1 / 17

Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu

A First Look at Modern Enterprise Traffic. Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu. Ruoming Pang , Mark Allman , Mike Bennett , Jason Lee , Vern Paxson , Brian Tierney Princeton University, International Computer Science Institute,

johana
Download Presentation

Report by: Loizos Konomou EL933 Fall 2005 Prof: Yong Liu

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A First Look at Modern Enterprise Traffic Report by: Loizos KonomouEL933Fall 2005Prof: Yong Liu Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, Brian Tierney Princeton University, International Computer Science Institute, Lawrence Berkeley National Laboratory (LBNL) IMC2005 http://www.usenix.org/events/imc05/tech/

  2. Enterprise Network Traffic • Internet traffic has been studied a lot • Not many studies regarding internal enterprise traffic • Study of internal network traffic of an enterprise and compare it with the wide area traffic

  3. Enterprise Network Traffic • Measurements taken at 2 Central Routers (One at a time) • Pentium 4 2.2Ghz running FreeBSD 4.10 • 4 NIC cards, capture unidirectional traffic • Measurement equipment able to capture 2 interfaces at a time • 2 subnets at a time

  4. Enterprise Network Traffic • Trace consists • Over 100 Hours of packet traces • 8000 Internal Hosts • 47000 External Hosts

  5. Goals: • Understand the makeup of internal network traffic (from the network layer to the application layer) • Gain sense of the patterns of locality • Characterize application traffic in terms of how intranet traffic differs from Internet traffic characteristics • Characterize applications heavily used inside the enterprise but rarely outside • Gain Understanding of the load being imposed on modern enterprise networks

  6. Overview of Traces

  7. Network Protocols detected in traces • IP is the dominant Layer 3 Protocol

  8. Transport Layer Protocols • TCP is dominant in Packets • UDP is dominant in connections.

  9. Application Breakdown

  10. Unicast Payload and Connections Net-file Backup Bulk Windows Windows Streaming Streaming Net-mgmt Other-tcp Other-udp name Interactive Interactive Other-udp Other-tcp Bulk WEB Net-mgmt Misc email Net-file Backup name Misc WEB email • Most traffic is internal. • Most of the external traffic is web • Most internal traffic in bytes is net-file and backup, but the number of connections for these categories are very small • Name resolution traffic small, but large number of connections

  11. Origins and Destinations • 71-79% of traffic is within the network • 2-3% originates from inside with destination outside • 6-11% originates from hosts outside with destination inside • 5-10% is multicast sourced within the network, • 4-7% is multicast sourced externally

  12. Applications • Web traffic has more external traffic than internal • Email also both internal and external • SMTP and Secure IMAP dominate the email protocols used • POP3, LDAP • Name Services • DNS, Netbios, Service Locator, RPC • Handful of servers account for most of the DNS traffic.

  13. Application Enterprise Specific Traffic • Windows Services • SMB/CIFS • NFS • NCP • DCE/RPC CIFS Breakdown

  14. Windows Services DCE/RPC Functions NFS Functions

  15. Backup Services • Veritas • Dantz • Large volume of traffic between small number of hosts.

  16. Summary • This study provides a broad view of the enterprise traffic • Limitations: • Data is specific to one Site • Each Site is unique • General Idea about internal traffic • Sets the foundations for more deep studies of internal network traffic

  17. Questions?

More Related