Experiences with a continuous network tracing infrastructure


One of the most pressing problems in network research is the lack of long-term trace data from ISPs. The Internet carries an enormous volume and variety of data; mining this data can provide valuable insight into the design and development of new protocols and applications. Although capture cards for high-speed links exist today, actually making the network traffic available for analysis involves more than just getting the packets off the wire, but also handling large and variable traffic loads, sanitizing and anonymizing the data, and coordinating access by multiple users. In this paper we discuss the requirements, challenges, and design of an effective traffic monitoring infrastructure for network research. We describe our experience in deploying and maintaining a multi-user system for continuous trace collection at a large regional ISP. We evaluate the performance of our system and show that it can support sustained collection and processing rates of over 160-300Mbits/s. Copyright 2005 ACM.

Publication Title

Proceedings of ACM SIGCOMM 2005 Workshops: Conference on Computer Communications