-
WREN uses a combination of active and passive monitoring techniques by actively monitoring when traffic is low and passively monitoring during high traffic times. It monitors traffic at both the source and destination end host which allows for more accurate measurements. WREN uses packet traces from existing application traffic to measure the available bandwidth. WREN is split into two levels, the kernel level packet trace facility and the user level trace analyzer.
The kernel level packet trace facility is responsible for capturing the information associated with incoming and outgoing packet. Figure 6 lists the information that is gathered for each packet. A buffer was added to the Web100 kernel to collect these characteristics. Access to the buffer is through 2 system calls. One call starts the trace and provides the information needed to conduct it while another call retrieves the trace from the kernel.
-
Figure 6: Information collected by WREN kernel level packet trace
The packet trace facility is able to coordinate measurements between the different machines. One machine will trigger the other machine by setting a flag in the header of outgoing packets to start tracing the same range of packets that it is tracing. The other machine will in turn trace all packets that it sees with the same header flag set. This coordination ensures that the information about the same packets is stored at each end of the connection regardless of what happens in between.
The user level trace analyzer is the other level in the WREN environment. It is the component that begins any packet traces and collects and processes the data returned from the kernel level trace facility. By design the user-level components are not required to read the information from the packet trace facility at all times. It can be analyzed immediately after the trace is completed to make runtime decisions or stored for future analysis.
When traffic is low, WREN will actively introduce traffic into the network in order to maintain a continuous flow of measurements. After numerous studies, it was found that WREN produced the same measurements in congested and un-congested environments.
In the current implementation of WREN users are not constrained to capturing only the traces that were initiated by them. Although any user is able to trace another users application traffic they are restricted to the information that can be obtained from another users trace. They are only able to get the sequence and acknowledgement numbers but not the actual data segments of the packets.
In summary, WREN is a very useful tool that utilizes the benefits of both active and passive monitoring. Although it is in its early stages WREN can provide Administrators with a valuable resource in the monitoring and analyzing their network. Self Configuring Network Monitor (SCNM) is another tool that uses both active and passive monitoring techniques.
Leave a Reply
You must be logged in to post a comment.