KR20080113902A - Traffic analytical system of among the global internet service provider link and method thereof - Google Patents

Abstract

A traffic analyzing system of interconnection between international ISP and a method thereof are provided to collect packet data passing through international ISP interconnection line and generate statistical data about a packet data and a flow. An integration probe(30) produces statistical information by using AS reference information and generated flow from packet data collected from international ISP interconnection line. An analyzer server(50) performs traffic analysis about international ISP interconnection line by using statistical information from the integration probe and distribute AS reference information to the integration probe.

Description

TRAFFIC ANALYTICAL SYSTEM OF AMONG THE GLOBAL INTERNET SERVICE PROVIDER LINK AND METHOD THEREOF

1 is an overall configuration diagram of a traffic analysis system on an interconnection line between foreign ISPs according to an embodiment of the present invention.

FIG. 2 is a detailed configuration diagram of the integrated probe shown in FIG. 1.

3 is a flowchart illustrating a traffic analysis method on an interconnection line between foreign ISPs according to an embodiment of the present invention.

4 is a detailed configuration diagram of a statistical memory block for each analysis item illustrated in FIG. 2.

5 is a table configuration diagram for explaining the traffic occupancy statistics process for each hop according to an embodiment of the present invention.

6 is a block diagram of the traffic occupancy statistics result table for each hop according to an embodiment of the present invention.

7 is a view for explaining a redundant structure of the probe relay shown in FIG.

8 is a view for explaining a failure state of the probe relay structure shown in FIG.

9 to 16 are diagrams for explaining the results of traffic analysis on the interconnection line between foreign ISPs according to an embodiment of the present invention.

The present invention relates to a traffic analysis system and method on an interconnection line between an international ISP (Internet Service Provider), and more specifically, to collect packet data on an interconnection line between an international ISP and by analysis item (AS / AS-PATH). / ISP / Country) relates to a technique for generating statistical data on the basis of the statistical data by performing traffic analysis based on the statistical data to provide a reliable basis for the interconnection line between foreign ISPs.

With the explosive growth of Internet users and the commercial use of the Internet, the problem of interconnection between the providers of Internet networks becomes important. For the smooth operation of the Internet, smooth interconnection between ISPs must be ensured.

Since the Internet is interconnected by voluntary and commercial agreements by numerous ISPs at home and abroad, the entire network is recognized as a single network for the general user. In order to provide individual ISP subscribers with universal connectivity to the global Internet network, it is necessary to provide access services with multiple Tier-1 ISPs. In particular, smooth internet interconnection is important for facilitating the distribution of new multimedia services such as VoIP and videoconferencing, which require a certain quality of service (QoS) guarantee in response to the continuous growth of the Internet. It is expected to be.

As shown in FIG. 1, a plurality of subordinate ISPs 11, 12, 13, 21, and 22 may be connected to the ISPs 10 and 20, and a plurality of ASs may be configured in each ISP according to a network environment.

An AS (Autonomous system) is a group of routers managed by one network administrator, a group of routers operated by another management rule, or a router group composed of one management strategy.

Internet service is an Internet connection service that connects all providers of ISPs to users, Tier-2 ISPs that recruit Internet users to provide Internet access, and Tier-2 ISPs. This is possible by connecting Tier 1 ISPs (IBPs) to provide a.

ISP is a service provider that recruits users or contents and provides them access to the Internet around the world.Tier-1 ISP (Backbone ISP, Transit Service Provider, Internet) Backbone Provider) and Tier-2 ISPs.

Tier-1 ISP has all domestic and foreign IP addresses and routing path information, and most of them have a nationwide coverage network and provide other ISPs with universal connectivity services for domestic or international Internet networks. . Tier-2 ISPs purchase relay access services from Tier-1 ISPs (IBPs) to provide their users with universal connectivity to the entire Internet.

In FIG. 1, ISP 1 (10) and ISP 2 (20) correspond to Tier-1 ISPs.

Internet interconnection has two types of transit and peering. A relay connection is an agreement between ISPs with relatively large differences in size (customer, experience, technology) or between an enterprise network and an ISP. Reach them and make monetary rewards. Equal access is an interconnection scheme between ISPs that are expected to benefit equally from their counterparts through traffic exchanges because their networks are of equal size.

In FIG. 1, packet data transmitted between ISP 1 10 and ISP 2 20 corresponds to packet data flowing on an interconnection line between foreign ISPs that establish an interconnection (relay connection or equivalent connection).

Currently, interconnection with North American or European Internet backbone operators is essential for connectivity to the global Internet. These interconnects add to the burden on end-users in the Asia-Pacific region, usually in full payment of all costs incurred in the form of a relay access agreement.

In order to solve these problems, a correct settlement system is required between the ISPs having international interconnections.

To this end, in order to guarantee various conditions of broadband multimedia service quality when international ISPs are interconnected, it is necessary to analyze the traffic over the international Internet link in detail, and to provide evidence for defining service quality regulations and mutual settlement. do.

In case of settlement negotiations between ISPs with international interconnections, Simple Network Management Protocol (SNMP) Management Information Base (MIB) data and Netflow data measured in 5 minutes are used. Since the data collection method is not reliable, it is insufficient to be used as the basis for settlement. For example, the SNMP 5-minute statistical data is collected for network operation management purposes, and when the router CPU utilization increases, it may occur that statistical data cannot be calculated during a specific time period. Therefore, the SNMP 5-minute statistical data is a basis for settlement between Tier-1 ISP providers that provide circuits between foreign ISPs that are interconnected, and thus reliability cannot be guaranteed. In addition, in the case of netflow data, the accuracy of the data is lowered because statistical data is calculated for 1000: 1 sampled data instead of collecting all packet data through a link.

The present invention was created in view of the above circumstances, and collects packet data via an international ISP interconnection line to generate statistical data for each analysis item for packet data and flow, and based on the statistical data. The purpose of this study is to provide high-reliability evidence for settlement of traffic between foreign ISPs that are interconnected by generating traffic analysis data.

In order to realize the above object, the traffic analysis system on the interconnection line between the ISPs according to the present invention generates statistical information by using the AS reference information and the flow generated from the packet data collected on the interconnection line between the foreign ISPs. Integrated probes; And an analysis server for distributing the AS reference information to the integrated probe and performing traffic analysis on the interconnection line between the foreign ISPs using statistical information transmitted from the integrated probe.

Preferably, the present invention is characterized in that it further comprises a probe relay connected to the analysis server in a redundant structure, at least one integrated probe is connected to perform a relay function between the analysis server and the integrated probe.

Preferably, the integrated probe and the analysis server in the present invention is characterized in that for transmitting and receiving data by FTP.

Preferably, in the present invention, the integrated probe is a packet collection unit for collecting all the packet data via the interconnection line between the foreign ISP, a flow generation unit for generating a flow from the packet data, the AS reference transmitted from the analysis server AS reference information storage unit for storing information, flow mapping and analysis unit for analyzing the packet data and the flow based on the AS reference information and stores the statistical information in a statistical memory block for each analysis item, the AS reference information storage And a statistical information management unit for managing the unit and filing the statistical information stored in the statistical memory block for each analysis item according to a statistical period and transmitting the file to the analysis server.

Preferably, in the present invention, the statistical information includes statistical information for each analysis item and traffic occupancy statistics information for each hop.

Preferably, in the present invention, the statistical information for each analysis item may be information stored for each analysis item in an AS statistical memory block, an AS-PATH memory block, an ISP statistical memory block, and a national statistical memory block.

Preferably, in the present invention, the AS statistics memory block, the AS-PATH memory block, the ISP statistics memory block, and the national statistics memory block have the same structure as the schema of the DB of the analysis server.

Preferably, in the present invention, the AS reference information includes AS-PATH reference information and AS / ISP / country information.

Preferably, in the present invention, the AS-PATH reference information is generated based on BGP snapshot information and BGP history information.

Preferably, in the present invention, the AS information is collected from a domain name server managing each AS.

In order to achieve the above object, the traffic analysis method on the interconnection line between the ISPs according to the present invention includes (a) an AS-PATH reference information provided by an analysis server that provides the traffic analysis result on the interconnection line between the ISPs on the web. Current process, (b) collecting AS (Autonomous system) information, (c) generating AS reference information by combining the AS-PATH reference information and the AS information, (d) interconnection between foreign ISPs Distributing the AS reference information to an integrated probe that collects packet traffic on a circuit and performs traffic analysis on the interconnection line between the ISPs; and (e) the integrated probe detects the packet traffic and the based on the AS reference information. Analyzing the flow generated from the packet traffic to generate statistical information for each analysis item, (f) providing statistical information for each analysis item to the analysis server according to a statistical period It is characterized by having a process.

Preferably, in the present invention, the step (a) includes (a1) loading pre-stored AS-PATH reference information, and (a2) IRIMS (GRI) for collecting BGP snapshot information from a GB (Global Hub Router) of each ISP. Collecting BGP snapshot information and BGP history information from Routing Information Management Management System) to generate the AS-PATH reference information, (a3) comparing the pre-stored AS-PATH reference information and the generated AS-PATH reference information It is characterized in that it comprises a process for performing the currentization of the AS-PATH reference information.

Preferably, the step (b) in the present invention is characterized by collecting the ISP information and country information of each AS from the domain name server of each AS.

Preferably, in the present invention, the step (b) includes (b1) downloading a file in which domain name server information for each AS is stored by FTP, and (b2) collecting domain name server information of each AS from the file. (b3) collecting ISP information and country information of each AS from the collected domain name server.

Preferably, the analysis item for analyzing the statistical information in the step (e) in the present invention is characterized in that it includes AS statistics, AS-PATH statistics, ISP statistics, national statistics.

Preferably, in the present invention, the analysis server and the integrated probe is characterized in that for transmitting and receiving data in the FTP method.

Preferably, in the present invention, the statistical information for each analysis item is managed in the same structure as the schema of the DB of the analysis server.

Preferably, the present invention is characterized in that the method further comprises the step of transmitting the traffic occupancy statistics information for each hop generated based on the statistical information for each analysis item to the analysis server.

Hereinafter, with reference to the accompanying drawings will be described the present invention in more detail.

1 is an overall configuration diagram of a traffic analysis system on an interconnection line between foreign ISPs according to an embodiment of the present invention.

In the traffic analysis system on the interconnection line between the ISPs according to the embodiment of the present invention, as shown in FIG. 1, the integration probe 30 in charge of packet collection and flow generation for the interconnection line between the foreign ISPs, each integration ISP in various ways using statistical information transmitted from probe relay 40 and integrated probe 30 in charge of load distribution and AS reference information distribution during data transmission from probe 30 to analysis server 50 Analysis server 50, which performs traffic analysis on the interconnection line between each other, provides Border Gateway Protocol (BGP) snapshot information and BGP history information to the analysis server 50, thereby analyzing the AS-PATH (Autonomous System) system. PATH (Internet Routing Infornmation Management System) to make the reference information current, and a web server 70 for displaying a web screen of the analyzed result.

The integrated probe 30 generates statistical data of an item capable of analyzing raw data collected in a link between interconnection lines between foreign ISPs and analyzes the statistical file for the statistical data through the probe relay 40 through the analysis server 50. By transmitting to the network, it reduces the network transmission load burden.

In FIG. 1, ISP 1 (10) and ISP 2 (20) are Tier 1 ISPs.

2 is a detailed block diagram of the integrated probe 30.

A packet collector 31 for collecting all packet data via ISP 1 10 and ISP 2 20, a flow generator 32 for generating a flow from the collected packet data, and the packet collector 31 is a flow mapping and analysis unit 33 analyzing the packet data output from the flow and the flow output from the flow generating unit 32 to calculate the statistical information for each analysis item and store in the statistical memory block 37 for each analysis item , A statistical memory block 37 for each analysis item having the same structure as the schema of the DB 60 managed by the analysis server 50, and an AS reference information storage unit 35 for storing AS reference information for flow mapping and analysis. ), When a file transmitted by FTP (File Transfer Protocol) is received through the FTP processing unit 38, the file is analyzed to perform the currentization of the AS reference information and stored in the statistical memory block 37 for each analysis item. Schedule Statistics information management unit 39 for generating a statistical file for each analysis item at intervals and transmits to the probe relay 40 through the FTP processing unit 38. The statistical information manager 39 generates the traffic occupancy statistics information for each hop by using the AS-PATH statistical information and transmits it to the analysis server 50 through the FTP processor 38.

The probe relay 40 collects and manages state information of the integrated probe 30 and simultaneously performs a relay function between the integrated probe 30 and the analysis server 50. Preferably, the probe relay 40 has a redundant structure.

The analysis server 50 manages equipment / link information, AS information, and website information, and simultaneously stores statistical information for each analysis item and traffic occupancy statistics for each hop transmitted from the integrated probe 30 in the DB 60, This function performs traffic analysis on packet data and flow through the link between ISPs using the stored information.

Next, a traffic analysis method on an interconnection line between foreign ISPs according to an embodiment of the present invention will be described in detail with reference to the flowchart shown in FIG. 3.

When the AS analysis is started, the analysis server 50 loads previously stored AS-PATH reference information (S2), and updates and stores the AS-PATH reference information with the latest information (S4).

In step S4, the analysis server 50 reads BGP snapshot information and BGP history information by interworking with IRIMS having Border Gateway Protocol (BGP) routing information and updates the AS-PATH reference information to the latest state. .

The BGP snapshot information includes network band information (Network), network prefix length information (Network Mask), representative IP information of the source equipment (Next Hop), AS path information (AS Path), and router IP information (Originator) that sent source route information. ID).

BGP history information includes AS information change time information (collection time), network band information (Network), network prefix length information (Network Mask), representative IP information of origin equipment (Next Hop), AS path information (AS Path), source Router IP information that sent the route information (Originator ID), Representative IP information of the OLD origin equipment (Old Next Hop), Old As Path (OldAsPath), Router IP information that sent the old source route information (Old Originator ID), Add / Delete It includes / change status information (ClagFlag).

The analysis server 50 runs an AS collector (not shown) to collect ISP / country information for the AS. When the AS Collector runs, it downloads the file where the AS-specific domain management server is stored (for example, the http://www.iana.org/assignments/as-number file) by FTP to the domain management server for each AS (eg Whois Management Server). ) Extract the information. The AS collector retrieves the AS information from 1 to 65534 to the corresponding domain management server {eg, Whois.ripe.net, Whois.afrinc.net, Whois.lacnic.net, Whois.apnic.net, Whois.arin.net}. And parse the query result to build an ISP / country database for each AS (S6). For example, in the case of an area reserved by the Internet Assigned Number Authority (IANA), the AS name is "IANA-RSVD", the ISP name is "Internet Assigned Number Authority", and the country code is "US". If the country code is "KR", information is re-inquired into "Whois.krnic.net" to extract Korean information.

The AS-PATH reference information and the AS / ISP / national information constructed through the above-described process are stored in the analysis server 50 as one AS reference information file, and the AS reference information file is integrated probe through the probe relay 40. FTP is sent to 30.

The integrated probe 30 minimizes the influence of packet collection / analysis by loading the AS reference information in the background and applying the latest AS reference information in a memory exchange method using double buffering. The integrated probe 30 compares the IP band of the collected packet data with the distributed AS reference information to obtain AS / ISP / country information on the corresponding IP.

When the step S10 is finished, the integration probe 30 performs a flow mapping and analysis process (S12). First, check whether the IP band to be analyzed is in the network band of the AS reference information. If mapping is not possible, add the unclassified, and if it is mapped with the corresponding IP band, traffic attributes (flows / packets / data amount) are accumulated in the statistics memory block 37 for each analysis item (AS / AS-PATH / ISP / country). do. As shown in FIG. 4, the statistical memory block 37 for each analysis item is divided into analysis items. As such, the reason for organizing the statistics area for each analysis item into each analysis item, for example, AS statistics, AS-PATH statistics, ISP statistics, and country statistics, is for the purpose of increasing memory efficiency and easy to classify the architecture. It is possible to configure, and to facilitate the calculation of statistical data. With the above structure, additional aggregation is unnecessary, and the statistical calculation processing speed can be improved. Since the statistical memory block 37 for each analysis item is designed in the same manner as the DB 60 schema of the analysis server 50, the analysis server 50 separately stores the statistical information for each analysis item in the DB 60. No processing is required to avoid additional loads.

Subsequently, the integrated probe performs statistical result calculation (S16).

When the statistical unit time (for example, 5 minutes) elapses, the statistical information management unit 39 of the integrated probe 30 stores the statistical information for each analysis item stored in the statistical memory block 37 for each analysis item in a file form and stores the data in the FTP processing unit ( 38) is transferred to the analysis server 50 by FTP (File Transfer Protocol). Thus, the analysis server 50 stores the statistical information for each analysis item in the DB 60 through the SQL loader.

Apart from the above-described AS analysis process, the integrated probe 30 generates the traffic occupancy statistics information for each hop by using the statistical information for each AS-PATH.

The traffic occupancy rate of each hop can be calculated through the traffic volume passing through a specific AS-PATH.

As shown in the table of FIG. 5A, AS-PATH traffic for each key using statistical data for each key stored in the statistical memory block 37 for each analysis item in a state where a key value is set for each path. If we calculate the table as shown in (b) of FIG.

Meanwhile, when the hierarchical structure of each AS-PATH is calculated by separately storing the traffic attribute table for each key (not shown) and the tables having key values for each AS-PATH are summed, as shown in FIG. As shown, the hierarchy for each AS-PATH is displayed.

6 is a traffic occupancy statistics table for each hop generated by the process described with reference to FIG. 5 (by AS-PATH).

As shown in FIG. 7, the probe relay 40 and the integrated probe 30 applied to the traffic analysis system and method on the interconnection line between the foreign ISPs according to the present invention may include the integrated probe 30 and the probe relay 40. In addition, the analysis server 50 has a three-tier structure, and data transmission and reception between each server device is made by FTP communication.

The probe relays # 1 and # 2 distribute AS reference information transmitted from the analysis server 50 to the integrated probes # 1, # 2, # 3, and # 4, and each integrated probe # 1, # 2, # 3, # This function distributes statistical information for each analysis item transmitted from 4 and traffic occupancy statistics for each hop. Therefore, if the probe relay fails, data transmission between the analysis server and the integrated probe connected to the probe relay will not be performed normally. In the present invention, in order to prevent such a failure of the probe relay, the probe relay is configured in a redundant structure as shown in FIG. 7.

When both probe relays # 1 and # 2 are normal, the analysis server 50 transmits the AS reference information to the probe relay # 1 and the probe relay # 2, and the probe relay # 1 transmits the AS reference information to the integrated probe # 1, Send to # 2. In addition, the probe relay # 2 transmits the AS reference information to the integrated probes # 3 and # 4.

Integrated probes # 1 and # 2 generate statistical information for each analysis item and traffic occupancy statistics for each hop from the collected packets, and transmit the statistical information to probe relay # 1, and integrated probes # 3 and # 4 collect the collected packets. After generating statistical information for each analysis item and traffic occupancy statistics for each hop from the statistical information is transmitted to the probe relay # 2. Each of the probe relays # 1 and # 2 transmits statistical information for each analysis item and traffic occupancy statistics for each hop received from the integrated probes # 1, # 2, # 3, and # 4 to the analysis server 50.

If, as shown in FIG. 8, a failure occurs in the probe relay # 1 and no data is transmitted from the probe relay # 1 to the analysis server 50, the probe relay # 1 may immediately return statistics and status to the probe relay # 2. Send the data.

The transfer criterion from the probe relay # 1 to the probe relay # 2 instructs the probe relay # 2 to switch to the probe relay # 2 when there is no response because the FTP server attempts 3 times or more in the analysis server 50.

The failed probe relay # 1 disconnects and rejects the integrated probes # 1 and # 2. The integrated probes # 1 and # 2 attempt to connect to the probe relay # 2 after confirming the connection rejection of the probe relay # 1. . Integrated probes # 1 and # 2 use probe relay # 2 to request and receive distribution data such as AS reference information.Integrated probes # 1 and # 2 use probe relay # 2 to provide statistical information for each analysis item and traffic occupancy statistics for each hop. send.

At this time, the probe relay # 2 periodically checks the Alive state of the probe relay # 1 so that the integrated probes # 1 and # 2 are connected to the probe relay # 1 when the probe relay # 1 becomes the Alive state.

On the other hand, the analysis server 50 received the statistical information for each analysis item and the traffic occupancy statistics by hop transmitted from the integrated probe 30, the total traffic analysis between ISP, traffic status analysis per AS link, AS-PATH per link Traffic Status Analysis, Traffic Status Analysis by ISP by Link, Traffic Status Analysis by Country by Link, TOP-N by AS Set, Top N by ISP Set, Top N by Country Set, Engineering Perspective Analysis, Link Traffic Status, Protocol Analysis Performs application analysis, web site analysis, etc.

As shown in FIG. 9, the total traffic traffic analysis between ISPs may be performed by analyzing the total traffic volume of each individual link, the total traffic volume of each individual link, detailed traffic analysis by time, and analysis by application.

As shown in FIG. 10, the traffic status analysis for each link may be performed by analyzing the total amount of up and down traffic of individual AS, detailed traffic analysis by time, and analysis by application.

As shown in FIG. 11, the traffic status analysis for each link may be performed by analyzing the total amount of up and down traffic of individual AS-PATH, detailed traffic analysis by time, and analysis by application.

As shown in FIG. 12, the traffic status analysis for each link ISP may be performed by analyzing the total amount of up and down traffic of individual ISPs, detailed traffic analysis by time, and analysis by application.

As shown in FIG. 13, the traffic status analysis by country for each link may be performed to analyze the total amount of up and down traffic of individual countries, detailed traffic analysis by time, and analysis by application.

As shown in FIG. 14, the TOP-N of each AS set may perform a Top-N list of traffic volume between up and down AS, detailed traffic analysis by time between AS, and application analysis of traffic between AS. have.

As shown in FIG. 15, the Top N for each ISP set may perform a Top-N list of traffic volume between up and down ISPs, detailed traffic analysis for each ISP time, and application analysis of traffic between ISPs.

As shown in FIG. 16, the Top N of each country set may perform a Top-N list of traffic amount between up and down countries, detailed traffic analysis by time between countries, and application analysis of traffic between countries.

When the user terminal 80 requests a predetermined traffic analysis result through the web server 70, the analysis server 50 transmits the traffic analysis result calculated through the above-described process to the web server 70. As a result, the user can check the desired traffic analysis result.

As described above, according to the traffic analysis system and method on the interconnection line between foreign ISPs according to the embodiment of the present invention, packet data passing through the interconnection line between the foreign ISPs is collected and the packet data and flow By generating statistical data for each analysis item and generating traffic analysis data based on the statistical data, it is possible to provide settlement basis data between foreign ISPs with high reliability.

On the other hand, the present invention is not limited to the above-described embodiment, but can be modified and modified within the scope not departing from the gist of the present invention, such modifications and changes should be regarded as belonging to the following claims. will be.

Claims (18)

An integrated probe for generating statistical information using flows generated from packet data collected on interconnection lines between foreign ISPs and autonomous system (AS) reference information; And And an analysis server for distributing the AS reference information to the integrated probe and performing traffic analysis on the interconnection line between the foreign ISPs using statistical information transmitted from the integrated probe. Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 1, A probe relay is connected to the analysis server in a redundant structure, and at least one integrated probe is connected to perform a relay function between the analysis server and the integrated probe. Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 2, wherein the integrated probe and the analysis server Characterized in that the data transmission and reception by FTP (File Trnsfer Protocol) Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 1, wherein the integrated probe is A packet collecting unit for collecting all packet data via an interconnection line between foreign ISPs; A flow generating unit generating a flow from the packet data; An AS reference information storage unit for storing the AS reference information transmitted from the analysis server; A flow mapping and analysis unit for analyzing the packet data and the flow based on the AS reference information and storing the statistical information in a statistical memory block for each analysis item; And a statistical information manager to manage the AS reference information storage unit and to file the statistical information stored in the statistical memory block for each analysis item according to a statistical period to the analysis server. Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 1 or 4, wherein the statistical information Characterized in that it comprises statistical information for each analysis item and traffic occupancy statistics information for each hop. Traffic analysis system on interconnection lines between foreign ISPs. In the fifth sulfur, the statistical information for each analysis item is Characterized in that the information stored for each analysis item in the AS statistical memory block, AS-PATH memory block, ISP statistical memory block, national statistical memory block Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 6, wherein the AS statistics memory block, AS-PATH memory block, ISP statistics memory block, country statistics memory block Characterized in that the same structure as the schema of the DB of the analysis server Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 1 or 4, wherein the AS reference information is Characterized in that it includes AS-PATH reference information and AS / ISP / country information Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 8, wherein the AS-PATH reference information is Characterized in that it is generated based on the BGP snapshot information and BGP history information Traffic analysis system on interconnection lines between foreign ISPs. The method of claim 8, wherein the AS information is Collecting from the domain name server managing each AS Traffic analysis system on interconnection lines between foreign ISPs. (a) presenting an AS-PATH reference information by an analysis server providing a result of traffic analysis on an interconnection line between foreign ISPs on the Web; (b) collecting AS (Autonomous system) information; (c) generating AS reference information by combining the AS-PATH reference information and the AS information; (d) distributing the AS reference information to an integrated probe for collecting packet traffic on an interconnection line between foreign ISPs and performing traffic analysis on the interconnection line between the foreign ISPs; (e) generating, by the integrated probe, statistical information for each analysis item by analyzing the packet traffic and the flow generated from the packet traffic based on the AS reference information; (f) providing statistical information for each analysis item to the analysis server according to a statistical period. Traffic analysis method on interconnection line between international ISPs. The method of claim 11, wherein the step (a) (a1) loading pre-stored AS-PATH reference information; (a2) Process of generating AS-PATH reference information by collecting BGP snapshot information and BGP history information from Internet Routing Information Management Management System (IRMS) that collects BGP snapshot information from GB (Global Hub Router) of each ISP ; (a3) comparing the pre-stored AS-PATH reference information with the generated AS-PATH reference information to perform the currentization of the AS-PATH reference information. Traffic analysis method on interconnection line between international ISPs. The method of claim 11, wherein (b) Collecting ISP information and country information of each AS from the domain name server of each AS Traffic analysis method on interconnection line between international ISPs. The method of claim 11 or 13, wherein the step (b) (b1) FTP downloading a file storing domain name server information for each AS; (b2) collecting domain name server information of each AS from the file; (b3) collecting ISP information and country information of each AS from the collected domain name server; Traffic analysis method on interconnection line between international ISPs. The method of claim 11, wherein the analysis item for analyzing the statistical information in the step (e) Including AS statistics, AS-PATH statistics, ISP statistics, and country statistics. Traffic analysis method on interconnection line between international ISPs. The method of claim 11, wherein the analysis server and the integration probe between Characterized in that for transmitting and receiving data by FTP method Traffic analysis method on interconnection line between international ISPs. The method of claim 15, wherein the statistical information for each analysis item is Characterized in that the same structure as the schema of the DB of the analysis server Traffic analysis method on interconnection line between international ISPs. The method of claim 11, (g) further comprising a step of filing the traffic occupancy statistics information for each hop generated based on the statistical information for each analysis item and transmitting the data to the analysis server; Traffic analysis method on interconnection line between international ISPs.

Images