Transcript Slides - TERENA Networking Conference 2005

QoS measurements
Sven Tafvelin
Chalmers university of Technology
Gothenburg, Sweden
QoS measurements is the same as
network measurements
• In order to understand how QoS is working
we need to understand how the network is
working.
• In order to understand we need to observe
the traffic.
MonNet
MonNet is a passive measurement project
based on traces of network traffic primarily
processed afterwards.
The traffic will be caught on Sunet 10 Gbit/s
backbone
The volume is so large that the work will be
done in campaigns.
Original configuration
Router
DWDM
Measurement configuration
Splitters
Router
DWDM
Measurem. comp
G-bit
Ethernet
switch
Measurem. comp
These are some reflections while starting the
project
What can the traces be used for?
•
•
•
•
•
•
•
Network statistics (of course)
What type of traffic is the network used for
Changes of network usage over time
Application behaviour on the net
Delay properties
Network stability
Network forensics
Performance issues
In general a 10 Gbit/s connection can
potentially generate very much trace data at
a speed which even fast computers have
problems to sustain.
We have 6 fast disks used in parallel and have
received sustained write speed of about 480
Mbyte/s corresponding to 3.8 Gbit/s which
is substantially less than 10 Gbit/s.
Performance issues (2)
On the other hand:
• We will not store user data
• The links are generally not fully loaded
Trace formats are
incompatible(1)
There is no standard on trace formats. The
number of alternatives is large and many
exist in incompatible versions also:
• PCAP – from the libpcap
• DAG/ERF – from Endace equipment
• FR, FR+, TSH – from NLANR
• CRL – from Coral/CoralReef
• Etc etc
Trace formats are
incompatible(2)
There exist conversion programs between
some of these formats but converting
usually means loosing information.
We can only keep information which can be
represented in both formats.
Trace sanitization and
desensitation
Immediately after (or in parallel) when the
trace is caught it need to be processed.
Sanitization means that the trace is processed:
• Obvious start/end problems are adjusted
• Time stamp information is improved as
much as possible
• Correctness is checked
• Traces may need to be merged
Desensitation
Often the equipment will catch more
information than is allowed:
• Surplus information need to be removed
• IP# need to be anonymized
Ethics issues
There are people who regard Internet as the
last bastion of total freedom and therefore
don’t want traffic traces taken at all.
The current political debate is going in the
other direction. Police, authorities etc will
be able to get rather detailed information
about Internet traffic.
Trace anonymization
There is a (vague?) connection between the
IP# recorded in the packets and the person
behind the keyboard.
Therefore there is a general vish to anonymize
the IP# without destroying the value when
traffic should be analyzed.
Trace anonymization(2)
Trace anonymization is regarded as important.
This means that the IP# in the trace should
systematically be replaced by a pseudonym
IP#.
We want the replacement to be prefix
preserving. This means that if two IP#s
belong to the same subnet the pseudonyms
will also seem to belong to the same subnet.
Trace anonymization(3)
There are two well known methods for prefix
preserving anonymization:
1) TCPdpriv is almost a standard which every new
proposal is measured against. It is prefix
preserving but there is a major problem: The
pseudonym IP# depends on the order of original
IP#s. Therefore the same IP# will get different
pseudonyms in different traces! This makes it
impossible to merge two traces for example.
Trace anonymization(4)
2) Crypto-PAn solves this problem. It uses
encryption algorithms and given a certain
key it will always translate an IP# into the
same pseudonym IP# and be prefix
preserving on all levels.
If the key is not known the pseudonym IP#
cannot be inverted.
MonNet current status
• Equipment according to the earlier picture
is installed.
• Before measurements can start we are
waiting for an OK from a research ethics
committee. In the best case it will arrive
within 2 weeks.