Traffic analysis

Ksensor: Multithreaded kernel-level probe for passive QoS monitoring

Alejandro Muñoz, Armando Ferro, Fidel Liberal, Javier López
Publication medium:
2007 International Conference on Parallel and Distributed Systems (ICPADS 2007). Hsinchu, Taiwan. 5-7 Dec.

Traffic monitoring is an increasingly important discipline for nowadays networking, as Accounting, Security and Traffic Engineering lay on it. Besides, traffic bandwidth has increased exponentially in the last few years, and high-speed network monitoring has become a challenging task. Performance requirements are highly relevant for passive QoS monitoring systems. A low-level study of the capturing and processing stages on a traffic analysis system (TAS) has shown room for improvement. We provide an architecture able to cope with high-speed traffic monitoring using commodity hardware. Our system is intended to exploit the parallelism available in up-to-date workstations, which also introduces constraints for multithreaded QoS analysis. This paper presents a kernel-level framework (ksensor) that, keeping the previous requirements, removes some issues from user-level processing and effectively integrates QoS algorithms, improving the overall performance.

