Transcript Interpreting Network Traffic Flows

Interpreting Network Traffic
Flows
Bill Jensen, Paul Nazario and
Perry Brunelli
Agenda
1. How did we get here
2. Network monitoring tools
3. Sample graphs
Napster


Shawn Fanning
http://www.time.com/time/magazine/arti
cles/0,3266,55730,00.html
Taming Bandwidth Hogs . . .
How can your campus do it?
Ana Preston, University of
Tennessee
Linda Roos, University of
Nebraska, Lincoln
Tuesday, 11:45, Marquis 4
www.funnytimes.com
A simple question

CIO requested that we estimate Internet
transit requirements for the next 18
months
Sources


www.research.att.com/~amo/doc/networ
ks.html
http://www.research.microsoft.com/~Gra
y/Moore_Law.html
What are current bandwidth
requirements?
What do we receive from our
provider?
A few words about UW Internet
access



WiscNet is a state education-based ISP
- founded with help from UW-Madison
Charter membership included 14 UWSystem universities and 8 privates
colleges
WiscNet now serves over 500
educational institutions - predominantly
K-12
The WiscNet backbone

Comprised of OC-3 links connecting
UW- Madison, UW-Milwaukee, the
Chicago NAP and the Ameritech
Advanced Data Service Center (AADS),
also in Chicago.
WiscNet Services



Internet transport and transit
Internet 2 transport
Peering transport at AADS
Current bandwidth requirements
continued...





Inbound vs. outbound traffic
Usage caps
Prime time usage
Peering and I2 traffic
Effect of peer-to-peer networking and
future policy on usage/fair utilization
www.wiscnet.net
What is a flow?



Host-to-host conversation between that
includes the IP address and port # for
each host.
Representation of a series of packets
traveling between two end-points.
A unidirectional series of IP packets of a
given protocol, traveling between a
source and destination within a certain
period of time.
Flow as represented by log


Easy to think of it as we would a sniffer
trace - bits and bytes seen traversing
the wire
In actuality, the flows are the accounting
record or log of activity as reported by
the router
Measurement Tools - Flowscan




Flowscan - freely available perl scripts
and modules that aggregate other freely
available tools for representing flows
Analyzes and reports on NetFlow data
collected by CAIDA’s clfowd
Stored using RRDtool - time series data
Flowscan provides reporting capabilities
and visualization of flow data
Example



cflowd receives flow data from the
router and writes it to disk.
Flowscan parses/messages data from
cflowd and stores the results in RRD
format.
RRDtool graph produces graphs from
RRD files.
Dave ->
More on FlowScan
[email protected]
See
http://net.doit.wisc.edu/~plonka/lisa/FlowScan/
http://mil.doit.wisc.edu/~plonka/
General Flowscan Graphs
Network Events Captured by
FlowScan
New Development
wwwstats.net.wisc.edu/CampusIO/top/originAS.html
wwwstats.net.wisc.edu/CampusIO/top/128.104.16.0_22_top.html
“It’s easier to ride a horse in the
direction it’s going”
Daniel Burrus
www.burrus.com