 |
Boris Nechaev, Vern Paxson, Mark Allman, Andrei Gurtov. On Calibrating Enterprise Switch Measurements. ACM SIGCOMM/USENIX Internet Measurement Conference, November 2009.
PDF | Project
Abstract:
The complexity of modern enterprise networks is ever-increasing,
and our understanding of these important networks is not keeping
pace. Our insight into intra-subnet traffic (staying within a
single LAN) is particularly limited, due to the widespread use of
Ethernet switches that preclude ready LAN-wide monitoring. We
have recently undertaken an approach to obtaining extensive
intra-subnet visibility based on tapping sets of Ethernet switch
ports simultaneously. However, doing so leads to a number
of measurement calibration issues that require careful consideration
to address. First, one must
correctly account for redundant copies of packets that appear
due to switch flooding, which if not accurately identified can
greatly skew subsequent analysis results. We show that a
simple, natural rule one might use for doing so in fact
introduces systematic errors, but an altered version of the
rule performs significantly better. We then employ this revised
rule to aid with calibration issues concerning the fidelity of packet
timestamps and the amount of measurement loss that our collection
apparatus incurred. Additionally, we develop techniques to ``map''
the monitored network in terms of identifying key topological
components, such as subnet boundaries,
which hosts were directly monitored, and the presence of ``hidden''
switches and hubs. Finally, we present initial
analyses demonstrating that the magnitude and diversity of traffic at the
subnet level is in fact striking, highlighting the
importance of obtaining and correctly calibrating switch-level
enterprise traces.
BibTeX:
@inproceedings{NPAG09,
author = "Boris Nechaev and Vern Paxson and Mark Allman and Andrei Gurtov",
title = "{On Calibrating Enterprise Switch Measurements}",
booktitle = "ACM SIGCOMM/USENIX Internet Measurement Conference",
year = 2009,
month = nov,
}
|
|