Session chair: Christopher Small (Conference chair)
Mapping and Visualizing the Internet
by Bill Cheswick, Hal Burch, & Steve Branigan
We need tools to be able to map networks of an arbitrarily large size, for tomography and topography. This work is intended to complement the work of CAIDA. So Bill et al developed toolsUnix-style, using C and shell scripts'to map the Internet as well as the Lucent intranet. The tools scan up to 500 networks at once and is throttled down to 100 packets per second. This generates 100-200MB of text data (which compresses to 5-10MB) per day and covers on the order of 120,000 nodes. http://www.cs.bell-labs.com/who/ches/map/ has the details and maps.
Measuring and Characterizing System Behavior Using Kernel-Level
Event Logging
by Karim Yaghmour and Michel R. Dagenais
Karim Yaghmour spoke on the problem of visualizing system behavior. ps and top are good, but neither provides truly real-time data. He therefore developed a kernel trace facility with a daemon to log them to a file, and instrumented the Linux kernel to trace the events, and does offline analysis of the data. The tools do not add much overhead for server-side operations but a lot of overhead to intensive applications such as the Common Desktop Environment (CDE). Data is collected up to 500 kb per second but it compresses well. Future work includes quality of service kernels (throttling the rate of, for example, file opens), security auditing, and even integrating the event facility further into the kernel. Sources are available at http://www.opersys.com/LTT/ and are under the GPL license.
Pandora: A Flexible Network Monitoring Platform
by Simon Patarin and Mesaac Makpangou
The goal of Simon and Mesaac was to produce a flexible network monitoring platform with online processing, good performance, and no impact on the environment. The privacy of users was also important in the design. They decided to use components for flexibility and a stack model. They developed a small configuration language and a dispatcher that coordinates the creation and destruction of the components. The tool is 15,000 lines of C++, using libpcap. The overhead is about 0.26 microseconds per filter per packet. For example, http requests get ovder 75 Mb/s throughput on traces, which translates into 44-88 Mb/s in real-world situations, or 600-2600 requests per second. Future work includes improving the performance and flexibility. More details are available from http://www-sor.inria.fr/projects/relais/ and released persuant to the GPL license.