

12 Traffic Model  State space model :  How to calibrate C, Q and R?  EM method  Find the value of C, Q and R such that the observations are most likely to be observed  Observations might be OD traffic itself or the link count  OD traffic is better, Sometimes no other choice   Good initial point are needed.  Use OD traffic first, link count next  Multi-linear Method  X(t+1) is expressed as a multi-linear relation of X(t)  Lead to a diagonal matrix Q

13 Raw data  Let’s suppose we have gathered over one day the full OD matrix  Sampled Aggregate NetFlow (Cisco) used on all routers inside Sprint’s European network.  Flow = 5-tuple (@src,@dst,port src, port dst, proto)  Each flow is sampled every 250th packet.  Downloaded BGP tables and configuration files from all routers: Used to determine egress points within Sprint’s AS => yielding the FULL traffic matrix.  Three weeks of data from August 2003.  Many thanks to Anukool Lakhina to collect/process the raw data :)

14 Inside the model Impulse response of the filter At time t=1 OD 1 is set to 1 See the propagation of this impulse on all the other OD pairs  24 h Periodicity  Exponentially decreasing Sinusoid

15 Inside the model Radius : Amplitude of the eigenvalue Angle : Frequency of the eigenvalue Pole diagram  r

16 Inside the model Filtering the eigenvalues Filter out the over learning -Remove small timescale fluctuations -Remove Fast oscillations  Keep the White area

17 Kalman filtering  Filter out what is compatible with the model from what is incompatible  Do it by comparing what is predicted by the model with what is observed  Innovation process:  two steps  Prediction  Correction

18 Example of fitting

19 Monitoring information  Confidence interval can be made on innovation process  If then something out of prediction has happened  Raise an alarm !  Is every change a problem ?  Same approach for OD pairs  Ability to track changes on each OD  Might be useful for DDoS attack detection and management

20 Innovation on the link

21 Innovation on the OD Need to recalibrate the model For these OD pairs

22 Recalibration !  Need to find out the new model !  Several way  Do a netflow acquisition for all changing OD flows. Mix with previous OD flow. Recalibrate the model  Use traffic count for recalibrating the model using EM method with previous model as starting point  Develop a continuous time adaptive mechanism  Use LMS or RMS algorithm  Use a sliding windows

23 Example of fitting After recalibrations

24 Innovation After Recalibrations

25 L2-Norm over time

26 Contributions  New tracking approach for network monitoring  Using Time and Spatial correlation  OD flows model  Able to detect deviations from the model  Thanks to Kalman Filter  Really Fast and Scalable.  Whole process in less than 2 minutes for 14 days  Validated using real Traces.

Download ppt "Taming Internet Traffic Some notes on modeling the wild nature of OD flows Augustin Soule Kavé Salamatian Antonio Nucci Nina Taft Univ. Paris VI Sprintlabs."

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Routing System Stability draft-dimitri-grow-rss-01.txt IETF71 - Philadelphia.

Routing System Stability draft-dimitri-grow-rss-01.txt IETF71 - Philadelphia.
Traffic Dynamics at a Commercial Backbone POP Nina Taft Sprint ATL Co-authors: Supratik Bhattacharyya, Jorjeta Jetcheva, Christophe Diot.

Traffic Dynamics at a Commercial Backbone POP Nina Taft Sprint ATL Co-authors: Supratik Bhattacharyya, Jorjeta Jetcheva, Christophe Diot.
New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.
Advanced Technology Laboratories Traffic Matrix Estimation in Non- Stationary Environments Presented by R. L. Cruz Department of Electrical & Computer.

Advanced Technology Laboratories Traffic Matrix Estimation in Non- Stationary Environments Presented by R. L. Cruz Department of Electrical & Computer.
Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.

Detecting DDoS Attacks on ISP Networks Ashwin Bharambe Carnegie Mellon University Joint work with: Aditya Akella, Mike Reiter and Srinivasan Seshan.
Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.

Detectability of Traffic Anomalies in Two Adjacent Networks Augustin Soule, Haakon Ringberg, Fernando Silveira, Jennifer Rexford, Christophe Diot.
1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)
1 EL736 Communications Networks II: Design and Algorithms Class8: Networks with Shortest-Path Routing Yong Liu 10/31/2007.

1 EL736 Communications Networks II: Design and Algorithms Class8: Networks with Shortest-Path Routing Yong Liu 10/31/2007.
Infocom 2003 An Approach to Alleviate Link Overload as Observed on an IP Backbone Tuesday, April 1 st Infocom 2003 Sundar Iyer 1,2, Supratik Bhattacharrya.

Infocom 2003 An Approach to Alleviate Link Overload as Observed on an IP Backbone Tuesday, April 1 st Infocom 2003 Sundar Iyer 1,2, Supratik Bhattacharrya.
1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.

1 Measurement of Highly Active Prefixes in BGP Ricardo V. Oliveira, Rafit Izhak-Ratzin, Beichuan Zhang, Lixia Zhang GLOBECOM’05.
Dynamic routing – QoS routing Other approaches to QoS routing Traffic Engineering Practical Traffic Engineering.

Dynamic routing – QoS routing Other approaches to QoS routing Traffic Engineering Practical Traffic Engineering.
Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.

Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.
Probabilistic Aggregation in Distributed Networks Ling Huang, Ben Zhao, Anthony Joseph and John Kubiatowicz {hling, ravenben, adj,

Probabilistic Aggregation in Distributed Networks Ling Huang, Ben Zhao, Anthony Joseph and John Kubiatowicz {hling, ravenben, adj,
Observed Structure of Addresses in IP Traffic CSCI 780, Fall 2005.

Observed Structure of Addresses in IP Traffic CSCI 780, Fall 2005.
1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.

1 In-Network PCA and Anomaly Detection Ling Huang* XuanLong Nguyen* Minos Garofalakis § Michael Jordan* Anthony Joseph* Nina Taft § *UC Berkeley § Intel.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
Fernando Paganini ORT University, Uruguay (on leave from UCLA) Congestion control with adaptive multipath routing based on optimization Collaborator: Enrique.

Fernando Paganini ORT University, Uruguay (on leave from UCLA) Congestion control with adaptive multipath routing based on optimization Collaborator: Enrique.
Katz, Stoica F04 EECS 122: Introduction to Computer Networks Performance Modeling Computer Science Division Department of Electrical Engineering and Computer.

Katz, Stoica F04 EECS 122: Introduction to Computer Networks Performance Modeling Computer Science Division Department of Electrical Engineering and Computer.

Similar presentations

Ads by Google