The Architecture of NG-MON: A Passive Network Monitoring System for High-Speed IP Networks
1
Se-Hee Han7 
, Myung-Sup Kim7 , Hong-Taek Ju8 and James Won-Ki Hong7
| (7) |
Department of Computer Science and Engineering, POSTECH, Korea |
| (8) |
Department of Computer Engineering, Keimyung University, Korea |
Abstract
This paper presents the design of a next generation network traffic monitoring and analysis system, called NG-MON (Next Generation
MONitoring), for high-speed networks such as 10 Gbps and above. Packet capturing and analysis on such high-speed networks
is very difficult using traditional approaches. Using distributed, pipelining and parallel processing techniques, we have
designed a flexible and scalable monitoring and analysis system, which can run on off-the-shelf, cost-effective computers.
The monitoring and analysis task in NG-MON is divided into five phases; packet capture, flow generation, flow store, traffic
analysis, and presentation. Each phase can be executed on separate computer systems and cooperates with adjacent phases using
pipeline processing. Each phase can be composed of a cluster of computers wherever the system load of the phase is higher
than the performance of a single computer system. We have defined efficient communication methods and message formats between
phases. Numerical analysis results of our design for 10 Gbps networks are also provided.
The authors would like to thank the Ministry of Education of Korea for its financial support toward the Electrical and Computer
Engineering Division at POSTECH through its BK21 program.
References secured to subscribers.