"predictability of high performance networks"
Archived MagicPoint presentation slides, compiled into a single PDF document.
1999_ngi9912.pdf (29 slides, 611 KB)
Slide text transcript
Slide 1: predictability of
predictability of
high performance networks:
monitoring, analysis, & visualization
DARPA ITO PI meeting, 15-17 december 1999
scientific apparatus offers a window to knowledge,
but as they grow more elaborate,
scientists spend ever more time washing the windows.
-- Isaac Asimov
kc claffy, UCSD/SDSC/CAIDA
kc@caida.org
www.caida.org
Slide 2: focus
focus advance capacity to monitor, depict and predict traffic behavior on current and advanced networks identify traffic anomalies in real time
Slide 3: how
how develop/deploy tools (coral oc48, skitter) to better engineer and operate networks analysis and visualization of data develop security features for coral OC3/12 monitors
Slide 4: infrastructure-wide measurem't & analysis
infrastructure-wide measurem't & analysis topology (mapping) workload characterization (passive) performance evaluation (active) routing (dynamics)
Slide 5: skitter: macroscopic topology mapping
skitter: macroscopic topology mapping 18 monitors (inc. 1 root name server) multiple dest. lists 29k servers/36k root clients 52-byte ICMP probes, kernel timestamps, ssh/kerberos goal: insights into inter-SP connectivity, routing, perf. updated daily: www.caida.org/Tools/Skitter/Summary/
Slide 6: skitter: colored by IP address
skitter: colored by IP address
Slide 7: skitter: topology discovery/depiction
skitter: topology discovery/depiction correlate effects with BGP routing changes correlate path performance with specific events identify critical infrastructure within the Internet
Slide 8: skitter: colored by country
skitter: colored by country
Slide 9: infrastructure: DNS roots
infrastructure: DNS roots RSSAC, DNS technical advisory committee to ICANN co-locate skitter hosts w root servers demonstrate root server performance in serving target community develop techniques for evaluating architectual optimality for root server placement (www.caida.org/Tools/Skitter/RSSAC/)
Slide 10: skitter: macroscopic study
skitter: macroscopic study DNS f root server (pv's): path wingspans
Slide 11: skitter: rtt vs hopcount (correlation?)
skitter: rtt vs hopcount (correlation?)
Slide 12: skitter: rtt distribution: tri-modal
skitter: rtt distribution: tri-modal
Slide 13: skitter: rtt vs longitude (light cone)
skitter: rtt vs longitude (light cone)
Slide 14: skitter: dispersion among ASes across paths
skitter: dispersion among ASes across paths
Slide 15: skitter: AS dispersion across paths (sdsc)
skitter: AS dispersion across paths (sdsc)
Slide 16: skitter: country dispersion across paths
skitter: country dispersion across paths
Slide 17: skitter analyses - preliminary findings
skitter analyses - preliminary findings ~1% IP destinations disappearing monthly (re-addressing, firewalls) route announced path not matching forward path indication of potential routing configuration errors (by no means automatic) persistence of paths methods to identify critical infrastructure is there an Internet "core"? datasets available to researchers
Slide 18: monitoring high perf. networks
monitoring high perf. networks priorities: monitor/characterize traffic on high speed nets (OC48, gigether) insights for developing emerging hw/sw, protocols, applications capacity/network planning and peering network control and management billing and accounting
Slide 19: monitoring high perf. networks
monitoring high perf. networks coral/ocXmon testing (oc3,12,48,gE) persistent real-time full frame collection integration w coralreef analysis s/w dag4.0 testing planned 1/00
Slide 20: security of high perf. networks: coralreef
security of high perf. networks: coralreef CoralReef 3.2 release 12/16/99 ATM: Applied Telecom and Fore OC3 (OC12 App. Tel. only) ATM/POS:OC3/12 (DAG3.2 testing 1/00) crl_portmap s/w module listens for RPC portmap access adds suspicious probing host to list records all send-rec'd packets full payload capture (default) tcpdump output format
Slide 21: security of high perf. networks: coralreef
security of high perf. networks: coralreef
crl_filter
ATM reassembly
tcpdump output format
pipes to existing security tools
future
OC12 (full line rates), OC48 need card support
active enforcement module (yr 2000)
getting ISPs to use them
www.caida.org/Tools/CoralReef
Slide 22
visualization ('big viz')
massive datasets (terabytes)
many data attributes (complex)
multiple viz strategies/modalities
workload
geographical
logical
chronological
2D vs 3D
animation
distributed acquisition, data reduction, rendering technologies
what is meaningful?
aggregation granularity
integration into ISP utilities
Slide 23
visualization: workload (protocol) from caida traffic analysis cd, iec.caida.org
Slide 24: visualization: geographical
visualization: geographical www.caida.org/Tools/GeoPlot/ [www.caida.org/Tools/NetGeo/]
Slide 25: visualization: chronological
visualization: chronological
www.caida.org/Tools/Mantra
www.caida.org/Tools/RRDTool
18 oct 99, fix-west.mbone.nasa.gov
Slide 26: visualization: logical
visualization: logical BGP routing table data (connectivity among ASes)
Slide 27: visualization: research priorities
visualization: research priorities
latency
key routers/networks
AS granularity
geographic
integration w mgt tools
obstacles:
mapping IP addresses to
router
geography
AS
service provider
anything...
topology changes faster than can measure
Slide 28: how (repeat)
how (repeat)
develop/deploy tools (coral oc48, skitter) to better engineer and operate networks
get ISPs to use them
(security, accounting,
useful analysis & visualization)
Slide 29: www.caida.org/Presentations/
www.caida.org/Presentations/ kc claffy UCSD/SDSC/CAIDA kc@caida.org www.caida.org