1 Introduction Proactive network management models a network using network traffic as input to simulate current and future behavior of the network and predict the impact of the addition of new applications on the network performance In a model network managers can change the network model by adding new devices, workstations, servers, and applications, or by upgrading to higher speed network connections, and performing “what-if” scenarios before the changes 12/19/2017 Network Modeling
2 Introduction (cont.) Current methods: testbeds, spreadsheetsA model can be used to evaluate various design alternatives or various operational policies, explore the behavior of proposed, systems/connections before actually building it, pre-test modifications 12/19/2017 Network Modeling
3 1. Types of Simulation Systems, Models, Discrete-event SimulationStatic and dynamic simulation models: A static model characterizes a system independently of time. A dynamic model represents a system that changes over time. Stochastic and deterministic models: If a model represents a system that includes random elements, it is called a stochastic model. Otherwise it is deterministic. Queueing systems, the underlying systems in network models, contain random components, such as arrival time of packets in a queue, service time of packet queues, output of a switch port, etc. 12/19/2017 Network Modeling
4 Types of Simulation (cont.)Discrete and continuous models A continuous model represents a system with state variables changing continuously over time. Examples are differential equations that define the relationships for the extent of change of some state variables according to the change of time. A discrete model characterizes a system where the state variables change instantaneously at discrete points in time. At these discrete points in time some event or events may occur, changing the state of the system. For instance, the arrival of a packet at a router at a certain time is an event that changes the state of the port buffer in the router. 12/19/2017 Network Modeling
5 2. Simulation vs. EmulationThe purpose of emulation is to mimic the original network and reproduce every event that happens in every network element and application. In simulation, the goal is to generate statistical results that represent the behavior of certain network elements and their functions. In discrete event simulation, we want to observe events as they happen over time, and collect performance measures to draw conclusions on the performance of the network, such as link utilizations, response times, routers’ buffer sizes, etc. 12/19/2017 Network Modeling
6 Simulation ObjectivesPerformance modeling: Obtain statistics for various performance parameters of links, routers, switches, buffers, response time, etc. Failure analysis: Analyze the impacts of network element failures. Network design: Compare statistics about alternative network designs to evaluate the requirements of alternative design proposals. Network resource planning: Measure the impact of changes on the network’s performance, such as addition of new users, new applications, or new network elements. 12/19/2017 Network Modeling
7 Reasons for Predicting Network PerformanceKeep user response time low Increase user productivity Supply adequate network bandwidth Provide for future growth Ensure successful deployment of new applications Validate response time goals of new network designs and troubleshoot for bottlenecks Choose among competing network applications, and the best network topology 12/19/2017 Network Modeling
8 Costs of poorly performing networkLost sales opportunities Low customer and user satisfaction Slipped schedules Low morale 12/19/2017 Network Modeling
9 Model Development Life Cycle (MDLC) Discussed Later in More DetailsIdentify all IT assets (Topology, devices, links, routers, etc.), nonphysical (registered IP networks) Raw utilization of each asset (CPU, buffer, bandwidth utilization, up-time, for large applications, response time) Raw utilization is broken down to garner usage statistics for each host, segment, protocol, and application, user. Evaluate statistics 12/19/2017 Network Modeling
10 Model Development Life Cycle (cont.)Build the baseline (Import real data from current traffic) to “tune” and validate the model. Use existing applications or create an application environment using a testbed similar to the assumed future applications. Measure its traffic, and/or Use experts’ estimates who knows the application and user requirements. Import the traffic to the model. 12/19/2017 Network Modeling
11 Model Development Life Cycle (cont.)Build the model Run the model to simulate the effect of anticipated changes and predict the behavior of various parts of the network assuming certain traffic growth. Gather further data as the network growths and changes, and as we know more about the applications. Repeat the same sequence. 12/19/2017 Network Modeling
12 3. Types of Communications Networks Modeling ConstructsLANS WANS Wireless 12/19/2017 Network Modeling
13 Transmission TechnologyWe can broadly classify networks as broadcast and point-to-point networks: In broadcast networks a single communication channel is shared by every node. Nodes communicate by sending packets or frames received by all the other nodes. The address field of the frame specifies the recipient or recipients of the frame. Only the addressed recipient(s) will process the frame. Broadcast technologies also allow the addressing of a frame to all nodes by dedicating it as a broadcast frame processed by every node in the network. It is also possible to address a frame to be sent to all or any members of only a group of nodes. The operations are called multicasting and any casting respectively. Point-to-point networks consist of many connections between pairs of nodes. A packet or frame sent from a source to a destination may have to first traverse intermediate nodes where they are stored and forwarded until it reaches the final destination. 12/19/2017 Network Modeling
14 Physical Area CoveragePersonal area networks (PANs) support a person’s needs. For instance, a wireless network of a keyboard, a mouse, and a personal digital assistant (PDA) can be considered as a PAN. Local area networks (LANs), typically owned by a person, department, a smaller organization at home, on a single floor or in a building, cover a limited geographic area. LANs connect workstations, servers, and shared resources. LANs can be further classified based on the transmission technology, speed measured in bits per second, and topology. Transmissions technologies range from traditional 10Mbps LANs to today’s 10Gbps LANs. In terms of topology, there are bus and ring networks and switched LANs. 12/19/2017 Network Modeling
15 Physical Area Coverage (cont.)Metropolitan area networks (MANs) span a larger area, such as a city or a suburb. A widely deployed MAN is the cable television network distributing not just one-way TV programs but two-way Internet services as well in the unused portion of the transmission spectrum. Wide area networks (WANs) cover a large geographical area, a state, a country or even a continent. A WAN consists of hosts (clients and servers) connected by subnets owned by communications service providers. The subnets deliver messages from the source host to the destination host. A subnet may contain several transmission lines, each one connecting a pair of specialized hardware devices called routers. Transmission lines are made of various media; copper wire, optical fiber, wireless links, etc. When a message is to be sent to a destination host or hosts, the sending host divides the message into smaller chunks, called packets. When a packet arrives on an incoming transmission line, the router stores the packet before it selects an outgoing line and forwards the packet via that line. 12/19/2017 Network Modeling
16 Wireless Networks Wireless networks can be categorized as short-range radio networks, wireless LANs, and wireless WANs. In short range radio networks, for instance Bluetooth, various components, digital cameras, Global Positioning System (GPS) devices, headsets, computers, scanners, monitors, and keyboards are connected via short-range radio connections within feet. The components are in primary-secondary relation. The main system unit, the primary component, controls the operations of the secondary components. The primary component determines what addresses the secondary devices use, when and on what frequencies they can transmit. A wireless LAN consists of computers and access points equipped with a radio modem and an antenna for sending and receiving. Computers communicate with each other directly in a peer-to-peer configuration or via the access point that connects the computers to other networks. Typical coverage area is around 300 feet. The wireless LAN protocols are specified under the family of IEEE standards for a range of speed from 11 Mbps to 108 Mbps. 12/19/2017 Network Modeling
17 Wireless Networks (cont.)Wireless WANs comprise of low bandwidth and high bandwidth networks. The low bandwidth radio networks used for cellular telephones have evolved through three generations. The first generation was designed only for voice communications utilizing analog signaling. The second generation also transmitted only voice but based on digital transmission technology. The current third generation is digital and transmits both voice and data at most 2Mbps. Fourth and further generation cellular systems are under development. High-bandwidth WANs provides high-speed access from homes and businesses bypassing the telephone systems. The emerging IEEE standard delivers services to buildings, not mobile stations, as the IEEE standards, and operates in much higher GHz frequency range. The distance between buildings can be several miles. 12/19/2017 Network Modeling
18 Wireless Networks (cont.)Wired or wireless home networking is getting more and more popular connecting various devices together that can be accessible via the Internet. Home networks may consists of PCs, laptops, PDAs, TVs, DVDs, camcorders, MP3 players, microwaves, refrigerator, A/C, lights, alarms, utility meters, etc. Many homes are already equipped with high-speed Internet access (cable modem, DSL, etc.) through which people can download music and movies on demand. 12/19/2017 Network Modeling
19 Modeling Constructs The various components and types of communications networks correspond to the modeling constructs and the different steps of building a simulation model. Typically, a network topology is built first, followed by adding traffic sources, destinations, workload, and setting the parameters for network operation. The simulation control parameters determine the experiment and the running of the simulation. Prior to starting a simulation various statistics reports can be activated for analysis during or after the simulation. Statistical distributions are available to represent specific parameterizations of built-in analytic distributions. As the model is developed, the modeler creates new model libraries that can be reused in other models as well. 12/19/2017 Network Modeling
20 3.a Introduction to ComnetCOMNET III is a graphical, off-the-shelf performance analysis tool for computer and communication networks. Based on a description of a network, its control algorithms and workload, COMNET III simulates the operation of the network and provides measures of network performance Building-block approach where the blocks are “objects” you are familiar with in the real world. Library of objects 12/19/2017 Network Modeling
21 Introduction to Comnet (cont.)“What if” scenarios Animated picture of the network configuration No programming required Comnet Predictor Baseliner Advanced Features Pack Application Modeler Profiler 12/19/2017 Network Modeling
22 Introduction to Comnet (cont.)Simulation follows after network description passes verify check Vital statistics collected during simulation in over 130 reports which can be turned on and off Reports show message & packet delays, queuing statistics, node & link utilization, I/O buffer statistics, blocking probabilities, etc. Real-time and post-processed plots Object-oriented discrete event simulation technology 12/19/2017 Network Modeling
23 Comnet Demo Menubar, toolbar, and pallete Open Comnet model (Demo.c3)Real-time plot Simulation, animation Snapshot measures & color Response sources, statistics 12/19/2017 Network Modeling
24 Comnet Demo (cont.) View post processed message delay statistics in response sources (Message delay on/off) Browse reports Select reports Snapshots Build new model 12/19/2017 Network Modeling
25 Performance ParadigmsCity/Highway traffic 12/19/2017 Network Modeling
26 4. Performance targets for Simulation Purposes, Performance MetricsTransmission protocols Routers Gateways Hubs Network switches Out-of-band management tools Enterprise management tools Benchmark tools System and performance analysis tools 12/19/2017 Network Modeling
27 Performance targets for modeling purposes (cont.)Computer platforms Operating systems Graphical user interfaces Network operating systems Application software User activities Workload consolidation and reduction Network architecture Network configuration 12/19/2017 Network Modeling
28 Performance issues Channel capacity (similar to the traffic-carrying capacity of a highway.) Function of the number of parallel lanes, the traffic speed, interlane traffic shear and interrelationships, and delays. Singular traffic events, such as accidents, breakdowns, or inattentive drivers can affect the channel capacity as well. 12/19/2017 Network Modeling
29 Data transmission signal speed, the wire speed, channel bandwidth Protocol transmission speed: For example, modem speeds are 5600 bits/s, Token-Ring is typically 4 or 16 Mbits/s, Ethernet is 10, 100 or 1000 Mbits/s, and ATM ranges upward from 25 Mbits/s. A 100Mbps Ethernet supporting a client/server load transports only 2.32 Mbits/s as a maximum throughput (including the servers, NICs, and workstations, not the channel bandwidth itself.) 12/19/2017 Network Modeling
30 Bandwidth Transmission signal speed: The electronic or optical signal used to send a message Channel signal speed is the bandwidth or the wire speed. The signal propagation speed is the speed at which the signal traverses the channel, and is mostly a factor of the medium and the speed of light 12/19/2017 Network Modeling
31 The volume of traffic measured in bits per second Throughput The volume of traffic measured in bits per second Protocol transmission speed Traffic: a measure of network load (frames or packets per second) 12/19/2017 Network Modeling
32 Routing LAN vs. WAN path A network connecting an enterprise comprises multiple paths, multiple bridges, routers, multiport hubs, spanning trees, parallel channels, and switchable links The route may be as simple as choosing a modem connection or as complex as factoring multiple channel speeds over connected segments, device buffering rates and latencies, blocking times, and the need to avoid saturated links. 12/19/2017 Network Modeling
33 Protocol Overhead Data and messages are encapsulated inside cells, frames, or packets. E.g., ATM cells are 53 bytes,5 are overhead, data payload comprises 48 bytes. The payload is also likely to include other overhead as well when route and path information, configuration and process control TCP/IP messages, and SNMP are transported as data in cells 12/19/2017 Network Modeling
34 Protocol Overhead (cont.)The difference between the effective and the actual data load is part of the protocol management overhead used for synchronization. Management overheads: Keep-alives, failure indicators, polling, and status markers, in-band, out-of-band (side-band) management. 12/19/2017 Network Modeling
35 Delay (latency) Data communications signal propagation speed is finite, a significant portion of the speed of light at 50 to 90 percent The latency station-to-station for VSAT is about a quarter of a second, cross country it is about 100 ms, transglobal it is about an eighth of a second, Nodes communicating on opposite ends of an Ethernet will experience 9.6 microseconds 12/19/2017 Network Modeling
36 Delay (latency) Transitions reduces transmission speed (Data payloads are switched, routed, repeated, encapsulated, translated, and buffered on data networks.) There are multiple transitions and inherent latencies at each transitional device between channels and segments. Traffic that spans multiple segments is delayed not only by the inherent signal speeds, but also by interconnecting network devices. 12/19/2017 Network Modeling
37 Delay (cont.) Bridges, routers, gateways, and switches add delays that range from 40 ms to several hundred or thousand ms. These delays are at least as significant as the delays caused by channel signal propagation speed (1.6 ms for FDDI, 25 ms for an average Token-Ring, 51.2 ms minimum after an Ethernet collision). 12/19/2017 Network Modeling
38 Delay (cont.) Bad cells and packets force retransmission from the initial source Signal loss, signal errors, CRC errors, bad data, data out of sequence, device or channel failures, device or channel overloads, and other events are analogous to traffic accidents. Slowdowns cause packets to overflow buffers. These packets are typically dropped with the expectation of a later retransmission 12/19/2017 Network Modeling
39 Accidental Latency If a link fails, traffic on either side of that pipe is halted, or at least detoured through longer or slower links on the enterprise network. Frame relay lines fail, ISDN connections drop, and modem connections wither with line noise. Network devices can saturate a line with gibberish, or fail to relay or route data traffic at all. Workstations, servers, and hosts fail outright or experience processing problems that create performance backlogs and stoppages. 12/19/2017 Network Modeling
40 Accidental Latency (cont.)Even when linkages are supported with alternate or backup pipes, there are likely to be significant delays while these routes are switched on-line, enabled, and routers, gateways, and switches are updated with new physical and logical routing information. Cascading failure or network panic:If a server slows down, client requests can saturate the channel and prevent completion of ongoing tasks or fulfillment of subsequent tasks. 12/19/2017 Network Modeling
41 Accidental Latency (cont.)Users rerequesting services SNA time-outs, failed status, and lack of response create gridlock You may observe "normal" traffic levels and bandwidth utilization until you parse the content of the traffic and recognize that time-outs, IP acknowledgments, duplicate messages, router address table updates, and server and hosts service broadcasts are flooding the network.. 12/19/2017 Network Modeling
42 Accidental Latency (cont.)Router may be available but not actually functioning while corrupted routing tables are being rebuilt with new network information. Advanced tools (such as NetView, OpenView, and UniCenter) try to provide status and qualitative information so that you can monitor host, server, router, gateway, and channel performance. 12/19/2017 Network Modeling
43 Peaks and Bursts Extreme cyclical or recurring workload exceeds the capacity of network components, thus creating a momentary bottleneck, a traffic jam or network panic. In extreme cases, these peaks and bursts collapse bridges, routers, LAN segments, and processors. Sudden network traffic jam creates sluggish performance, process backlogs, slowed response time, decrease in actual work throughput. 12/19/2017 Network Modeling
44 Peaks and Bursts (cont.)Traffic always exhibits this pattern of peaks and bursts at all load levels. Most network traffic has “self-similar” characteristic of peaks and bursts. Peaks and bursts are statistically aggregated workloads that overload parts of the network infrastructure best characterized by fractal mathematics of self-similarity. 12/19/2017 Network Modeling
45 Peaks and Bursts (cont.)Linear estimates do not scale to larger networks. For example, if 20 clients create 1000 units of network traffic or 10 percent loading, 40 identical clients will not realistically or necessarily represent 2000 units of network traffic or 20 percent loading. Visualization and consequences of burstiness: Mathematics Awareness Week 12/19/2017 Network Modeling
46 Frame Size Larger packets have a greater tendency to overrun buffers in intermediate nodes. The processing effort for larger packets is the same as for smaller packets, so larger packets are more efficient. However, router queues are more likely to fill with the large packets. 12/19/2017 Network Modeling
47 Frame Size (cont.) On the other hand, given two networks with the same travel bandwidth utilization, the one with more packets (that are obviously smaller) will tend to have greater Ethernet collision rates or longer token rotation times. Translations or encapsulations among different protocols create additional traffic. (Packets from Ethernet may represent more than 40 ATM cells after translation. The bandwidth does not necessarily offset the increased latencies with the cell streams. MTU size 12/19/2017 Network Modeling
48 Volume ~ load vs. capacity. The load must be less than the capacity. Either reduce the load, or increase the capacity. If you alter the transmission bandwidth capacity, you are likely to create performance pressures elsewhere. 12/19/2017 Network Modeling
49 Data Leakages and LossesMisdelivery of information or incompletion of delivery. Network leaks and losses occur at routers, bridges, gateways, and switches. These intermediate network nodes can become traffic "black holes" due to configuration errors, overloads, insufficient arriving-packet buffering, and bottlenecks. 12/19/2017 Network Modeling
50 4.a Comnet Message Traffic GenerationApplication sources using global and local commands (later) Traffic sources: message, response , and session sources. Message Source The message source is a message generator which is capable of sending messages to one or more destinations (FTP, ,etc.) 12/19/2017 Network Modeling
51 Response Source The response source is a message generator used to send message replies upon receipt of a message, and any type of message traffic which would be triggered by the receipt of a message. The message which is generated by a response source is always sent to the node which generated the message which triggered the response source (Database queries, replies, etc.) 12/19/2017 Network Modeling
52 The session source is also used to model connection-oriented traffic.The session source is message generator which first sets up a session with another node, and then sends the message traffic. It is useful in modeling message sources, which have bursty message arrival process as several messages may be transmitted within one session. The session source is also used to model connection-oriented traffic. 12/19/2017 Network Modeling
53 Common Features of All Sourcesunique name to the source scheduling method message priority routing class selection of a transport protocol setting of a packetizing delay selection of message size and text the choice of the traffic destination 12/19/2017 Network Modeling
54 Features Message Name The message name is a unique identifier given to the source for identification purposes Message Scheduling by iteration time, by received message, or by triggering event Interarrival time: a fixed value, a user-defined distribution, or any of the distributions supported. First and last arrival 12/19/2017 Network Modeling
55 Features (cont.) Received Message Delay TimeMessage Transport Protocol ATP, TCP/IP, Microsoft, TCP/IP, Sun, UDP/IP, Sun, NCP/IPX Burst Mode Message Priority Message Routing Class Packetizing Delay 12/19/2017 Network Modeling
56 Message Size = Multiplier * Received Message Size + OffsetAny of the statistical distributions supported in COMNET III may be used to model the size of the message generated (Pearson distribution functions) If received message scheduling is used, the size of the message may be based on the size of the message which triggered the traffic source: Message Size = Multiplier * Received Message Size + Offset 12/19/2017 Network Modeling
57 Message Text Message text can then be used to trigger an application or traffic source at the receiving node. Use original message Copy message name Set message text 12/19/2017 Network Modeling
58 Message Destination Random Neighbor Random List Weighted ListMulticast List Least Busy List Example 12/19/2017 Network Modeling
59 Computer and Communication NodesThe computer and communication (C&C) node is a generic node that is used for modeling of end systems such as computers, printers, facsimile machines, or any general piece of network hardware The C&C node may act as the origin or destination for message traffic, run applications, or act as a switching point within a network Any type of link, and as many links as needed, may connect to this type of node for modeling a network 12/19/2017 Network Modeling
60 A processor for command execution and packet processing Attributes Input buffers for each link connected to the node for accepting packets transmitted to the node A processor for command execution and packet processing Output buffers for each link connected to the node through which the node may route packets Local disk storage for modeling disk read and write processes 12/19/2017 Network Modeling
61 Attributes (cont.) A command list which defines how application commands are to be executed on the node A pending application list of all applications and traffic sources currently scheduled to run A prototype application list of all available applications and traffic sources for the node A received message list for saving received messages used to trigger an application or traffic source A list of files which reside on the local disk 12/19/2017 Network Modeling
62 C&C Node Parameters Computer and Communication Node ParametersComputer Group Nodes Ports Example 12/19/2017 Network Modeling
63 Links 12/19/2017 Network Modeling
64 Routers, switches 12/19/2017 Network Modeling
65 Synonyms for Performance bottlenecksSome synonyms for an enterprise network bottleneck: Slow-down Overhead Stoppage, Overload Congestion Link failure 12/19/2017 Network Modeling
66 Synonyms Performance bottlenecks (cont.)Traffic jam Gridlock Backup or backlog Processing overrun Resource limitation Bad route A slow or long route Inactive channel Interrupted pipeline Error 12/19/2017 Network Modeling
67 4.b Components of an Enterprise NetworkInfrastructure -design, architecture, protocols, implementation People - skill levels, training, support facilities, and experience Intermediate nodes- hubs, repeaters, bridges, routers, switches, and gateways Organization- politics, goals, locations, funding source, stability Operations -people, task complexity, time-criticality of task, and management 12/19/2017 Network Modeling
68 Components of an Enterprise Network (cont.)Hosts - mainframes, minicomputers, and servers CPUs-processors, motherboard design, and operating systems Network - protocol, transmission speeds, hops, tuning, and loads Applications- NOS, operations, software, and end-user tasks Window/graphic interface- system, library, accelerators, and device drivers Disk- controller speed, driver algorithms, cache 12/19/2017 Network Modeling
69 Components of an Enterprise Network (cont.)Load balance Memory- cache type, size, cost, speed Database- buffer sizes, lock time-outs, number of users, and caches System kernel- base size, efficiency, buffer size, paging, tuning, and configuration Executable code- runtime or compile, native or interpreted, environment, file system, and network operating system APIs, source code algorithms 12/19/2017 Network Modeling
70 Performance BottlenecksDesign Wiring infrastructure Security Purpose Reliability Cost Speed Sophistication Environment Disk space Scalability Redundancy Integration Structural flaws Compatibility Performance Memory Functionality Network Platform independence 12/19/2017 Network Modeling
71 Performance Bottlenecks (cont.)Maintainability Time Life span Priorities Ease of use/complexity Organizational culture 12/19/2017 Network Modeling
72 Top Ten Performance Hits12/19/2017 Network Modeling
73 Performance of Audio/Video TransmissionsSampling and Digitizing/Digital-to-analog conversion (DAC) Different DAC techniques are used in different circumstances. Sometimes the data link’s properties, like bandwidth capacity and latency, are factors in the selection of these techniques. Pulse code modulation (PCM) is the most common sampling technique used to turn audible sounds into digital signals. 12/19/2017 Network Modeling
74 It takes 50 frames to represent 1 second of digitized sound.12/19/2017 Network Modeling
75 Groups of telephony codecsPCM codecs, which are the basic 64 kbps codecs and Vocoders, which are the codecs that go a step beyond the essential PCM algorithm. The codecs you’ll see most often: G.711 8-bit PCM digitization for 8 kHz linear audio signals. G.711 is the least processor-intensive codec No compression. mLaw and ALaw are two variations of the PCM digitizing technique used in the G.711 codec. One uses a logarithmic digitizing scale to grade amplitude levels, while the other uses a linear one. 12/19/2017 Network Modeling
76 Vocoders G.721, G.723, G.726, G.728, and G.729A These codecs enable significantly more economic use of the network, permitting high-quality sound reproduction at a bitrate of 8 to 32 kbps. Unlike G.711, this group of codecs uses Adaptive Differential Pulse Code Modulation (ADPCM) or Code Excited Linear Prediction (CELP) algorithms to reduce bandwidth requirements. ADPCM conserves bandwidth by measuring the deviation of each sample from a predicted point rather than from zero, allowing fewer bits to be required to represent the historically 8-bit PCM scales. CELP uses a newer variation of this approach. 12/19/2017 Network Modeling
77 Vocoders G.722: Called a wideband codec because it uses double the sampling rate (16 kHz rather than 8). The effect is much higher sound quality than the other VoIP codecs. Other than that, it’s identical to G.711. GSM: The global systems for mobile codec offers a 13 kbps bit stream that has its roots in the mobile phone industry. Like many of the ITU-recommended codecs, GSM uses a form of CELP to achieve sample scale compression but is much less processor intensive. 12/19/2017 Network Modeling
78 Vocodecs iLBC: The Internet low-bitrate codec is a free, proprietary audio codec that provides similar bandwidth consumption and processing intensity to G.729A, but with better resilience to packet loss. Speex: The Speex codec supports sampling rates of 8 to 32 kHz and a variable packet rate. Speex also allows the bitrate to change in midstream without a new call setup. This can be useful in bursty congestion situations, but is unlikely to matter ch to enterprise networks that have quality-of-service measures and more reliability than the Internet. Speex is free, and open source implementations exist. 12/19/2017 Network Modeling
79 Codec packet rates The packet rate is the number of packets required per second (pps) of sound transmitted. Besides the bits that represent data, all data packets carry overhead bits. Reducing overhead is crucial. One way to lower overhead is to reduce the number of packets per second used to transmit the sound. But this increases the impact of network errors on the voice call. So there needs to be some balance between what’s acceptable overhead and what’s acceptable resiliency to errors. Different codecs have different packet rates and overhead ratios. 12/19/2017 Network Modeling
80 Packet interval The gap between transmitted packets is called the packet interval or interarrival rate, and it is expressed in inverse proportion to the packet rate. The shorter the packet interval, the more packets are required per second~ more overhead. Some of the codecs, especially those that use very advanced CELP algorithms, can require a longer duration of audio at a time (say, 30 ms rather than 20 ms) in order to encode and decode. 12/19/2017 Network Modeling
81 (cont.) A G.711 call, which normally fits on a 64 kbps channel, won’t fit into a 64 kbps IP WAN connection. This is because it is wrapped in RTP and UDP packets, which are necessary overhead. 12/19/2017 Network Modeling
82 Lag (delay) The longer the packet interval, the longer the lag will be between the time the sound is spoken and the time it is encoded, transported, decoded, and played back for the listener. An IP packet isn’t transmitted until it is completely constructed, so a VoIP sound frame can’t travel across the network until it’s completely encoded. A 30 ms sound frame takes a third longer to encode than a 20 ms one, and inflicts 10 ms more lag, too. 12/19/2017 Network Modeling
83 Lag vs. packet intervals12/19/2017 Network Modeling
84 Lag Long packet intervals have another drawback: the greater the duration of sound carried by each packet, the greater the chance that a listener will notice a negative effect on the sound if a packet is dropped due to congestion or a network error. Dropping a packet carrying 20 ms of sound is almost imperceptible with the G.711 codec, but dropping a 60 ms packet is quite obtrusive. Since VoIP sound frames are carried in “unreliable” UDP datagrams, dropped packets aren’t retransmitted. 12/19/2017 Network Modeling
85 Example Consider that 8,000 samples per second are required for a basic voice signal at 8 bits per sample. Now, assuming a 20 ms packet interval (1/50th of a second), it takes a minimum of 1,280 bits of G.711 data in each packet to adequately carry the sound: 64,000 bits per second / 50 = 1,280 bits per packet 12/19/2017 Network Modeling
86 TCP/IP overhead for 20 ms packet interval12/19/2017 Network Modeling
87 Overhead Increasing the packet interval to 30 ms (1/33rd of a second) results in a reduction in the number of packets required per second, raising the bit count per packet and reducing the amount of overhead required to transmit the sound: 64,000 bits per second / 33 = 1,940 bits per packet 12/19/2017 Network Modeling
88 LAN/WAN Generally, on Ethernet-to-Ethernet calls, the use of G.711 with a 20 ms packet interval is encouraged, because a 100 mbps data link can support hundreds of simultaneous 64 kbps calls without congestion, and a dropped packet at 20 ms interval is almost imperceptible. On calls that cross low-bandwidth links, it’s up to the administrator to balance between latency, possible reductions in sound quality incurred by using a compression codec, and network congestion. 12/19/2017 Network Modeling
89 Different codecs have different bandwidth requirements.12/19/2017 Network Modeling
90 Network Performance Measurement ToolsBased on “http://dast.nlanr.net/Guides/GettingStarted/Performance.html#what” 12/19/2017
91 Parameters to improve Measurement usually looks at one or more of the following: Bandwidth -- how much data can be transferred per unit time -- is the most obvious. Delay -- how long it takes an individual piece of data to traverse the network -- is important for real-time applications like video conferencing and remote instrument control, and also impacts bandwidth. Packet loss -- when a piece of data disappears in transmission -- affects both bandwidth and real-time applications. A high-performance network is characterized by high bandwidth, small delay, and low packet loss. 12/19/2017 Network Modeling
92 TCP handshaking mechanisms to establish a connection between two machines capabilities for flow control (how much data can be sent at a time) congestion control (what to do when packets are dropped) polling for messages (how long to wait for an incoming packet) retransmission of lost or corrupted data 12/19/2017 Network Modeling
93 Building a server initialize the socketbind the socket to a chosen port greater than 1024 listen for incoming connections accept (or not) any incoming requests 12/19/2017 Network Modeling
94 Client side initialize a socket connect to the server Network Modeling12/19/2017 Network Modeling
95 Maximum transmission unit (MTU)The largest packet size that can be sent across a given network. For Ethernet, the MTU is 1500 bytes. The MTU may vary from network to network; the Path MTU is the largest packet size that can be sent across an entire network path. Path MTU Discovery is the algorithm used to find the Path MTU. 12/19/2017 Network Modeling
96 Measurements Passive and active measurements: http://moat.nlanr.net/Simple network management protocol (SNMP) is used to gather statistics from routers and switches, including the number and size of IP packets, total bytes, router CPU utilization, and discarded packets. 12/19/2017 Network Modeling
97 MRTG Multirouter traffic grapher (MRTG) is used to display bandwidth usage and other information over time. Web accessible charts are updated every 5 minutes and show data summarized from the past day, week, month, and year. Abilene maintains an MRTG page. 12/19/2017 Network Modeling
98 OCXmon Passive MonitoringOC3mon and OC12mon machines are used to passively examine network traffic without introducing any traffic of their own. The machines tap into the OC3 and OC12 (optical carrier level) fiber optic line connecting to the wide-area network and analyze flows traversing the network. These machines currently work only with ATM (asynchronous transfer mode) networks, but POS (packet over SONET) is in the works. 12/19/2017 Network Modeling
99 Active Measurement ProgramThe NLANR Active Measurement Program (AMP) tests bandwidth and delay between participating institutions. Tests are run between each pair of machines, forming a full mesh. A ping test, measuring round-trip time delay, is run every minute. AMP also runs traceroute tests every 10 minutes to show what networks are used between institutions. Maximum TCP (transmission control protocol) bandwidth tests can be run on demand. 12/19/2017 Network Modeling
100 Surveyor One-way delays are measured between Surveyor machines at participating institutions. GPS (Global Positioning System) is used to synchronize the machine clocks so one-way delays can be computed accurately to within 50 microseconds. Using one-way delays, asymmetries in the network are revealed that normal round-trip time delays do not. 12/19/2017 Network Modeling
101 End-to-End PerformanceTreno emulates the TCP protocol stack using UDP (user datagram protocol). We can use this to compare an operating system's TCP implementation with a modern TCP implementation that includes such improvements as SACK (selective acknowledgement), FACK (forward acknowledgement), and Path MTU Discovery. Treno also allows targeting individual routers along the path, to discover what links are problematic. 12/19/2017 Network Modeling
102 mping stresses the network, intentionally flooding the router queues to test queuing properties. Using mping, we can find, for example, the bandwidth and packet loss as the TCP window size increases. Again, this tool is intended for network engineers skilled at interpreting the output. 12/19/2017 Network Modeling
103 traceroute, ping traceroute is used to find the path your data takes through the network. ping will repetitively find round-trip time measurements to a particular machine or router. The repetition helps to reveal changes in delay. Both ping and traceroute are standard UNIX commands, often found in /sbin, /usr/sbin, /etc, or /usr/etc. 12/19/2017 Network Modeling
104 mtr mtr ("Matt's TraceRoute") is a program that combines the functionality of traceroute and ping and presents the output data in an easy-to-read tabular format. It repetitively pings each router along the path, showing delay and packet loss. 12/19/2017 Network Modeling
105 tcpdump, tcptrace, xplottcpdump is a standard UNIX utility to examine or "sniff" the traffic on the network. tcptrace can be used to analyze the output from tcpdump, and xplot will show the packets graphically. xplot is helping to reveal "pathological" network behaviors. 12/19/2017 Network Modeling
106 Application PerformanceReal-time Transport Protocol is used by many real-time applications (e.g., video conferencing) to monitor and respond to network conditions. It detects delay, delay jitter, and packet loss. RTP uses RTCP (RTP control protocol) to give performance feedback to the sending application. overview of RTP 12/19/2017 Network Modeling
107 TCP Window Size The TCP window size is by far the most important parameter to adjust for achieving maximum bandwidth across high-performance networks. Properly setting the TCP window size can often more than double the achieved bandwidth. See the User's Guide to TCP Windows for details. 12/19/2017 Network Modeling
108 MTU A small MTU wastes time processing many small packets instead of fewer large ones. The system administrator can enable Path MTU Discovery if the operating system implements it. Use Iperf with the -m (print MSS) option to check the MTU. (See below) 12/19/2017 Network Modeling
109 Windows XP Network ModelingThe primary TCP tuning parameters appear in the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters. To enable high performance TCP you must turn on RFC1323 features (create REG_DWORD key "Tcp1323Opts" with value 3) and set the maximum TCP buffersize (create REG_DWORD key "GlobalMaxTcpWindowSize" with an appropriate value such as , decimal). If you want to set the system wide default buffer size create REG_DWORD key "TcpWindowSize" with an appropriate value. This parameter can also be set per interface at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interface\interfaceGUID, which may help to protect interactive applications that are using different interfaces from th 12/19/2017 Network Modeling
110 TCP tuning For applications that intentionally send small chunks of data immediately, setting the TCP no delay option may improve performance. Interactive applications, such as telnet, often fall into this category. Normally TCP queues small writes to send out larger packets. This queueing can sometimes be undesirable. Imagine if you had to type 1000 characters in telnet before a single one was displayed! 12/19/2017 Network Modeling
111 TCP no delay option To set TCP no delay, use setsockopt: int nodelay = 1; int error = setsockopt( socket, IPPROTO_TCP, TCP_NODELAY, &nodelay, sizeof(nodelay)); Note the TCP no delay option does not apply to UDP-based applications, which always send data immediately. 12/19/2017 Network Modeling
112 Tuning UDP Application PerformanceFor UDP applications, the burstiness of the traffic can be an issue. An application may send a large burst of packets back-to-back, followed by some idle time. The average bandwidth looks reasonable, but the bandwidth during the burst is excessive. Burstiness can be the result of two different parameters: how much time occurs between writes and how large individual datagram writes are. 12/19/2017 Network Modeling
113 Time between writes If there is very little delay between writes, the application may create a burst causing too much stress on the network. Spacing out writes -- by putting in a sleep for instance -- reduces this stress and thus reduces packet loss. 12/19/2017 Network Modeling
114 Large UDP size If the datagram size is large, it will be broken up into separate packets which will then be sent as a single burst. This is actually worse than not spacing out writes, because if a single packet of the datagram is lost, the entire datagram must be discarded. So not only is there a burst that causes network stress, but the effects of the resulting packet loss are also magnified. Delay and jitter are also increased, because more time is spent fragmenting the datagram into separate packets and reassembling it again. 12/19/2017 Network Modeling
115 IPerf Documentation: Features TCP Measure bandwidth Report MSS/MTU size and observed read sizes. Support for TCP window size via socket buffers. Client can create UDP streams of specified bandwidth. Measure packet loss Measure delay jitter Multicast capable 12/19/2017 Network Modeling
116 IPerf Network ModelingWhere appropriate, options can be specified with K (kilo-) and M (mega-) suffices. So 128K instead of bytes. Can run for specified time, rather than a set amount of data to transfer. Picks the best units for the size of data being reported. Server handles multiple connections, rather than quitting after a single test. Print periodic, intermediate bandwidth, jitter, and loss reports at specified intervals. Run the server as a daemon (Check out Nettest for running it as a secure daemon). Run the server as a Windows Service Use representative streams to test out how link layer compression affects your achievable bandwidth. A library of useful functions and C++ classes. 12/19/2017 Network Modeling
117 Tuning a TCP connectionThe primary goal of Iperf is to help in tuning TCP connections over a particular path. The most fundamental tuning issue for TCP is the TCP window size, which controls how much data can be in the network at any one point. If it is too small, the sender will be idle at times and get poor performance. The theoretical value to use for the TCP window size is the bandwidth delay product, bottleneck bandwidth * round trip 12/19/2017 Network Modeling
118 Example The link is a 45 Mbit/sec DS3 link and the round trip time measured with ping is 42 ms. The bandwidth delay product is 45 Mbit/sec * 42 ms = (45e6) * (42e-3) = bits = 230 Kbyte A starting point for figuring the best window size: setting it higher or lower may produce better results. 12/19/2017 Network Modeling
119 Examples Connect client to server:iperf -c “hostname” -i2 -t 20 –N, nodelay server> iperf -s Server listening on TCP port 5001 TCP window size: 60.0 KByte (default) client> iperf -c server Client connecting to server, TCP port 5001 TCP window size: 59.9 KByte (default) [ 3] local
120 Improve bandwidth performance using proper TCP window sizesserver> iperf -s -w 130k server listening on TCP port 5001 TCP window size: 130 Kbyte client> iperf -c node2 -w 130k Client connecting to node2, TCP port 5001 TCP window size: 129 KByte (WARNING: requested 130 KByte) 12/19/2017 Network Modeling
121 Maximum Transmission Unit (MTU)Both hosts should support Path MTU Discovery (Maximum Segment Size (MSS) is equal to MTU minus 40) server> iperf -s –m Server listening on TCP port 5001 TCP window size: 60.0 KByte (default) WARNING: Path MTU Discovery may not be enabled. [ 4] MSS size 536 bytes (MTU 576 bytes, minimum) 12/19/2017 Network Modeling
122 Multicast Network Modeling 12/19/2017Use the -B option while starting the server to bind it to a multicast address. E.g. : iperf -s -u -B i 1. This will have the Iperf server listening for datagrams (-u) from the address (-B ), with a periodic reporting interval of 1s (-i 1). Now, start a client sending packets to this multicast address, with a TTL depending on your Network Topology (if you are unsure, use a high TTL like 64 or higher). E.g. : iperf -c u -T 32 -t 10 -i 1. This will have a UDP client (-u) connected to the multicast address (-c ), with a TTL of 32 (-T 32), sending data for 10 seconds (-t 10), with a periodic reporting interval of 1s (-i 1). Start multiple clients as explained above, sending data to the same multicast server. (If you have multiple servers listening on the multicast address, each of the servers will be getting the data) 12/19/2017 Network Modeling
123 General Bandwidth and Latency IssuesBandwidth is the available transmission capacity for any network device, channel, or linkage: A factor of the width and sustainable transmission speed. (A four lane highway has greater bandwidth than a one-way street with four lanes in the city because the speed limits differ.) Latency is the time required to enter the street or the highway, travel along it, and then exit at the correct destination. 12/19/2017 Network Modeling
124 Bandwidth and Latency (cont.)Latency is the cumulative delay incurred as packets pass through intermediate nodes, such as repeaters, bridges, routers, gateways, and switches, and the signal propagation time point-to-point between the source and destination. Latency is the round-trip time for a request to be fulfilled and acknowledged over the enterprise network. 12/19/2017 Network Modeling
125 Bandwidth and Latency (cont.)The latency for a single packet is the amount of delay incurred from when a packet leaves the source, passes through repeaters, bridges, routers, gateways, switches, and the connecting channels until it arrives at the destination. It also includes packet processing time:the time to encode and encapsulate data into a packet, and packet transfer time: the time required to move the packet to the network itself, and the time a packet may sit in a router queue waiting to be forwarded. 12/19/2017 Network Modeling
126 Bandwidth and Latency (cont.)Latency is often measured with single direction (one-way) streams with the result that it is negligible for most intermediate nodes. However, when tested on a bi-directional or backplane environment, latency becomes significant. Vendors cite latency figures for large packets, but rarely for small packets (where latency is more of a problem). It is possible, however, to approximate packet processing rate as the inverse of the packet/s rate for small packets, as such: 12/19/2017 Network Modeling
127 Bandwidth and Latency (cont.)Packet processing time = 1 / packet/s We can calculate the packet transfer time with the vendor's single packet latency ratings for large packets. The packet transfer rate is approximately equal to packet size divided by latency for that packet size, as shown: Transfer time = Processing time + (packet size / packet transfer rate) 12/19/2017 Network Modeling
128 Bandwidth and Latency (cont.)Usually, packet latency is measured under conditions of low loads. Actual latency through a bridge, router, gateway, or switch usually exceeds the single packet latency in the packet transfer time; A normal one-way enterprise network delivery time could vary from 0.25 s to 3 s and provide transaction response times as long as 7 seconds. 12/19/2017 Network Modeling
129 Bandwidth and Latency (cont.)A less formal treatment of network delay is called the end-to-end latency, which is the cumulative effect on throughput (for a task such as file transfer) caused by devices between source and destination. End-to-end latency is expressed as a percent of the throughput measured without an intervening bridge, router, gateway, or switch: End-to-end latency = system latency / (system latency + device latency) 12/19/2017 Network Modeling
130 Bandwidth and Latency (cont.)or End-to-end latency = 1 / (1 + (device latency / system latency)) It shows that performance is heavily weighted by the intermediate connectivity device latency. 12/19/2017 Network Modeling
131 Transmission Latency Latency for ATM providing bandwidth of 622 Mbits/s on SONET is the same as a digital connection rated DS0 providing only 56 Kbits/s in bandwidth. Although these transmission mediums are different, the signal propagation speed is constant for most media. The ATM provides 10 times the traffic throughput, but the transmission latencies on the wire are identical. 12/19/2017 Network Modeling
132 Transmission Latency (cont.)The modem signal from point-to-point might actually be faster because the intermediate and terminating switching electronics of each ATM switch has latencies of about 170 ms (for a total of at least 340 ms), while the modem adds 100 ms at each endpoint. 12/19/2017 Network Modeling
133 Transmission Latency (cont.)Latency is added into the transmission time by any intermediate device. It is greater for devices that buffer incoming transmissions and hold them while earlier (or prioritized) transmissions are forwarded. Print jobs and transfers with SNA protocols tunneled into TCP/IP can hog so much bandwidth that no interactive traffic can get through. 12/19/2017 Network Modeling
134 Latency (cont.) There are no clear rules for maximum utilization:An Ethernet with more than a few clients degrades exponentially after 36 percent sustained utilization. Token-Ring or FDDI networks will handle more traffic, but with escalating increases in the latency. Tools for measuring network latency (NFSWATCH, NETSTAT, etc.) provide response time figures that include the execution time on the server. Server statistics can be used to extract the server component to calculate network delays. 12/19/2017 Network Modeling
135 Latency (cont.) Warning:Divide a 50 percent utilized Ethernet into four segments and we may get Ethernet subnets each with a 40 percent load. The decreasing contention for the network lets more packets onto each subnet; we may also create a subnet load greater than the original. 12/19/2017 Network Modeling
136 Causes of Poor Application PerformanceInsufficient server capacity can cause degraded server performance.This can cause the server to be slow in processing client requests. It can also mean that the server cannot process incoming traffic fast enough, resulting in a high rate of dropped packets or retransmissions. 12/19/2017 Network Modeling
137 Causes of Poor Application Performance (cont.)Inefficient use of networking protocols can contribute to network congestion and lowered throughput. For example, although TCP/IP is basically an efficient protocol, large numbers of small packets and no use of windowing (meaning that every packet must be acknowledged) can lead to poor overall application performance. 12/19/2017 Network Modeling
138 Causes of Poor Application Performance (cont.)Poor application design can be responsible for the inefficient use of network resources. For example, an application that does a lot of Structured Query Language (SQL) operations over a wide area network may not perform well, because SQL is a relatively "chatty" protocol, sending many small packets with high overhead. 12/19/2017 Network Modeling
139 Causes of Poor Application Performance (cont.)The design of individual client GUIs can have a large effect on performance. For example, the more data items the user interface accesses and displays for a given transaction, the more demand each transaction will put on the network. 12/19/2017 Network Modeling
140 4.c Enterprise applicationsEnterprise applications are a mixture: They are designed to run in a widely dispersed distributed computing environment. Data and application logic are typically centralized, but users are spread throughout the organization—all over the world in a multinational organization Resources are centralized and users must communicate via the wide area network (WAN) to run the applications and access corporate data. 12/19/2017 Network Modeling
141 Multiple tiers Client/server computing is implemented in multiple tiers to allow separation of the computing tasks, so that processing for a given task is performed close to the resources required for that task, minimizing the amount of network communication required. Tasks are usually split into presentation tasks, application tasks, and database tasks. 12/19/2017 Network Modeling
142 Multiple tiers (cont.) Clients communicate across the network to the application server to request and receive data in support of a task or process the user is performing. The application server in turn communicates with the database server to retrieve or store data in the database. In a two‑tier application architecture two of the tiers are collapsed either database server and application server reside on the same physical workstation, or the application GUI (presentation) and application server reside on the client workstation. 12/19/2017 Network Modeling
143 Traffic Characterization Network StatisticsCommunications networks transmit data with random properties. Measurements of network attributes are statistical samples taken from random processes, for instance, response time, link utilization, interarrival time of messages, etc. In this section we review basic statistics that are important in network modeling and performance prediction. 12/19/2017 Network Modeling
144 Basic Statistics Average (mean or expected) value is a measure of central tendency. The most likely value about which the samples cluster. The motivation is to get rid of the noise that present in them. Ave = (x1+x2+…+xn)/n Variation Var= ((ave-x1)2 + (ave-x2) (ave-xn)2 )/n-1 12/19/2017 Network Modeling
145 Basic Statistics (cont.)Standard deviation: How much variation the samples have about the mean value. Small deviation about the mean demonstrates a strong central tendency of the samples. Wide deviation demonstrates little central tendency and shows a large statistical randomness. The samples 10.6, 10.4, 10.5 are good samples with statistical high significance. 11.7, 1.6, are not good samples. Both have the same average value. 12/19/2017 Network Modeling
146 Distributions Probability Density Function (PDF) f (x) can be represented by a histogram with all frequencies of occurrence transformed into probabilities (frequencies/# of samples) The area under the curve (or histogram) is 1. 12/19/2017 Network Modeling
147 Formulas 12/19/2017 Network Modeling
148 Statistics Distribution in NetworkingNormal PDF (e.g., student scores) Exponential (transactions, IAT,keytrokes, file access, , name lookup request, HTTP lookup, X-window protocol exchange) Poisson (e.g., # of customers per hour visiting a cash machine) Uniform (packet length) 12/19/2017 Network Modeling
149 Statistics Distribution in Networking (cont.)Fixed (e.g., batch mail arrivals, Unix sendmail, backups, routing protocol updates, 30 sec for RIP, DNS transfers) Hex (IAT of bursts, IAT of messages, probability of taking samples from bursts) 12/19/2017 Network Modeling
150 Message Interarrival time12/19/2017 Network Modeling
151 Generate graphs under Comnet (IAT’s view option)Specifying that 99% of the response times are less than 5 seconds 12/19/2017 Network Modeling
152 Detect Anomalies in Traffic FlowsMany simulation models focus on the simulation of various traffic flows. Traffic flows can be simulated by either specifying the traffic characteristics as input to the model or by importing actual traffic traces that were captured during certain application transactions under study. Network modelers usually start the modeling process by first analyzing the captured traffic traces to visualize network attributes. It helps the modeler understand the application level processes deep enough to map the corresponding network events to modeling constructs. Common tools can be used before building the model. After the preliminary analysis, the modeler may disregard processes, events that are not important for the study in question. For instance, the capture of traffic traces of a database transaction reveals a large variation in frame lengths. 12/19/2017 Network Modeling
153 Generate graphs under Comnet (cont.)As an example create a delta time and frame length plot using Excel chart wizard (in T:\itk371\Normal Distr Func, rmx13 charts\rmx13dav with framelenght chart.xls) Frequency function in Excel Plot the cumulative PDF to see the distribution of response time (Excel histogram, Excel-Tools-Data Analysis-Descriptive Statistics calculates the mean and standard deviation of the samples as input to Comnet assuming a certain distribution. 12/19/2017 Network Modeling
154 Anomalies in Packet Lenght12/19/2017 Network Modeling
155 Large Deviations Between Delta Times12/19/2017 Network Modeling
156 Approximating the CPD Function by a Histogram of Frame Length12/19/2017 Network Modeling
157 Generate graphs under Comnet (cont.)Using Ping statistics to characterize response time (\ping\pingcharts.xls Input the Ping Histogram in \ping\pingcharts.xls to a Table Distribution in Comnet: Ping address – n 100 > pingtime.txt $ awk -F = '{print $3}' < pingtime.txt | sed 's/[a-z]//g' > pingcsv.txt to filter out the roundtrip propagation time. 12/19/2017 Network Modeling
158 Ping 12/19/2017 Network Modeling
159 6. Simulation Modeling Systems Data Collection Tools, Network Analyzers, Baseliner12/19/2017 Network Modeling
160 Comparison of StandardsRMON1 RMON2 EnterpriseRMON Ethernet/ X X X Token Ring MAC Layer X X X Monitoring Network Layer X X Application X X Layer Monitoring Switched LAN, X Frame Relay, ATM VLAN Support X Application X Response Time 12/19/2017 Network Modeling
161 Tools Used for Network Resource PlanningCollecting data about the behavior of a network or an application: Simple Network Management Protocol (SNMP) agents are small programs that reside in network devices such as routers and gather network configuration information, statistics on various measures of throughput, error rates, and the like. Data collection devices, such as the various Network Associates Sniffer traffic analyzers, HP NetMetrix RMON2 (Remote Monitoring) probes, or NetScout RMON2 probes, can provide more detailed information about traffic on the network. 12/19/2017 Network Modeling
162 Sniffer Capture network traffic for detailed analysis.Diagnose problems using the Expert Analyzer. Monitor network activity in real time. Collect detailed utilization and error statistics for individual stations, conversations, or any portion of your network. Save historical utilization and error information for baseline analysis. Generate visible and audible real-time alarms and notify network administrators when troubles are detected. Probe the network with active tools to simulate traffic, measure response times, count hops, and troubleshoot problems. 12/19/2017 Network Modeling
163 OPNET 12/19/2017 Network Modeling
164 Application Characterization Environment (ACE)12/19/2017 Network Modeling
165 Model Building ProcessThe model building process in COMNET can be split into two phases: 1. Building a network architecture model 2. Building a network load profile for the resulting model network. 12/19/2017 Network Modeling
166 Supported NMS Currently supported Network Management Systems (NMS) include: · HP OpenView · Cabletron SPECTRUM · IBM NetView for AIX · Digital PolyCenter · Castlerock’s SNMPc · NAC Mind 12/19/2017 Network Modeling
167 COMNET Baseliner COMNET Baseliner extracts node and link information from the data, in the topology file, to automatically generate a COMNET topology model file. Based on the data available, COMNET Baseliner can identify different types of links (e.g., Ethernet, Token Ring, FDDI Ring or Point-to-Point [WAN] link). 12/19/2017 Network Modeling
168 Types of Traffic With conversation pair traffic, representing the highest level of detail, the import process uses the interrupted Poisson process for characterizing the traffic flow. With event trace traffic the events recorded in the data file govern the traffic flow during simulation. External traffic may be mixed with internal traffic within the model. Within the simulation, external traffic behaves similar to internal traffic. 12/19/2017 Network Modeling
169 Topology Import The topology import process can be used in two modes:1. In the default mode, the import process transforms the data stored within the topology file into COMNET model information. This option can be used to import the entire network topology at one time 12/19/2017 Network Modeling
170 Topology Import (cont.)The advanced user mode allows you to configure the import process parameters to suit your specific needs. The COMNET model information generated in this mode reflects the user-defined options such as selective segment and/or node import. The node and link configurations are set to default and can be customized in COMNET. 12/19/2017 Network Modeling
171 Topology Import (cont.)Steps to create a COMNET topology model file (.c3): Export network topology file from NMS (*.top,*.csv,*.ndb) Import topology file via COMNET Baseliner Invoke advanced user mode 12/19/2017 Network Modeling
172 Traffic Import OverviewThe basic steps in creating a COMNET baseline model include: Decide what type of traffic data to collect: conversation pair statistics or event trace traffic. Capture a network traffic file(s). Build a topology model using COMNET, possibly using Import Topology. Launch the Traffic Import Wizard 12/19/2017 Network Modeling
173 Conversation pair traffic importThe conversation pair traffic interface represents the traffic characteristics collected at the highest level of the OSI model. This data file contains aggregated “end-to-end” network load information such as application name, packet counts and byte counts for each conversation pair. Based on these statistics, the import process builds a traffic distribution profile of your existing network. 12/19/2017 Network Modeling
174 Resulting DistributionThe resulting distribution, a hyper-exponential, is characterized by an interrupted Poisson process, which allows you to preserve the bursty nature of your traffic 12/19/2017 Network Modeling
175 Event Trace Traffic ImportThis file contains network load information in the form of individual conversations on the network, rather than summarized information. During simulation, the imported traffic profile replays your captured network activity, on an event-by-event basis. The simulation is controlled directly by the captured file, hence, the simulation time is limited by the capture interval of your traffic file. 12/19/2017 Network Modeling
176 Constrains The capture duration in most cases is constrained by the buffer space on the network analyzer and is typically limited to couple of minutes based on your network activity. 12/19/2017 Network Modeling
177 Distributed Software ModuleUser Variables A global variable can be referenced (meaning you can assign to it or query its value) from an application running on any node anywhere in the model. A node variable can be referenced only on the node on which it was defined. Each application has one implicitly, and only commands of that application can reference it. 12/19/2017 Network Modeling
178 Command in a command sequence can generate an output parameter, and that output parameter can flow downward to subsequent commands’ input parameters. The Assign Variable command has an implicit output parameter, and every command has an implicit input parameter. Defining Variables (Define User Variable at the node. Application variables are implicitly present on applications) 12/19/2017 Network Modeling
179 Type of variables: integer, real, boolean, and string. During the simulation, a value is given to a variable using the Assign Variable command. You can use the value of a variable as part of a message size calculation. 12/19/2017 Network Modeling
180 Model Development Life Cycle (MDLC) A Framework for Network Modelers A Methodology for Network Resource Planning (NRP) 12/19/2017 Network Modeling
181 The Network Resource Planning ProcessDocumenting the Network topology and configuration Creating a baseline of network utilization and application distribution Testing network behavior to assess the quality of service for specific applications 12/19/2017 Network Modeling
182 The Network Resource Planning Process (cont.)Profiling the traffic demands to document the behaviors of existing and future applications Modeling network behavior to predict performance under specified conditions Redesigning the network to resolve problems 12/19/2017 Network Modeling
183 NRP Cycle of Activities12/19/2017 Network Modeling
184 Define a Data Collection StrategyIdentify where the primary network resources of interest are located. Determine Project Timing and Time Frame Create a Project Time Line Refine the Methodology Network tools 12/19/2017 Network Modeling
185 Baselining the NetworkThe baselining process gives the network manager/system developer a clear picture of the performance and capacity utilization of the existing network and provides the starting point, or baseline on which an analysis of a proposed enterprise application deployment can be based. The goal of baselining is to produce an accurate understanding of the network as it currently exists. 12/19/2017 Network Modeling
186 Baselining as a Component of the NRP Cycle12/19/2017 Network Modeling
187 Creating a Baseline vs. BaseliningA network baseline should document the following aspects of a net work: Current network topology Current utilization of the available network bandwidth Application‑specific traffic data as applicable 12/19/2017 Network Modeling
188 Baselining Over time, as the network changes, the baseline will need to change also. "Baselining the network" means that multiple sets of measurements of network utilization are collected and documented, and that usage and application‑based data measurements will continue to be collected at specified intervals 12/19/2017 Network Modeling
189 The Data Required for BaseliningExisting network documentation: diagrams, addressing, network devices, circuit lists, and so forth Topology data collected from the network Usage‑based data collected from the network Application‑based data collected from the network 12/19/2017 Network Modeling
190 Existing Network DocumentationNetwork documentation refers to the existing lists and diagrams that an organization already possesses to describe its network. This information may or may not be current. The information could come from a network management platform such as Hewlett Packard's OpenView, or it may simply consist of lists maintained in a spreadsheet. 12/19/2017 Network Modeling
191 Topology Data Topology data describes the physical network components (such as routers, circuits, and servers) and how they are connected. Topology data includes the location and configuration description of each internetworking device on the network, how those devices are connected (the circuit types and speeds), the type of LANs that are connected, and the location of the servers (although not all network tools can discover all types of components). 12/19/2017 Network Modeling
192 Ways to Acquire Topology DataEnter the data manually Access SNMP/MIB data. Several performance management tools use SNMP to query the Management Information Base (MIB) maintained by the SNMP agents resident in the network's routers and other internetworking devices. This process is known as an SNMP discovery.(E.g., ManageWise) 12/19/2017 Network Modeling
193 Ways to Acquire Topology Data (cont.)Import data from router configuration files. For Cisco routers data can be imported directly from the routers' configuration files to build a representation of the topology data for the network in question. Use topology data from a network management platform. Some performance management tools can import data using the map file from a network management platform such as HP OpenView or IBM NetView. Using the network management platforms export function, a file can be created that can be imported by some performance management tools (Comnet Baseliner). 12/19/2017 Network Modeling
194 Usage‑Based Data Usage‑based data can be gathered from SNMP agents in routers or other internetworking devices that support MIB II. SNMP queries to the routers provide statistics about the exact number of bytes that have passed through each LAN interface, WAN circuit, or Frame Relay permanent virtual circuit (PVC) interface. 12/19/2017 Network Modeling
195 Application‑Based DataData from traffic analyzers such as Sniffers or from RMON2‑compatible probes provides specifics about the application traffic on the network. Strategically placed data collection devices can gather enough data to provide clear insight into the traffic behavior and flow patterns of the network system. (See “Using NetScout Manager Plus v5.5.1 in Building the Baseline of the Narrowband Connections) 12/19/2017 Network Modeling
196 Information Collected by Traffic AnalyzersThe type of applications The hosts that are communicating by network layer address (i.e., IP address) The duration of the network conversation between any two hosts (start time and end time) The number of bytes in both the forward and return directions for each network conversation The average size of the packets in the forward and return directions for each network conversation 12/19/2017 Network Modeling
197 Relationship between Usage‑Based and Application‑Based DataThe primary difference between usage‑ and application‑based data is the degree of detail that the data provides and therefore the conclusions that can be made based on the data. Collecting traffic data on an enterprise network is in many ways analogous to collecting vehicle traffic data on a highway. 12/19/2017 Network Modeling
198 Creating a Baseline 12/19/2017 Network Modeling
199 Network Inventory Collect what is already known about the network, including a review of currently available network documentation and querying the appropriate staff. Topological inventory: Gather topology data from the network and import into a performance management tool of choice. Validate the network representation/model of topology against the network inventory (network documentation) and fine‑tune the topology model. 12/19/2017 Network Modeling
200 Network Inventory Traffic inventory: Gather usage‑based and application‑based traffic data according to the project objectives and import both types into the performance management tool of choice. Traffic analysis: Analyze usage‑based data to determine network utilization and available capacity. Analyze application‑based data to generate a list of the major applications transiting the network, how they behave, and how they use network resources. 12/19/2017 Network Modeling
201 The Network Inventory The number, classes, and names of network devices (router names) The sites or campuses to be baselined by name and location A list of leased‑line circuits, Frame Relay PVCs with end points (router names) and their speed (or capacities) The number and location of servers by network address 12/19/2017 Network Modeling
202 Network Inventory (cont.)Addressing schemes as well as exact addressing for routers A list of applications thought to be in use on the network The protocols thought to be in use on the network, such as TCP/IP or IPX Passwords as applicable (SNMP community strings for routers, router passwords for configuration information) 12/19/2017 Network Modeling
203 The Topology InventoryIt can be generated in one of several ways: By using the SNMP network discovery function Baseliner to create a topology view from Cisco router configuration files for Cisco‑only environments By exporting the network map file from a network management platform (such as HP OpenView or IBM NetView) and using the import capability provided by CACIs ComNet Baseliner or OPNET By manually entering the data from the network inventory to represent the topology of the network 12/19/2017 Network Modeling
204 Validation of Baseline InformationCheck for general network completeness—all internetworking devices have been found or manually entered and all circuits identified. Check for any unconnected routers, LANs, servers. Validate circuit speeds with knowledgeable network management staff and against network documentation. Validate router chassis types and vendor types. Verify router protocol configuration. Verify that network addressing is complete for all network protocols. 12/19/2017 Network Modeling
205 The Traffic Inventory Collect usage‑based traffic samples, so that the utilization of the network resources can be identified and documented (MIBs total # of packets or bytes, circuit utilizations) Collect application‑based traffic samples to determine which activities or applications conversations contribute to the observed usage patterns (Sniffer, RMON2 probes) Import both types of traffic data into a performance management tool for analysis Approx. 5 minutes intervals 12/19/2017 Network Modeling
206 Analyzing Application ThroughputApplication throughput is a metric (in bps) that shows how much bandwidth a particular session is using within a particular time period. For a given application, an individual session's throughput is calculated by counting the bytes in either direction and dividing by the duration of the session. 12/19/2017 Network Modeling
207 Capacity Planning Baseline ModelWe create the baseline model by loading the traffic data that we have selected as representative of the baseline traffic for the purposes of application and capacity planning. If the baseline model does not accurately represent the usage and characteristics of the network activity as it actually exists, then all analyses, planning, and decisions based on the model are of limited validity and usefulness. Track Changes in Network Activity (See “Building the Baseline with NetScout edited” 12/19/2017 Network Modeling
208 NRP Cycle of Activities12/19/2017 Network Modeling
209 Application Planning Determine the effects of adding the application to the network (if it is a new enterprise application) or of making changes to an existing application, such as adding users, adding client locations, or moving servers. Understand how the application will be used on the network Understand the network environment in which the application is or will be deployed Understand the network test environment in which the application planning activities will be conducted Have access to application‑based data from the baselining phase for the relevant parts of the network where the application will be deployed 12/19/2017 Network Modeling
210 Application Planning CycleThe steps to the application planning cycle are: Application assessment: Determine an application usage scenario projections for how the application will be deployed in terms of numbers of users and servers, locations of users and servers, and transaction rates (number of transactions in a given time period) Identify the specific application transactions Create a benchmark (a repeatable set of application activities) to be used to generate identifiable application traffic Identify the network environment in which the application will be deployed 12/19/2017 Network Modeling
211 Application Planning Cycle (cont.)2. Application data capture: Identify a test environment in which the application can be run for purposes of data capture Test the application to determine and quantify the quality‑of service goals (response time and throughput) Capture the traffic data that corresponds to the target transactions that make up the application benchmark using a traffic analyzer 3. Application profiling: Create representative models or profiles of the application's traffic characteristics based on the data captured 12/19/2017 Network Modeling
212 Application AssessmentDefine the Application Usage Scenario: The location of the application server(s) and clients by country, city LAN segment, and closest router name The number of users at each location that will be running application transactions. In the capacity planning scenario this information will be used to compute the workload volume attributable to the new application on any given circuit or LAN (between a given location and the application server or application database). The frequency of use for each application transaction, in terms of one transaction every x seconds or minutes. This metric, also called the transaction rate, will be used in the capacity planning scenario to compute the workload volume. 12/19/2017 Network Modeling
213 Application Assessment (cont.)Select the Application Transactions Develop the Benchmark (A script of transactions with their component activities, which a knowledgeable user can perform using the application under study, e.g.,using Ganymede tools.) Assess the Application Distribution on the Network 12/19/2017 Network Modeling
214 Application Data CollectionThe critical pieces of data the traffic analyzer must record are: The start and stop time for each conversation, to the second The network protocol being used The port numbers used by the application for the source and destination The network layer addresses of the source and destination The number of frames and number of bytes in the forward and return directions 12/19/2017 Network Modeling
215 Application Data Collection (cont.)Create or identify the test environment WAN delay simulator to simulate the bandwidth and delay characteristics of various wide area circuits Set up the filters on the traffic analyzer Program a capture interval on the traffic analyzer if you plan to capture data over fixed‑length intervals 12/19/2017 Network Modeling
216 Data Capture Method Start the capture when the user begins the transaction, then stop the capture and save the data when the user finishes. An alternative method, if you are using a data collection device that can be programmed to capture data for a specific interval, is to program constant capture intervals and have the user start and complete a transaction within one interval. Test the data capture setup 12/19/2017 Network Modeling
217 Determining Acceptable Quality of ServiceWAN delay simulator or OPNET ACE can be used to test varying amounts of round‑trip delay and determine what the effect is on the application and on the user 12/19/2017 Network Modeling
218 Application ProfilingIt is the process of creating a representative statistical model (a profile) of application transactions based on the data captured in the previous step. These profiles will be used to represent the "typical" load that an individual application user would place on the network with a specific application transaction. 12/19/2017 Network Modeling
219 Application Profiling (cont.)Extract and calculate the following metrics from the data for each application transaction: The start and stop time of the conversation that represents the transaction The type of media network on which it was collected (Ethernet, Token Ring, FDDI, for example) The networking protocol used The average packet size for each direction of transfer The total number of bytes transferred for the forward and return directions The maximum bandwidth used (in either the forward or return direction) in Kbps (Sniffer examples) 12/19/2017 Network Modeling
220 Capacity Planning/ModelingAnalyze or predict how a network will perform, both under current conditions and when changes to traffic load (new applications or users) or network structure changes are introduced. 12/19/2017 Network Modeling
221 A Component of the NRP Cycle12/19/2017 Network Modeling
222 The Steps in the Capacity Planning Cycle12/19/2017 Network Modeling
223 Create the Baseline ModelStart with the topology inventory created during the baselining phase. Identify the usage‑based data sets (collected in the NRP baselining phase) that will provide the data for the model. Decide on the type of baseline model to use: worst‑case, hybrid, or average, by traffic volume or by percent utilization of WAN circuits. Select the actual data points from your data set and import into a performance management tool that supports modeling or simulation. 12/19/2017 Network Modeling
224 Create Capacity Planning ScenariosStart with the baseline model created from usage‑based data. Use the information from the application usage scenarios (locations of users, number of users, transaction frequencies) to determine where and how to load the application profiles onto the baseline model. Add the application profiles generated in the previous step to the baseline model to represent the additional traffic created by the applications under study. 12/19/2017 Network Modeling
225 Run the Model/Analyze the ResultsUse a performance management tool to run the model or simulation to completion. Analyze the results: Look at the amount of delay for the target transactions in comparison to the quality‑of‑service goals established in the application planning phase. Look at circuit utilization, especially for circuits where quality‑ofservice goals are not being met. 12/19/2017 Network Modeling
226 Change the Network DesignIdentify modifications to the network infrastructure that will alter capacity usage of the network's resources. A redesign can include increasing or decreasing capacity, relocating application elements such as servers among existing network sites, or changing communications technology (moving from leased lines to Frame Relay circuits). Modify the capacity planning scenarios to reflect these modifications. 12/19/2017 Network Modeling
227 Plan for Growth Assess known application development or deployment plans in terms of projected network impact. Assess business conditions and plans in terms of their impact on the network from projected additional users, new sites, and other effects of the plans. Use ongoing baselining techniques to watch usage trends over time, especially related to Internet and intranet usage. 12/19/2017 Network Modeling