It’s Arbor Day Along Cox’s Backbone

Cox Communications Inc. is deploying a traffic-management system from Arbor Networks across its nationwide backbone, to give the MSO greater visibility into its current bandwidth usage as well as the ability to model future network traffic.

Arbor’s Peakflow SP allows an MSO to analyze transit, peering and backbone traffic.

“We first deployed Peakflow SP’s DoS (denial of service) module to protect our network from DoS attacks,” said Cox manager of network engineering and architecture Randy Kinsey. “We found that Peakflow gave us visibility into the behavior of our network.

“When we later decided to expand our traffic monitoring beyond peering to include internal traffic analysis, it made sense to evaluate Peakflow SP’s traffic module. We are now using a single platform to address both security and operations.”

Kinsey said Cox was using a similar product from another vendor, but ran into trouble trying to scale it.

“We monitor traffic in and out of the network to see who we should be peering with and we needed to see the internal flow models,” which Arbor provided, he said.

Prior to launching Arbor, Cox could see that it was ingesting 2 Gigabits of data from Comcast, “but I had no idea where the 2 Gigs were going in my network,” Kinsey said

The Arbor system allows Cox to break down the data traffic by source and destination, so engineers can see how much traffic is going to Dallas, rather than Phoenix or Oklahoma City. “We do failure analysis, so we need to have accurate traffic-flow information,” Kinsey said.

The Arbor software sits on four servers on Cox’s backbone in San Diego, Oklahoma, Atlanta and Northern Virginia. A fifth server in Atlanta serves as the system controller.

All the routers on Cox’s backbone send information to the four regional servers, which then sends it on to the Atlanta server-controller for corporate engineers to monitor.

“As the volume [of Web traffic] grows, these pipes become fuller and fuller,” Kinsey said. “You reach a point where the pipe is reaching capacity. We have the entire network modeled.” During heavy periods, Cox can expand bandwidth or reroute traffic, he said.

Arbor software also allows Cox to run simulations and failure analyses. For instance, the MSO can simulate moving traffic from one set of pipes on its backbone to another, to see the effects of such a maneuver before doing so for real.

“We can see where the hot spots are and we can do long-scale planning,” Kinsey said.

Arbor was formed three years ago, basing its product on technology the University of Michigan had developed to look at Internet traffic, said director of product development Paul Morville. It has raised $33 million in two funding rounds, and is backed by Battery Ventures, Thomas Weisel Venture Partners, Cisco Systems Inc. and Comcast Interactive Capital.

The software tools were designed to detect traffic anomalies for broadband-network providers. To date, seven of the top nine MSOs are using either Arbor’s DoS or Peakflow SP product, or a combination of both.

“We are an aggregation layer above the CMTS,” Morville said. “It pulls in routing and peer traffic information, and we’re able to create a holistic, network-wide view of data.”

Morville said the DoS and Peakflow products play off each other, as MSOs can see traffic problems, then look at the DoS data to see where problems are occurring.

Arbor is working on further software enhancements, such as a traffic-visualization product, which MSOs could sell to their high-speed data business customers.