milan erm k
play

Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda - PowerPoint PPT Presentation

Jul 07, 2023 •362 likes •606 views

A Performance Benchmark for NetFlow Data Analysis on Distributed Stream Processing Systems NOMS 2016 Wednesday 27 th April, 2016 Milan ermk Daniel Tovark, Martin Latovika, Pavel eleda NetFlow/IPFIX Monitoring and Analysis

  1. A Performance Benchmark for NetFlow Data Analysis on Distributed Stream Processing Systems NOMS 2016 Wednesday 27 th April, 2016 Milan Čermák Daniel Tovarňák, Martin Laštovička, Pavel Čeleda

  2. NetFlow/IPFIX Monitoring and Analysis Performance Benchmark of Stream Processing Systems Page 2 / 18

  3. Network Monitoring using NetFlow/IPFIX Flow Monitoring Groups packets into n-tuples that have common properties. From the IP point of view we know who communicates with whom, when, and for how long. Used for network traffic measurement in high-speed and large-scale networks. RFC 7011 A fl ow is de fi ned as “ a set of IP packets passing an observation point in the network during a certain time interval, such that all packets belonging to a particular fl ow have a set of common properties ” Performance Benchmark of Stream Processing Systems Page 2 / 18

  4. Disadvantages of Flow Data Analysis Not real-time Flow data typically analysed in 5 minute intervals Delayed detection of serious network attacks Hidden network traffic characteristics Invisible peaks Distorted traffic statistics Performance Benchmark of Stream Processing Systems Page 3 / 18

  5. Solution? Performance Benchmark of Stream Processing Systems Page 4 / 18

  6. Solution? Performance Benchmark of Stream Processing Systems Page 4 / 18

  7. Distributed Stream Processing Systems Samza Storm Spark Consumer Spout Receiver Data source Standalone, Cluster manager YARN, Mesos YARN, Mesos YARN, Mesos Stream Configured in Configured in partitions Parallelism Topology SparkContext based Message processing Sequential Sequential Small batches Database, User Database, User Proprietary – Data sharing between implemented implemented SparkContext, nodes communication communication Tachyon Java, Clojure, Java, Scala, Programming Java, Scala Scala, any other Python language using JSON API User definition Time window Proprietary Proprietary of Spout User definition Separate Job Accumulator Count window of Bolt Table: Characteristics of Distributed Stream Processing Systems Performance Benchmark of Stream Processing Systems Page 5 / 18

  8. Benchmark of Distributed Stream Processing Systems Performance Benchmark of Stream Processing Systems Page 6 / 18

  9. Benchmark of Stream Processing Systems Benchmark characteristics Follows the universal Stream Bench benchmark by Lu et al. Focus only on the fl ow throughput, not on fault tolerance or durability. Using real network data and common operations. Benchmark of standard systems without speci fi c optimizations. Throughput measured using dataset size, time between computation start and arrival of predetermined computation result. Performance Benchmark of Stream Processing Systems Page 6 / 18

  10. Benchmark of Stream Processing Systems Dataset Based on the CAIDA network traffic public dataset. PCAP transformed into fl ows represented in the JSON format ( ∼ 270 bytes). Basis formed from one million fl ows of the one IP address. Final dataset consist repetitive insertions of the basis corresponding to the number of available processor cores. {" date_first_seen ":"2015 -07 -18 T18 :07:33.475+01:00" , " date_last_seen ":"2015 -07 -18 T18 :07:33.475+01:00" , "duration ":0.000 ," src_ip_addr ":"86.135.210.175" , " dst_ip_addr ":"31.157.1.1" ," src_port ":54700 , "dst_port ":80 ," protocol ":6 ," flags ":".A...." , "tos ":0 ," packets ":1 ," bytes ":56} Performance Benchmark of Stream Processing Systems Page 7 / 18

  11. Benchmark of Stream Processing Systems Selected operations 1. Identity: Input data processing without executing any operation on them. 2. Filter: Only fl ows fi tting a fi ltering rule are selected from the input dataset and sent to the output. 3. Count: Flows containing a given value are fi ltered and their count is returned as a result. 4. Aggregation: Contrary to the count operation, the aggregation sums speci fi c values over all fl ows. 5. TOP N: An extension of the aggregation returning only a given number of fl ows with the highest sums of values. 6. SYN DoS: The detection of an attack represented by a high number of fl ows from one source IP address with TCP SYN packets only. Performance Benchmark of Stream Processing Systems Page 8 / 18

  12. Benchmark of Stream Processing Systems Benchmark architecture Corresponds to a typical deployment architecture of the distributed stream processing systems. Utilization of the Kafka as the messaging system. Two environments: a) single host and b) multiple hosts . Performance Benchmark of Stream Processing Systems Page 9 / 18

  13. Benchmark Results Performance Benchmark of Stream Processing Systems Page 10 / 18

  14. Testbed Configuration Common configuration of nodes � Xeon R � E5-2670 (16/32 HT cores in total), 2 x Intel R 192 GB 1600M MHz RDIMM ECC RAM, 2 x HDD 600 GB SAS 10k RPM, 2,5" (RAID1), 10 Gbit/s network connection, 1 Gbit/s virtual NICs. Virtual machines configuration Type vCPUs Memory Hard Drive 32 128 GB 300 GB vm_large vm_normal 16 64 GB 300 GB 8 32 GB 300 GB vm_medium 4 16 GB 300 GB vm_small Performance Benchmark of Stream Processing Systems Page 10 / 18

  15. Benchmark Results One vm_large node (32 vCPUs in total) 3 000 k Storm Spark 2 500 k Samza Throughput [ fl ow/s] 2 000 k 1 500 k 1 000 k 500 k 0 I F C A T S d i o g o Y e l t u g p N n e t r n r N e D i t t g y o a S t i o n Samza provides almost constant throughput for all operations. Strom and Spark decreases to 700 k fl ows/s. Throughput slowdown probably caused by shu ffl ing of incoming messages, which led to input socket overloading. Performance Benchmark of Stream Processing Systems Page 11 / 18

  16. Benchmark Results One vm_normal node (16 vCPUs in total) 3 000 k Storm Spark 2 500 k Samza Throughput [ fl ow/s] 2 000 k 1 500 k 1 000 k 500 k 0 I F C A T S d i o Y e l o g t u g p N n e n r t r N D i t e t g o y a S t i o n Lower computational resources reduce the internal data processing speed and shuffling of messages. Input socket not overloaded. Significant increase in Spark throughput. Performance Benchmark of Stream Processing Systems Page 12 / 18

  17. Benchmark Results Four vm_medium nodes (32 vCPUs in total) 3 000 k Storm Spark 2 500 k Samza Throughput [ fl ow/s] 2 000 k 1 500 k 1 000 k 500 k 0 I F C A T S d i o Y e l o g t u g p N n e n r t r N D i t e t g o y a S t i o n Systems are better adapted to deployment in a cluster mode. Spark provides similar throughput as Samza. Large throughput variance probably caused by the network load or systems errors. Performance Benchmark of Stream Processing Systems Page 13 / 18

  18. Benchmark Results Four vm_small nodes (16 vCPUs in total) 3 000 k Storm Spark 2 500 k Samza Throughput [ fl ow/s] 2 000 k 1 500 k 1 000 k 500 k 0 I F C A T S d i o g o Y e l t u p N n e g r n r t e N D i t t g y o a S t i o n No increase in data processing speed. Throughput of Storm reduced by half. Samza, deployed on 32 vCPUs was probably limited by a network bandwidth saturation. Performance Benchmark of Stream Processing Systems Page 14 / 18

  19. Benchmark Summary Benchmarked systems are able to process at least 500 k fl ows/s. Spark and Samza o ff er much higher throughput than Storm. Possibility of a higher throughput using more e ffi cient data format than JSON (MessagePack). Hight throughput on single node o ff ers to combine stream processing with standard fl ow processing tools like NFDUMP. Each of tested systems have speci fi c behaviour depending on the cluster setup. Samza has the best throughput but restricts number of partitions to number of available cores. Performance Benchmark of Stream Processing Systems Page 15 / 18

  20. Framework for Real-time Analysis of NetFlow Data Performance Benchmark of Stream Processing Systems Page 16 / 18

  21. Real-time Analysis of NetFlow Data Framework for the real-time generation of network traffic statistics using Apache Spark Streaming. Possibility to implement the same basic methods for fl ow data analysis. Will be presented on the Demo Session on Thursday. Performance Benchmark of Stream Processing Systems Page 16 / 18

  22. Conclusion Proposed the novel performance benchmark of a fl ow data analysis on distributed stream processing systems. Testing using real network traffic dataset and common data analysis operations. Only Samza and Spark provides a high-enough fl ow throughput. The benchmark source code and dataset preparations scripts are available on: https://is.muni.cz/repo/1323006 Performance Benchmark of Stream Processing Systems Page 17 / 18

  23. A PERFORMANCE BENCHMARK FOR NETFLOW DATA ANALYSIS ON DISTRIBUTED STREAM PROCESSING SYSTEMS Milan Čermák cermak@ics.muni.cz

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

belgium @ 2015 milan universal exposition belgium @ 2015 milan universal exposition 2015 milan

belgium @ 2015 milan universal exposition belgium @ 2015 milan universal exposition 2015 milan

belgium @ 2015 milan universal exposition belgium @ 2015 milan universal exposition 2015 milan universal exposition 0 5 a u e sa e pos t o Key facts and Expo Milano 2015 Targets: - 6 month event 6 th t - 20 million visitors - 1 billion

730 views • 23 slides
MILAN FOOD POLICY making our food system more sustainable and inclusive Andrea Magarini Milan

MILAN FOOD POLICY making our food system more sustainable and inclusive Andrea Magarini Milan

MILAN FOOD POLICY making our food system more sustainable and inclusive Andrea Magarini Milan Food Policy coordinator City of Milan 51 CITIES of EUROCITIES WORKING GROUP FOOD Ghent 2019 Montpellier 2019 MILAN FOOD SYSTEM 2014,

436 views • 20 slides
S.p.A. Via A. Fogazzaro n. 28, Milan, Italy Registry of Companies of Milan, Italy: No.

S.p.A. Via A. Fogazzaro n. 28, Milan, Italy Registry of Companies of Milan, Italy: No.

S.p.A. Via A. Fogazzaro n. 28, Milan, Italy Registry of Companies of Milan, Italy: No. 10115350158 (Incorporated under the laws of Italy as a joint-stock company) (Stock Code: 1913) 2011 Interim Report PRADA Group CONTENTS The Group 4

1.52k views • 132 slides
MS Mathematics Milan eum , SDE Milan Novakovi, SDE Marija Aimovi, PM Math Team,

MS Mathematics Milan eum , SDE Milan Novakovi, SDE Marija Aimovi, PM Math Team,

MS Mathematics Milan eum , SDE Milan Novakovi, SDE Marija Aimovi, PM Math Team, Microsoft Development Center Serbia Agenda MDCS Math Projects Math engine Word & OneNote Add-Ins Mathematics v4 standalone app

527 views • 31 slides
Bechara George Mfarrej Bechara George Mfarrej ESR 8 Milan ESR 8 Milan M.Sc. Molecular Biology in

Bechara George Mfarrej Bechara George Mfarrej ESR 8 Milan ESR 8 Milan M.Sc. Molecular Biology in

Bechara George Mfarrej Bechara George Mfarrej ESR 8 Milan ESR 8 Milan M.Sc. Molecular Biology in Beirut ( 2004 ) 2 -year experience in Boston ( 2009-2011 ): Basic science projects: transplant and pregnancy mouse models

847 views • 3 slides
The PROIEL corpora Dag Trygve Truslew Haug Milan, 4 June 2019 Dag Haug PROIEL Milan, 4 June

The PROIEL corpora Dag Trygve Truslew Haug Milan, 4 June 2019 Dag Haug PROIEL Milan, 4 June

The PROIEL corpora Dag Trygve Truslew Haug Milan, 4 June 2019 Dag Haug PROIEL Milan, 4 June 2019 1 / 23 The background A corpus for linguists: focus on making the most of a limited data set for linguistic research Dag Haug PROIEL Milan,

574 views • 41 slides
Operator-theoretic methods for prediction and control of nonlinear dynamical systems Milan Milan

Operator-theoretic methods for prediction and control of nonlinear dynamical systems Milan Milan

Operator-theoretic methods for prediction and control of nonlinear dynamical systems Milan Milan Kor Korda da Big picture Infinite-dimensional Lifting Approximation Linear object Difficult to handle Finite-dimensional Nonlinear object

1.06k views • 90 slides
FY 2018 Results Presentation FY 2017 Results Presentation Milan, 12 th March 2019 Milan, 24 th

FY 2018 Results Presentation FY 2017 Results Presentation Milan, 12 th March 2019 Milan, 24 th

FY 2018 Results Presentation FY 2017 Results Presentation Milan, 12 th March 2019 Milan, 24 th April 2018 Transaction summary and rationale February 2019 FY 2017 Results Presentation Audience & Advertising Milan, 24 th April 2018

504 views • 24 slides
How do I RE object oriented code (and you should too) Milan Bohacek REcon 2014 .short bio

How do I RE object oriented code (and you should too) Milan Bohacek REcon 2014 .short bio

How do I RE object oriented code (and you should too) Milan Bohacek REcon 2014 .short bio Milan is PhD student at Charles University in Prague Part time malware analyst at avast! software IDA enthusiast without working

521 views • 17 slides
A linear-algebraic criterion for indecomposable generalized permutohedra y 1 s Kroupa 2 Milan

A linear-algebraic criterion for indecomposable generalized permutohedra y 1 s Kroupa 2 Milan

A linear-algebraic criterion for indecomposable generalized permutohedra y 1 s Kroupa 2 Milan Studen Tom a 1 Institute of Information Theory and Automation of the CAS Prague, Czech Republic 2 Department of Mathematics, University of Milan

505 views • 27 slides
COMPANY PRESENTATI ON Analyst meeting Milan, April 8 2008 REALTY VAI LOG S.p.A. is listed on the

COMPANY PRESENTATI ON Analyst meeting Milan, April 8 2008 REALTY VAI LOG S.p.A. is listed on the

COMPANY PRESENTATI ON Analyst meeting Milan, April 8 2008 REALTY VAI LOG S.p.A. is listed on the Milan Stock Exchange (Mercato Expandi) RLT.MI DI SCLAI MER This document has been prepared solely for the use at investors and analysts

761 views • 56 slides
Business Networking Week in Italy BNWI - Milan, September 10-14, 2018 1 About the E4Impact

Business Networking Week in Italy BNWI - Milan, September 10-14, 2018 1 About the E4Impact

Business Networking Week in Italy BNWI - Milan, September 10-14, 2018 1 About the E4Impact Foundation E4Impact is a spin off of Universit Cattolica del Sacro Cuore (UCSC) of Milan , the largest private University in EU. It offers

686 views • 13 slides
Non-conflicting and Conflicting Parts of Belief Functions Milan Daniel Institute of Computer

Non-conflicting and Conflicting Parts of Belief Functions Milan Daniel Institute of Computer

Non-conflicting and Conflicting Parts of Belief Functions Milan Daniel Institute of Computer Science Academy of Sciences of the Czech Republic milan.daniel@cs.cas.cz ISIPTA11: the 7th International Symposium on Imprecise Probability:

702 views • 16 slides
Being and Time (Final Fantasy Edition) Guglielmo Feis - Universit degli Studi di Milano, Milan.

Being and Time (Final Fantasy Edition) Guglielmo Feis - Universit degli Studi di Milano, Milan.

Being and Time (Final Fantasy Edition) Guglielmo Feis - Universit degli Studi di Milano, Milan. Jacopo Tagliabue - iLabs, Milan. The Philosophy of Computer Games Bergen 2013 Coauthored with... Sorely missed as well Plan of the talk 1.

488 views • 19 slides
How to reacH tHe republic of San Marino POPULATION: 32.500 AREA: 61 Kmq CURRENCY: Euro MILAN

How to reacH tHe republic of San Marino POPULATION: 32.500 AREA: 61 Kmq CURRENCY: Euro MILAN

How to reacH tHe republic of San Marino POPULATION: 32.500 AREA: 61 Kmq CURRENCY: Euro MILAN LANGUAGE: Italian BOLOGNA RAVENNA DISTANCE FROM THE MAIN RIMINI SAN MARINO ITALIAN CITIES: ANCONA Rome Km 400 Milan Km 350 Bologna 130 Km

388 views • 24 slides
Business Networking Week in Italy - II Edition Milan, February 24-28, 2020 1 About the E4Impact

Business Networking Week in Italy - II Edition Milan, February 24-28, 2020 1 About the E4Impact

Business Networking Week in Italy - II Edition Milan, February 24-28, 2020 1 About the E4Impact Foundation E4Impact Foundation is a spin off of Universit Cattolica del Sacro Cuore of Milan which contributes to the development of African

443 views • 9 slides
MECHANISMS OF ACTION FOR CONTROL OF SOILBORNE PATHOGENS BY HIGH NITROGEN-CONTAINING SOIL

MECHANISMS OF ACTION FOR CONTROL OF SOILBORNE PATHOGENS BY HIGH NITROGEN-CONTAINING SOIL

MECHANISMS OF ACTION FOR CONTROL OF SOILBORNE PATHOGENS BY HIGH NITROGEN-CONTAINING SOIL AMENDMENTS. Mario Tenuta and George Lazarovits *, Agriculture and Agri-food Canada, Southern Crop Protection and Food Research Centre, 1391 Sandford St.,

432 views • 9 slides
INSTITUTION STEM and SBS NSF ADVANCE Third Year Site Visit March 2-3, 2015 OUTLINE CHARGE

INSTITUTION STEM and SBS NSF ADVANCE Third Year Site Visit March 2-3, 2015 OUTLINE CHARGE

TRANSFORMING U.Va. CHARGE JEFFERSONS Structured conversations and re- imagined spaces: effecting systemic change for women in INSTITUTION STEM and SBS NSF ADVANCE Third Year Site Visit March 2-3, 2015 OUTLINE CHARGE Overview

560 views • 35 slides
Full-Year Result 2017 Susan Duinhoven , President and CEO Markus Holm , CFO & COO 8 February

Full-Year Result 2017 Susan Duinhoven , President and CEO Markus Holm , CFO & COO 8 February

Full-Year Result 2017 Susan Duinhoven , President and CEO Markus Holm , CFO & COO 8 February 2018 Before we start: Adjustments and Discontinued operations In July 2017, Sanoma divested its Dutch In January 2018 Sanoma announced an FTA TV

817 views • 32 slides
2019 LEGISLATIVE SESSION HIGHLIGHTS PRESENTED BY UTAH CHARTER NETWORK | KIM FRANK HIGHLIGHTED

2019 LEGISLATIVE SESSION HIGHLIGHTS PRESENTED BY UTAH CHARTER NETWORK | KIM FRANK HIGHLIGHTED

2019 LEGISLATIVE SESSION HIGHLIGHTS PRESENTED BY UTAH CHARTER NETWORK | KIM FRANK HIGHLIGHTED BILLS OF SIGNIFICANCE TO CHARTER SCHOOLS HB118** Incentives for Statewide Assessment Performance Rep. Mike Winder Allows a teacher to use a

643 views • 5 slides
21 August 2017 Disclaimer THIS ANNOUNCEMENT CONTAINS INSIDE INFORMATION FOR THE PURPOSES OF

21 August 2017 Disclaimer THIS ANNOUNCEMENT CONTAINS INSIDE INFORMATION FOR THE PURPOSES OF

H1 2017 Interim Results Presentation 21 August 2017 Disclaimer THIS ANNOUNCEMENT CONTAINS INSIDE INFORMATION FOR THE PURPOSES OF ARTICLE 7 OF REGULATION (EU) NO 596/2014 NOT FOR RELEASE, PUBLICATION OR DISTRIBUTION, IN WHOLE OR IN PART, IN OR

415 views • 16 slides
Spark Code Camp Discover Spark Streaming & Spark SQL Project Overview Focus on Spark

Spark Code Camp Discover Spark Streaming & Spark SQL Project Overview Focus on Spark

Spark Code Camp Discover Spark Streaming & Spark SQL Project Overview Focus on Spark Streaming and Spark SQL Explored Streaming API of Apache Spark on Ukko Cluster Window based Stream Content Direct Stream content

221 views • 9 slides
A. Takada (ISAS/JAXA), T. Tanimori, H. Kubo, K. Miuchi, S. Kabuki, Y. Kishimoto, J. Parker, H.

A. Takada (ISAS/JAXA), T. Tanimori, H. Kubo, K. Miuchi, S. Kabuki, Y. Kishimoto, J. Parker, H.

A. Takada (ISAS/JAXA), T. Tanimori, H. Kubo, K. Miuchi, S. Kabuki, Y. Kishimoto, J. Parker, H. Nishimura, K. Hattori, K. Ueno, S. Kurosawa, S. Iwaki, C. Ida, M. Takahashi, T. Sawano, K. Taniue, K. Nakamura, N. Higashi (Kyoto Univ.)

484 views • 23 slides
D-Branes and AdS/CFT Junaid Saif Khan Supervised by: Dr. Babar A. Qureshi MS mid-year

D-Branes and AdS/CFT Junaid Saif Khan Supervised by: Dr. Babar A. Qureshi MS mid-year

Relativistic Strings Superstrings D-Branes T-dualities Proposed Work References D-Branes and AdS/CFT Junaid Saif Khan Supervised by: Dr. Babar A. Qureshi MS mid-year presentation LUMS Lahore University of Management Sciences , Pakistan

645 views • 37 slides

More recommend