An Architecture for Distributed Real-Time Passive Network Measurement

We present an architecture for a Distributed Online Measurement Environment (DOME) which is a passive measurement system that correlates network information between several measurement nodes placed at different locations in the network to offer a large scale view of network operation. The system is capable of capturing packet traces and pre-processing them on the measurement node itself. Real-time queries are implemented by breaking them down into standard statistics that are updated during run-time. We present details of a prototype implementation of our architecture on an Intel IXP2400 network processor. The prototype is deployed on the main Internet access link of the University of Massachusetts and measurement results are validated against those obtained from an Endace DAG card. Performance of the prototype is compared to that of a conventional post processing system for an application to detect network anomalies.

[1]  Jan Coppens Scampi - A Scaleable monitoring platform for the Internet , 2004 .

[2]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[3]  Jason But,et al.  Netsniff: design and implementation concepts , 2005 .

[4]  R. Ramaswamy,et al.  High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems , 2007, IEEE/ACM Transactions on Networking.

[5]  August 29-September 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems , 2000, Proceedings 8th International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems (Cat. No.PR00728).

[6]  Marcel Waldvogel,et al.  IBM PowerNP network processor: Hardware, software, and applications , 2003, IBM J. Res. Dev..

[7]  V. Paxson End-to-end routing behavior in the internet , 2006, CCRV.

[8]  Andrew W. Moore,et al.  Architecture of a network monitor , 2003 .

[9]  Vern Paxson,et al.  End-to-end Internet packet dynamics , 1997, SIGCOMM '97.

[10]  Theodore Johnson,et al.  Gigascope: high performance network monitoring with an SQL interface , 2002, SIGMOD '02.

[11]  Balachander Krishnamurthy,et al.  ATMEN: a triggered network measurement infrastructure , 2005, WWW '05.

[12]  Chase Cotton,et al.  Packet-level traffic measurements from the Sprint IP backbone , 2003, IEEE Netw..

[13]  Markus Fiedler,et al.  A Distributed Passive Measurement Infrastructure , 2005, PAM.

[14]  Jason Lee,et al.  The devil and packet trace anonymization , 2006, CCRV.

[15]  Christophe Diot,et al.  The CoMo white paper , 2004 .

[16]  Donald F. Towsley,et al.  Measurement and modelling of the temporal dependence in packet loss , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[17]  Mostafa H. Ammar,et al.  Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme , 2004, Comput. Networks.

[18]  Jennifer Widom,et al.  Continuous queries over data streams , 2001, SGMD.