2006 USENIX Annual Technical Conference Abstract
Pp. 357362 of the Proceedings
Reclaiming Network-wide Visibility Using Ubiquitous Endsystem Monitors
Evan Cooke, University of Michigan; Richard Mortier, Austin Donnelly, Paul Barham, and Rebecca Isaacs, Microsoft Research, Cambridge
Abstract
Network-centric tools like NetFlow and security systems like
IDSes provide essential data about the availability, reliability, and security
of network devices and applications. However, the increased use of encryption
and tunnelling has reduced the visibility of monitoring applications into
packet headers and payloads (e.g. 93% of traffic on our enterprise network is
IPSec encapsulated). The result is the inability to collect the required
information using network-only measurements. To regain the lost visibility we
propose that measurement systems must themselves apply the end-to-end
principle: only endsystems can correctly attach semantics to traffic they send
and receive. We present such an end-to-end monitoring platform that
ubiquitously records per-flow data and then we show that this approach is
feasible and practical using data from our enterprise network.
- View the full text of this paper in HTML and PDF. Listen to the presentation in MP3 format.
Until June 2007, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2006 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|