News

For more information, contact:
CAIDA: Tracie Monk
619/822-0943, tmonk@caida.org

UNIVERSITY OF CALIFORNIA, SAN DIEGO -- The Cooperative Association for Internet Data Analysis (CAIDA) announced today a release of free software to enable Internet Service Providers (ISPs) to more effectively monitor traffic operations, conduct capacity planning for their networks, and analyze Internet traffic trends. CAIDA is making key modules of the cflowd 2.0 software package, which logs and analyzes traffic data from network routers, freely available to the public.

"Collection and analysis of basic traffic statistics is fundamental to Internet providers' ability to design and operate their networks," said K.C. Claffy, CAIDA's Chief Technical Officer. "cflowd and related CAIDA tools provide the statistics that network engineers need for making the best network connections, accounting, troubleshooting, and tracing attacks and security vulnerabilities."

The cflowd software package was developed to collect and analyze flow-export data available from Cisco routers. Extensive changes were made in upgrading cflowd from version 1.3b2 (developed in collaboration with ANS Communications, Inc.) to CAIDA's current version of the software. Cflowd now supports version 1 and version 5 of Netflow, is the flow-export format used by Cisco routers. Cflowd version 2.0 receives export packets from the router and stores the data in memory in an efficient format for lookups. A TCP client program, cfdcollect, collects the data and converts it to the arts++ format.

"Use of cflowd by other networks was somewhat constrained by the absence of data archiving and analysis facilities in the freeware version," said Daniel McRobb, developer of cflowd. "CAIDA's current public release version of cflowd contains these features and directly addresses requests from networks for increased analysis functionality. We hope this new software will address an important limitation upon ISPs' abilities to manage and architect their networks."

In addition to new tabular formats, cflowd 2.0 can display packets and bits per second, as well as normal packet and byte counters. The software uses the arts++ data storage specification to store flow export data. arts++ is a C++ class library, significantly enhanced from an original ARTS data file format licensed to CAIDA by ANS in early 1998.

A user can store flow information and view the data in different ways. cflowd can produce matrices by autonomous system and network, and tables by port number and Internet protocol. With this information, engineers can evaluate traffic flow patterns between nodes on their networks and other networks. Engineers also can analyze traffic by application (for example, Web vs. e-mail vs. streaming audio vs. FTP) as well as by protocol (TCP vs. ICMP vs. DNS, for example). Insights from these types of analyses can help ISPs manage current networks and plan future network upgrades.

Other areas where cflowd may prove useful include usage tracking for Web hosting, accounting and billing, developing user profiles, and data warehousing and mining. The San Diego Supercomputer Center's Pacific Institute for Computer Security (PICS) is also collaborating with CAIDA on the development of scripts using cflowd to assist in monitoring network activity throughout an enclave (e.g. identifying hosts running httpd) andfor low-bandwidth scanning activities.

"Our current priorities are to finalize testing and initial deployment of this code," Claffy said. "Then we will focus on developing enhanced analysis and visualization capabilities for our members." While cflowd's collection and storage modules will be made publicly available, tools that use XRT/PDS software for plotting and graphing will only be available to CAIDA members.

CAIDA's collaborators on the cflowd project include Cisco, for supporting the development and evolution of flow-export functionality on its routers; ANS, the collaborator on the original ARTS and cflowd code; and Frontier GlobalCenter, who provided assistance in pre-alpha testing. Other organizations participating in alpha testing of this software include: ANS, MCI, Merit, and Verio.

The Cooperative Association for Internet Data Analysis is a collaborative undertaking among government, industry, and the research community to promote greater cooperation in the engineering and maintenance of a robust, scalable global Internet infrastructure. It is based at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego (UCSD) and includes participation by Internet providers and suppliers, as well as the National Science Foundation (NSF) and the Defense Advanced Research Project Agency (DARPA). CAIDA focuses on the engineering and traffic analysis requirements of the commercial Internet community. Current priorities include the development and deployment of traffic measurement, visualization and analysis tools and the analysis of Internet traffic data. For more information, see http://www.caida.org/, or contact Tracie Monk, CAIDA, 619-822-0943, tmonk@caida.org.

The San Diego Supercomputer Center (SDSC) is a research unit of the University of California, San Diego, and the leading-edge site of the National Partnership for Advanced Computational Infrastructure, (http://www.npaci.edu). SDSC is sponsored by the National Science Foundation through NPACI and by other federal agencies, the State and University of California, and private organizations. For additional information about SDSC, see http://www.sdsc.edu/