MIRA: Methodology for IP traffic Inspection in Advanced Networks

Description

Internet is widely deployed almost over the world. However, new transmission technologies and new applications change the patterns of the traffic in the net. Moreover, new users with different profiles can change the patterns of the traffic. The knowledge of the Internet traffic characteristics is necessary to optimize resources, to design the growth of the network, and to know the usage that of the resources. The complexity of the traffic analysis for a network is related to the amount of traffic carried, the topology of the network, the number of users, and the degree of detail desired to the reports. There are other projects working on IP traffic measurement on high-speed networks like CAIDA. The main difference between MIRA and other traffic analysis projects is the need of a full packet capture that implies a lower capture ratio.

The MIRA platform is mainly divided in two subsystems. The Traffic Capture Subsystem, collects samples of the traffic in a high-speed link. In fact, it is a modification of the OC3MON software for the PCA200 Fore ATM card adapter that provides periodic full IP packet samples. This traffic capture is done in a passive way, which means that it does not interfere the performance of the network. The other subsystem, the Traffic Analysis subsystem has different modules that extract different parameters of the network.

The results allow us to classify the traffic by application and/or server. As our capture system is not able to capture all the traffic, we get statistical results but correlating the captured data to historic data. A server not detected at one time, if its services persist in the network, will be detected later. A server of an unknown application, with large amount of data generated, will become more important if historic data of that server is accumulated. In that case it will be detected.

Participants
This project has been developed jointly with: UC3M university, UPM university and TIDSA.