Department of Computer Science
DCS
COMSATS Institute of Information Technology
Characterizing Network Traffic
Rab Nawaz JadoonAssistant Professor
COMSATS IIT, Abbottabad
Pakistan
Telecommunication Network Design (TND)
Department of Computer Science
Characterizing Traffic Flow
Characterizing traffic flow involves identifying sources and destinations of network traffic.
Analyzing the direction and symmetry(equilibrium/ balancity) of data traveling between sources and destinations.
In some applications, the flow is bidirectional and symmetric. (Both ends of the flow send traffic at about the same rate.)
In other applications, the flow is bidirectional and asymmetric. (Clients send small queries and servers send large streams of data.)
In a broadcast application, the flow is unidirectional and asymmetric.
2
Department of Computer Science
Identifying major traffic sources and stores
To understand network traffic flow,
you should first identify user communities and data stores for existing and new applications.
User Community
A user community is a set of workers who use a particular application or set of applications.
A user community can be a corporate department or set of departments
4
Department of Computer Science
Identifying major traffic sources and stores
To document user communities, ask your customer to help you fill out the User Communities chart shown in Table below,
5
Department of Computer Science
Identifying major traffic sources and stores
Characterizing traffic flow also requires that you document major data stores.
Data Store
A data store (sometimes called a data sink) is an area in a network where application layer data resides.
A data store can be a server, a server farm, a storage-area network (SAN), a mainframe, a tape backup unit, a digital video library, or any device or component of an internetwork where large quantities of data are stored.
6
Department of Computer Science
Identifying major traffic sources and stores
To help you document major data stores, ask your customer to help you fill out Table.
7
Department of Computer Science
Traffic Behavior
To understand traffic flow behavior better, you can read Request For Comments (RFC) 2722, “Traffic Flow Measurement: Architecture.”
RFC 2722 describes an architecture for the measurement and reporting of network traffic flows.
Also discusses how the architecture relates to an overall traffic flow architecture for intranets and the Internet.
Note: You can find all RFCs online at http://www.ietf.org/rfc/rfcxxxx.txt
(where xxxx is the number of the RFC.)
8
Department of Computer Science
Traffic Flow Behavior
Measuring traffic flow behavior
It helps a network designer to determine which routers should be peers in routing protocols that use a peering system, such (BGP).
Measuring traffic flow behavior can also help network designers to do the following:
Characterize the behavior of existing networks.
Plan for network development and expansion.
Quantify network performance.
Verify the quality of network service.
Ascribe network usage to users and applications.
9
Department of Computer Science
Traffic Flow Behavior
A flow has attributes such as,
Direction, symmetry, routing path, number of packets, number of bytes, and addresses for each end of the flow.
A communicating entity can be,
An end system (host), a network, or an autonomous system (AS).
The simplest method for characterizing the size of a flow is to (MBps) between communicating entities.
10
Department of Computer Science
Traffic Flow Behavior
To characterize the size of a flow,
use a protocol analyzer or network management system to record load between important sources and destinations.
You can also use Cisco NetFlow,
which collects and measures data as it enters router and switch interfaces, including source and destination IP addresses, source and destination TCP or UDP port numbers, packet and byte counts, and so on.
11
Department of Computer Science
Traffic Flow Behavior
You can use Table below to document information about the direction and volume of traffic flows.
The objective is to document the MBps between pairs of autonomous systems, networks, hosts, and applications.
To fill out the charts, place a monitoring device in the core of the network and let it collect data for one or two days.
To fill out the Path column, you can turn on the record-route option in an IP network.
12
Department of Computer Science 13