DATI

Description

DATI is a flexible, high performance passive monitoring platform. Build on FreeBSD, it leverages on NetMAP fast and safe network driver to access network devices, reaching up to 14.88 Mpps with a CPU running at less than 1 GHz. The goal of the platform is to give developers an high level view of traffic of interest without the complexity of high speed traffic capture and classification details.
The system can recognize traffic flows from static BPF signatures and collect state information (volume, packets number and session duration) as well as application-level data based on an XML description of the protocol stack.

On top of this framework is possible to build any analysis application, called analyzer App, that can elaborate traffic information extracted by DATI at its own convenience. An analyzer App can be written in any language whith the only requirement to have a REDIS library to interface with the in-memory database and pub/sub facility.

Integration into an mPlane environment

For the DATI probe to interoperate with the mPlane platform, a dedicated proxy has been developed leveraging on the mPlane nodejs library written by Telecom Italia.

 The previous figure shows the proxy architecture, where the intermediate Sqlite files produced by the DATI software can be programmatically elaborated to produce needed measures. The proxy API is written so that all intermediate logical functions (Pre-elaboration, ROW-elaboration, Post-elaboration and presentation) can be freely customized per-measure. 

New features supported by the mPlane project

• Dedicated proxy to enable interoperation with the mPlane framework.
•  Within the mPlane project some specific measures have been defined, enabling the platform to extract the following measures:
  • TCP RTT delay
  • Radius informations
  • Routing protocols informations (OSPF, BGP, LDP).

References

Links to sources, binaries

• The mPlane nodeJS reference library can be downloaded from here.
• The DATI proxy software can be downloaded here.