HPWREN Continuous IP Header Trace Collection Setup |
|
|||||||||||||||||||||||||||||||||||||||||
HPWREN uses a dedicated 24x7 monitor to assess the data exchange between the HPWREN network and the Internet on a machine called ittrack (Internet Traffic TRACKing). The basic setup at the SDSC hub consists of a CISCO 3660 router with six 100 MBits/sec FastEthernet interfaces, four of which are presently in use. Interface 0/0 is being used for access to the public Internet via SDSC infrastructure. Link 0/1 is used for local communication, it presently connects the ittrack data collection server. Link 1/0 and 1/1 are interfacing the 45 MBits/sec radios pointing towards Mt Woodson and Mt Soledad, respectively. In order to enable the data collection at the SDSC/HPWREN nexus, a CISCO 2924 intelligent switch has been introduced, which provides for effectively the same communications infrastructure, but replaces the point-to-point cabling with VLANs routed through the switch, which enables mirroring of all traffic to the data collection interfaces at ittrack (see rows 3 and 4 in the table below).
The ittrack data collector features a total of four Ethernet connections. The fxp0 interface is used for generic connectivity. Interfaces fxp1 and em1 are in use for data collection at the Mt Woodson and Mt Soledad links, respectively (see table above). An additional private Gigabit Ethernet link (em0) to the pma.nlanr.net data server (this machine) permits the publishing and archiving of anonymized passive IP header trace files without impacting the HPWREN traffic under observation. Initial data collection commencing June 23rd 2004 was monitoring the Ethernet interface on the SDSC site of the router (VLAN 999, in yellow towards SDSC). This provided suboptimal data, as it is located on the Internet-translated site of the NAT function in the 3660 router. It would also be exposed to SDSC multicast traffic, which showed up in the daily traffic analyses, until it was explicitly filtered out. The present collection system (since September 20th) monitors the HPWREN site of the NAT router at SDSC, which connects the two 45 MBits/second backbone links towards Mount Woodson (VLAN 900) and Mount Soledad (VLAN 903). The ittrack data collector uses a pair of Intel Pro/100B (fxpN) and Pro/1000 (emN) NIC cards on FreeBSD to gather data via the Berkeley Packet Filter (BPF) from 2924 ports 0/24 and 0/21. BPF is programmed to filter IP data only and is also responsible for packet arrival time stamping. The tshdump program labels the Mt Woodson and Mt Soledad connection as interface #0 and #1, respectively, in the TSH trace file. Packets at the two interfaces may arrive (and get merged) out-of-order (out of sequence, relative to their timestamps) into the resulting TSH data stream. The tshseq application resequences the packets in a postprocessing step to simplify the analysis process. Due to the way the network and the data collection are configured, each bidirectional 45 MBits/sec link is reflected via one of the #0 and #1 TSH data streams. Communications recorded include data flows between endsystems beyond the Mt Woodson and Mt Soledad links with the public Internet, between each of those links, as well as communications with the ittrack data collectors legacy interface. Therefore, the aggregate traffic as reflected in the TSH trace, may reach close to four times 45 MBits/sec. If two HPWREN connectors at the Mt Woodson and Mt Soledad links communicate with each other at link speed, the aggregate will report as close to 90 MBits/sec, each of the inbound and outbound data streams tagged with the #0 and #1 TSH identifiers. See the analysis graph of a one day trace file (November 2004), below, as an example. There is presently no means to distinguish inbound vs. outbound traffic to/from the public Internet, as all data is encoded via the same flat pseudo IP addressing scheme. We are considering to revise the data collection in this regard in the future. AcknowledgementsThe authors wish to thank Matthew Luckie for his implementation of tshdump, a tool to simultaneously collect and collate packets from multiple BPF interfaces, and to write in TSH format directly. The HPWREN program is based on work sponsored by the National Science Foundation under Grant Numbers 0087344 and 0426879. If you use HPWREN network data from this server, your derivative publications or other information materials must make a credit reference to the National Science Foundation Grant Numbers 0087344, 0426879 and 0129677, the HPWREN program at the University of California, San Diego, and the National Laboratory for Applied Network Research (NLANR/MNA).
|
|
