Setting up a NeTraMet meter: background and requirements

Nevil Brownlee, CAIDA | The University of Auckland

Introduction

This web page explains how to set up a NeTraMet meter for monitoring the Domain Name System (DNS).

CAIDA collects `DNS performance' measurments, and makes summary data available via the web page http://www.caida.org/cgi-bin/dns_perf/main.pl We are looking for additional meter sites in order to enhance our view of global root/gTLD performance. As of March 2003, meters in San Diego (CA), Boulder (CO) and Auckland (New Zealand) are collecting data.

Where to locate a NeTraMet meter

To monitor DNS, we configure a meter to observe DNS request and response packets (i.e. packets to/from UDP port 53 on all root/gTLD nameservers.) The best location for the meter is at the gateway between a 'local' network and the Internet, as shown in the diagram below.

The diagram shows a `local net' to the left and the Internet to the right. The local net has several DNS resolvers (magenta dots), which ask root servers (green dots) and gTLD servers (blue dots) to resolve various domain names. The meter is attached to a `metering point,' where it can see the packets passing between local resolvers and root/gTLD servers.

Site Requirements

For a `local' network one could select a large single site, e.g. a University, or perhaps a whole ISP. The criteria for a site are:

• Should have a large number of users, i.e. enough to generate several hundred root/gTLD requests over any 5-minute period. University sites with around 30,000 students and staff seem to work well, but an ISP with that many customers should be just as good.
• Should not be `too close' to either a root or gTLD server, where the distribution of requests among the roots/gTLDs could be biased towards the nearby servers.

Meter Requirements

The NeTraMet meter (lower middle of the diagram) is a dedicated PC running either BSD or Linux. The PC minimum specification is

• 20 GB disk, one NIC for operation/maintenance, and
• a second NIC to connect to the metering point.

Processor and RAM depends on the metering point technology (see below), as a rough guide I suggest

• 256 MB + 1 GHz for 100BaseT metering
• 512 MB + 2 GHz (or 2x 1GHz processor) for 1000BaseT or OC48

Connection Options

There are several ways to establish a metering point, depending on the physical network architecture at the site's gateway:

1. If the site network uses switches or routers which can copy packets from a port or VLAN to a dedicated port, that port (usually called a `SPAN' port) can become a metering point. For this the NeTraMet meter will only need one metering NIC, and the router or switch will need to be configured to copy both ingress and egress packets for the site's resolvers to the metering port.
    
2. If the single gateway link is 100 or 1000BaseT Ethernet, a `passive tap' (e.g. from NetOptics, http://www.netoptics.com/) can be used as the metering point. For this the NeTraMet PC will need two copper Ethernet NICs, one for each direction of the traffic. Passive taps are rather expensive, so this is not a very attractive option!
    
3. If the site's traffic goes to a single ISP through a fibre link, one can use a pair of fibre splitters (one for each direction) to split off 10% of the light. In this case the NeTraMet PC will need two fibre NICs, to suit whatever link-layer is in use (e.g. 1000BaseSX, OC12 ATM).
   

How does one establish a CAIDA NeTraMet meter?

Although CAIDA is keen to establish more DNS performance metering sites, we have limited resources to support them. If you are interested in hosting a NeTraMet meter, please email your request, together with a brief description of your site, to nevil@caida.org.

Once a meter PC is installed, you will need to give it an IP address and domain name, e.g. netramet.your-site.

If a CAIDA PC is used, we will set up and maintain user accounts on it. Otherwise, we will require you to set up a user account for `nevil.' In either case the `nevil' account must have sudo privilege, since that is required for NeTraMet to see packet headers on its metering

CAIDA will maintain the NetraMet software, and the DNS data collection system used to collect data for the CAIDA DNS performance web page.

In your request you should:

• Give a brief desccription of your site, including its physical location, its domain name, and a rough estimate of the number of users it serves.
   
• Tell us where in your network topology you would install the meter, giving details of how it would be attached.
   
• Tell us whether you expect us to supply a CAIDA PC for the meter. Alternatively, could you provide a suitable PC?
   
• Confirm your understanding that the meter will be configured with a `nevil' account having sudo privilege, to be used for running the meter, and for maintenance of the metering system.
   

`CAIDA NeTraMet site' requests will be considered on a case-by-case basis.