Network Monitoring and Measurements at University of Napoli

1,786 views

Published on

Activities and Tools on Network Monitoring and Measurements of Heterogeneous Networks

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,786
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network Monitoring and Measurements at University of Napoli

  1. 1. NM2 Network Monitoring and Measurements: some new perspectives (?!?!) COMICS Research Group Dipartimento di Informatica e Sistemistica Università degli Studi di Napoli Federico IICOMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II 1
  2. 2. Agenda Ø  COMICS (COMputers for Interaction and CommunicationS ) presentation Ø  COMICS research topics Ø  Network Monitoring and Measurements Ø People Involved Ø Approach Ø Contributions Ø Traffic Monitoring and Analysis Ø Network Measurements Ø Contacts Ø Publications Ø Large Scale projects 2COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  3. 3. COMICS Ø  COMICS (COMputers for Interaction and CommunicationS ) headed by Prof. Giorgio Ventre Ø  Work spans 2 laboratories and Spin-Offs: ü UoN/DIS •  @ University of Napoli ü CINI/ITEM •  a research lab of the Italian University Consortium in Computer Science & Engineering ü Academic Spin-Offs Ø  Funding mainly from EU, Industry, with some money (?) from national and local government 3COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  4. 4. People@COMICS Ø  Today around 20 people in the group ü Seven of them with tenure and permanent positions •  Giorgio Ventre •  Roberto Canonico •  Simon Pietro Romano •  Stefano Avallone •  Antonio Pescapè •  Maurizio D Arienzo •  Salvatore D Antonio Ø  Collaborations with industries (Telecom Italia, Telefonica O2, Vodafone, H3G, Alcatel, Engineering Ingegneria Informatica, Accenture, Finmeccanica, Selex Sistemi Integrati, Juniper, Ericsson, IBM, Intel, Skylogic, ACCANTO, ALTO, several other SMEs, etc.) and AGCOM, Poste Italiane, and PA. 4COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  5. 5. Research Projects@COMICS (1/2)Ø Former EU Projects: Ø Former National Projects: ü Guardians ü COSMIC ü Cadenus ü ESALAB ü Intermon ü NADIR ü E-NET, E-Next ü QUASAR ü Cost 263 ü WEBMINDS ü Cost 290 ü RECIPE ü OneLab ü LATINO ü NetQoS ü Content ü OneLab2 ü Intersection 5COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  6. 6. Research Projects@COMICS (2/2)Ø Current EU Projects: Ø Current National Projects: ü Inspire ü LINCE ü COST Action IC0703 "Data Traffic Monitoring and Analysis (TMA) 6COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  7. 7. Research@Comics Ø Research areas: ü Traffic Measurements and Analysis ü Network Monitoring and Anomaly Detection ü Perfomance Evaluation of Networked Systems ü Security, Reliability and Resiliency ü QoS and QoE in Heterogeneous Networks ü Analysis and Detection of Network Outages ü Traffic Engineering ü Wireless Mesh Networks •  P2P overlay networks ü Management and control of network infrastructures •  SLA, SLS, Policy based management ü Multimedia services engineering (IETF activities) ü Emulation, Virtualization and Cloud ü Green Networking 7COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  8. 8. NM2, Network Monitoring and Measurements 8COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  9. 9. Network Monitoring and Measurements (NM2)² NM2 is part of the COMICS research group of the Dipartimento di Informatica e Sistemistica at University of Napoli Federico II² People Involved Giuseppe Aceto Alessio Botta Antonio Pescapè Pietro Marchetta Walter de Donato Alberto Dainotti 9COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  10. 10. NM2 approach and vision Topologies Links Applications Traffic / Services http://www.grid.unina.it/Traffic/ 10COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  11. 11. NM2 philosophy, where we are OSS/BSS Integration •  Customer Service Assurance NM2 Distributed NOC •  Perfomance Monitoring Third Parties NTMA Other •  Service Quality Management •  CRM NM2 Network/Traffic Monitoring and Analysis (NTMA) Probe Probe Probe Probe Probe NM2 Network/IT Wired/Wireless Infrasctructure 11COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  12. 12. Traffic Monitoring and Analysis 12COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  13. 13. NM2: Contributions in Traffic Monitoring and Analysis Ø Heterogeneous Network Scenarios (Home Networks, 3G/ 4G, Wireless Metropolitan Mesh Networks, Overlay Networks, gaming consoles, PDAs, household appliances, smartphones, etc) ü Traffic Capture ü Traffic Characterization •  Novel applications (IPTV, games, streaming video, social networks, etc.) •  Malware traffic ü Traffic Modeling ü Traffic Generation and Active Probing ü Traffic and Service Classification •  New techniques for traffic classification ü Security and Anomaly Detection ü Analysis and Detection of Network Outages 13COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  14. 14. NM2: Traffic Capture, Characterization and Modeling (1/2) Ø  Why? ü  Application and Service understanding and fingerprinting ü  Security ü  QoS requirements ü  Performance Analysis ü  Emulation ü  etc. Ø  What? ü  High-Speed Packet Capture (COTS, DAG, etc.) ü  Statistical characterization and modeling of traffic properties •  Multi-level but with specific focus on packet-level •  Per-single application 14COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  15. 15. NM2: Traffic Capture, Characterization and Modeling (2/2)Ø  How? Hidden States Ø  Capture and Analysis Ø  Plab http://www.grid.unina.it/software/Plab Ø  Characterization IPT and PS conditional Ø  Matlab toolset for statistical distributions analysis of network traffic http://www.grid.unina.it/Traffic/Tools/ statools.php Ø  Modeling Ø  Statistical Modeling of traffic sources Hidden Markov Models for different network applications 15COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  16. 16. NM2: Active Probing and Application Traffic Generation (1/4) Ø  Why? Ø  Network Performance Ø  Testing/benchmarking Ø  Network Infrastructure Ø  Device capabilities Ø  Quality of Service (QoS) architectures Ø  Queuing disciplines Ø  Traffic shapers Ø  Etc. Traffic generation scenario Ø  What? Generation of realistic traffic replicating as accurately as possible real applications and collection of information on how the single packets have been processed by the SUT (system under test). 16COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  17. 17. NM2: Active Probing and Application Traffic Generation (2/4) Ø  How? ü  D-ITG (Distributed Internet Traffic Generator) ü  http://www.grid.unina.it/software/ITG ü  Distributed architecture: traffic senders and receivers can be spread over the Internet and controlled by a central point ü  Generation of traffic according to both statistical models of the applications and traffic traces of real applications ü  High performance, accuracy and flexibility ü  Different kinds of hardware and operating systems supported Trace-based Measurement of performance Analytical model-based indicators Open-loop Application-level Closed-loop Flow-level Automated & Configurable Packet-level Repeatabile 17COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  18. 18. NM2: Active Probing and Application Traffic Generation (3/4) 18COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  19. 19. NM2: Active Probing and Application Traffic Generation (4/4) Ø  Since year 2003 D-ITG has being: §  Used for the Italian WiMax experimentations (FUB) §  Used for Magnets Network (Berlin) design and testing §  Used in more than 20 EU research projects (Demo) §  Used by more the 50 companies and Telcos for testing their networking solutions §  Used by NASA for the NASA Crew Exploration Vehicle (CEV) Space communication link sizing §  Used in Labs for CISCO certifications §  Cited in more than 300 papers/theses worldwide §  Included in several Linux distributions: Debian, Slax, OpenWRT, Linux Microcore, etc. 19COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  20. 20. NM2: Traffic and Service Classification (1/3) Ø  Why? ü  Accounting ü  QoS ü  Security ü  Network Analysis ü  etc. Ø  What? Traffic and Service Classification/Identification ü  (new) Payload Inspection ü  Statistical Properties & Machine Learning Web report of online traffic classification of a network link ü  Multi-Classification 20COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  21. 21. NM2: Traffic and Service Classification (2/3) Ø  How? ü  TIE – Traffic Identification Engine http://tie.comics.unina.it ü  High-speed platform written in C ü  Runs on Linux/FreeBSD/MacOSX Packet Session Feature Decision Output Filter Builder Extractor Combiner ü  Modular and Plugin-based Classification Classification ... Plugin #n Plugin #1 ü  Large community COST-TMA 21COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  22. 22. NM2: Traffic and Service Classification (3/3) Ø  Novel Classification Technique: PortLoad* ü Port-based is fast and privacy-friendly because: •  It needs the 1st packet only •  It uses fixed fields (protocol and port) •  It uses few data It can be considered as a special case of packet-classification techniques developed for routers, flow-monitors, etc. ü Payload-based is accurate because relies on application- level headers and other information from the payload •  Payload-based signatures Ø  Port + Payload = PortLoad Ø  Some interest from industry: Telecom Italia, Seven One Solutions, ACCANTO, Huawei * Patent N.: NA2010AOOOO11 22COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  23. 23. NM2: Security and Anomaly Detection (1/2) Ø  Why? ü  Security of network and critical infrastructures ü  Security of users Ø  What? Spread of the Slammer Worm in year 2001 ü  Traffic Analysis for Network/User Security ü  Network Anomaly Detection ü  Study of Malware Traffic ü  Lawful Interception 23COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  24. 24. NM2: Security and Anomaly Detection (2/2) Ø  How? ü  Anomaly Detection: traffic analysis through the Wavelet Transform Detection of a Denial of Service attack through ü  Study of Malware traffic: Analysis with the Wavelet Transform characterization and detection of computer worms ü  Lawful Interception (traffic monitoring, protocol decapsulation, covert channel Witty Worm: Joint PS-IPT observed detection, …) from MAWI WIDE link 24COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  25. 25. NM2: Analysis of Network Outages (1/2) Ø  BGP ü  BGP updates from route collectors of RIPE-NCC RIS and RouteViews ü  We combined information from both databases ü  Graphical Tools: REX, BGPlay, BGPviz Ø  Active Traceroute Probing ü  Archipelago Measurement Infrastructure (ARK) ü  Manually-initated traceroutes Ø  Internet Background Radiation ü  Traffic reaching the UCSD Network Telescope ü  Capable of revealing different kinds of blocking 25COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  26. 26. NM2: Analysis of Network Outages (2/2) Telescopes vs BGP 14 12 number of visible prefixes Ø  Contrasting telescope traffic with 10 8 BGP measurements can reveal a 6 mix of blocking techniques that 4 2 cannot be discovered by looking 0 02 02 02 02 02 02 only at BGP -1 -1 -1 -2 -2 -2 8 9 9 0 0 1 12 00 12 00 12 00 :0 :0 :0 :0 :0 :0 0 0 0 0 0 0 AS30981 AS6762 AS21003 8 7 Ø  E.g. the second Libyan outage 6 packets per second 5 involved overlapping of BGP 4 withdrawals and packet filtering 3 2 1 0 02 02 02 02 02 02 -1 -1 -1 -2 -2 -2 8 9 9 0 0 1 12 00 12 00 12 00 :0 :0 :0 :0 :0 :0 0 0 0 0 0 0 26COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  27. 27. Network Measurements 27COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  28. 28. NM2: Contributions in Network Measurements Ø  Network Performance Analysis and Improvement ü Hybrid approaches (both active and passive) ü QoS, QoE, KPI ü Informed diversity for performance improvement ü Compression and Reduction of network data Ø  Broadband Benchmarking ü In terms of both QoS parameters and protocols Ø  Network Mapping ü Hybrid and Distributed approaches (routers, links, subnets) ü Accuracy, Discovery time, Intrusiveness Ø  Bandwidth Monitoring ü Wired and Wireless network scenarios ü Distributed and Hybrid approaches ü Accuracy, Discovery time, Intrusiveness 28COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  29. 29. NM2: Network Performance Analysis (1/3) Ø  Innovative measurement techniques and approaches ü Active → purposely forge synthetic traffic ü Passive → exploit user generated traffic Ø  Able to work in emerging network scenarios ü 3/4G cellular networks, satellite networks, wireless mesh networks, etc. Ø  Monitored parameters ü One-way delay, round trip time, delay variation (aka jitter), latency, packet loss, shaping rate, packet reordering, TCP performance (e.g., 0-byte connections, reset segments, out-of- order segments, retransmitted segments, 1-Byte segments retransmitted), etc. ü Specific Application Performance (DNS, Web, VoIP, IPTV, etc.) ü KPIs synthesized from the parameters above 29COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  30. 30. NM2: Network Performance Analysis (2/3) A novel technique called Multi-layer Root Cause Analysis of TCP connections (MRCA)* Ø Works analyzing the traffic generated by network users Ø Allows to infer the performance of the TCP connections and to determine the associated root causes (network, application, OS configuration, etc.) Ø Improves and integrates different techniques proposed in literature providing an approach integrating different point of view: aggregate, connection, and host Ø Some interest from the industry: Telecom Italia, Skylogic, ACCANTO, Telefonica O2, etc. * Patent Under Submission 30COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  31. 31. NM2: Network Performance Analysis (3/3) Ø Monitoring and modeling losses ü Characteristics of the loss process on the Internet and on satellite networks Internet (through PlanetLab) Satellite network Ø Detecting and analyzing middleboxes The effect of a PEP in a The effect of a shaper in a cellular network satellite network 31COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  32. 32. NM2: Network Performance Improvement (1/2) Informed time diversity Ø Allows to reduce loss burstiness, thus improving application performance Ø We developed an application to use the interleaving in real networks ü Realizes block interleaving ü Has measurement capabilities to automatically configure and adapt to varying network conditions 32COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  33. 33. NM2: Network Performance Improvement (2/2) Informed space diversity Ø  Allows to improve performance and reliability using multiple paths Ø  A new packet scheduling policy measuring network status ü  Working at IP layer with decisions on a packet-by-packet basis Ø A tool to apply path diversity on real networks 33COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  34. 34. NM2: Compression and Reduction of network data Ø  Challenges and obstacles due to huge amount of !"#$%&((%)*+)%,-,*.%/-$%,**.%.*0#*/*1%-)%)"*%1#.*2)#34%3&%5666%73884#2-)#34$%932#* monitoring data (OSNs, p2p, high speed links, etc) from both active form Y =topassive Pˆquery thatofcanthe thirdinrow of Table II, we obtain a reduction of 59%. In Fig. the and P X, one can use approaches more details, answer a specific be put 0.22 CCS/full instead P and solve bzip2full/full ˆ ˆ Y = P X = T CX. Remember that ||T ||0 and3(b) and 5(b)) we 0.2 see that the ||C||0 are can good approximation is quite bzip2flt/full Tot/full for over the 99.9% of the distribution, and mean and standard Ø  Compression minimized by construction. Therefore, computing the product 0.18 Compression Ratio CX requires at most ||C||0 multiplications of coefficients. are well approximated (see third row of Table II). deviation Similarly, computing Y = T (CX) requires no more than Figs. 4 and 5(b) 0.16 show that the two distributions are close in ü  Reduced memory footprint for ||T ||0 multiplications. Thus, the complexity of answering a query that can be put in the form Y = P X is equal to part and in the tail too. the main 0.14 stored data ||T ||0 + ||C||0 operations. d) PSO: We sketch the Marginal Utility against the 0.12 Using this factorized format allows to answer numberof samples in Fig. 3(c). The QQ-plot in Fig. 3(d) a range of ü  A set of operations with reduced queries. For instance, one can answer any max-k transaction shows a good approximation up to about 500 bytes, which query to find the k largest transactions in the log file. This 0.1 time complexity on coded data can be solved by finding the k largest value of accounts1 for 99.2% of the original data set. In the fourth row the N × 0.08 row of P that corresponds to the load. One can similarlyII a summary of the conducted analysis is reported. ˆ of Table 0.001 0.01 0.1 1 lambda find the total usage of a specific srcID, by summing all ˆ ˆ bytes value P (3, i) for which P (1, i) = srcID. The matrix Fig. 1. Compression Ratios Entire set 1500 Entire set Reduced set Reduced set Ø  Reduction 500 C points to which patterns in T the user calls upon. Thus similar users will have similar coefficient in the C matrix, and 400 1000 can be identified by observing this sparse matrix. Conversely, 1771 different destination URLs. The data set has the format 300 ü  There is no need to consider the the underlying matrix of patterns T embeds some overall of a log file, each record of which represents a single HTTP 200 behavior of the system and can be used to identify abnormal session, and is constituted by four fields: timestamp (in UNIX Fig 500 entire data sets in the processing 100 usage. In particular, if after computing T over some period of epoch time, µs precision), source ID, destination URL, load 0 stage 0 0 2 4 6 8 10 12 time ∆ at regular intervals, one sees dramatic changes in the (in bytes). 0 0.005 0.01 [s] 0.015 0.02 0.025 [s] x 10 −3 0.02 composition of T , say minπ ||T (t2 ) − πT (t1 )||2 > γ where π Entire Set Entire set is a column permutation and γ a threshold, then it might point B. Results Reduced Set Reduced set ü  Entropy-based methodology to 0.07 0.015 to some abnormal behavior in the system and call for some 0.06 1) Compression Ratio: The total size of the compressed co reduce network traffic data 0.05 version, as well as the size of specific components, is com- investigation. 0.04 0.01 da In order to compute T and C, we use the technique pared against the size of the original data. The quantities 0.03 of ü  Off-line approach proposed by Zujovic et al [5] in the context of pattern matching whose ratio is considered are: CCS - size in bytes of Com- 0.02 0.005 algorithms (applied to query-by-example image retrieval). 0.01 pressed Column Sparse representation of C matrix alone; Tot = 0 0 - sum of the size in bytes of0CCS, T matrix, bzip2-compressed Th 0 20 40 50 60 100 150 80 Bytes Bytes 200100 250 120300 34 140 III. E XPERIMENTAL EVALUATION ordered list of URLs, bzip2-compressed ordered list of source atCOMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  35. 35. NM2: Broadband mapping (1/4) Ø  Measuring from the edge → Independent point of view Ø  Different approaches Ø  Web-based (Speedtest.net, Netalizr, ...) Ø  easy to use Host Ø  one-shot measure Ø  affected by interferences Ø  Client-based (Grenouille, Isposure, Home Router HoBBIT, ...) network Ø  repeated/periodical measures Ø  easy large scale deployments Modem Local Ø  active only when the PC is turned on loop Ø  unable to account for interferences Ø  Router-based (SamKnows, BISMark) Ø  continous periodical measures Ø  observes all traffic passing through network ISP Ø  can take into account interfereces Ø  difficult to obtain large scale deployments 35COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  36. 36. NM2: Broadband mapping (2/4) BISMark (router-based) HoBBIT (client-based) Ø  Linux-based firmware Ø  Multi-platform application ü  customized OpenWRT distro ü  based on Qt libraries ü  Netgear WNDR 3700v2 Ø  Extensible measurement Ø  On-demand access to the framework router console Ø  Supports any underlying Ø  Active and passive measurement tool measurements Ø  Active measurements Ø  Current deployments Ø  Current deployment ü  16 routers in Altanta ü  ~100 users in Italy ü  15 routers in Cape Town http://projectbismark.net http://hobbit.comics.unina.it 36COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  37. 37. NM2: Broadband mapping (3/4) BISMark Ø Network measurements taken from the home gateway Ø Both active and passive measurements Ø Main features ü On-demand remote router control/update ü Measurements synchronization Ø Allows to monitor ü Factors affecting performance (Local loop, ISP policies, Home network) ü Usage profiles 37COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  38. 38. NM2: Broadband mapping (4/4) Ø Network measurements taken from the users PC ü large scale deployments Ø Active measurements using standard tools ü extensible measurement framework ü geolocation and mapping ü fine-grained management Ø Main features ü multi-platform ü automatic updates ü per-application measurements Ø Users can ü monitor their Internet connection ü compare results with others in the same location 38COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  39. 39. NM2: Network Mapping (1/3) Ø  Why? ü  Network control and management •  Fault isolation, performance analysis, service locations, etc. ü  Network simulations •  It is difficult to generate realistic topologies ü  Network aware applications •  E.g. to improve the performance Ø  What? ü  Automatic discovery of network maps in terms of: routers, links, subnets, layer-2 devices, etc. ü  Achieving •  Completeness (i.e. discover the entire topology) •  Accuracy (i.e. make no mistakes) •  Low intrusiveness (i.e. reduce both the discovery duration and the traffic overhead) •  Integration with Network Inventory solutions 39COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  40. 40. NM2: Network Mapping (2/3) Ø  How? ü  Combining multiple passive/active methodologies and techniques ü  Hybrid approaches ü  Novel techniques based on: IGMP, ParisTraceroute, IP Options, ... ü  Hynetd (single vantage point) •  http://www.grid.unina.it/software/TD ü  MERLIN (multiple vantage points) •  http://svnet.u-strasbg.fr/merlin 40COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  41. 41. NM2: Network Mapping (3/3)MERLIN: MEasure the Router Level of the InternetØ  Target a specific Autonomous System networkØ  Multiple techniques integrated and optimized Ø Improved IGMP probing ü Paris traceroute ü Alias resolutionØ  Several input sources Ø BGP dumps, CAIDA Archipelago MERLIN Monitor datasets, MaxMind repositories, ...Ø  Geo-Location, DNS mapping, MERLIN Coordinator IPtoAS mapping, ... 41COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  42. 42. NM2: Bandwidth Monitoring (1/2) Ø  Why? ü  Network planning ü  QoS ü  Admission Control ü  Support several kinds of applications (P2P sharing, overlay networks, CDN, streaming, etc.) Ø  What? Estimation of capacity and available bandwidth in modern heterogeneous networks ü  Optimized approaches for each network scenario: wired, wireless, broadband access, mixed ü  Allowing for different deployments: single probe / edge probes / instrumented path ü  Tunable in intrusiveness / accuracy / response speed 42COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  43. 43. NM2: Bandwidth Monitoring (2/2)Ø  How? Measurement platform: UANM (Unified Architecture for Network Measurement) http://grid.unina.it/Traffic/uanm.php ü  Distributed ü  Equipped with state-of-art techniques ü  Plugin-based (easily expandable with experimental or cutting-edge techniques) ü  Decentralized synchronization for interference avoidance ü  API provided for embedding in applications, monitoring systems, appliances 43COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  44. 44. Research Collaborations (not exaustive list) Ø  Cooperative Association for Internet Data Analysis (CAIDA), San Diego,USA Ø  Georgia Tech, Atlanta, USA Ø  Eurécom, Sophia Antipolis, France Ø  Telefonica O2, (Spain and Germany) Ø  TELECOM ParisTech (formerly known as ENST), France Ø  Docomo Labs, Palo Alto, Stanford, USA Ø  Deutsche Telekom Laboratories, Berlin, Germany Ø  UCL, University of Louvain-la-neuve (Belgium) Ø  Universitat Politècnica de Catalunya (Barcelona, Spain) Ø  etc. 44COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  45. 45. Contacts Antonio Pescape Dipartimento di Informatica e Sistemistica University of Napoli Federico II Via Claudio, 21 - 80125, Napoli (Italy) [Room n. 3.10] tel. +39 081 7683856 fax +39 081 7683816 e-mail : pescape@unina.it (or pescape@ieee.org) Personal web-page: http://wpage.unina.it/pescape Teaching web-site (in Italian): http://www.docenti.unina.it/antonio.pescape 45COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  46. 46. Selected Publications (not exaustive list) Ø  Srikanth Sundaresan, Walter de Donato, Nick Feamster, Renata Teixeira, Sam Crawford, Antonio Pescapè, "Broadband Internet Performance: A View From the Gateway", to appear in ACM SIGCOMM 2011 proceedings, Toronto, ON, Canada, August 15-19, 2011. Ø  A. Dainotti, A. Pescapé, K. C. Claffy, “Issues and Future Directions in Traffic Classification", IEEE Network, 2011, to appear Ø  Pietro Marchetta, Pascal Mérindol, Benoit Donnet, Antonio Pescapé and Jean-Jacques Pansiot. "Topology Discovery at the Router Level: A New Hybrid Tool Targeting ISP Networks". IEEE Journal on Selected Areas in Communication (JSAC), Special Issue on Measurement of Internet Topologies, 2011, to appear Ø  Alessio Botta, Antonio Pescape, Vinh Bui, Weiping Zhu, "A Markovian Approach to Multi- path Data Transfer in Overlay Networks, IEEE Transactions on Parallel and Distributed Systems, vol.21, no.10, pp.1398-1411, Oct. 2010 Ø  Alessio Botta, Alberto Dainotti, Antonio Pescape, "Do You Trust Your Software-based Traffic Generator?, IEEE Communications Magazine, vol.48, no.9, pp.158-165, Sept. 2010. Ø  A. Botta, R. Canonico, G. Di Stasi, A. Pescapè, G. Ventre, S. Fdida., "Integration of 3G connectivity in PlanetLab Europe - A step of an evolutionary path towards heterogeneous large scale network testbeds", ACM Springer Mobile Networks and Applications Journal, Special Issue on "Advances In Wireless Test beds and Research Infrastructures", Volume 15, Issue 3, June 2010, Pages 344-355. Ø  Alberto Dainotti, Antonio Pescapè, Giorgio Ventre, "A cascade architecture for DoS attacks detection based on the wavelet transform, Journal of Computer Security, Volume 17, Number 6/2009, Pages 945-968 46COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  47. 47. Selected Publications (not exaustive list) Ø  Marco Mellia, Antonio Pescapè, Luca Salgarelli, Traffic classification and its applications to modern networks, Computer Networks, Volume 53, Issue 6, 23 April 2009, Pages 759-760. Ø  A. Thomas Silverston, Olivier Fourmaux, Alessio Botta, Alberto Dainotti, Antonio Pescapè, Giorgio Ventre, Kavè Salamatian, " Traffic Analysis of Peer-to-Peer IPTV Communities ," Computer Networks, Volume 53, Issue 4, 18 March 2009, Pages 470-484. Ø  Alessio Botta, Antonio Pescapè, Giorgio Ventre, "An approach to the identification of network elements composing heterogeneous end-to-end paths", Computer Networks, Volume 52, Issue 15, 23 October 2008, Pages 2975-2987, Elsevier. Ø  A. Dainotti, A. Pescapè, P. Salvo Rossi, F. Palmieri, G. Ventre, "Internet Traffic Modeling by means of Hidden Markov Models"; Computer Networks (Elsevier), Volume 52, Issue 14, 9 October 2008, Pages 2645-2662 Ø  A. Botta, A. Pescapè, R. Karrer, “High-speed backhaul networks: myth or reality?”, Computer Communication Journal (Elsevier), Volume 31, Issue 8, 25 May 2008, Pages 1540-1550. Ø  A. Pescapè, “Entropy-Based Reduction of Traffic Data”, IEEE Communications Letters, pp. 191-193, Vol.11, No.2 - February 2007. Ø  S. Avallone, D. Emma, A. Pescapè, and G. Ventre, “Performance evaluation of an open distributed platform for realistic traffic generation”, Performance Evaluation (Elsevier), ISSN: 0166-5316 – Vol. 60, Issues 1-4, May 2005, pp 359-392 Ø  Massimo Bernaschi, Filippo Cacace, Giulio Iannello, Antonio Pescapè, and Stefano Za, “Seamless Internetworking of WLANs and Cellular Networks: architecture and performance issues in a Mobile IPv6 scenario”, IEEE Wireless Communication Magazine (WCM) Journal, pp. 73-80, June 2005 47COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  48. 48. Selected Publications (not exaustive list) Ø  A. Dainotti, A. Pescapè, C. Sansone, "Early Classification of Network Traffic through Multi- Classification", Third International Workshop on Traffic Monitoring and Analysis (TMA11) - April 2011, Vienna (Austria). Ø  A. Botta, A. Pescapè, "Monitoring and measuring wireless network performance in the presence of middleboxes", The 8th International Conference on Wireless On-demand Network Systems and Services (WONS), Bardonecchia (TO), Italy, January 2011. (Download the poster). Ø  A. Pescape, D.Rossi, D. Tammaro, S. Valenti, "On the Impact of Sampling on Traffic Monitoring and Analysis", 22nd International Teletraffic Congress, September 7 - 9, 2010 in Amsterdam, The Netherlands. Ø  A. Botta, A. Pescape, G.Ventre, E. Biersack, S. Rugel, "Performance footprints of heavy users in 3G networks via empirical measurement", The 6th International workshop on Wireless Network Measurements, May 31st, 2010, Avignon, France. Ø  A. Botta, A. Pescapè, G. Aceto, M. DArienzo, "UANM: a platform for experimenting with available bandwidth estimation tools", 15th IEEE Symposium on Computer and Communications, June 2010 Riccione (ITALY) Ø  A. Dainotti, F. Gargiulo, L. Kuncheva, A. Pescapè, C. Sansone, "Identification of traffic flows hiding behind TCP port 80", IEEE ICC 2010 - May 2010, Capetown (South Africa) Ø  G. Aceto, A. Dainotti, W. de Donato, A. Pescapè, "PortLoad: taking the best of two worlds in traffic classification", IEEE INFOCOM 2010 - WIP Track - March 2010, San Diego (CA, USA) Ø  V. Carela-Español, P. Barlet-Ros, M. Solè-Simò, A. Dainotti, W. de Donato, A. Pescapè, "K- dimensional trees for continuous traffic classification", 2nd International Workshop on Traffic Monitoring and Analysis (TMA10), Zurich, Switzerland, April 7, 2010. 48COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  49. 49. Selected Publications (not exaustive list) Ø  A. Dainotti, W. De Donato, A. Pescapè “TIE: a Community-Oriented Traffic Classification Platform", International Workshop on Traffic Monitoring and Analysis (TMA09) @ IFIP Networking 2009 - May 2009, Aachen (Germany) Ø  A. Dainotti, W. De Donato, A. Pescapè, P. Salvo Rossi, "Classification of Network Traffic via Packet-Level Hidden Markov Models", IEEE GLOBECOM 2008 - Dec 2008, New Orleans (LA, USA) Ø  Alessio Botta, Walter de Donato, Antonio Pescapè, Giorgio Ventre, "Networked Embedded Systems: a Quantitative Performance Comparison", IEEE Globecom 2008, New Orleans (LA), USA, 30 November - 4 December, 2008. Ø  Alessio Botta, Roberto Canonico, Giovanni Di Stasi, Antonio Pescapè, Giorgio Ventre, "Providing UMTS connectivity to PlanetLab nodes", 3rd International Workshop on Real Overlays & Distributed Systems, collocated with ACM CoNEXT 2008, Madrid, Spain, 9 - 12 December, 2008. Ø  Alessio Botta, Antonio Pescapè, Vinh Q Bui, Weiping Zhu, "An MDP-based Approach for Multipath Data Transmission over Wireless Networks", 2008 IEEE International Conference on Communications (ICC 2008), page(s): 268 - 274 Ø  M.K. Afzal, Aman-Ullah-Khan, A. Pescape, Y. Bin Zikria, S. Loreto, "SCTP vs. TCP Delay and Packet Loss," Multitopic Conference, 2007. INMIC 2007. IEEE International , vol., no., pp.1-5, 28-30 Dec. 2007 Ø  Roger Karrer and Antonio Pescape, "2nd generation wireless mesh networks: technical, economical and social challenges". In Proceedings of the 2007 IEEE International Conference on Future Generation Communication and Networking, Jeju Island, Korea, December 2007. 49COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  50. 50. Selected Publications (not exaustive list) Ø  A. Botta, W. de Donato, A. Pescapé and G. Ventre, “Discovering Topologies at Router Level: Part II”, Globecom 2007, Washington, D.C., 26-30 November, 2007 Ø  Alessio Botta, Antonio Pescapè, Giorgio Ventre, Roger P. Karrer, "High-speed wireless backbones: measurements from MagNets” in proceedings of the Fourth IEEE International Conference on Broadband Communications, Networks, and Systems (Broadnets), September 2007, Raileigh, North Carolina (USA). Ø  Vinh Q Bui, Weiping Zhu, Antonio Pescape, Alessio Botta, "Long Horizon End-to-End Delay Forecasts: A Multi-Step-Ahead Hybrid Approach", 12th IEEE Symposium on Computers and Communications, 2007 Ø  Roger P. Karrer, Istvan Matyasovszki, Alessio Botta, Antonio Pescapè, "MagNets - experiences from deploying a joint research-operational next-generation wireless access network testbed”, TRIDENTCOM 2007, May 2007, Orlando, Florida (USA). Ø  Alberto Dainotti, Antonio Pescapè, Giorgio Ventre, "Worm Traffic Analysis and Characterization", 2007 IEEE International Conference on Communications (ICC 2007) Ø  A. Dainotti, A. Pescapè, P. Salvo Rossi, G. Iannello, G. Ventre, F. Palmieri “An HMM Approach to Internet Traffic Modeling", 2006 IEEE Globecom Conference, Quality, Reliability and Performance Modeling for Emerging Network Services Symposium Ø  A. Dainotti, A. Pescapè, G. Ventre, “Wavelet-based Detection of DoS Attacks", 2006 IEEE Globecom Conference, Network Security Systems Symposium Ø  Giulio Iannello, Francesco Palmieri, Antonio Pescapè, and Pierluigi Salvo Rossi,“End-to-End Packet-Channel Bayesian Model applied to Heterogeneous Wireless Networks”, IEEE Globecom 2005 General Conference - ISBN 0-7803-9415-1 - December 2005, St. Louis (MO, USA) 50COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  51. 51. Large Scale Projects 51COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  52. 52. NM2: Large Scale Projects Ø  BISMark ü  Router-based platform for performing measurements of ISP performance, as well as traffic inside the home ü  http://projectbismark.net ü  http://www.bufferbloat.net Ø  HobbIT ü  User-based platform for performing measurements of ISP performance ü  http://hobbit.comics.unina.it Ø  MERLIN ü  Distributed platform to MEasure the Router Level of the Internet ü  http://svnet.u-strasbg.fr/merlin Ø  MagNets ü  Berlin Wireless MAN design and analysis ü  http://www.net.t-labs.tu-berlin.de/~roger/magnets.html Ø  Distributed Monitoring and Measurements Architectures for ü  Operational 3G Networks ü  Operational Satellite Networks 52COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  53. 53. NM2: BISMark (1/3) Ø Network measurements taken from the home gateway ü A vantage point into the home network Ø Both active and passive measurements ü Customized to user profile Currently Supported devices ü Data anonymization Netgear WNDR3700 Ø Main features 680Mhz MIPS CPU 64 MB RAM ü On-demand remote router 8MB Flash control/update Custom OpenWrt OS ü Measurements synchronization Ø Allows to monitor NOX Box 500Mhz Geode CPU ü Factors affecting performance 256 MB RAM •  Local loop 2GB Flash •  ISP policies Custom Debian OS •  Home network ü Usage profiles 53COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  54. 54. NM2: BISMark (2/3) 54COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  55. 55. NM2: BISMark (3/3) Current worldwide deployment status   2 management servers   more than 50 routers   more than 50 measurement servers (Universities, MLab) 55COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  56. 56. NM2: HobbIT (1/2) Ø Network measurements taken from the users PC ü large scale deployments Ø Active measurements using standard tools ü extensible measurement framework About 90 clients in Italy ü data geolocation and mapping ü fine-grained resource management Ø Main features ü multi-platform client ü automatic updates ü per-application measurements Ø Users can ü monitor their Internet connection ü compare results with others in the same location 56COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  57. 57. NM2: HobbIT (2/2) 57COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  58. 58. NM2: MERLIN MEasure the Router Level of the Internet Ø  Target: a specific Autonomous System network Ø  Efficient joint among the state-of-art techniques in the router level topology discovery field: ü Improved IGMP probing ü Traceroute (paris-variant) ü Alias resolution technique Ø  Optimizations: ü Overcome techniques limitation while preserving benefits ü Limit the intrusiveness with a central smart coordination Ø  Several input sources: BGP dumps, CAIDA Archipelago datasets, MaxMind repositories, ... Ø  Geo-Location, DNS mapping, IPtoAS mapping, ... 58COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  59. 59. NM2: MERLIN Internet MERLIN Monitor MERLIN Coordinator Sprint Network 59COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  60. 60. MagNets: Berlin Wireless MANComprises a wireless backbone and different wireless meshnetworksSpecific active measurement techniquesdesigned to infer Ø  Throughput, latency, and loss of the links Ø  Impact of enhanced transmission modes Ø  Impact of the environment http://www.net.t-labs.tu-berlin.de/~roger/magnets.htmlJoint research with Deutsche Telekom Laboratories, Berlin 60COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  61. 61. Operational 3G networks Ø Different kinds of (passive ) analyses on the user traffic Ø  Traffic classification and application identification Ø  TCP performance Ø  Root cause analysis Ø  Impact of middleboxes Ø On different operational networks from different European telecom operators 61COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II
  62. 62. Operational satellite networks Ø Distributed architecture for passive and active monitoring and measurements Ø Different kinds of passive and active analyses Ø  End-to-end TCP and UDP performance Ø  TCP performance through passive analysis Ø  Influence of traffic shaping http://broadband-satellite.atrexx.com/ mechanisms and middleboxes Ø  Impact of meteorological conditions on performance 62COMICS (COMputer for Interaction and CommunicationS) Research Group – DIS, University of Napoli Federico II

×