Network data collection and analysis
Jörg Micheel
NLANR MOAT, SDSC, UCSD
,
HPIIS Workshop, San Diego, CA, August 23rd/24th 2001
(page 1)
Data collection
- Using existing equipment - routers
- Passive data collection - OCxMONs and friends
- Active data collection - AMP, IPPM style
- I don't have any good metrics (yet).
2
(page 2)
Router data collection
- Option 1: SNMP
- provides for medium term averages on network
- utilization, packets and bytes
- Visualization: HP OpenView (Management)
- MRTG (very popular these days)
- Plus: anyone can do it, virtually no costs,
- Minus: very coarse, does not provide figures
- about who-does-what and performance
3
(page 3)
Router data collection (cont)
- Option 2: NetFlow
- CISCO published standard, supported by Juniper
- Tools: plenty - CAIDA cflowd, FlowBoy, whatever
- Plus: Provides information retrieved from packet headers
- Minus: can only randomly sample a few percent of actual
4
(page 4)
Passive data collection
- Using dedicated data collection systems
- Examples: PMA, CAIDA (OCxMON) Sprint, AT&T
- Tools: abundance, CoralReef, NeTraMet, dagtools
- Plus: you get to know what the network does to
- your applications (most precise),
- NeTraMet is IETF RTFM conformant
- Minus: tools do not what you want (or need),
- none do 24x7 with WWW publishing auto,
- passive is *hardest of all* techniques
5
(page 5)
Active data collection
- Easy-to-install ping/traceroute/test traffic reflectors
- Examples: AMP, RIPE TTM, Advanced surveyor, NIMI
- Plus: IETF standardized metrics, AMP scales fast and easy
- Minus: you need much more than one-way delay figures,
- GPS is hard, you really need network insights
6
(page 6)
Summary
7
(page 7)
8
(page 8)