NLANR

1
NLANRsNetwork Analysis Infrastructureand
OCXmon activities
Hans-Werner Braun NLANR (UCSD/SDSC) hwb_at_nlanr.net
http//www.nlanr.net
2
Goals and objectives

• Creating an infrastructure to support
  measurements and analysis
• collection of header traces (passive)
• performance measurements (active, AMP)
• use of SNMP derived data
• routing and topology stability
• Undertaking of research activities
• Support outside researchers with data and other
  help
• Creation of analysis and visualization tools
• Aggregate various data sets for correlation
• Result reporting for the high performance
  networking environment

3
NAI system
4
Central machines

• nai.nlanr.net
• server for initial data collection
• 160 GB, 256MB memory, dual 450MHz PII
• moat.nlanr.net
• external web server
• 160 GB, 256MB memory, dual 450MHz PII
• four analysis computation engines
• each 18GB, 256MB memory, 450MHz PII

5
File andcompute servers
nai.nlanr.net
moat.nlanr.net
Analysis computing engines
6
Coral/OCXmon
(passive traffic collection and analysis at
optical carrier speeds)

• completely noninvasive, no impact on forwarding
  paths
• aggregated traffic signature at a measurement
  point
• detailed characteristics of individual
  transactions

7
Coral components
8
Optical splitters
9
OC3monmachine
10
Passive measurements -- available interfaces

• Ethernet (10/100) (now)
• DS3 (interfaces available) UofWaikato, NZ,
  Ian Graham
• FDDI (now) off the shelve FDDI cards
• OC3 (now) ATM, FORE
• OC12 (now) ATM, Applied Telecom, CAIDA
  Coralreef
• OC12 (now ATM, prototype POS), UofWaikato, NZ,
  Ian Graham
• OC48 (mid-2000) developed by CAIDA/MCI

11
Status of passive measurements activities

• Current situation
• 11 active OC3mon sites
• 1 FDDI monitor (currently used for OC3mon)
• 2 OC12mon sites
• 2 pairs of so far unused DS3mon cards
• Near to medium term future
• creating two DS3mon machines
• deploying approximately 25 more OCXmon machines
• using the DAG3 technology
• POS and ATM capability
• in collaboration with Abilene/I2

12
Passive measurement deployment status
U. of Washington
U. of Michigan Michigan State U.
STARTAP/APAN
Argonne Nat. Lab
Ohio State U.
NCAR U. Colorado, Boulder
U. of Pennsylvania
NCSA
FIX-West
Old Dominion U.
AIX/MAE-West or NREN NASA-Ames
CSU, San Bernardino
MCNC North Carolina State U. U. of North
Carolina Duke U.
Vanderbilt U.
UCLA
SDSC, U. California, San Diego
Rice U. Baylor College of Medicine U. of
Houston Texas AM U.
U. of Florida Miami U. Florida State U.
28 May 1999
13
Analysis results http//moat.nlanr.net/Datacub
e
File structure origin project date time Data
cube structure project date time origin
date project time date origin time project
origin date time project origin time d
ate origin project time
14
Further (somewhat dated) analysis available
online

• http//moat.nlanr.net/OC3analysis - analysis of
  an aggregation point data (similar to what will
  be available for the HPC aggregation points or
  gigaPoPs)
• http//moat.nlanr.net/PBHA - analysis of
  packets, bit volume, and host activity on a link.
• http//moat.nlanr.net/SF - analysis of TCP flags
  (useful for both Internet researchers and
  vendors)
• http//moat.nlanr.net/DNS - analysis of traffic
  by protocol -- with respect to UDP, specifically
  DNS traffic.
• http//moat.nlanr.net/PLRL - analysis of the
  behavior of sequences of packets or packet run
  lengths is important to the design and
  development of next generation internetworking
  hardware and software
• http//moat.nlanr.net/BGPAddr and
  http//moat.nlanr.net/ASPL - analyses of the
  interconnectivity of Autonomous Systems
• http//moat.nlanr.net/IPaddrocc - analysis of
  the 32 bit (IP v4) Internet address space

15
Result visualization strategies

• real-time visualization requirements
• fast data visualization (including animating)
• 3D visualization engines based on OpenGL
• distributed server/client
• data generation/analysis separate from
  visualization
• lead Jeff Brown (specifically for cichlid)

16
Cichlid server/client model
Server (non-local data generator)
Client/user OpenGL based visualization engine
Server (non-local data generator)
Server (non-local data generator)
17
cichlid visualization
18
IP use and plen matrices
19
Cichlid for Windows
20
Collaborations

• availability of network workload and performance
  data and software to gain more insight into the
  Internet fabric
• opportunity to involve more students and
  faculty thesis projects
• hosting of visiting researchers
• local (UCSD) student involvement
• faculty and staff collaborations with other
  sites
• collaborators have to be self-guided to a large
  extend

21
Upcoming workshops at UCSD/SDSC

• 29/30 June 1999
• collaboration between sites hosting measurement
  machines
• discussions among technical people
• focus on high performance networking
  environments
• vBNS, I2/Abilene, NGI,
• help define needs for data/analysis from
  existing measurement infrastructure
• 1 July 1999
• strategic needs for network analysis in high
  performance networking environments, issues and
  opportunities
• discussions among people with significant
  network analysis experience
• focus on multi-provider high performance
  networking environments