Traffic analysis

Modelling Packet Capturing in a Traffic Monitoring System based on Linux

Luis Zabala, Armando Ferro, Alberto Pineda
2012 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS '12). Genoa, Italy. July 8-11

The need to monitor and analyse network traffic grows with the deployment of new multimedia services over high speed networks. Predicting the overall capturing performance is crucial to know if the traffic monitoring system will be able to cope with all the traffic packets, or if it needs more processing power. In this paper, we present an analytical model based on a Markov chain to study the efficiency of the Linux network subsystem. Improving the capturing stage of Linux has been an extensively covered research topic in the past years. Although the majority of the proposals have been backed by experimental evaluations, there are few analytical models. We identify the softIRQ process as the main element in the Linux capturing stage and we have built a model that represents the different steps in the softIRQ and the computational cost for each one of them. The goodness of the model is checked by comparing analytical results with practical ones obtained from a real traffic monitoring system. Prior to obtaining the theoretical performance results, it is necessary to introduce some input parameters for the model. These initial necessary values are also extracted from experimental measurements, making use of an appropriate methodology. The results of all this process indicate us that the behaviour of the system performance depends on the network traffic rate and this has become our work in progress.<\/span>