Real-Time IP Flow Measurement Tool with Scalable Architecture

Katsuyuki YAMAZAKI
Masato TSURU
Yuji OIE

IEICE TRANSACTIONS on Information and Systems   Vol.E87-D    No.12    pp.2665-2677
Publication Date: 2004/12/01
Online ISSN: 
Print ISSN: 0916-8532
Type of Manuscript: Special Section PAPER (Special Section on New Technologies and their Applications of the Internet)
Category: Traffic Measurement and Analysis
IP flow,  passive measurement,  measurement tool,  

Full Text: PDF>>
Buy this Article

There is an emerging requirement for real-time flow-based traffic monitoring, which is vital to detecting and/or tracing DoS attacks as well as troubleshooting and traffic engineering in the ISP networks. We propose the architecture for a scalable real-time flow measurement tool in order to allow operators to flexibly define "the targeted flows" on-demand, to obtain various statistics on those flows, and to visualize them in a real-time manner. A traffic distribution device and multiple traffic capture devices processing packets in parallel are included in the architecture, in which the former device copies traffic and distributes it to the latter devices. We evaluate the performance of a proto-type implementation on PC-UNIX in testbed experiments to demonstrate the scalability of our architecture. The evaluation shows that the performance increases in proportion to the number of the capture devices and the maximum performance reaches 80 K pps with six capture devices. Finally we also show applications of our tool, which indicate the advantage of flexible fine-grained flow measurements.