Java - Universität Stuttgart
Download
Report
Transcript Java - Universität Stuttgart
Web-based Internet Traffic
Analysis Using Flows
[email protected]
Siegfried Löffler
Paul Christ [email protected]
[email protected]
Martin Lorang
6th Open Workshop for High Speed Networks, Stuttgart, October 1997
Outline
Existing Traffic Analysis Tools
Traditional Solutions
Web-Based Products
Using Flows for Traffic Analysis
The IETF Realtime Traffic Flow Measurement (RTFM)
Architecture
Writing Web based Applications
Implementation of a RTFM analysis application in Java
Conclusions
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Traditional Traffic Analysis
- tcpdump:
Put Network Adapter Driver into „Promiscuous“ Mode. High CPU and
Bus Load.
- „libpcap“ Packet Capturing Library
-
-
- ASCII / Hex dump of all Packets - High Volume Output
SNMP Counters:
- Several Products (HP OpenView, ...) for Graphical Display.
RMON/RMON2: Probes can be placed in interesting points
Problems:
Hard to find „interesting“ packets with
tools like tcpdump.
Not enough Information with tools
showing only counters.
No Web Interface
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Existing Web-based Developments
Trend: Network
Management-Tools use
the WWW as User
Interface
mrtg - Multi Router
Traffic Grapher
Many Projects Usually limited to the
(static) display of
SNMP counters.
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Existing Web-based Developments
Java-based Network Management Products - Adventnet, IBM
and some others.
AdventNet
“NetMonitor”:
Toolkit to create
own SNMP Java
Applets with a
visual builder
(Generates Java
Code)
SNMPv2c
Class Libraries
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Flows
Claffy, Braun and Polyzos “A parametrizable methodology for
Internet traffic flow profiling”
Try to identify sequences of packets as one flow, avoiding the
necessity to check for connection establishment/end packets.
Data packets have to match criteria that have been chosen for the
flow („Flow Specification“)
Packet Arrivals
Packet matches Flow Specification for Flow 1
Checkpoints
Time
Begin
Flow 1
Duration
Flow 1
Last
Timeout:
Packet End Flow 1
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Flows & Traffic Analysis
Cisco: NetFlow Data Export
OC3MON: Flow Measurement at 150 Mbit/s ATM OC-3
(NLANR, MCI)
Hardware
Modified FORE Firmware
Software: DOS; telnet; ASCII
OC3MON PC
Fore PCA200-PCI
OC12MON
IETF RTFM Architecture
Fore PCA200-PCI
Optical
splitters
Ethernet
Network Card
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
The IETF RTFM Architecture
Architecture: RFC 2063
Initally aimed at Accounting
(RFC 1272)
Experiences with NeTraMet
(RFC 2123)
by Nevil Brownlee, Univ.
Auckland, New Zealand
Free
UNIX, DOS
Configurable
OC3MON Version
Meter
Manager
Meter Reader
Analysis Application
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Programming for the Web
Programming for
the Web: CGI,
JavaScript, Java.
CGI programs runs
on Web Server and
produce HTML
output (static).
Java Programs
allow non-static
interaction.
Java is Platform
independent
CGI Progams run on Web Server:
Server
Machine
Client
Machine
Internet
CGI
Java Programs run in Client Web Browser:
Client
Machine
Server
Machine
Web
Server
Internet
Program I/O
Path over which the Program is Loaded
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Java
VM
Java Security
Socket Connections are only allowed to Web Server (where
Code has been loaded from) or to local machine.
Solution: Secure Applet Server (SAS) runs on Web Server
and redirects SNMP traffic.
Server
Machine
Web
Server
Java VM
Client Machine
Internet
Java VM
SNMP
APPLET
SAS
SERVER
SNMP Traffic
SNMP Agent
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Analysis Application in Java
Display of the current
Traffic on the Network in
“Real Time” inside of a Web
Browser.
Netscape on Pent 166:
Reads about 300 flow
records in 10 seconds
Object-Oriented Code
should allow integration
into a web-based
management environment.
Displayed Information:
X-Axis:
Flow Duration
Y-Axis:
PDU Count
Symbol: Flow Kind
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
FLuid / Flow Information
Child window for each
flow, updated after each
query.
Currently those windows
can just display counters
for the selected flows.
It would be interesting to
allow creation of graphs
etc.
N. Brownlee is working
on adding “distributions”
to the Architecture - could
then add distribution
analysis for each flow.
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
Conclusions / Outlook
Possible to write RTFM applications / applets in Java Security Restrictions can be resolved, Java is fast enough to
transfer the packaged flow table in a reasonable time.
Implementation works, more functionality has to be added.
(Currently no additional functionality compared to the
NeTraMet Analysis Applications)
Object Oriented Effort useful (Code Reuse) - Network
Management Applications usually have to be customized to
fulfill the local requirements.
Interesting to work on Flows for Traffic Measurement and
Analysis in order to make the Flow paradigm eventually
applicable to Resource Reservation and Switching
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development
More Information
Our Work:
http://ksoc3mon2.rus.uni-stuttgart.de/diplom
http://www.mathematik.uni-stuttgart.de/~floeff
IETF RTFM WG:
http://www.ietf.org/html.charters/rtfm-charter.html
NeTraMet:
ftp://ftp.auckland.ac.nz/pub/iawg/NeTraMet
OC3MON/OC12MON:
http://www.nlanr.net/NA
AdventNet Java & SNMP:
http://www.adventnet.com
Rechenzentrum der Universität Stuttgart - Communication Systems / BelWue Development