A Distributed multi-purpose IP flow monitor

Traffic monitoring is a research field whose results can be exploited for several purposes, such as network resource management, security and accounting. An effective monitor needs to be capable of analyzing the traffic flowing through the monitored network by losing as few packets as possible since packet loss may result in a non accurate measurement of the required metrics. Such a monitor captures the packets from the network, associates each packet to a flow by evaluating its characteristics, performs some flow measurements, and exports the results of data analysis. In high speed networks such tasks might be hard to accomplish in an efficient way, as the number of analyzed flows is very high. For this reason, we decided to design and implement a distributed monitoring system comprising several components each responsible for a different task. Such a distributed approach helps overcome the problem of an overloaded monitoring system. Furthermore, distributed systems need an appropriate protocol, that defines the kind as well as the sequence of messages exchanged between system components. In this paper we present both the monitoring architecture and the corresponding management protocol. Finally, in order for the monitoring system to support different kinds of applications, we developed an open framework allowing a user to define a customized set of metrics.