2 Network Monitoring Metrics Internet Traffic Monitoring and

  • Slides: 12
Download presentation
2. Network Monitoring Metrics Internet Traffic Monitoring and Analysis: Methods and Applications 1 POSTECH

2. Network Monitoring Metrics Internet Traffic Monitoring and Analysis: Methods and Applications 1 POSTECH DP&NM Lab.

2. Network Monitoring Metrics v Representative network monitoring metrics working groups Ø CAIDA Metrics

2. Network Monitoring Metrics v Representative network monitoring metrics working groups Ø CAIDA Metrics Working Group (www. caida. org) § § § Latency Packet Loss Throughput Link Utilization Availability Ø IETF’s IP Performance Metrics (IPPM) Working Group (www. ietf. org/html. charters/ippm-charter. html) § § § Connectivity (RFC 2687) One-Way Delay (RFC 2679) One-Way Packet Loss (RFC 2680) Round Trip Delay (RFC 2681) Delay Variation Bulk transfer capacity Internet Traffic Monitoring and Analysis: Methods and Applications 2 POSTECH DP&NM Lab.

2. Network Monitoring Metrics Availability Connectivity Functionality One way loss Loss RT loss Network

2. Network Monitoring Metrics Availability Connectivity Functionality One way loss Loss RT loss Network Monitoring Metrics One way delay Delay RT delay Delay variance Capacity Utilization Bandwidth Throughput Internet Traffic Monitoring and Analysis: Methods and Applications 3 POSTECH DP&NM Lab.

Availability v The percentage of a specified time interval during which the system was

Availability v The percentage of a specified time interval during which the system was available for normal use v What is supposed to be available? Ø Service, Host, Network v Availabilities are usually reported as a single monthly figure Ø 99. 99% availability means that the service is unavailable for 4 minutes during a month v One can test availability by sending suitable packets and observing the answering packets (latency, packet loss) v Metrics Ø Connectivity: the physical connectivity of network elements Ø Functionality: whether the associated system works well or not Internet Traffic Monitoring and Analysis: Methods and Applications 4 POSTECH DP&NM Lab.

Packet Loss v The fraction of packets lost in transit from a host to

Packet Loss v The fraction of packets lost in transit from a host to another during a specified time interval v Internet packet transport works on a best-effort basis, i. e. , a router may drop them depending on its current conditions v A moderate level of packet loss is not in itself tolerable Ø Some real-time services, e. g. , Vo. IP, can tolerate some packet losses Ø TCP resends lost packets at a slower rate v Metrics Ø One way loss Ø Round Trip (RT) loss Internet Traffic Monitoring and Analysis: Methods and Applications 5 POSTECH DP&NM Lab.

Delay (Latency) v The time taken for a packet to travel from a host

Delay (Latency) v The time taken for a packet to travel from a host to another v Round Trip Delay = Forward transport delay + server delay + backward transport delay v Forward transport delay is often not the same as backward transport delay (may use different paths) v Ping is still the most commonly used to measure latency v Delay changes as conditions on the network vary Ø e. g. , Server load, traffic load, router load, routing function v For streaming applications, high delay or delay variation (jitter) can cause degradation on user-perceived Qo. S v Metrics Ø One way delay Ø Round trip delay Ø Delay variance (jitter) Internet Traffic Monitoring and Analysis: Methods and Applications 6 POSTECH DP&NM Lab.

Throughput v The rate at which data is sent through the network, usually expressed

Throughput v The rate at which data is sent through the network, usually expressed in bytes/sec, packets/sec, or flows/sec v Be careful in choosing the interval; a long interval will average out short-term bursts in the data rate Ø A good compromise is to use one- to five-minute intervals, and to produce daily, weekly, monthly, and yearly plots v Link Utilization over a specified interval is simply the throughput for the link expressed as a percentage of the access rate v Metrics Ø Link Capacity (Mbps, Gbps) Ø Throughput (bytes/sec, packets/sec, flows/sec) Ø Utilization (%) Internet Traffic Monitoring and Analysis: Methods and Applications 7 POSTECH DP&NM Lab.

3. Monitoring Approaches Internet Traffic Monitoring and Analysis: Methods and Applications 8 POSTECH DP&NM

3. Monitoring Approaches Internet Traffic Monitoring and Analysis: Methods and Applications 8 POSTECH DP&NM Lab.

3. Monitoring Approaches Passive Monitoring Active Monitoring Internet Traffic Monitoring and Analysis: Methods and

3. Monitoring Approaches Passive Monitoring Active Monitoring Internet Traffic Monitoring and Analysis: Methods and Applications 9 POSTECH DP&NM Lab.

3. Monitoring Approaches - Active Test packet generator Test packet probe Response Probe Target

3. Monitoring Approaches - Active Test packet generator Test packet probe Response Probe Target host v Performed by sending test traffic into network 1) Generate test packets periodically or on-demand 2) Measure performance of test packets or responses 3) Take the statistics v Impose extra traffic on network and distort its behavior in the process v Test packet can be blocked by firewall or processed at low priority by routers v Mainly used to monitor network performance Internet Traffic Monitoring and Analysis: Methods and Applications 10 POSTECH DP&NM Lab.

3. Monitoring Approaches - Passive Network link Traffic Analysis Packet Capture Router Flow Generation

3. Monitoring Approaches - Passive Network link Traffic Analysis Packet Capture Router Flow Generation Traffic Information Flow Data v Carried out by observing network traffic 1) Collect packets from a link or network flow from a router 2) Perform analysis on captured packets for various purposes v Network device performance degrades by mirroring or flow export v Used to perform various traffic usage/characterization analysis/intrusion detection Internet Traffic Monitoring and Analysis: Methods and Applications 11 POSTECH DP&NM Lab.

Comparison of Monitoring Approaches Active monitoring Passive monitoring Configuration Multi-point Single or multi-point Data

Comparison of Monitoring Approaches Active monitoring Passive monitoring Configuration Multi-point Single or multi-point Data size Small Large Network overhead Additional traffic Purpose Delay, packet loss, availability CPU Requirement Low to Moderate - Device overhead - No overhead if splitter is used Throughput, traffic pattern, trend, & detection High Internet Traffic Monitoring and Analysis: Methods and Applications 12 POSTECH DP&NM Lab.

Traffic Engineering Traffic Control Devices Traffic Control TrafficTraffic Engineering Traffic Control Devices Traffic Control Traffic
Display Metrics android util Display Metrics Display MetricsDisplay Metrics android util Display Metrics Display Metrics
Network Performance Definitions Network Management Monitoring Metrics NetworkNetwork Performance Definitions Network Management Monitoring Metrics Network
Internet Traffic Characterization Amogh Dhamdhere Internet Traffic CharacterizationInternet Traffic Characterization Amogh Dhamdhere Internet Traffic Characterization
TRAFFIC POLICE DIRECTORATE Traffic Security Section TRAFFIC METODOLOGYTRAFFIC POLICE DIRECTORATE Traffic Security Section TRAFFIC METODOLOGY
TS 4273 Traffic Engineering Traffic Stream Characteristics TrafficTS 4273 Traffic Engineering Traffic Stream Characteristics Traffic
Safety on Traffic Stops Traffic Contacts A trafficSafety on Traffic Stops Traffic Contacts A traffic
AIR TRAFFIC ONTROL Air Traffic Control Air trafficAIR TRAFFIC ONTROL Air Traffic Control Air traffic
AIR TRAFFIC CONTROL Air Traffic Control Air trafficAIR TRAFFIC CONTROL Air Traffic Control Air traffic
Traffic Assignment Definition of Traffic Assignment Traffic AssignmentTraffic Assignment Definition of Traffic Assignment Traffic Assignment
7 Monitoring Analysis Tools Internet Traffic Monitoring and7 Monitoring Analysis Tools Internet Traffic Monitoring and