Challenges in high performance network monitoring

A Half-Day Seminar

Fulvio Risso

Politecnico di Torino, ITALIA

 

 

One of the most critical issues in keeping a network under control iscapturing and analyzing its traffic. The complexity of these tasks isincreasing as networks become faster and faster. Some vendors (notably, Endace) offer network interfaces specifically designed for supporting packet capture at high data rates (e.g., 10 Gbps). While ad-hoc solutions based on advanced hardware can mitigate the problems related to the packet capture, no straightforward solution exists to reduce the criticalities of the following steps, such as traffic processing and creating historical traces. This tutorial first introduces the basic concepts of network monitoring. Then, it will describe the current techniques for network monitoring (packet-based, flow-based, SNMP based), with their associated advantages and drawbacks. Finally, it will address some specific problems for high-speed network monitoring, namely for networks at 1Gbps and beyond. The tutorial will include several examples drawn from the Author's experience in implementing WinPcap, the de-facto standard library for network analysis tools under the Win32 platform, and, at the present day, the most performing system for packet capture.

 

 

 

 

Biography:

 

Fulvio Risso (IEEE member) is assistant researcher at the Department of Control and Computer Engineering of Politecnico di Torino. He got his Ph.D. in computer and system engineering from Politecnico di Torino in 2000. Current research activity focuses on network analysis and network monitoring. His international experiences include a one-year period at University College London (UK) and one at Cisco Systems, San Jose (CA), USA as a Visiting Faculty. He started and it is one of the maintainer of the WinPcap (http://winpcap.polito.it) and the Analyzer (http://analyzer.polito.it) projects. The former is the de-facto standard library for network analysis tools under the Win32 platform, while the latter is one of the most appreciated tools for packet sniffing and network monitoring.