Design and Implementation of a Network Behavior Analysis-oriented IP Network Measurement System

Similar documents
An Internet router level topology automatically discovering system

A Method of Identifying the P2P File Sharing

TM ALGORITHM TO IMPROVE PERFORMANCE OF OPTICAL BURST SWITCHING (OBS) NETWORKS

Research Article. Three-dimensional modeling of simulation scene in campus navigation system

Research on Power Quality Monitoring and Analyzing System Based on Embedded Technology

Research on the Establishment and Analysis of Small Business Networks

A Dynamic Adaptive Algorithm Based on HTTP Streaming Media Technology

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

A New Method Of VPN Based On LSP Technology

Performance Comparison and Analysis of Power Quality Web Services Based on REST and SOAP

Multicast Transport Protocol Analysis: Self-Similar Sources *

Congestion Propagation among Routers in the Internet

The ESB dynamic routing strategy in the low bandwidth network environment

The Comparative Study of Machine Learning Algorithms in Text Data Classification*

Ashortage of IPv4 address space has

Research Article. ISSN (Print) *Corresponding author Chen Hao

Research on Firewall in Software Defined Network

A Design of Remote Monitoring System based on 3G and Internet Technology

SamKnows test methodology

Research and Implementation of Server Load Balancing Strategy in Service System

Application of Nonlinear Later TV Edition in Gigabit Ethernet. Hong Ma

Preliminary Research on Distributed Cluster Monitoring of G/S Model

Network Bandwidth Utilization Prediction Based on Observed SNMP Data

An Efficient Bandwidth Estimation Schemes used in Wireless Mesh Networks

Autonomous System Network Topology Discovery Algorithm Based On OSPF Protocol

Effects of Applying High-Speed Congestion Control Algorithms in Satellite Network

A new Class of Priority-based Weighted Fair Scheduling Algorithm

Comprehensive analysis and evaluation of big data for main transformer equipment based on PCA and Apriority

Impact of bandwidth-delay product and non-responsive flows on the performance of queue management schemes

Application of Redundant Backup Technology in Network Security

Simulation and Realization of Wireless Emergency Communication System of Digital Mine

A NEW APPROACH FOR BROADBAND BACKUP LINK TO INTERNET IN CAMPUS NETWORK ENVIRONMENT

CAMPSNA: A Cloud Assisted Mobile Peer to Peer Social Network Architecture

Research Article A Novel Solution based on NAT Traversal for High-speed Accessing the Campus Network from the Public Network

Design of Physical Education Management System Guoquan Zhang

Low Overhead Geometric On-demand Routing Protocol for Mobile Ad Hoc Networks

Network Management & Monitoring

Configuring Cisco IOS IP SLAs Operations

A Multipath AODV Reliable Data Transmission Routing Algorithm Based on LQI

Header Compression Capacity Calculations for Wireless Networks

Network redundancy flow research work include: network data fetching platform, data. Keywords: Network; redundant; flow analysis

Web Data mining-a Research area in Web usage mining

Impact of End-to-end QoS Connectivity on the Performance of Remote Wireless Local Networks

Performance Analysis of AODV using HTTP traffic under Black Hole Attack in MANET

Improvement of the Communication Protocol Conversion Equipment Based on Embedded Multi-MCU and μc/os-ii

A Multicast Routing Algorithm for 3D Network-on-Chip in Chip Multi-Processors

Design and Implementation of Inspection System for Lift Based on Android Platform Yan Zhang1, a, Yanping Hu2,b

A Low-Overhead Hybrid Routing Algorithm for ZigBee Networks. Zhi Ren, Lihua Tian, Jianling Cao, Jibi Li, Zilong Zhang

Design and Implementation of an Anycast Efficient QoS Routing on OSPFv3

CAMPSNA: A Cloud Assisted Mobile Peer to Peer Social Network Architecture

Snmp Implementaton on Hp Routers with Ovpi (Openview Performance Insight) and Network Management

Design of Smart Home System Based on ZigBee Technology and R&D for Application

A Method and System for Thunder Traffic Online Identification

Analysis and Application of Frame Relay

Research on Multi-service Unified Bearing Electric Power Communication Access Network Bao Feng1,a, Yang Li1, Yang Hu1, Yan Long2, Yongzhong Xie3

Improving TCP Performance over Wireless Networks using Loss Predictors

Research and Design of Crypto Card Virtualization Framework Lei SUN, Ze-wu WANG and Rui-chen SUN

A Scheme of Dynamic Bandwidth Allocation for Switching FC-AE-1553 Network

A Boosting-Based Framework for Self-Similar and Non-linear Internet Traffic Prediction

Geospatial Information Service Based on Ad Hoc Network

A Finite State Mobile Agent Computation Model

Avaya ExpertNet Lite Assessment Tool

A Relative Bandwidth Allocation Method Enabling Fast Convergence in XCP

Realization of Time Synchronization Server Based on C/S

Design and Implementation of Real-Time Data Exchange Software of Maneuverable Command Automation System

End-to-End Mechanisms for QoS Support in Wireless Networks

PLEASE READ CAREFULLY BEFORE YOU START

PLEASE READ CAREFULLY BEFORE YOU START

A SDN-like Loss Recovery Solution in Application Layer Multicast Wenqing Lei 1, Cheng Ma 1, Xinchang Zhang 2, a, Lu Wang 2

A Test Sequence Generation Method Based on Dependencies and Slices Jin-peng MO *, Jun-yi LI and Jian-wen HUANG

The Research and Design of the Application Domain Building Based on GridGIS

A Hybrid Load Balance Mechanism for Distributed Home Agents in Mobile IPv6

Application Research of Wavelet Fusion Algorithm in Electrical Capacitance Tomography

Introduction to Open System Interconnection Reference Model

Octoshape. Commercial hosting not cable to home, founded 2003

Towards Connecting Base Stations over Metro Gigabit Ethernets

Computer Life (CPL) ISSN: Research on the Construction of Network and Information Security. Architecture in Campus

A Communication Middleware with Unified Data Transmission Interface

Behaviour of Routing Protocols of Mobile Adhoc Netwok with Increasing Number of Groups using Group Mobility Model

Landslide Monitoring Point Optimization. Deployment Based on Fuzzy Cluster Analysis.

Research on the Checkpoint Server Selection Strategy Based on the Mobile Prediction in Autonomous Vehicular Cloud

Architecture Design and Experimental Platform Demonstration of Optical Network based on OpenFlow Protocol

Configuring Cisco IOS IP SLAs Operations

NetAlly. Application Advisor. Distributed Sites and Applications. Monitor and troubleshoot end user application experience.

Configuring Cisco IOS IP SLA Operations

Tuning RED for Web Traffic

TCM Health-keeping Proverb English Translation Management Platform based on SQL Server Database

Introduction to Protocols

The principle of a fulltext searching instrument and its application research Wen Ju Gao 1, a, Yue Ou Ren 2, b and Qiu Yan Li 3,c

Construction and Application of Cloud Data Center in University

Coordinated and Unified Control Scheme of IP and Optical Networks for Smart Power Grid

Relaxation Control of Packet Arrival Rate in the Neighborhood of the Destination in Concentric Sensor Networks

Discrete-Approximation of Measured Round Trip Time Distributions: A Model for Network Emulation

Design of Underground Current Detection Nodes Based on ZigBee

Realization on the interactive remote video conference system based on

(a) Figure 1: Inter-packet gaps between data packets. (b)

A Framework For Managing Emergent Transmissions In IP Networks

R.Srinivasan, PhD. Dean, Research and PG studies RNS Institute of Technology Bangalore India

Visualization of Internet Traffic Features

A priority based dynamic bandwidth scheduling in SDN networks 1

Transcription:

The 9th International Conference for Young Computer Scientists Design and Implementation of a Network Behavior Analysis-oriented IP Network Measurement System Bin Zeng 1, Dafang Zhang 2, Wenwei Li 2, Gaogang Xie 3,Guangxing Zhang 3 1 College of Computer and Communication, Hunan University, Changsha, 410080, China 2 Software School, Hunan University, Changsha, 410080, China 3 Institute of Computing Technology, Chinese Academy of Science, Beijing, 100080, China {zengbin604, dfzhang,liww}@hnu.cn, {xie, guangxing}@ict.ac.cn Abstract Analyzing the characteristic of network behavior provides scientific basis for designing, building, and managing the next generation Internet, and is especially important for monitoring network behavior. This paper establishes a system of metrics that evaluates the behavior of IP networks with respect to the need of analyzing network behavior, introduces the design and implementation of network monitoring system that focuses on the analysis of the characteristics of network behavior, analyzes crucial problems on system design, builds an experiment environment and runs tests on it. The results show that our system satisfies all requirements imposed by real time monitoring network behavior, therefore is able to help the decision making in operating and managing networks. Keywords: Network behavior, network measurement system, packet capture, behavior metrics. 1. Introduction With the development of processing capability of network device, link speed is continuously increasing and various new applications continue to emerge, which make network characteristic a great deal of changes. The emerging of information society and knowledge of globalization also has made new demands for the Internet. The quality of service is becoming an enormous challenge to the Internet. In order to solve the problem concerning the IP quality of service on the IP network management, from the beginning of the 1990s, people gradually carried out a research on the network behavior. Network behavior refers to the study of operation of network behavior characteristics. Through finding out various behavioral patterns from network, we can find the key factors which led to the change of behavior and explain the causes for the various phenomena of network. Network behavior plays a key role for the research of trend analysis, monitoring hotspots (the path of over loading), congestion avoiding and so on. At present network behavior research with the common methods of the following three categories: the first method is model analysis, which use a mathematical method to establish the network model, such as the self-similar traffic model [1] [2] [3] [4], Gilbert packet loss model [5] [6], TCP throughput model[7]. As the network becomes more complicated, more and more factors should be considered, and the establishment of the network model is more and more difficult, which means this method will face enormous challenges. The second method is simulation. Through establish the statistical model of network links and simulates network traffic transmission, simulation software acquires network behavior data which network designing or optimizing needs [8]. However, the complexity of the network environment restricts its application. The third method is measurement and analysis. Network measurement put performance testing on the actual operations of network, capturing the measurement data of the Internet and its activities quantitative to obtain network's history, status and trend forecast [9]. Network measurement is becoming the chief method for analysis of network behavior, resulting from the increasing complexity of the Internet and increasing difficult to establish mathematical model. At present, there are many methods and achievement about network measurement. The data reflecting the network state can be collected by network management system. However, the analysis of collected data is far behind the collection technique, and the characteristics of network can t be obtained from real and historical data. Meanwhile, a large number of theoretical models about network behavior are proposed, which are separated from real network environment and lacking conviction. In this paper, on 978-0-7695-3398-8/08 $25.00 2008 IEEE DOI 10.1109/ICYCS.2008.59 374

the basis of relevant work [10-13], we design and implement a network monitoring systems for the analysis of the behavior characteristics of network. Network behavior is partitioned into traffic behavior, end-to-end behavior, routing, and application behavior. The system can integrate network monitoring technology and network data analysis technique organically to provide a unified analysis platform for the various behavior of network. 2. Monitoring and analyzing metrics To overall understand running status of the Internet, We determine the following five ways of network behavior measurement parameters: traffic behavior, end-to-end behavior, routing behavior, application behavior and network element behavior. Let s make detailed introduction in the following. Traffic behavior : Through disposing packet capture tools in key points of network, network traffic analysis metrics are available. The metrics can be divided into packet-level and flow-level. Packet-level metrics include the flow of link layer (rate), packet size distribution, traffic of 280 kinds of protocol, the port traffic information of top N flow; flow-level metrics include concurrent Flow number of a measurement cycle, the number of new flow, the number of aging flow, flow size distribution, the duration of flow distribution, the flow information of top N flow size and flow duration. End-to-end behavior:from the measuring source point to the end point, the routers and links between the two points compose an end-to-end path. Through sending specifically detecting data packages from the measuring end to the measured end and observing the respond of network, Speculate the service quality of end-to-end path. The metrics of evaluating end-to-end path include connectivity, one-way/round-trip, packet loss, one-way delay, round-trip delay, delay jitter, bottleneck bandwidth, available bandwidth, and TCP throughput. Routing behavior: The BGP/OSPF simulator constructed by Zebra is used to collect router information, and collect the end-to-end routing data with the aid of traceroute. The monitoring of routing behavior includes the inefficient routing analysis, routing stability analysis, routing convergence analysis, morbidity advertisement analysis, routing circulation analysis, routing policy analysis, routing oscillation analysis, whether running distributed, no routing circulation, running as needed, safety and time complexity, communication complexity, routing efficiency and so on. Application behavior: A methodology which can monitor the end-to-end user applications is used, termed active application probing mode. By sending requests from the client to the server and observing the response from server, the methodology can reflect the performance of the end-to-end applications without knowing the state of the network devices. The application performance metric can be divided in two sub categories: network/server accessibility and efficiency. Network element behavior: The SNMP protocol can be applied to collect network control information like routing update and MIB status on relevant devices and so on. It is specifically includes automatic discovery and maintenance of network topology, properties of major network devices, operating status, device traffic, SNMP capability information. 3. System design The key of network behavior monitor is the realtime acquirement and analysis of network behavior data. The IP network monitor system which is network behavior characteristic analysis oriented must satisfy this requirement that is the kernel of the design of system has to be the data of network behavior. Monitor system can test on real time or for long term based on configuration, collect behavior data, and show network behavior guide line in fact in intelligible means for user. The function of system is partitioned by data, and figure 1 shows the situation. Figure1.system function partition 3.1. System composing Based on the analysis forenamed, IP network monitor system which is network behavior oriented is showed as figure 2 in order to support needs of various network behaviors. The system can be divided into three layers: measurement plat, control plat and analysis plat. Measurement Platform: The main function is showed as following: collection tools which is used to save various network behavior data, including traffic capturer, p2p measurement tools, router simulator, operation emulator, SNMP agent; measuring or 375

importing various data; sending coded measurement results to control plat, and saving results. Control Platform: the major function of control platform is to dispatch the data collection tasks and send the measurement commands. The data collecting module, data analysis module and data visualization module work together to accomplish the measurement tasks; and the enormous data of network behavior monitoring will be stored into database after simplified. Analysis Platform: The processing of forming visualization data gotten from original data is a procedure of analyzing and abstracting data. The analysis platform is used to get rid of a large number of data unrelated to network behavior measurement, construct the metric data set of network behavior and take charge of analysis of all data. to system control and measurement program which will invoke the relevant measurement tools to implement the measurement after configured the parameters. And then the control and measurement program will take pipeline to transfer the result to data analysis engineer who will displays the analyzed result in graphic and prepares next measurement at the same time when the entire measurement finished. Figure3 sketch map of Measurement control Figure 2 system architecture The architecture adopts the manner of centralized management and distributed measurement, with good openness and scalability. The system can be used for flexible measurement and analysis of network behavior and is suitable for mass deployment by easily adding measurement tool. And the network performance can be easily evaluated by analyzing the data comprehensively through analysis engineering. 3.2. System design and realization Figure 3 shows a sketch map of Measurement control. The main functions of analysis platform are the configuration of task parameters, and analyzing of measurement result. The measurement task is assigned The main function of control platform is controlling and managing measurement tasks. The control module will firstly collect and analyze the user configured parameters, then create a thread and send the parameters to measurement tool, and at last, it will store the measurement results into the database, analyze the result and send the results back to analysis platform after the measurement finished. The measurement platform carries on the specific measurement work. After receiving measurement task, the system control module will create a corresponding measurement thread according to measurement type and measurement parameters. The thread will start one measurement tool among five measurement tool modules. The figure 4 describes the information and data process inside the system in detail. The system program mainly includes three threads: management and control thread, measurement thread, analysis and visual display thread. Management and control thread takes charge of creating two threads: one is used to manage measurement task by users, another is used to control measurement tool and task. Such as assign task to measurement thread, store and analyze measurement data and so on; Measurement thread takes charge of receiving measurement task from management and control thread and creating 376

measurement thread and starting measurement tool to measure. Measurement thread will send results to analysis and visualization thread which will show the result to user by graphic. Pipeline is used for the communication between threads. packets buffer after completing packet processing and analysis. Figure5.shared memory method architecture Figure 4 information and data process inside the system 3.3. Crucial technology Probe used in the system is achieved based on common hardware platform. Therefore, high efficient packet capture and less system resources for the flow characteristics of acquisition method is the key to guarantee the accuracy of the systems. We implement a new traffic capture method based on shared memory to improve the efficiency. The key of this method is using shared memory which is between kernel space and user space as packet buffer to reduce the number of system calls and implement packet zero-copy. Take the advantage of share memory, packet receive path from NIC driver buffer to user level application has been shorten. Figure 5 show that, packet capture method based on shared memory for high-speed network consists of three parts: the packet capture driver module, the shared memory management module and the upperclass application API interface. The process of packet capture are as follows: 1 access to the packet capture drive module, through the revision of Driver Program; 2 through shared memory management module inspect packet buffer memory space, if still available will write data packets through DMA (Directly Memory Access) channel to the shared memory and return, otherwise discarded packets directly; 3 flow monitoring and analysis application procedures call upper API interface to access package in the shared memory buffer, and then release of The establishment of shared memory space is the key to implement packet capture for high-speed network. The packet capture driver module is responsible for writing packets to the shared memory. Flow monitoring and analysis procedure call API interface reading of the packet for statistics and analysis. Through access to the packet capture driver module for writing packet into shared memory directly and circularly, the applications in the user space call API interface to access shared memory, implement packet zero-copy and eliminate the system calls. 4. Application of the system We did measurement and analysis on a campus network in order to verify the effect of the system. The probe was deployed on the joint of connect link which was paid attention to. And then according to advanced enactment, the control and analysis plat which was deployed on network manage center collected the monitor and analysis results periodically which was gained by probes. Figure 6 shows the topological graph of testing network, from which we can locate brokendown instrument and broken-down link quickly. We selected the kernel router (210.43.96.18) from figure 6, deployed probe on it and monitored the traffic by port image. Figure 7 shows the traffic continuously changing instance of the kernel router in one month (2007-03-27 to 2007-04-27). From the figure, the change of link traffic has definite character on day, and daily change assumes parabola shape which inosculates active rule of human beings. To analyzing the data of one day, the total traffic of network link is low, because its average traffic is 300Mbps (the physical bandwidth is 1000Mbps), and its average 377

utility of bandwidth is about 30%. The busy periods of link are period 9:00~17:00 and period 20:00~22 :00; other periods are spare time. The in and out traffic is smoothness on the whole. In it, there are just 2 outbursts, one on 8:00~9:00 pm and one on 9: 00~10:00 am. The changing rule of daily traffic is the same, except that the traffic grows a little on Friday and Saturday evenings. Figure 8 application types distribution Figure 6 the topological graph of testing network To see from TOPN of service flow, most traffic of network is produced by some correlative IP, either by byte traffic or by data packets traffic. This basically accords with 20/80 rule. For example in figure 9, the frequency of appearance of flows reference with IP 202.43.19.22 is very high in TOPN and the ratio of its byte traffic and data packets traffic is also high. Figure9 traffic TOP N Figure 7 traffic changing instance To examine the history data during this period, as figure 8 shows, bursting out operations are based on P2P operation and flow media operation, and there is also little the traditional operation which is based on HTTP. To analysis on byte traffic of link, from high to low by ratio of traffic, those are P2P (44.73%) flow media(23.09%) basic applications(18.22%) private protocols(9.49%) VoIP online telephone(3.85%) online games(0.3%) instant communications(0.32%). P2P application will become more and more popular. Either illegal application or legal application, manager should know the traffic characters of P2P application, and to conduct and control it through proper strategy. The analysis of system experiment above shows the characters of network, and points out the basic character of these actions and the positions where frequently appear congestions. The analysis is important to the maintenance and natural performance of network. Those characters are hard to be showed by common network monitor system. This point has instructional meanings for enhancing the network performance. 5. Conclusions To reflect Internet running behavior characteristic roundly, we design a network monitoring systems for the analysis of the behavior characteristics, and realize performance monitoring of network. This system mainly monitors and analyzes traffic behavior, end-to- 378

end behavior, routing, and application behavior characteristic. In the course of realization, we present measurement and analysis metrics, which roundly reflect network characteristics; then we discuss the material measurement and analysis method and introduce the crucial technologies which is used in the system; In the end, we validate the system in Campus LAN and gain good effect. In the following work, we need to make further study on the predictability of network performance. Acknowledgment This research is funded by National Natural Science Foundation of China with grant no. 90718008, 60673155 and 60703097. Thanks to our team in ICT for their efforts to develop the monitoring and measurement system, especially thanks to Jian Yang, Dunxing Zhang etc. References [1]W. Leland, M. Taqqu, W. Willinger, and D. Wilson, On the self-similar nature of Ethernet Traffic, IEEE/ACM Transactions on Networking, 1994, pp. 1-15. [2]Matthew Roughan and Darryl Veitch, Measuring Long- Range Dependence under Changing Traffic Conditions, INFOCOM '99, New York, NY, 1999, pp. 1513-1521. [3]Thomas Karagiannis, Mart Molle, Michalis Faloutsos, Long-Range Dependence: Ten Years of Internet Traffic Modeling, IEEE Internet Computing, 8(5),2004, pp. 57-64. [4] Gaogang Xie, Guangxing Zhang, etc, The Survey on Traffic of Metro Area Network with Measurement On-line, Proceedings of the 20th International Teletraffic Congress, Ottawa, Canada, 2007, pp.17-21. [5]Y.Zhang, N.Duffield, V.Paxson and S.Shenker, On the Constancy of Internet Path Properties, In ACM SIGCOMM Internet Measurement Workshop, 2001, pp.197-211. [6]Xunqi Yu, James W. Modestino, Xusheng Tian, The accuracy of Gilbert models in predicting packet-loss statistics for a single-multiplexer network model, INFOCOM 2005, pp. 2602-2612. [7]M.Goyal, R.Guerin and R.Rajan, Predicting TCP Throughput From Non-invasive Network Sampling, INFOCOM2002, pp. 180-189. [8]MA Wei-min, LI Zhong-cheng,Wang Jun-feng, XIE Gao- Gang, An Analysis of the Characteristics of High-speed Network Traffic Based on Simulation, Journal of system simulation, 2004, 16(4), pp. 681-68. [9]Zhang Hong-Li, Fang Bin-Xing, Hu Ming-Zeng, etc, A Survey on Internet Measurement and Analysis, Journal of Software, 2003, 14(1), pp.110-116. [10]Li Wenwei, Zhang Dafang, Yang Jinmin, Xie Gaogang. On Evaluating the Differences of TCP and ICMP in Network Measurement, Computer Communications, 2007, 30(2), pp.428-43. [11]Guangxing Zhang, Gaogang Xie, etc, Self-Similar Characteristic of Traffic in Current Metro Area Network, 15th IEEE Workshop on Local and Metropolitan Area Networks, June 10-13, 2007, Princeton NJ, USA. [12]LI Wen-Wei, ZHANG Da-Fang, XIE Gao-Gang, YANG Jin-Min. A High Precision Approach of Network Delay Measurement Based on General PC, Journal of Software, 2006, 17(2), pp. 275-284. [13]Fan Chao,Xie Gaogang,Zhang Dafang,Li Zhongcheng, Performance Analysis of HTTP Service Based on Network Active Measuremnet, Journal of Computer Research and Development,2005,42(3), pp. 493-500. 379