Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Reclaiming network-wide visibility using ubiquitous end system monitors

Evan Cooke, Richard Mortier, Austin Donnelly, Paul Barham, and Rebecca Isaacs

Abstract

Network-centric tools like NetFlow and security systems like IDSes provide essential data about the availability, reliability, and security of network devices and appli-cations. However, the increased use of encryption and tunnelling has reduced the visibility of monitoring ap-plications into packet headers and payloads (e. g. 93% of traffic on our enterprise network is IPSec encapsulated). The result is the inability to collect the required infor-mation using network-only measurements. To regain the lost visibility we propose that measurement systems must themselves apply the end-to-end principle: only endsys-tems can correctly attach semantics to traffic they send and receive. We present such an end-to-end monitoring platform that ubiquitously records per-flow data and then we show that this approach is feasible and practical using data from our enterprise network.

Details

Publication typeInproceedings
Published inUSENIX 2006 Annual Technical Conference
PublisherUSENIX
> Publications > Reclaiming network-wide visibility using ubiquitous end system monitors