Analyzing Traffic across the Greek School Network Costas Kattirtzis - - PowerPoint PPT Presentation

analyzing traffic across the greek school network
SMART_READER_LITE
LIVE PREVIEW

Analyzing Traffic across the Greek School Network Costas Kattirtzis - - PowerPoint PPT Presentation

Mar 30, 2024 271 likes •519 views

Research Academic Computer Technology Institute University of Patras Analyzing Traffic across the Greek School Network Costas Kattirtzis , Emmanuel Varvarigos, Kyriakos Vlachos, University of Patras & Research Academic Computer Technology

slide-1
SLIDE 1

Communication Networks Laboratory

Analyzing Traffic across the Greek School Network

LANMAN 2005, 14th IEEE Workshop on Local and Metropolitan Area Networks, 18-21 September 2005, Chania, Crete, Greece

Costas Kattirtzis, Emmanuel Varvarigos, Kyriakos Vlachos, University of Patras & Research Academic Computer Technology Institute George Stathakopoulos and Michael Paraskevas Research Academic Computer Technology Institute Research Academic Computer Technology Institute University of Patras

slide-2
SLIDE 2

Communication Networks Laboratory

Introduction

  • Internet is growing dramatically.
  • Very complex patterns to model the Network Traffic.
  • Studies in LAN and WAN have been made since the

early 80s.

  • Today's findings lead us to the conclusion that

– Ethernet traffic is statistically self-similar – Poisson assumption is valid in special cases

  • Recent studies on Peer-to-Peer traffic mainly by

Karagiannis et. al have been made.

slide-3
SLIDE 3

Communication Networks Laboratory

Introduction

  • In this paper we present a study of traffic patterns on the Greek

School Network

  • We studied in the monitored network

– the behavior of flows – the behavior of the packets – the use of each protocol – the use of each well known application – The use of Peer-to-Peer services – The traffic locality phenomenon

  • Benefits

– Understand the impact of network changes and services – Improve network usage and application performance – Reduce IP service and application costs – Optimize network costs – Understand the Impact of P2P applications – Background to the administrators for

  • dimensioning the network
  • congestion control
  • network management
slide-4
SLIDE 4

Communication Networks Laboratory

Overview

  • Network Architecture
  • Measurement Methodology
  • Traffic Statistics

– Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis

  • Traffic locality
  • Peer-to-Peer Services
  • Conclusions
slide-5
SLIDE 5

Communication Networks Laboratory

Greek School Network Architecture

  • Nationwide network that

spans across Greece. Connects all schools of primary and secondary education including administrator offices.

  • Hierarchically structured

into three layers.

– The Backbone network – The Distribution Network – The Access Network

slide-6
SLIDE 6

Communication Networks Laboratory

Overview

  • Network Architecture
  • Measurement Methodology
  • Traffic Statistics

– Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis

  • Traffic locality
  • Peer-to-Peer Services
  • Conclusions
slide-7
SLIDE 7

Communication Networks Laboratory

Measurement Methodology

  • All the measurements took place in the PATRAS prefecture

from October 24 00:00:00 GMT+02:00 2004 to March 18 23:30:00 GMT+02:00 2005.

  • Monitoring System

– Cisco NetFlow

  • In terms of NetFlow, flow is defined by Seven Unique Keys:

– source IP address – destination IP address – source port number – destination port number – layer 3 protocol type – TOS (Type Of Service) byte and – Input logical interface

– FlowScan – cflowd – RRDtool

slide-8
SLIDE 8

Communication Networks Laboratory

Overview

  • Network Architecture
  • Measurement Methodology
  • Traffic Statistics

– Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis

  • Traffic locality
  • Peer-to-Peer Services
  • Conclusions
slide-9
SLIDE 9

Communication Networks Laboratory

Traffic Statistics - Services

slide-10
SLIDE 10

Communication Networks Laboratory

Traffic Statistics - Services

P 2 P u n k n

  • w

n H t t p S N M P S M T P D N S P O P 3 F T P

  • t

h e r

10 20 30 40 50 Percentile of total traffic Services

Outgoing traffic

Flows Packets bits

P 2 P u n k n

  • w

n H t t p S N M P S M T P D N S P O P 3 F T P

  • t

h e r

5 10 15 20 25 30 35 40

Percentile of total traffic

Services

Incoming traffic

Flows Packets bits

  • Outgoing traffic in term of bytes

– 50% is P2P – 19% is HTTP – 25.6% is unknown

  • Incoming traffic in term of bytes

– 37% is P2P – 30% is HTTP – 25.6% is unknown

  • DNS and SNMP use UDP

– Large fraction of the flows, small fraction of the packets and an even smaller fraction of the bytes transferred

  • HTTP (web) application

– The profile of its daily load distribution fits closely the corresponding profile of the TCP protocol.

slide-11
SLIDE 11

Communication Networks Laboratory

Traffic Statistics - Protocols

slide-12
SLIDE 12

Communication Networks Laboratory

Traffic Statistics - Protocols

TC P U D P M ulticast IC M P IP IN IP

10 20 30 40 50 60 70 80 90 100

P ercentage Protocols

Incoming traffic

flow s packets bits

TCP UDP IPINIP ICM P M ulticast

10 20 30 40 50 60 70 80 90 100

Percentile of total traffic Protocols

Outgoing traffic flows packets bits

  • The size of the incoming

packets is much larger than the size of the outgoing packets.

  • TCP uses more and larger

packets per flow than UDP

41,2 54.4% Flows 14,5 5,2 14,5 34,5 4,4

UDP

83% 93.1% 84,2% 61.6% 95%

TCP

Packets Bytes Packets Flows Bytes

Protocols Incoming traffic Outgoing traffic

  • The other IP protocols individually make up

a negligible percentage of the overall traffic

slide-13
SLIDE 13

Communication Networks Laboratory

Traffic Statistics – Flow Analysis

  • 87% of the flows carry

5-12 packets

  • The majority of the

flows last 6 - 6.5 sec.

  • Data transfers*
  • interactive: TCP-telnet,

ICMP, UDP-NTP

  • transaction oriented:

TCP-FTP, TCP-SMTP

  • bulk data transfer:

TCP-FTPD, TCP-WWW

829363 17580176 17757186 50504812 109858082 143809451 143848754 145058776 145061162 145071742 145071956 145099781 145100818 145160507

1.00E+05 1.00E+06 1.00E+07 1.00E+08 1.00E+09 1 2 4 5 10 12 17 18 30 68 124 197 228 530

packets per flow Cumulative number of flows

  • A cross-check of the findings of k. Claffy et al. at “Traffic Characteristics of the T1 NSFNET

Backbone”.

slide-14
SLIDE 14

Communication Networks Laboratory

Traffic Statistics – Packet Size Analysis

  • Dual-modal pattern
  • Predominance of small-sized

packets caused

  • by TCP control segments

and

  • by HTTP application

5 10 15 20 25 30 35 40 45 50

% P a c k e ts

0 -3 2 3 3 -6 4 6 5 -9 6 9 7 -1 2 8 1 2 9 -1 6 0 1 6 1 -1 9 2 1 9 3 -2 2 4 2 2 5 -2 5 6 2 5 7 -2 8 8 2 8 9 -3 2 0 3 2 1 -3 5 2 3 5 3 -3 8 4 3 8 5 -4 1 6 4 1 7 -4 4 8 4 4 9 -4 8 0 4 8 1 -5 1 2 5 1 3 -5 4 4 5 4 5 -5 7 6 5 7 7 -1 0 2 4 1 0 2 5 -1 5 3 6

IP packet size (bytes)

1st Sample 2nd Sample 10 20 30 40 50 60 70 80 90 100

  • 3

2 6 5

  • 9

6 1 2 9

  • 1

6 1 9 3

  • 2

2 4 2 5 7

  • 2

8 8 3 2 1

  • 3

5 2 3 8 5

  • 4

1 6 4 4 9

  • 4

8 5 1 3

  • 5

4 4 5 7 7

  • 1

2 4 > 1 5 3 7 Packet Size (bytes) Cumulative Percentage Packets of November Packets of March

  • Large size packets caused
  • By Ethernet full size

packets and

  • By p2p applications
slide-15
SLIDE 15

Communication Networks Laboratory

Overview

  • Network Architecture
  • Measurement Methodology
  • Traffic Statistics

– Service Analysis – Protocol Analysis – Flow Analysis – Packet Size Analysis

  • Traffic locality
  • Peer-to-Peer Services
  • Conclusions
slide-16
SLIDE 16

Communication Networks Laboratory

Traffic Statistics – Traffic Locality

20 40 60 80 100

1 5 9 1 3 1 7 2 1 2 5 2 9 3 3 3 7 4 1 4 5 4 9

Number of Hosts

Percent of traffic send by source

incoming bytes incoming packets incoming flows

  • utgoing bytes
  • utgoing packets
  • utgoing flows
  • Outgoing traffic: The 50

most busy sources (of the 6188) in a 5-minute sample, are responsible for – 94.5% of the bytes – 93.1% of the flows – 90.9% of the packets.

  • Incoming

traffic:

The same users: – 76.6% of the bytes – 77.5% of the flows – 52.5% of the packets.

  • The same results were
  • bserved

in the 250 minutes samples.

slide-17
SLIDE 17

Communication Networks Laboratory

Overview

  • Network Architecture
  • Measurement Methodology
  • Traffic Statistics
  • Service Analysis
  • Protocol Analysis
  • Flow Analysis
  • Packet Size Analysis
  • Traffic locality
  • Peer-to-Peer Services
  • Conclusions
slide-18
SLIDE 18

Communication Networks Laboratory

Peer-to-Peer Services

  • Very Difficult to identify P2P traffic
  • The 3rd generation P2P systems use arbitrary ports for the P2P connections
  • Still 25% of the traffic is unknown
  • 32,3% - 48,7% of the outgoing and 14% - 39% of the incoming bytes are

caused by P2P services

22,3 35,8 36,8 19,3 37 48,7 Total 0,1 0,1 Direct Connect 0,1 0,2 0,4 0,1 0,2 0,2 Kazaa 0,2 0,3 0,2 0,2 0,3 0,3 Gnutella 0,4 2,3 2,2 0,3 2,5 3 Napster 14,6 14,3 10,6 12,8 16,1 19,5 eMule 7 18,7 23,3 5,9 17,9 25,6 BitTorrent flows % packets % bits % flows % packets % bits % incoming traffic

  • utgoing traffic

Protocol

slide-19
SLIDE 19

Communication Networks Laboratory

Peer-to-Peer Services

  • P2P

services are active 24 hours per day

+ they do not follow the traffic pattern of the

  • verall traffic
  • Emule and BitTorrent

were the two most prevalent protocols.

  • After 19/12/2004 the

use of BitTorrent was reduced significantly because of the shut down of Suprnova.org

slide-20
SLIDE 20

Communication Networks Laboratory

Peer-to-Peer Services

5 10 15 20 25 1 2 2 4 3 6 4 8 6 7 2 8 4 9 6 1 8 1 2 1 3 2 1 4 4 Time (min) Gbytes, 100.000 flows, 100 packets

Gbytes 100.000 flows 100 packets

  • The

arrival rate remains relatively constant throughout the day.

  • The same pattern on

a weekly interval

– A constant rate during the weekdays and a different rate (but constant again) during the weekends.

slide-21
SLIDE 21

Communication Networks Laboratory

Peer-to-Peer Services

20 40 60 80 100 0.5 2 3.5 5 6.5 8 9.5 11 12.5 14 15.5 17 Flow Size (Mbytes)

Cumulative Percentile of Flows

  • The majority of P2P flows contain a relatively small number of packets.
  • The average size of a P2P flow was 9 packets.
  • P2P applications belong to the bulk data transfer-style applications.
  • The mean P2P flow size is 6.1 Mbytes which is much bigger than the mean

flow size of web traffic and other bulk data transfer services.

10 20 30 40 50 60 70 80 90 100 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

Packets per Flow Cumulative Percentile

  • f Flows
slide-22
SLIDE 22

Communication Networks Laboratory

Overview

  • Network Architecture
  • Measurement Methodology
  • Traffic Statistics
  • Service Analysis
  • Protocol Analysis
  • Flow Analysis
  • Packet Size Analysis
  • Traffic locality
  • Peer-to-Peer Services
  • Conclusions
slide-23
SLIDE 23

Communication Networks Laboratory

Summary – Future Work

  • The traffic has daily and weekly periodic components as well as a long-term trend

Non-stationary model

  • The traffic is increasing in time

In 4.5 months 100% increment of traffic rate during the peak hours

  • TCP by far dominates the network traffic.
  • HTTP and P2P services are the most frequently used applications

have to be taken into account in a future network extension Tools like FlowMonitor have to be implemented

  • Strong traffic locality phenomenon. 1% of the sources correspond to 95% of the
  • utgoing bytes.
  • The majority of the flows last a few seconds and carry few packets
  • Predominance of small packets
  • Apply realistic models that captures all the trends of the traffic.
slide-24
SLIDE 24

Communication Networks Laboratory

Analyzing Traffic across the Greek School Network

LANMAN 2005, 14th IEEE Workshop on Local and Metropolitan Area Networks, 18-21 September 2005, Chania, Crete, Greece

Thank you!