some observations of internet stream lifetimes
play

Some Observations of Internet Stream Lifetimes CAIDA/WIDE, Los - PowerPoint PPT Presentation

Feb 21, 2023 •215 likes •431 views

Some Observations of Internet Stream Lifetimes CAIDA/WIDE, Los Angeles, 12 Mar 05 Nevil Brownlee CAIDA and The University of Auckland Internet Stream Lifetimes, CAIDA/WUDE 05 p.1/20 Overview Introduction, traffic flows Streams, stream

  1. Some Observations of Internet Stream Lifetimes CAIDA/WIDE, Los Angeles, 12 Mar 05 Nevil Brownlee CAIDA and The University of Auckland Internet Stream Lifetimes, CAIDA/WUDE 05 – p.1/20

  2. Overview Introduction, traffic flows Streams, stream density plots (packets and bytes) NeTraMet: implementation, performance Streams and packets at Auckland Usage metering, strategies to reduce meter overhead Effect of ignoring small streams Conclusion Internet Stream Lifetimes, CAIDA/WUDE 05 – p.2/20

  3. Introduction A traffic flow is an abstraction representing the set of packets involved in some network activity There are two main classes of flows CPB (unidirectional, 5-tuple, fixed timeout). Also known as microflows RTFM (bidirectional, general, fixed timeout). User writes a ruleset to specify flows using values for a large set of attributes , and specifying direction Streams are subsets of RTFM flows (bidirectional, 5-tuple, dynamic timeout) more details later . . . Internet Stream Lifetimes, CAIDA/WUDE 05 – p.3/20

  4. Traffic rate plots Count bytes in five flows for different kinds of traffic Match packets on protocol and port number: SSL = TCP 443, web = TCP 80, nw TCP = other TCP ports UDP = all UDP , other = all other protocols Auckland inbound bytes by kind, stacked bar plots, 1-2 Oct 04 NZST) BB2 ’to’ bytes by kind, stacked bar plots, 5-6 Dec 03 (PST) Mb/s Mb/s 20 800 750 700 650 15 600 550 500 450 10 400 350 300 250 5 200 150 100 50 0 0 00:00 06:00 12:00 18:00 00:00 06:00 12:00 18:00 00:00 18:00 21:00 00:00 03:00 06:00 09:00 12:00 15:00 18:00 10/01 10/01 10/01 10/01 10/02 10/02 10/02 10/02 10/03 12/05 12/05 12/06 12/06 12/06 12/06 12/06 12/06 12/06 local time local time SSL web nw TCP UDP other SSL web nw TCP UDP other Ca Backbone, 6 Dec 03 (PST) U Auckland, 1-2 Oct 04 (NZST) Internet Stream Lifetimes, CAIDA/WUDE 05 – p.4/20

  5. Streams – why are they useful? Streams allow NeTraMet to compute metrics for components of flows, e.g. RTTs and IATs NeTraMet can return distributions of those metrics as attributes for such flows For the stream-distribution attributes .. lifetimes < = 15m are counted directly longer streams are treated as fl ows; we sum their data each interval to produce distributions with lifetimes up to 30,000s ( ≈ 8h) The five different kinds are summed to produce ‘total traffic’ distributions at 10m intervals Internet Stream Lifetimes, CAIDA/WUDE 05 – p.5/20

  6. Stream & byte density vs lifetime plots Cumulative distributions, totals vs stream lifetime at PAIX, Fri 12 Dec 03 (PST) Cumulative distributions, totals vs stream lifetime at Auckland, 1-2 Oct 04 (NZST) % 100 % 100 inbound streams total inbound bytes total 90 90 80 80 70 70 60 60 50 50 40 40 30 30 20 20 10 10 outbound streams total outbound bytes total 0 0 0.01 0.1 1 10 100 1000 10000 0.01 0.1 1 10 100 1000 10000 stream lifetime (s) stream lifetime (s) Ca Backbone, 6 Dec 03 (PST) U Auckland, 1-2 Oct 04 (NZST) At both sites, 95% of streams last ≤ 10s At U Auckland, up to 65% of the bytes are in streams ≤ 10s On the Ca backbone, only 20% of the bytes are in streams ≤ 10s, and about 60% of the bytes are in streams ≤ 1000s! Internet Stream Lifetimes, CAIDA/WUDE 05 – p.6/20

  7. NeTraMet implementation details NeTraMet is an RTFM meter – user must write ruleset(s) that specify: which flows to count which end-point is the source how much detail is to be reported Uses stream caching: does flow matching for first packet of stream, saves flow number(s) uses cached flow number(s) for later packets can’t cache for rulesets that use non-5-tuple attributes usually gets ≈ 90% cache hit rate Internet Stream Lifetimes, CAIDA/WUDE 05 – p.7/20

  8. NeTraMet performance 1 Gb/s testbed, 1-processor meter, 1 DAG card 1500B frames, 1000Mb/s traffic NeTraMet sees 164 kp/s, reports 996.6 Mb/s 128B frames, 130 Mb/s of traffic NeTraMet sees 219 kp/s, reports 123.2 Mb/s Higher frames rate cause meter to ignore packets if they’re sustained for more than a second or two OC48 backbone, 2-processor meter, 2 DAG cards 600 Mb/s traffic NeTraMet sees 215 kp/s, no lost packets Tests performed in 2003 and 2004. Working on further speed improvements Internet Stream Lifetimes, CAIDA/WUDE 05 – p.8/20

  9. Streams vs time at Auckland Packets and Active Streams each second at Auckland, Fri 1 - Sat 2 Oct 04 (NZST) packet/s count active streams 100000 10000 1000 100 04:00 08:00 12:00 16:00 20:00 00:00 04:00 10/01 10/01 10/01 10/01 10/01 10/02 10/02 local time ⋆ Stream numbers follow the packet rate ⋆ Peak around midnight, 2 Oct, was not part ⋆ High spikes about every 3 hours of the diurnal pattern – it didn’t recur Internet Stream Lifetimes, CAIDA/WUDE 05 – p.9/20

  10. Details of Auckland stream spikes Packets and Active Streams each second at Auckland, on Fri 1 Oct 04 (NZST) count 100000 packet/s active streams 10000 1000 16:26 16:28 16:30 16:32 16:34 16:36 16:38 16:40 16:42 16:44 local time count 100000 packet/s active streams 10000 1000 21:16 21:18 21:20 21:22 21:24 21:26 21:28 21:30 21:32 21:34 local time ⋆ Note that increase in streams ≫ increase in packet rate! Internet Stream Lifetimes, CAIDA/WUDE 05 – p.10/20

  11. Usage metering at Auckland High peaks in stream numbers load the meter, especially if many of them map to new flows Such peaks load the meter reader (data collection system) too We want to understand the peaks so that we can summarise them as special kinds of flow To start with, what is the effect of ignoring streams ≤ K packets in size? What % of bytes are ignored for various K values? Internet Stream Lifetimes, CAIDA/WUDE 05 – p.11/20

  12. Auckland byte density vs stream packets Cumulative % bytes vs Stream Size (packets), Auckland, Fri 1 Oct 04 (NZST) % 100 outbound bytes v pkts inbound bytes v pkts 90 80 70 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 packets ⋆ Three hours of data, 10-minute intervals ⋆ But one interval looks different !? ⋆ Seems safe to ignore streams ≤ 6 packets Internet Stream Lifetimes, CAIDA/WUDE 05 – p.12/20

  13. Intervals with high small-stream % Inbound rate UDP non-web web SSL other 2110 0.15 2.91 8.85 0.51 0.03 2120 1.66 2.23 10.15 0.52 0.04 2130 0.21 1.37 9.86 0.50 1.09 Outbound rate UDP nonweb web SSL other 2110 0.10 1.47 3.31 0.73 0.03 2120 0.10 0.92 3.34 0.850 0.03 2130 0.10 3.71 3.54 0.859 0.07 Tables show Mb/s rate for each traffi c kind Seldom saw low outbound non-web TCP , often saw high inbound UDP High inbound UDP rate most small streams don’t generate a response those that do dominate outbound traffi c Internet Stream Lifetimes, CAIDA/WUDE 05 – p.13/20

  14. Auckland in+out byte density Cumulative % bytes vs Stream Size (packets), Auckland, 1-2 Oct 04 (NZST) % 100 in+out bytes v pkts 90 80 70 60 50 40 30 20 10 0 0 5 10 15 20 25 30 35 40 packets ⋆ Two days of data, 10-minute intervals ⋆ Need to understand the small streams ⋆ ‘Outlier’ traces similar to previous plot ⋆ Can’t just focus on the elephants Internet Stream Lifetimes, CAIDA/WUDE 05 – p.14/20

  15. What happens if we ignore small streams? Packets and Active Streams each second at Auckland, Thu 7 - Fri 8 Oct 04 (NZDT) packet/s count active flows 100000 active streams 10000 1000 100 16:00 20:00 00:00 04:00 08:00 12:00 10/07 10/07 10/08 10/08 10/08 10/08 local time ⋆ Similar to earlier plot ⋆ Flows track streams, no spikes ⋆ Here we show number of fl ⋆ Confi rms that spikes come from short streams ows too Internet Stream Lifetimes, CAIDA/WUDE 05 – p.15/20

  16. Ignoring small streams – detail plot Packets and Active Streams each second at Auckland, Thu 7 - Fri 8 Oct 04 (NZDT) packet/s count active flows 100000 active streams 10000 1000 100 22:00 22:30 23:00 23:30 00:00 00:30 01:00 10/07 10/07 10/07 10/07 10/08 10/08 10/08 local time ⋆ Flows build up during interval, ⋆ Average number of fl ows remains stable then drop when meter is read even during stream spikes Internet Stream Lifetimes, CAIDA/WUDE 05 – p.16/20

  17. Counting the ignored packets We modified the NeTraMet meter to count bytes from ignored streams Counts are in LtMinStreamPDUs and LtMinStreamOctets distributions, held in a special LtMin flow We plotted the sum of these distributions for two days of 10-minute intervals . . . Internet Stream Lifetimes, CAIDA/WUDE 05 – p.17/20

  18. Packets & bytes ignored in small streams % packets and bytes ignored at Auckland, Mon 14 - Tue 15 Dec 04 (NZDT) % ignored byte % 30 ignored packet % 10 3 1 0.3 00:00 04:00 08:00 12:00 16:00 20:00 00:00 12/15 12/15 12/15 12/15 12/15 12/15 12/16 local time ⋆ Ignored bytes below 2% except during spikes ⋆ Less than 7% of intervals ⋆ Ignored packets stays below 10% similarly (about 1 in 15) are spikes Internet Stream Lifetimes, CAIDA/WUDE 05 – p.18/20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Observations of Large Amplitude, Monochromatic Whistlers at Stream Interaction Regions 1. A. W.

Observations of Large Amplitude, Monochromatic Whistlers at Stream Interaction Regions 1. A. W.

Observations of Large Amplitude, Monochromatic Whistlers at Stream Interaction Regions 1. A. W. Breneman, C. Cattell, S. Schreiner, K. Kersten, L.B. Wilson III, P. Kellogg, K. Goetz 2. L.K. Jian 1. School of Physics and Astronomy, University of

483 views • 23 slides
Assessing stream and riparian conditions Stream Habitat Assessment Conducted yearly

Assessing stream and riparian conditions Stream Habitat Assessment Conducted yearly

Assessing stream and riparian conditions Stream Habitat Assessment Conducted yearly Document all observations Pictures, pictures and more pictures! 2 Transect 3 Stream Reach 4 Stream Habitat Type 5 Riffle 6 Run 7 Pool 8

438 views • 30 slides
Gulf Stream effects on the NAO: Theory, modeling and observations M. Ghil 1 , 2 , E. Simonnet 3 ,

Gulf Stream effects on the NAO: Theory, modeling and observations M. Ghil 1 , 2 , E. Simonnet 3 ,

Gulf Stream effects on the NAO: Theory, modeling and observations M. Ghil 1 , 2 , E. Simonnet 3 , Y. Feliks 1 , 4 1 Dept. of Atmospheric and Oceanic Sciences and IGPP , UCLA, USA. 2 Geosciences Dept. and LMD (CNRS and IPSL), ENS, Paris. 3 Institut

334 views • 16 slides
Rcpp at 1000 Reverse Depends: Some Observations 2/23 More a stream of consiousness Outline

Rcpp at 1000 Reverse Depends: Some Observations 2/23 More a stream of consiousness Outline

Dirk Eddelbuettel DSC 2017 July 3, 2017 Ketchum Trading; Debian and R Projects 1/23 Rcpp at 1000 Reverse Depends: Some Observations 2/23 More a stream of consiousness Outline Some Notes about Rcpp, ever so briefly about testing

1.31k views • 23 slides
HEs Observations on Internet Exchange Point Management Tim Denton Hurricane Electric

HEs Observations on Internet Exchange Point Management Tim Denton Hurricane Electric

HEs Observations on Internet Exchange Point Management Tim Denton Hurricane Electric ENOG-10 Background Hurricane Electric (HE) participates in more than 100 Internet exchanges around the world. Im here to present our experiences and

410 views • 21 slides
HEs Observations on Internet Exchange Point Management Timothy Denton MENOG March 2016

HEs Observations on Internet Exchange Point Management Timothy Denton MENOG March 2016

HEs Observations on Internet Exchange Point Management Timothy Denton MENOG March 2016 Background Hurricane Electric (HE) participates in more than 100 Internet exchanges around the world. Im here to present our

656 views • 21 slides
MillWheel: Fault Tolerant Stream Processing at Internet Scale Presented by Rui Zhang October

MillWheel: Fault Tolerant Stream Processing at Internet Scale Presented by Rui Zhang October

MillWheel: Fault Tolerant Stream Processing at Internet Scale Presented by Rui Zhang October 28, 2013 What is MillWheel? Stream processing framework Simple programming models User specified directed computation graph Fault

670 views • 27 slides
HEs Observations on Internet Exchange Point Management Timothy Denton Hurricane Electric

HEs Observations on Internet Exchange Point Management Timothy Denton Hurricane Electric

HEs Observations on Internet Exchange Point Management Timothy Denton Hurricane Electric APRICOT February 2016 Background Hurricane Electric (HE) participates in more than 100 Internet exchanges around the world. Im here to present

621 views • 21 slides
Atmospheric Lifetimes of CFC-11 and NF 3 : Temperature dependent UV absorption cross sections Max

Atmospheric Lifetimes of CFC-11 and NF 3 : Temperature dependent UV absorption cross sections Max

Atmospheric Lifetimes of CFC-11 and NF 3 : Temperature dependent UV absorption cross sections Max R. McGillen 1,2 , V.C. Papadimitriou 1,2, , E.L. Fleming 3 , C.H. Jackman 3 , and J.B. Burkholder 1 1 Earth System Research Laboratory, Chemical

329 views • 19 slides
An Internet-wide Distributed System for Data-stream Processing Gabriel Parmer, Richard West, Xin

An Internet-wide Distributed System for Data-stream Processing Gabriel Parmer, Richard West, Xin

An Internet-wide Distributed System for Data-stream Processing Gabriel Parmer, Richard West, Xin Qi, Gerald Fry, and Yuting Zhang Boston University Boston, MA gabep1@cs.bu.edu Computer Science Introduction Computer Science Internet

113 views • 10 slides
As Semiconductor Devices Shrink so do their Reliability and Lifetimes National Software and

As Semiconductor Devices Shrink so do their Reliability and Lifetimes National Software and

As Semiconductor Devices Shrink so do their Reliability and Lifetimes National Software and Airborne Electronic Hardware Standardization Conference August 20-21 Denver, CO Lloyd Condra, Boeing Gary Horan, FAA Bill Scofield, Boeing Outline

316 views • 21 slides
Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas

Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas Mller Internet Protocol Stack The Internet

462 views • 30 slides
Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas

Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas

Chair for Network Architectures and Services Department of Informatics Technische Universitt Mnchen Video Streaming with the Stream Control Transmission Protocol (SCTP) Lothar Braun, Andreas Mller Internet Protocol Stack The Internet

1.09k views • 31 slides
QUIC Quick UDP Internet Connections Multiplexed Stream Transport over UDP IETF-88 TSV Area

QUIC Quick UDP Internet Connections Multiplexed Stream Transport over UDP IETF-88 TSV Area

QUIC Quick UDP Internet Connections Multiplexed Stream Transport over UDP IETF-88 TSV Area Presentation 2013-11-7 Presentation by Jim Roskind &lt;jar@&gt; Google Corp What is QUIC? Effectively replaces TLS and TCP out from under SPDY

671 views • 25 slides
B hadron lifetimes in CMS data Jhovanny Mejia , C. Duran, M. Ramirez, I. Heredia, E. De La

B hadron lifetimes in CMS data Jhovanny Mejia , C. Duran, M. Ramirez, I. Heredia, E. De La

B hadron lifetimes in CMS data Jhovanny Mejia , C. Duran, M. Ramirez, I. Heredia, E. De La Cruz-Burelo Cinvestav IPN, Physics department High Energy Physics Group 1 / 16 Introduction All work presented here is in progress We make the

488 views • 16 slides
? sync ref chosen as sync source by Listener Stream B: Presentation Stream C: timestamps

? sync ref chosen as sync source by Listener Stream B: Presentation Stream C: timestamps

Nominal Media Clock: Ts (implicit, not distributed) Stream A: ? sync ref chosen as sync source by Listener Stream B: Presentation Stream C: timestamps Stream D: from different Talkers A-F Stream E: Listener must Stream F: align

57 views • 3 slides
1 Open loop flow control Hard problems Traffic descriptors Two phases to flow Two phases to

1 Open loop flow control Hard problems Traffic descriptors Two phases to flow Two phases to

Flow control problem Other considerations Consider file transfer Consider file transfer Simplicity Simplicity Sender sends a stream of packets representing fragments of a Sender sends a stream of packets representing fragments of a

486 views • 9 slides
Constrained rigid body Collision detection Contact point Colliding contact

Constrained rigid body Collision detection Contact point Colliding contact

Constrained rigid body Collision detection Contact point Colliding contact Resting contact Friction Collision detection Determine whether the collision occurs within a numerical tolerance Determine all pairs of

596 views • 56 slides
STANCE : un outil d'analyse de contrexemples inspir du test Kalou Cabrera Castillos, Hlne

STANCE : un outil d'analyse de contrexemples inspir du test Kalou Cabrera Castillos, Hlne

STANCE : un outil d'analyse de contrexemples inspir du test Kalou Cabrera Castillos, Hlne Waeselynck, Virginie Wiels FMF T est et mthodes formelles, 16 juin 2015, T oulouse In a nutshell Lightweight verifjcation:

328 views • 21 slides
Interval Selection in the Streaming Model Sergio Cabello, Pablo P erez-Lantero University of

Interval Selection in the Streaming Model Sergio Cabello, Pablo P erez-Lantero University of

Interval Selection in the Streaming Model Sergio Cabello, Pablo P erez-Lantero University of Ljubljana (Slovenia), Universidad de Santiago, USACH (Chile) ADGO 2016 Cabello and P erez-Lantero (Uni-Lj and USACH) Interval Selection in the

700 views • 37 slides
System Services (CLASS) Webinar Thursday 27 June 2013 Steve Cox Head of Future Networks What

System Services (CLASS) Webinar Thursday 27 June 2013 Steve Cox Head of Future Networks What

Customer Load Active System Services (CLASS) Webinar Thursday 27 June 2013 Steve Cox Head of Future Networks What we will cover today Objectives why are we here? Electricity North West who are we? The UK energy and

553 views • 20 slides
Exploring Complex Energy Networks Florian D orfler @ETH for Complex Systems Control

Exploring Complex Energy Networks Florian D orfler @ETH for Complex Systems Control

Exploring Complex Energy Networks Florian D orfler @ETH for Complex Systems Control sense actuate speed throttle compute 1 / 22 @ETH for Complex Systems Control system c ontrol Simple control systems are well

394 views • 36 slides
CLASS Customer Load Active System Services Victoria Turnham LCNI conference, Brighton Session

CLASS Customer Load Active System Services Victoria Turnham LCNI conference, Brighton Session

CLASS Customer Load Active System Services Victoria Turnham LCNI conference, Brighton Session 1.3.2 - HV Technologies 13 November 2013 1 Customer Load Active System Services Maximise use of existing assets Offer new Innovative services

408 views • 14 slides
Batch Mode Active Learning and Its Application to Medical Image Classification ICML 2006 S. Hoi,

Batch Mode Active Learning and Its Application to Medical Image Classification ICML 2006 S. Hoi,

Introduction A Framework of Batch Mode Active learning Efficient Algorithms for Batch Mode Active Learning Experimental Result Conclusion Batch Mode Active Learning and Its Application to Medical Image Classification ICML 2006 S. Hoi, R.

574 views • 56 slides

More recommend