Cisco Blogs


Cisco Blog > Architect & DE Discussions

Fosdem 2016, part 2: NBAR 2 gives insights into the protocols used on the network

Continuing the analysis of the data collected during Fosdem 2016, see XXX.

This year, we replaced the router with a more powerful model: an ASR 1006 with RP2 and SIP20 modules. This allowed us to enable the NBAR 2 feature to analyse the traffic crossing the router.

NBAR 2 is a traffic analysis engine which allows the router to classify traffic into applications. It does this on the basis of ports, but also based on the content of the traffic itself. It recognizes, for example, the difference between general web traffic and traffic to youtube.

This feature is designed to be used as a classifier for use with QoS, so that one can give higher priority to important web traffic and less to some other traffic. Now that HTTP and HTTPS are the new “TCP sockets”, meaning that more and more applications use HTTP or HTTPS to interact with the world, we need deeper insight into the traffic and just using port numbers isn’t enough anymore to discriminate between different kinds of requests.

For Fosdem, we used this to learn what kind of traffic is being generated on the network and to extract interesting information from traffic flows (but more on that in a later article).
Read More »

Tags: ,

Fosdem 2016: a first quick look

As is our tradition by now a team of volunteers helped out with the network setup and operation of Free and Open-source Software Developers’ European Meeting (FOSDEM). The network was very similar to the one used over the last two years and we wanted to report on the evolution of the traffic we measured.

This year, we were able to go much ‘deeper’ into the traffic, so we have a lot more to report. Too much in fact for one article, so this is the first in a series.

Read More »

Tags: , , , , , ,

Fosdem 2015: a status update

As is our tradition by now a team of volunteers helped out with the network setup and operation of Free and Open-source Software Developers’ European Meeting (FOSDEM). The network was very similar to the one used last year and we wanted to report on the evolution of the traffic we measured.

First the bad news: due to the increased use of IPv6 we have less accurate data. This is because while IPv4 uses a unique MAC address which we can use to count the number of clients, IPv6 uses ephemeral addresses, and one physical device can use multiple global IPv6 addresses. In fact we noticed one client using more than 100 global IPv6 addresses over a period of 240 seconds. Why this client is doing this is a mystery.

The unique link local IPv6 addresses were only kept in the neighbour cache of the router for a limited time, so we have no good numbers for the amount of clients. The good news is we can still use traffic counters to compare with the previous year.

Internet traffic evolution

Internet traffic evolution


Compared to 2014 we saw a 20% increase in traffic to more than 2 terabytes of traffic exchanged with the internet.

Fosdem 2015 wireless traffic distribution

Fosdem 2015 wireless traffic distribution


More interestingly the IPv4 traffic on the wireless network decreased by almost 20% with the net result that now the IPv6 traffic is 60% of the traffic on the wireless network, while IPv4 traffic is only 40%. So IPv6 traffic is 1.5 times the IPv4 traffic. This is a good indicator that most clients now can use NAT64 and can live on a IPv6 only network.

Internet IPv4 versus IPv6 for Fosdem 2014-2015

Internet IPv4 versus IPv6 for Fosdem 2014-2015


On the internet side the IPv4 traffic increased by 5% while the IPv6 traffic almost doubled. As we use NAT64 to give access to IPv4 only hosts using IPv6 only on the internal network this measurement is a clear indication that more content is now available via IPv6.

For next year we plan to setup some more tracking systems in advance so we can investigate the number of clients on the wireless network and why some clients are using hundreds of global IPv6 addresses.

Tags: , , , ,

FOSDEM 2014: Cisco Powered World First

For a few of us in the Cisco Brussels office the last weekend of January always marks a special occasion.

The weekend is dedicated to the Free and Open-source Software Developers’ European Meeting (FOSDEM) conference in Brussels, with around 5,000 visitors attending. The event happens at the ULB (Université libre de Bruxelles) campus, but traditionally uses its own network infrastructure, sponsored by Cisco. And we, who are Cisco employees, volunteered our time to help the community as well as meet some new friends and get extra hands-on experience with a sizable network.

What was different this year was that just before the official start of the conference I finally figured out how NAT64 works, gave a 5 minute warning on twitter (image below), and then disabled IPv4 on the main network (simply stated I removed the IPv4 address of the router on the client interface so that only the IPv6 address remained).

tweet_FOSDEM

That meant that visitors would only get an IPv6 address Read More »

Tags: , , , , ,