Introduction to Traffic Monitoring and Analysis

Download Report

Transcript Introduction to Traffic Monitoring and Analysis

1. Introduction
Internet Traffic Monitoring and Analysis:
Methods and Applications
(1)
POSTECH
DP&NM Lab.
1. Introduction - Evolving IP Network Environment
 WAN: SONET/SDH (OC3, OC12, OC48, OC192), ATM,
WDM/DWDM
 LAN: 10/100 Mbps to 1 Gbps to 10 Gbps Ethernet
 Broadband Internet Access: Cable Modem, ADSL, VDSL
 Wireless Access: WLAN (IEEE 802.11), Wireless Internet
 Wired/Wireless Convergence: Softswitch, Media Gateway,
NGCN
Internet Traffic Monitoring and Analysis:
Methods and Applications
(2)
POSTECH
DP&NM Lab.
1. Introduction – Growth of Internet Use
The number of Internet users is growing
million
people
544.2
527.6
407.1
276.0
Source : Nua Inc.
160.0
1998
1999
2000
2001
2002.2
Internet traffic has increased dramatically
traffic(GB/s)
27645
Source: America’s Network
11328
4451
1572
588
135
273
1996
1997
1998
1999
2000
2001
2002
Year
 Internet usage is growing rapidly!
Internet Traffic Monitoring and Analysis:
Methods and Applications
(3)
POSTECH
DP&NM Lab.
1. Introduction – Reliance on Internet
The Internet generated revenue has been increasing rapidly!
Source : Active Media.
 Internet’s importance and reliance are increasing!
Internet Traffic Monitoring and Analysis:
Methods and Applications
(4)
POSTECH
DP&NM Lab.
1. Introduction – Internet Applications
 Stand-alone applications can now utilize networking
 Cooperative editing: MS Word
 Use of FTP: EditPlus, UltraEdit,…
 Web page or HTML format
 New network applications
 Online games, shopping, banking, stock trading, network
storage
 VOD, EOD, VOIP
Online game
Internet Traffic Monitoring and Analysis:
Methods and Applications
VoIP
(5)
VOD
POSTECH
DP&NM Lab.
1. Introduction – Structure of Applications
 Client-Server
 Traditional structure
server
client
 Peer-to-Peer (P2P)
 New concept between file sharing and transferring
 Generates high volume of traffic
discovery, content,
transfer query
peer
peer
peer
 Structures of applications are changing!
Internet Traffic Monitoring and Analysis:
Methods and Applications
(6)
POSTECH
DP&NM Lab.
1. Introduction – Types of Traffic
 Static sessions vs. Dynamic sessions
connect
connect
Negotiate &
allocate
use static
protocol, port
use dynamic
protocol, port
disconnect
disconnect
control
data
 Bursty data transfer vs. Streaming data transfer
packet
network
packet
network
 Types of traffic are various and increasing!
Internet Traffic Monitoring and Analysis:
Methods and Applications
(7)
POSTECH
DP&NM Lab.
1. Introduction – Internet Protocol Distribution
protocol
Flows
Packets
Bytes
TCP
32,515
14.4%
1,797,176
86.3%
1,339,396,630
96.8%
UDP
54,561
24.2%
141,769
6.8%
27,812,586
2.0%
ICMP
138,253
61.3%
141,247
6.7%
15,720,410
1.1%
Others
125
0.0%
474
0.0%
32,160
0.0%
2003.09.16 – 19:36
POSTECH Internet Junction Traffic
 Transport Protocol Distribution
 The amount of UDP flows is increasing by P2P application
 The amount of ICMP flows is increasing by Internet worm
Internet Traffic Monitoring and Analysis:
Methods and Applications
(8)
POSTECH
DP&NM Lab.
1. Introduction – Port number usage in TCP/UDP
 Port Number Distribution in bytes
?
<1024
>=1024
2%
41%
?
98%
59%
<1024
>=1024
UDP Port Number Distribution
TCP Server Listening Port Number Distribution
 Proportion of Internet Applications
?
54%
21%
20%
HTTP
FTP
TELNET
SMTP
Others
5%
2003.09.16 – 19:36
0%
POSTECH Internet Junction Traffic
 Which applications generate this large amount of traffic?
Internet Traffic Monitoring and Analysis:
Methods and Applications
(9)
POSTECH
DP&NM Lab.
1. Introduction – Motivation
 Needs of Service Providers
 Understand the behavior of their networks
 Provide fast, high-quality, reliable service to satisfy customers and
thus reduce churn rate
 Plan for network deployment and expansion
 SLA monitoring, Network security
 Increase Revenue!
 Usage-based billing for network users (like telephone calls)
 Marketing using CRM data
 Needs of Customers
 Want to get their money’s worth
 Fast, reliable, high-quality, secure, virus-free Internet access
To Satisfy Service Providers’ Needs to Satisfy Their
Customers!
Internet Traffic Monitoring and Analysis:
Methods and Applications
(10)
POSTECH
DP&NM Lab.
1. Introduction – Application Areas
 Network Problem Determination and Analysis
 Traffic Report Generation
 Intrusion & Hacking Attack (e.g., DoS, DDoS) Detection
 Service Level Monitoring (SLM)
 Network Planning
 Usage-based Billing
 Customer Relationship Management (CRM)
 Marketing
Internet Traffic Monitoring and Analysis:
Methods and Applications
(11)
POSTECH
DP&NM Lab.
1. Introduction – Issues in Traffic Monitoring
 Choices
 Single-point vs. Multi-point monitoring
 Number of probing or test packet generation point
 In-service vs. Out-of-service monitoring
 Whether monitoring should be executed during service or not
 Continuous vs. On-demand monitoring
 Monitoring executes continuously or by on-demand.
 Packet vs. Flow-based monitoring
 Collect packets or flows from network devices.
 One-way vs. Bi-directional monitoring
 Monitor forward path only / forward and return path
 Trade-offs




Network bandwidth
Processing overhead
Accuracy
Cost
Internet Traffic Monitoring and Analysis:
Methods and Applications
(12)
POSTECH
DP&NM Lab.
1. Introduction – Problems
 Capturing Packets





High-speed networks (Mbps  Gbps  Tbps)
High-volume traffic
Streaming media (Windows Media, Real Media, Quicktime)
P2P traffic
Network Security Attacks
 Flow Generation & Storage
 What packet information to save to perform various analysis?
 How to minimize storage requirements?
 Analysis
 How to analyze and generate data needed quickly?
 What kinds of info needs to be generated?  Depends on
applications
Internet Traffic Monitoring and Analysis:
Methods and Applications
(13)
POSTECH
DP&NM Lab.
1. Introduction – R&D Goals
 Develop methods to





Capture all packets
Generate flows
Store flows efficiently
Analyze data efficiently
Generate various reports or information that are suitable for various
application areas
 Develop a flexible, scalable traffic monitoring and analysis
system for high-speed, high-volume, rich media IP networks
Internet Traffic Monitoring and Analysis:
Methods and Applications
(14)
POSTECH
DP&NM Lab.