design for large scale collection system using flow
play

Design for Large-Scale Collection System Using Flow Mediators - PowerPoint PPT Presentation

Jul 23, 2023 •617 likes •853 views

Design for Large-Scale Collection System Using Flow Mediators Atsushi Kobayashi, Tsuyoshi Kondoh, and Keisuke Ishibashi NTT Information Sharing Laboratories Jan 8, 2008 FloCon 2008 1 Outline Introduction Why do we need a large-scale

  1. Design for Large-Scale Collection System Using Flow Mediators Atsushi Kobayashi, Tsuyoshi Kondoh, and Keisuke Ishibashi NTT Information Sharing Laboratories Jan 8, 2008 FloCon 2008 1

  2. Outline � Introduction � Why do we need a large-scale collection system? � What is Flow Mediator? � Requirements � I tried to explore the possibility of a large-scale collection system for large networks. � Heuristic method of designing traffic collection system � Estimate number of flow records after aggregation or sampling � Adjust several parameters based on this result � Summary FloCon 2008 2 Jan 8, 2008

  3. Introduction � Traffic volumes in ISP networks are becoming huge in the last few years. � The number of exported flow records is becoming so huge that a single collector cannot handle them. � A smaller sampling rate makes small flows invisible. � Even if traffic grows, network operators would like to maintain the same sampling rate as much as possible. � Aggregated flow records from router make port number or IP address invisible. � Exporting 5-tuple flow records from router is better. The demand for a large-scale traffic-collection system is growing. FloCon 2008 3 Jan 8, 2008

  4. What is Flow Mediator? � Flow Mediator† is a device that “mediates” flow records and has the following functions: � collects Flow Records from various exporters � stores original flow records Network Customer Network � aggregates flow designer Service Operator records flexibly Traffic Matrix Accounting Troubleshoot measurement System System � distributes appropriate flow records for Mediator collectors/analyzers DB Flow mediator ought to be useful for Exporters making large-scale collection system. † draft-kobayashi-ipfix-mediator-model-01.txt FloCon 2008 4 Jan 8, 2008

  5. You can easily make Flow Mediation code � Net::Flow perl module is available on CPAN. � http://search.cpan.org/~ akoba/Net-Flow-0.02/ � The module can encode and decode NetFlow/IPFIX packets. � The encoding and decoding functions have a similar IF. Flow Mediator NetFlow v.5 NetFlow v.9 Flow Aggregation NetFlow v.9 Flow distribution decode encode Protocol Converter IPFIX IPFIX Anonymization my ( $EncodeHeaderHashRef, my ( $HeaderHashRef, $PktsArrayRef, $TemplateArrayRef, $ErrorsArrayRef) = $FlowArrayRef, Net::Flow::encode( $ErrorsArrayRef) = $EncodeHeaderHashRef, Net::Flow::decode( \ @MyTemplates, \$packet, $FlowArrayRef, $TemplateArrayRef ) ; 1400 ) ; FloCon 2008 5 Jan 8, 2008

  6. Requirements � Make traffic-collection system to meet following requirements � Requirement 1: measure traffic flow of entire networks � measure traffic matrices PoP by PoP and router by router � Requirement 2: store received 5-tuple flow records from router � When traffic incident happens, allow inspection of traffic. � Requirement 3: design scalable architecture to accommodate large ISP traffic volume FloCon 2008 6 Jan 8, 2008

  7. Goal � Explore heuristic method of designing collection system for introduction into actual network. � Proposed collection system needs to accommodate following network model. � Total traffic volume 500 Gb/s, 100 Mp/s � Edge Router 20/PoP × 10 PoP = 200 � NetFlow is enabled on IngressIF of Edge router. Core Router Core Edge Router PoP #1 PoP #2 PoP #10 Edge Router NetFlow Network model Observation point FloCon 2008 7 Jan 8, 2008

  8. Hierarchical Collection System � Mediators are allocated in each PoP. � They store all flow records, aggregate them, and export them to next collector. Requirement 1 � Top Collector Top Collector � measures wide-area traffic matrices, such as router by router, pop by Mediator # 10 Mediator # 1 Mediator # 2 pop. Requirement 2 � Inspection Requirement 3 � If traffic incident PoP # 10 PoP # 1 PoP # 2 happens, we can retrieve detailed flow records 10 PoPs, 20 routers/PoP, Mediators are located in each PoP. Core Edge Edge Observation Point from Flow Mediator. FloCon 2008 8 Jan 8, 2008

  9. Visualize Traffic Matrices � Top collector can visualize Router/PoP/AS Traffic Matrixes. We can select all traffic or Nail is the name of our specific VPN (customer). traffic matrix visualizer. Color indicates traffic Destination volume of Source/ PoP Destination pair. Source PoP FloCon 2008 9 Jan 8, 2008

  10. Heuristic Design Method � Suitable values of several parameters are decided by the following steps. � Step 0: measure performance limit of flow mediator and top collector. � Step 1: reveal relation between number of flow records and packet sampling � Step 2: reveal relation between number of flow records and aggregation that depends on several factors. � Aggregation methods (BGP Next-Hop, Prefix, host) � Aggregation interval time (20 s, 60 s, 90 s…) � Step 3: select suitable value within performance limit. � Large sampling rate is preferable. � Small granularity of aggregation is preferable. FloCon 2008 10 Jan 8, 2008

  11. Consideration Points � List several considerations, as follows. � Maximum performances of the top collector and mediators are 5 Kf/s and 10 Kf/s. How many flow Top Step 2 records does the Collector Max. 5 Kf/s Step 3 - A top collector receive? Which is better aggregation method and interval time? Step 1 Mediator# 10 Mediator# 1 Mediator# 2 Step 3 - B Max. 10 Kf/s How many flow records does the mediator Maximum receive? sampling rate? PoP # 10 PoP # 1 PoP # 2 10 PoPs, 20 routers/PoP, Mediators are located in each PoP. Core Edge Edge Observation Point FloCon 2008 11 Jan 8, 2008

  12. Step 1: estimate flow records after sampling � Estimate number of flow records based on density function of packets per flow . F(x) = 0.5 × x -1.73 � # of packets per flow: x � Packets per flow density function: F ( x ) 1.000000 0.100000 � Sampling rate: 1/r Density Function 0.010000 � Total number of unsampled flow: f all 0.001000 0.000100 0.000010 ( ) ∞ = ∑ ( ) 0.000001 − − × × x f 1 1 1 / r F ( x ) f 1 10 100 1000 10000 100000 sampled all = # of packet per flow x 1 Roughly estimate as follows. Extraction 0.5x -1.73 100 Mpps ÷ 20 packets = 5 Mf/s probability Approximate # of flows when total traffic volume is 500 Gb/s. Sampling rate 1/100 1/1000 1/10000 f sampled 305 kf/s 43 kf/s 5.2 kf/s FloCon 2008 12 Jan 8, 2008

  13. Too many flow records without mediator � Even if sampling rate is 1/10,000 packets, the number of flow records exceeds performance limit. Sampling rate 1/100 1/1000 1/10000 f sampled 305 kf/s 43 kf/s 5.2 kf/s Max. 5Kf/s Top Collector 5.2 kf/ s Sampling rate = 1/ 10000 packets PoP# 10 PoP# 1 PoP# 2 10 PoP, 20 routers/PoP, Mediators are located in each PoP. Core Edge Edge Observation Point FloCon 2008 13 Jan 8, 2008

  14. Step 2: flow records after aggregation � What is the # of flow records after aggregation? � Mediator aggregates unsampled flow records at 20-second interval. � Aggregation efficiency: Prefix > HOST > Pair Prefix > Pair HOST > Bi-Flow � The prefix length “/24” is uniformly applied to Prefix Aggregation. � Bi-flow is aggregated from two flow directions. Top 1 Collector PAIR_HOST Aggregation Ratio (= fe / fr ) 0.9 SRC_HOST 0.8 f e DST_HOST 0.7 PAIR_PREFIX 0.6 SRC_PREFIX 0.5 Mediator 0.4 DST_PREFIX 0.3 BIFLOW 0.2 f r 0.1 0 Sampling 0 300 600 900 rate = 1/ 1 Elapsed Time(s) packets FloCon 2008 14 Jan 8, 2008

  15. Step 2: Flow records after aggregation, sampling Sampling rate 1/ 128 � Each aggregation 1 0.9 Aggregation Ratio (= fe/fr ) 0.8 method becomes Aggregation Ratio FLOW 0.7 PAIR_HOST IP_SRC_ADDR 0.6 ineffective gradually. IP_DST_ADDR 0.5 PAIR_PREFIX 0.4 SRC_PREFIX 0.3 � Bi-flow becomes DST_PREFIX 0.2 BIFLOW 0.1 ineffective 0 0 300 600 900 Sampling rate 1/ 1024 immediately. Elapsed Time(s) 1 � sensitive to Aggregation Ratio (= fe/fr ) Aggregation Ratio (= fe/f r) PAIR_HOST 0.9 0.8 IP_SRC_ADDR sampling rate. 0.7 IP_DST_ADDR 0.6 PAIR_PREFIX 0.5 SRC_PREFIX 0.4 DST_PREFIX 0.3 BIFLOW 0.2 0.1 0 0 300 600 900 Elapsed Time(s) FloCon 2008 15 Jan 8, 2008

  16. Step 2: Which factor influences aggregation? � Aggregation ratio depends on several factors. � Traffic Volume through observation point. � Sampling rate � Aggregation interval time I guess that the aggregation ratio depends on the number of flow records received in interval time. Received Flows 3450 3562 Aggregation Interval Time (s) 10 300 Sampling rate (1/r) 1 128 DST_HOST Aggregation ratio 45% 43% DST_PREFIX Aggregation ratio 30% 32% FloCon 2008 16 Jan 8, 2008

  17. Step 2: Which factor influences aggregation? � I plotted all experimental data into one graph. � Three MAWI traffic data samples have different volumes. � Aggregation Interval time : 5 – 300s � Sampling rate : 1/1 – 1/1024 1 Aggregation Ratio (= fe/fr ) 0.8 PAIR_HOST SRC_HOST Aggregation Ratio DST_HOST 0.6 PAIR_PREFIX SRC_PREFIX DST_PREFIX 0.4 BIPAIR 0.2 0 10 100 1000 10000 100000 1000000 # of flow records Aggregation ratio depends on number of received flow records. FloCon 2008 17 Jan 8, 2008

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed PubSub Non-Abstract Large System Design ... NALSD Non-Abstract Large System

Distributed PubSub Non-Abstract Large System Design ... NALSD Non-Abstract Large System

Distributed PubSub Non-Abstract Large System Design ... NALSD Non-Abstract Large System Design Alternatively: SRE Classroom Large (planet scale) system design questions Hands-on workshops and exercises

1.8k views • 92 slides
A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale

A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale

A large-scale chemical data integration system Gaia Paolini Pfizer Confidential 1 Large-Scale Chemical Data Integration Summary Current situation Business case Aims The design process Functionality Applications

261 views • 25 slides
Development of an adaptive optical music recognition system within a large-scale digitization

Development of an adaptive optical music recognition system within a large-scale digitization

Development of an adaptive optical music recognition system within a large-scale digitization project Michael Droettboom and Ichiro Fujinaga Peabody Conservatory of Music Johns Hopkins University Outline Lester S. Levy Collection

106 views • 8 slides
Tools for large-scale collection & analysis of source code repositories OPEN SOURCE GIT

Tools for large-scale collection & analysis of source code repositories OPEN SOURCE GIT

Tools for large-scale collection & analysis of source code repositories OPEN SOURCE GIT REPOSITORY COLLECTION PIPELINE Intro Alexander Bezzubov source{d} committer & PMC @ apache zeppelin startup in Madrid engineer

436 views • 25 slides
An An End nd-to to-En End System for Large Scale P2 P2P P MPC PC-as as-a-Se Service and

An An End nd-to to-En End System for Large Scale P2 P2P P MPC PC-as as-a-Se Service and

An An End nd-to to-En End System for Large Scale P2 P2P P MPC PC-as as-a-Se Service and Low- Ba Bandwi width MPC C for Weak Participants Yehuda Lindell Bar-Ilan University, Israel Based on joint works with: A. Barak, K. China, J.

793 views • 42 slides
Asynchronous system design flow based on Petri nets Microelectronics System Design Research Group

Asynchronous system design flow based on Petri nets Microelectronics System Design Research Group

Asynchronous system design flow based on Petri nets Microelectronics System Design Research Group School of Electrical, Electronic and Computer Engineering University of Newcastle upon Tyne DATE-2005 Asynchronous system design flow based on

741 views • 49 slides
Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is graphene? Graphene is a truly 2D system made of Carbon atoms arranged in an honeycomb hexagonal lattice Zero-gap semiconductor with a low-energy linear

268 views • 6 slides
Peculiar velocity flow field in the Zone of Avoidance Khaled Said Large Scale

Peculiar velocity flow field in the Zone of Avoidance Khaled Said Large Scale

at low Galactic latitude Peculiar velocity flow field in the Zone of Avoidance Khaled Said Large Scale Structure and Galaxy Flows, Tuesday, July 5, 2016 Supervisors: Rene C. Kraan-Korteweg & Thomas H. Jarrett (UCT)

525 views • 25 slides
Adaptation of a mortar method to model flow fractured media G eraldine in large-scale

Adaptation of a mortar method to model flow fractured media G eraldine in large-scale

Adaptation of a mortar method to model flow in large-scale Adaptation of a mortar method to model flow fractured media G eraldine in large-scale fractured media Pichot, Jocelyne Erhel , Jean-Raynald De Dreuzy Outline eraldine Pichot 1

429 views • 26 slides
Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is

Apache Flink Fast and Reliable Large-Scale Data Processing Fabian Hueske @fhueske 1 What is Apache Flink? Distributed Data Flow Processing System Focused on large-scale data analytics Real-time stream and batch processing Easy and

667 views • 39 slides
Principles of Software Construction: Objects, Design, and Concurrency Design for large-scale

Principles of Software Construction: Objects, Design, and Concurrency Design for large-scale

Principles of Software Construction: Objects, Design, and Concurrency Design for large-scale reuse: Libraries and frameworks Michael Hilton Bogdan Vasilescu 17-214 1 Administrivia Homework 4b due tonight 17-214 2 Key concepts from

485 views • 37 slides
robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard University of WisconsinMadison Joint work with Ben Recht and Andy Packard LCCC Workshop on Large-Scale and Distributed Optimization Lund

435 views • 32 slides
Recent advancements towards large-scale flow diagnostics by robotic PIV Fulvio Scarano Delft

Recent advancements towards large-scale flow diagnostics by robotic PIV Fulvio Scarano Delft

50th Anniversary Symposium, Osaka, 4 Sept 2018 Recent advancements towards large-scale flow diagnostics by robotic PIV Fulvio Scarano Delft University of Technology, Aerospace Engineering Department Collaborators : A. Sciacchitano, C. Jux, J.

460 views • 34 slides
PARALLEL LARGE-SCALE SIMULATION OF VISCOELASTIC FLUID FLOW INSTABILITIES Mehmet SAHIN 17 th

PARALLEL LARGE-SCALE SIMULATION OF VISCOELASTIC FLUID FLOW INSTABILITIES Mehmet SAHIN 17 th

PARALLEL LARGE-SCALE SIMULATION OF VISCOELASTIC FLUID FLOW INSTABILITIES Mehmet SAHIN 17 th International Workshop on Numerical Astronautical Engineering Department, Faculty of Aeronautics and Astronautics, Methods for non-Newtonian Flows

564 views • 39 slides
Flow Culture System Multi-Disciplinary Senior Design System Design Review October 2, 2014

Flow Culture System Multi-Disciplinary Senior Design System Design Review October 2, 2014

Flow Culture System Multi-Disciplinary Senior Design System Design Review October 2, 2014 Collin Burkhart Katelyn Busse Michelle Garofalo Robert Repetti Morgan Stoessel Sarah Tran Agenda CRs and ERs System Architecture

739 views • 35 slides
Think Like a {Vertex, Column, Parallel Collection} David Konerding, Google Inc. Pregel: a system

Think Like a {Vertex, Column, Parallel Collection} David Konerding, Google Inc. Pregel: a system

Think Like a {Vertex, Column, Parallel Collection} David Konerding, Google Inc. Pregel: a system for large-scale graph processing Grzegorz Malewicz, Matthew H. Austern, Aart J.C. Bik , James C. Dehnert, Ilan Horn, Naty Leiser, Grzegorz Czajkowski

681 views • 29 slides
Stacey Henson-Drake LAC447 Fall 2016 Stacey Henson-Drake Past & Present Safe

Stacey Henson-Drake LAC447 Fall 2016 Stacey Henson-Drake Past & Present Safe

Stacey Henson-Drake LAC447 Fall 2016 Stacey Henson-Drake Past & Present Safe Voices Organization Overview Safe Voices Internship Overview Learning Goals Learning Outcomes and Activities Accomplishments

473 views • 14 slides
Presentation to the NEAPACOH Meeting Kampala June 28 th July 1 st . 2016 Overview: SDGs and

Presentation to the NEAPACOH Meeting Kampala June 28 th July 1 st . 2016 Overview: SDGs and

South Sudan Presentation to the NEAPACOH Meeting Kampala June 28 th July 1 st . 2016 Overview: SDGs and South Sudan Development Aspirations National Pillar #3: Social South Sudan SDGs and Human Development Development Plan Objective :

122 views • 11 slides
Holmes County Spark Holmes County Anazao Community Partners Community Background These are the

Holmes County Spark Holmes County Anazao Community Partners Community Background These are the

4/26/17 Holmes County Spark Holmes County Anazao Community Partners Community Background These are the most important things you need to understand about our community: 1. Many adults see underage drinking as an inevitable rite of passage.

314 views • 4 slides
Budget Presentation Board of Education March 9, 2020 www.grandislandschools.org The mission of

Budget Presentation Board of Education March 9, 2020 www.grandislandschools.org The mission of

2020 2021 2nd Draft Budget Presentation Board of Education March 9, 2020 www.grandislandschools.org The mission of the Grand Island Central School District is to inspire all students to achieve their highest potential by fostering

1.05k views • 63 slides
City Council / County Board Work Session #3 Thursday, September 7, 2017 CH 21 Downtown Prior

City Council / County Board Work Session #3 Thursday, September 7, 2017 CH 21 Downtown Prior

City Council / County Board Work Session #3 Thursday, September 7, 2017 CH 21 Downtown Prior Lake Reconstruction Tonights Meeting - Agenda Overall Purpose to Inform on: Part 1: Corridor Visioning Concepts + Part 2: TH 13 / CH 21

690 views • 58 slides
discounts on popular products and services. Beneplace Confidential 2020. Beneplace LLC. Trademarks

discounts on popular products and services. Beneplace Confidential 2020. Beneplace LLC. Trademarks

Discount Purchase Program SM Administered by Beneplace Beneplace Confidential 2020. Beneplace LLC. Trademarks and 1 brands are the property of their respective owners Beneplace is the market leader in voluntary benefits and employee purchase

344 views • 12 slides
Distance Learning in PUSD 2020-2021 Distance Learning: new components School Schedules

Distance Learning in PUSD 2020-2021 Distance Learning: new components School Schedules

Opening School in Full Distance Learning in PUSD 2020-2021 Distance Learning: new components School Schedules Agenda School Attendance Google Classroom Suite Troubleshooting / IT Support Aeries Parent Portal Services

720 views • 34 slides
Risk-based Ship Design, Approval and Operation public presentation SAFEDOR facts Motivation and

Risk-based Ship Design, Approval and Operation public presentation SAFEDOR facts Motivation and

Risk-based Ship Design, Approval and Operation public presentation SAFEDOR facts Motivation and expected benefits SAFEDOR Vision and roadmap Challenges and expectations Outlook Created by Pierre C. Sames, Germanischer Lloyd SAFEDOR facts

140 views • 11 slides

More recommend