NNSTAT Collection Used to Analyze NSFNET Traffic Patterns

By Susan Horvath
Merit/NSFNET

The NNSTAT (NSFNET Statistics) software collects roughly 11 million bytes of information a day about traffic moving through the NSFNET backbone. The many protocols used to move this information through the NSFNET backbone can be grouped together into five categories: electronic messages, file transfers, interactive uses, name services, and other services.

Allowing for a certain amount of daily fluctuation, the first four categories each comprise approximately a quarter of the total traffic on the NSFNET backbone during October, 1989. The breakdown is illustrated in the chart below.

Person-to-person/Conferencing 32%
Remote logon to other systems 25%
File Transfer 21%
Name service 15%
Network monitoring statistics, etc. 7%

Person to person/conferencing

Many electronic messages are sent using the Simple Mail Transfer Protocol (SMTP) developed for TCP/IP. In August, Bitnet began sending some of its messages through the backbone using the newly developed Bitnet-II protocol.

A third class of electronic messaging, Usenet, uses Network News Transfer Protocol. Usenet messages, unlike SMTP and Bitnet, are not directed to specific individuals, but to host computers that have contracted to receive a particular service. Users on the receiving computers then access the information via a locally executed program.

File transfer

File Transfer Protocol (FTP) is used to copy files from one host computer to another. FTP is particularly useful for large files or binary files.

Remote logon to other systems

Interactive use (i.e., logging into a computer at a remote location in order to "carry on a conversation" with that computer) can be accomplished in one of several ways. The most common is telnet (not to be confused with the public data network Telenet). Two alternative protocols, rlogin and rshell, may be used on Unix based machines.

Name service

Domain Name Service (DNS), unlike the three applications just described, is not generally accessed directly by users. Domain name service allows users to give host names as synonyms for numeric Internet Protocol (IP) addresses. For example, DNS will translate the address "nis.nsf.net" to "35.1.1.48". Depending on the implementation on a specific host computer, an IP application may require that the host name address be used, or that the numeric IP address be used, or that either convention is acceptable.

While the primary function of domain name service is to translate host name addresses into numeric IP addresses or vice versa. Just like using a phone book, the DNS serving a particular host computer, or network, contains numbers for local names and numbers for "directory information" for other networks. If the DNS can't find a name in the "white pages," it determines the IP address and then queries "directory information" at that address for the particular name.

Network monitoring

The catchall category of "other services" includes such things as Network Time Protocol (to synchronize the clocks on the computers connected to the backbone), Simple Network Management Protocol (to manage the network), Finger (to determine who or if someone is logged in to a specified computer), and Network File System (to provide another means of file access).

The breakdown of network use

Assuming that a packet entering the backbone uses a well-defined protocol known to the NNSTAT statistics collection program, NNSTAT records the source destination network, the application type, and the length of that packet.

Consider the case of sending a message to someone on another network: The message is created on the sender's host computer and transfered to the network connected to that computer, perhaps using SMTP. The message then passes through a hierarchy of networks until it reaches a network directly connected to the NSFNET backbone.

The NNSTAT program collects characteristic information about the message as it passes through the NSS (Nodal Switching Subsystem) from the network to the backbone. The message then exits the backbone at another node and continues through a second hierarchy of networks until it reaches the recipient's host computer.

 

Taken from The Link Letter, November 1989, Vol. 2 No. 5.