When an owner of a network sells service to another party, for instance, when a network provider sells use of the network to a website host, the seller will usually provide the buyer with a Service Level Agreement (SLA). An SLA is a part of the contract that sets out the network performance that the buyer can expect. Performance criteria usually include, among other things, bandwidth availability, packet delay, packet delay variation, and packet loss. In order to provide SLAs, a network provider preferably has access to network performance measurements.
Prior solutions for measuring packet delay, delay variation, and packet loss usually employ active tests that simulate a user's experience by generating packets expressly for the testing process. The packets are time stamped at each end so that the measurements may be made. One disadvantage to this method is that injected synthetic data may not be representative of user data traffic. For instance, these systems may send testing packets in a pure random or Poisson distribution, or at regularly timed intervals. However, packets in real network traffic may not be random or evenly spaced.
In one example, a traceroute utility sends separate packets to each intermediate node and measures packet delay based on round trip delay. On a network, the round trip packet delay may not accurately represent one-way packet delay because forward and backward paths may be different. In addition, utilities such as Packet Internet Groper (ping) and traceroute provide round trip packet delay and packet loss only for Internet Control Message Protocol (ICMP) packets; however routing/switching nodes often treat ICMP packets differently than predominant types of data like TCP or UDP traffic.
Further, traditional active tests are limited in that each probe is configured for a specific measurement and location or destination. Traditional systems make no provision for dynamic configuration of the probes based on current usage.
Systems that use passive measurements and packet sampling (e.g., NETFLOW™, available from CISCO SYSTEMS, INC.™, and the like) provide only measurements of traffic flow (i.e., volume and number of flows) at specific points by looking at traffic rather than generating testing packets. These systems are not used for measuring packet delay, delay variation, or packet loss, because current Internet Protocol v4 (IPv4) traffic provides no way to measure such phenomena without modifying the packets in the traffic. However, passive systems may be good tools for some forms of network capacity planning, troubleshooting, and even some forms of intrusion detection, such as denial of service (DOS) attacks.