Network-centric tools like NetFlow and security systems like IDSes provide essential data about the availability, reliability, and security of network devices and appli-cations. However, the increased use of encryption and tunnelling has reduced the visibility of monitoring ap-plications into packet headers and payloads (e. g. 93% of traffic on our enterprise network is IPSec encapsulated). The result is the inability to collect the required infor-mation using network-only measurements. To regain the lost visibility we propose that measurement systems must themselves apply the end-to-end principle: only endsys-tems can correctly attach semantics to traffic they send and receive. We present such an end-to-end monitoring platform that ubiquitously records per-flow data and then we show that this approach is feasible and practical using data from our enterprise network.

PDF file

In  USENIX 2006 Annual Technical Conference

Publisher  USENIX
All copyrights reserved by USENIX 2006

Details