Reclaiming network-wide visibility using ubiquitous end system monitors

Network-centric tools like NetFlow and security systems like IDSes provide essential data about the availability, reliability, and security of network devices and appli-cations. However, the increased use of encryption and tunnelling has reduced the visibility of monitoring ap-plications into packet headers and payloads (e. g. 93% of traffic on our enterprise network is IPSec encapsulated). The result is the inability to collect the required infor-mation using network-only measurements. To regain the lost visibility we propose that measurement systems must themselves apply the end-to-end principle: only endsys-tems can correctly attach semantics to traffic they send and receive. We present such an end-to-end monitoring platform that ubiquitously records per-flow data and then we show that this approach is feasible and practical using data from our enterprise network.

usenix-anemone.pdf
PDF file

In  USENIX 2006 Annual Technical Conference

Publisher  USENIX
All copyrights reserved by USENIX 2006

Details

TypeInproceedings
> Publications > Reclaiming network-wide visibility using ubiquitous end system monitors