Post on 21-Dec-2015
Report by: Loizos KonomouEL933
Fall 2005Prof: Yong Liu
Ruoming Pang, Mark Allman, Mike Bennett, Jason Lee, Vern Paxson, Brian TierneyPrinceton University, International Computer Science Institute,
Lawrence Berkeley National Laboratory (LBNL)
IMC2005 http://www.usenix.org/events/imc05/tech/
A First Look at Modern
Enterprise Traffic
Enterprise Network Traffic
Internet traffic has been studied a lot
Not many studies regarding internal enterprise traffic
Study of internal network traffic of an enterprise and compare it with the wide area traffic
Enterprise Network Traffic Measurements taken at 2 Central
Routers (One at a time) Pentium 4 2.2Ghz running
FreeBSD 4.10 4 NIC cards, capture
unidirectional traffic Measurement equipment able to
capture 2 interfaces at a time 2 subnets at a time
Enterprise Network Traffic
Trace consists
Over 100 Hours of packet traces
8000 Internal Hosts
47000 External Hosts
Goals: Understand the makeup of internal
network traffic (from the network layer to the application layer)
Gain sense of the patterns of locality Characterize application traffic in
terms of how intranet traffic differs from Internet traffic characteristics
Characterize applications heavily used inside the enterprise but rarely outside
Gain Understanding of the load being imposed on modern enterprise networks
Overview of Traces
Network Protocols detected in traces
IP is the dominant Layer 3 Protocol
Transport Layer Protocols
TCP is dominant in Packets UDP is dominant in connections.
Application Breakdown
Unicast Payload and Connections
WE
B
WE
B
emai
l
emai
l
Net
-file
Net
-file
Bac
kup
Bac
kup
Bul
k
Bul
k
nam
e
nam
e
Inte
ract
ive
Inte
ract
ive
Win
dow
s
Win
dow
s
Stre
amin
g
Stre
amin
g
Net
-mgm
t
Net
-mgm
t
Mis
c
Mis
c
Oth
er-t
cp
Oth
er-t
cp
Oth
er-u
dp
Oth
er-u
dp
Most traffic is internal. Most of the external traffic is web Most internal traffic in bytes is net-file and
backup, but the number of connections for these categories are very small
Name resolution traffic small, but large number of connections
Origins and Destinations
71-79% of traffic is within the network
2-3% originates from inside with destination outside
6-11% originates from hosts outside with destination inside
5-10% is multicast sourced within the network,
4-7% is multicast sourced externally
Applications Web traffic has more external
traffic than internal Email also both internal and
external SMTP and Secure IMAP dominate the
email protocols used POP3, LDAP
Name Services DNS, Netbios, Service Locator, RPC Handful of servers account for most
of the DNS traffic.
Application Enterprise Specific Traffic
Windows Services SMB/CIFS NFS NCP DCE/RPC
CIFS Breakdown
Windows Services
DCE/RPC Functions
NFS Functions
Backup Services
Veritas Dantz
Large volume of traffic between small number of hosts.
Summary This study provides a broad view
of the enterprise traffic Limitations:
Data is specific to one Site Each Site is unique
General Idea about internal traffic
Sets the foundations for more deep studies of internal network traffic