Design of an Application Programming Interface for IP Network Monitoring

Design of an Application Programming Interface for IP Network MonitoringWe propose a novel general-purpose network traffic Monitoring Application Programming Interface (MAPI) for network monitoring applications. Our work builds on a generalized network flow model that we argue is flexible enough to capture emerging application needs, and expressive enough to allow the system to exploit specialized monitoring hardware, where available. We describe an implementation of MAPI using the DAG 4.2 Gigabit Ethernet monitoring card and a commodity Gigabit Ethernet adapter, we present a set of experiments measuring overheads, and we demonstrate potential applications. Our experimental results suggest that MAPI has more expressive power than competing approaches, while at the same time is able to achieve significant performance improvements.


Effective network traffic monitoring is becoming increasingly vital for network management as well as for supporting a growing number of automated control mechanisms needed to make the IP-based Internet more robust, efficient, and secure.
The need for effective network traffic monitoring, along with increasing link speeds, has exposed limitations in existing network monitoring architectures that are deeply rooted in the basic abstractions used. The most widely used abstraction for network traffic monitoring has been that of flow-level traffic summaries, first demonstrated in software prototypes such as NeTraMet[4] and later incorporated as standard functionality in routers (c.f., Cisco’s NetFlow[5]). This approach has been reasonably successful in supporting monitoring functions ranging from accounting to some rather simple forms of denial of service attack detection [21]. However, the information contained in flow-level summaries is usually not detailed enough for emerging monitoring functions. For instance, determining per-application network usage is not possible for some of the major new applications that dynamically allocate ports, such as peer-to-peer file sharing, multimedia streaming, and conferencing applications. Additionally, traditional flow-level traffic summaries are usually not adequate for security monitoring as provided by intrusion detection systems. These security applications usually need much more information than provided by flowlevel traffic summaries. For example, in order to detect and contain computer viruses and worms at times of emergency, intrusion detection systems need to be able to inspect and process network packet payloads, which are not available in flow-level traffic summaries.

Website: www.ics.forth.gr | Filesize: 247kb
No of Page(s): 14
Click here to download Design of an Application Programming Interface for IP Network Monitoring.

Related Tutorial

Filed Under MAPI 

Tags: ,

Comments

Leave a Reply