The key aim of this thesis is the design and prototypical implementation of a storage platform for IP flow records based on peer-to-peer mechanisms. The storage platform presented here is able to combine storage space of multiple network devices and provides an interface for storing flow records as well as for querying stored data. Different flow aggregation levels are considered for storing flow data in order to reduce the amount of needed storage space.
Measuring traffic in a network is the first step of several key operations of network management. Its applications include differentiated usage-based charging, long-term traffic analysis for capacity planning, and troubleshooting tasks like the detection of routing anomalies and/or denial-ofservice attacks. Traditional centralized approaches cannot scale with the huge amount of network traffic data that accumulates in today’s high-speed Internet. Thus, the key idea is to benefit from shared use of bandwidth and combined storage space as well as bundled computing power which represent only some of the advantages of decentralized systems. A remarkable disadvantage is surely represented by the increased maintenance complexity for keeping data integrity and consistency as well as for ensuring reliable and continuous access to the stored data.
This thesis presents a proposal of such a decentralized storage system that is capable of aggregating flow data in many different and fine-grained levels in order to reduce arbitrarily the needed amount of data volume dependent on the required granularity. Furthermore, an optimized routing variant is proposed that reduces network overhead traffic for the purpose of improving the system’s scalability. The provided prototypical implementation shows that the used underlying overlay network implementation does not meet the desired performance requirements. Therefore, existing bottlenecks are pinpointed at the end of the work.