Abstract
This paper presents the design of a next generation network traffic monitoring and analysis system, called NG-MON (Next Generation MONitoring), for high-speed networks such as 10 Gbps and above. Packet capturing and analysis on such high-speed networks is very difficult using traditional approaches. Using distributed, pipelining and parallel processing techniques, we have designed a flexible and scalable monitoring and analysis system, which can run on off-the-shelf, cost-effective computers. The monitoring and analysis task in NG-MON is divided into five phases; packet capture, flow generation, flow store, traffic analysis, and presentation. Each phase can be executed on separate computer systems and cooperates with adjacent phases using pipeline processing. Each phase can be composed of a cluster of computers wherever the system load of the phase is higher than the performance of a single computer system. We have defined efficient communication methods and message formats between phases. Numerical analysis results of our design for 10 Gbps networks are also provided.
The authors would like to thank the Ministry of Education of Korea for its financial support toward the Electrical and Computer Engineering Division at POSTECH through its BK21 program.
Chapter PDF
Similar content being viewed by others
References
K. C. Claffy, G. C. Polyzos and H. W. Braun, “Application of Sampling Methodologies to Network Traffic Characterization,” Proc. of ACM SIGCOMM, Hamilton, New Zealand, May 1993, pp. 194–203.
G. Iannaccone, C. Diot, I. Graham, N. McKeown, “Monitoring very high speed links,” Proc. of ACM SIGCOMM Internet Measurement Workshop, San Francisco, USA, November 2001, pp. 267–271.
James W. Hong, Soon-Sun Kwon and Jae-Young Kim, “WebTrafMon: Web-based Internet/Intranet Network Traffic Monitoring and Analysis System,” Computer Communications, Elsevier Science, Vol. 2214, September 1999, pp. 1333–1342.
Soon-Hwa Hong, Jae-Young Kim, Bum-Rae Cho, James W. Hong, “Distributed Network Traffic Monitoring and Analysis using Load Balancing Technology,” Proc. of 2001 Asia-Pacific Network Operations and Management Symposium, Sydney, Australia, September 2001, pp. 172–183.
Aurora, Optical Splitter, http://www.aurora.com/products/headend-OP3xSx.html.
J. Michael, H. Braun and I. Graham, “Storage and bandwidth requirements for passive Internet header traces,” Proc. of the Workshop on Network-Related Data Management 2001, Santa Barbara, California, USA, May 2001.
Siegfried Lifler, “Using Flows for Analysis and Measurement of Internet Traffic,” Diploma Thesis, Institute of Communication Networks and Computer Engineering, University of Stuttgart, 1997.
J. Quittek, T. Zseby, B. Claise, K.C. Norsth, “IPFIX Requirements,” Internet Draft, http://norseth.org/ietf/ipfix/draft-ietf-ipfix-architecture-00.txt.
CAIDA, “Preliminary Measurement Spec for Internet Routers,” http://www.caida.org/tools/measurement/meas urementspec/.
David L. Mills, Network Time Protocol, RFC 1305, IETF Nework Working Group (March 1992), http://www.ietf.org/rfc/rfc1305.txt.
K. Thompson, G. Miller, and M. Wilder, “Wide-area internet traffic patterns and charateristics,” IEEE Network, vol. 116, November-December 1997, pp. 10–23.
Rambus, RDRAM memory, http://www.rambus.com/technology/rdram_overview.html.
Luca Deri, Ntop, http://www.ntop.org.
Dave Plonka, “FlowScan: A Network Traffic Flow Reporting and Visualization Tool,” Proc. of 2000 LISA XIV, New Orleans, USA, December 2000, pp. 305–317.
Daniel W. McRobb, “cflowd design,” CAIDA, September 1998.
RRDtool, http://www.rrdtool.com.
CAIDA, ARTS++, http://www.caida.org/tools/utilities/arts/.
Cisco, “NetFlow,” http://www.cisco.com/warp/public/732/Tech/netflow/.
K. Keys, D. Moore, Y. Koga, E. Lagache, M. Tesch, and K. Claffy, “The Architecture of CoralReef: An Internet Traffic Monitoring Software Suite,” Proc. of Passive and Active Measurement Workshop 2001, Amsterdam, Netherlands, April 2001.
CAIDA, http://www.caida.org.
Sprint ATL, “IP Monitoring Project,” http://www.sprintlabs.com/Department/IP-Interworking/Monitor/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Han, SH., Kim, MS., Ju, HT., Hong, J.WK. (2002). The Architecture of NG-MON: A Passive Network Monitoring System for High-Speed IP Networks1 . In: Feridun, M., Kropf, P., Babin, G. (eds) Management Technologies for E-Commerce and E-Business Applications. DSOM 2002. Lecture Notes in Computer Science, vol 2506. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36110-3_5
Download citation
DOI: https://doi.org/10.1007/3-540-36110-3_5
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00080-8
Online ISBN: 978-3-540-36110-7
eBook Packages: Springer Book Archive