Fact-checked by Grok 2 weeks ago

Network traffic

Network traffic, also known as data traffic, refers to the volume of packets transmitted between computing devices over a during a specific period, encompassing communications carried via wired or mediums between hosts. In computer networking, this traffic is fundamental to enabling exchange and is typically measured in bits per second (bps) or packets per second to gauge network utilization and performance. Key classifications of network traffic include , which directs packets from a single source to one specific destination; , which delivers packets from one source to a selected group of recipients; and broadcast, which sends packets to all devices within a . Additionally, traffic can be categorized by timing requirements as , such as (VoIP) or video streaming that demands low latency, or non-real-time, like file transfers via FTP that tolerate delays. Directional flows further distinguish north-south traffic, involving client-to-server exchanges between internal networks and external entities, from , which occurs between servers within a . Effective management of network traffic is essential for optimizing , preventing , and enhancing , often achieved through monitoring tools such as packet sniffers for capturing data flows, flow collectors for aggregating statistics, and intrusion detection systems for threat analysis. High volumes of traffic can lead to bottlenecks, increased , or vulnerability to attacks like denial-of-service, underscoring the need for protocols and techniques that ensure reliable transmission and .

Fundamentals

Definition and Scope

Network traffic refers to the amount of moving across a at a given point of time, consisting primarily of data packets or transmitted over a interface between hosts via wired or connections. This includes both user-generated , such as emails, browsing requests, and file transfers, as well as system-generated traffic like routing updates, acknowledgments, and error control messages essential for operation. The scope of network traffic encompasses a wide range of network types, from local area networks (LANs) that connect devices within a limited geographic area like a building or campus, to wide area networks (WANs) spanning cities or countries, and internet-scale traffic that interconnects global autonomous systems. It focuses on the logical flow and content of digital data rather than the underlying physical signal propagation, such as electromagnetic waves or optical pulses carrying the bits. Understanding network traffic presupposes a basic familiarity with data packets—self-contained units of information routed independently—and network interfaces, the hardware points where devices connect to the network medium. The concept of network traffic emerged in the late 1960s with the development of , the pioneering packet-switched network funded by the U.S. Department of Defense's Advanced Research Projects Agency (ARPA), which connected four university computers in 1969 to enable resource sharing among researchers. Its growth accelerated in the 1980s following the adoption of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite as the standard for in 1983, facilitating the interconnection of diverse networks and laying the foundation for the modern . Post-1990s, network traffic exploded with the advent of the in 1991 and the proliferation of and mobile data services; for instance, global users surged from about 45 million in 1996 to over 150 million by 1999, driving exponential increases in data volumes dominated by web and emerging multimedia applications.

Key Components

Network traffic is fundamentally composed of discrete units organized hierarchically across network layers, each encapsulating information for transmission, , and delivery. At the , Ethernet frames form the basic structure for communication over local area networks, consisting of a 7-byte for synchronization, a 1-byte start frame delimiter, 6-byte destination and source media access control (MAC) addresses, a 2-byte length or field indicating the type, a variable-length (typically 46-1500 bytes) carrying higher-layer , and a 4-byte for error detection. These frames ensure reliable link-level transmission within a shared medium. At the network layer, the (IP) encapsulates data into packets, known as datagrams in IPv4, which include a header and to enable routing across interconnected networks. The IPv4 header comprises fields such as a 4-bit version indicator, 4-bit internet header length (minimum 20 bytes), 8-bit for quality-of-service prioritization, 16-bit total length (up to bytes), 16-bit identification for fragmentation, 3-bit flags and 13-bit fragment offset for reassembly, 8-bit to prevent infinite loops, 8-bit protocol specifying the next-layer protocol (e.g., or ), 16-bit header , 32-bit source and destination IP addresses, and variable options padded to a 32-bit boundary; the follows, containing transport-layer data or other protocols. This structure allows IP packets to be forwarded independently based on destination addresses, forming the core of internetwork traffic flow. Transport-layer protocols further segment data into units tailored to reliability needs. The Transmission Control Protocol (TCP) creates segments for connection-oriented, reliable delivery, with a header featuring 16-bit source and destination ports for application identification, 32-bit sequence and acknowledgment numbers for ordering and confirmation, 4-bit data offset, 6-bit control flags (e.g., SYN for synchronization, ACK for acknowledgment, FIN for termination), 16-bit window size for flow control, 16-bit checksum for integrity (including a pseudo-header), 16-bit urgent pointer, and variable options like maximum segment size; the payload holds application data. In contrast, the User Datagram Protocol (UDP) uses simple datagrams for connectionless, low-overhead transmission, limited to an 8-byte header with 16-bit source and destination ports, 16-bit length, and 16-bit checksum (optional, covering a pseudo-header), followed by the payload. These segments or datagrams are inserted into IP packet payloads for routing. Application-layer protocols, such as the Hypertext Transfer Protocol (HTTP), generate traffic by structuring requests and responses (e.g., GET methods for web resources) that are encapsulated within TCP segments and IP packets, facilitating web-based communications. IP itself handles the addressing and routing of these encapsulated units across networks, ensuring delivery from source to destination. Sources of network traffic span diverse endpoints and processes that initiate or respond to data exchanges. End-user devices, including computers and mobile phones, produce traffic through user activities like , streaming, and file transfers. Servers generate responsive traffic, such as web pages or database queries, to fulfill client requests from these devices. (IoT) devices, equipped with sensors and connectivity, contribute ongoing traffic for applications in monitoring, automation, and data collection across sectors like and smart cities. Background processes, including operating system updates, device , and tasks, add unsolicited traffic without direct user initiation, often running periodically to maintain system integrity.

Measurement

Units and Metrics

Network traffic is quantified using standardized units that capture the rate of data transmission and processing. The fundamental unit for data rate is bits per second (bps), which denotes the number of binary digits transferred over a link in one second. Packets per second (pps) measures the rate at which discrete data packets are sent or received, particularly relevant for assessing device forwarding capabilities. Bytes per second (Bps), equivalent to eight bits per byte, is another common unit for expressing rates in terms of aggregated data payloads. These units are scaled with SI prefixes to accommodate varying network scales: kilo- (k, 10³), mega- (M, 10⁶), and , yielding terms such as kilobits per second (kbps), megabits per second (Mbps), and gigabits per second (Gbps). For example, modern backbone links often operate at tens or hundreds of Gbps to handle aggregate traffic volumes. Terabits per second (Tbps) extends this for ultra-high-capacity environments. Key performance metrics provide deeper insights into network behavior beyond raw units. represents the theoretical maximum data rate a link or path can support, typically constrained by physical or protocol limits and measured in bps. Throughput is the realized data rate of successful transmission under operational conditions, also in bps, influenced by factors like and errors. , or one-way delay, is the elapsed time for the first bit of a packet to travel from source to destination, expressed in seconds and critical for time-sensitive applications. , the variation in successive packet delays, measures delay inconsistency and is quantified as the difference between inter-packet delays, often in milliseconds. A distinction exists between throughput and , the latter focusing on application-usable . Goodput excludes overhead such as packet headers, acknowledgments, and retransmissions, representing only the bits delivered to the intended destination without loss or duplication, and is always less than or equal to throughput. This metric is essential for evaluating end-to-end efficiency in protocol-layered networks. Traffic often displays bursty characteristics, where arrives in irregular spikes rather than steady flows. Peak rate captures the highest instantaneous rate during these bursts, while average rate reflects the over an extended , such as a minute or hour. These rates guide , as provisioning solely for peaks can lead to inefficiency, whereas averages inform sustainable utilization. For instance, may exhibit short peaks at Gbps levels against Mbps averages.

Tools and Techniques

Network traffic measurement relies on a variety of techniques to capture and analyze data passing through networks. Packet sniffing, also known as packet capturing, involves intercepting and logging packets that traverse a interface, often by placing the network interface card () in , where it accepts all packets regardless of their destination address. This provides detailed visibility into individual packets, enabling the examination of headers and payloads for and diagnostics. Flow-based monitoring offers a higher-level by aggregating packet data into flows, which are sequences of packets sharing common attributes such as source and destination IP addresses, ports, and protocols. , originally developed by , collects and exports flow information from routers and switches to a collector for analysis, focusing on traffic volume and patterns without capturing full packet contents. Similarly, sFlow employs random packet sampling to export sampled packet headers and interface counters, reducing overhead in high-speed networks. (DPI) extends beyond headers to examine the payload of packets, identifying application-layer protocols and content for advanced classification and security purposes. Software tools facilitate the practical implementation of these techniques. is a widely used open-source that captures live data and displays packet details in a user-friendly graphical , supporting for comprehensive sniffing. serves as a command-line counterpart, allowing users to capture and filter packets in real-time or from saved files, ideal for scripted analysis in environments. For device-level monitoring, (SNMP) enables polling of devices such as routers and switches to retrieve performance metrics like utilization and error rates. Hardware solutions complement software by providing passive access to traffic without disrupting network operations. Network taps insert into links to mirror full-duplex traffic to monitoring ports, ensuring no in high-bandwidth environments. Probes are dedicated appliances that capture and sometimes preprocess traffic, often integrating with analyzers for real-time inspection. Commercial analyzers, such as those from , offer portable or rack-mounted devices for protocol decoding and performance testing, while provides integrated hardware-software platforms for traffic visualization and alerting. Standardized protocols ensure interoperability in flow export. The IP Flow Information Export (IPFIX) protocol, defined in 5101 and updated in 7011, standardizes the format and transmission of data since 2008, allowing flexible templates for exporting detailed information from exporters to collectors. This enables scalable monitoring across diverse network devices, building on earlier protocols like version 9.

Characteristics

Volume and Patterns

Network traffic volume has grown exponentially over the decades, driven primarily by the of internet-connected devices and bandwidth-intensive applications. In the mid-1990s, global traffic was on the order of hundreds of terabytes per month across major backbones, reflecting the nascent stage of the commercial . Forecasts from Cisco's Annual Internet Report (2018–2023) projected annual global traffic to reach approximately 4.8 zettabytes by 2022. By 2024, actual total had reached about 7.3 zettabytes annually, according to ITU estimates. In 2024, global averaged 33 exabytes per day, with video comprising around 69% of fixed access traffic. Emerging AI-driven services are contributing to further increases in uplink traffic and burstiness. This represents a exceeding 20% in recent years, with video streaming accounting for over 65% of total traffic volume. Temporal patterns in network reveal distinct behavioral characteristics that influence network design and . Diurnal cycles are prominent, with traffic volumes peaking during in workdays—typically between 9 a.m. and 5 p.m. —and declining at night, reflecting activity rhythms across time zones. manifests as short-duration, high-volume spikes, often lasting seconds to minutes, caused by synchronized user behaviors such as file downloads or live event streaming. Additionally, traffic exhibits , a fractal-like property characterized by where variability persists across multiple time scales, from milliseconds to days, as identified in seminal analyses of Ethernet and wide-area . Emerging trends further shape these volume and pattern dynamics. Download-to-upload ratios remain highly asymmetric, with downstream vastly outpacing upstream; for instance, the increased from 3:1 in 2010 to over 14:1 by 2019, underscoring the dominance of content consumption over generation in most networks. The deployment of networks and exacerbates volume spikes by enabling massive connectivity and real-time applications, leading to bursty patterns with peaks up to tens of Mbps for brief durations, such as in AI-driven services.

Types and Classification

Network traffic is commonly classified by protocol, which determines the fundamental behavior of data transmission. The provides reliable, connection-oriented communication by establishing a through a three-way handshake, ensuring ordered delivery, error checking, and retransmission of lost packets, making it suitable for applications like bulk file transfers and downloads. In contrast, the is connectionless and unreliable, offering minimal overhead without guarantees for delivery, ordering, or error correction, which supports low-latency applications such as real-time (VoIP) where occasional packet loss is tolerable. Classification by content focuses on the protocols that generate specific types of traffic. Web traffic primarily uses the Hypertext Transfer Protocol (HTTP) or its secure variant () for retrieving and transmitting hypertext documents, images, and other resources via request-response exchanges over . Email traffic relies on the (SMTP) to transfer messages between servers, involving commands like MAIL FROM and RCPT TO to specify senders and recipients before data transmission. Streaming media employs the (RTP) over to deliver time-sensitive audio and video packets with timestamps and sequence numbers for synchronization, often paired with the (RTCP) for quality feedback. Peer-to-peer (P2P) traffic, exemplified by , involves decentralized file sharing where peers exchange data chunks symmetrically over or uTP connections, enabling efficient distribution without central servers. Several methods exist for classifying network traffic, each leveraging different packet attributes. Port-based classification identifies traffic by examining TCP/UDP port numbers assigned to services, such as for HTTP, offering simplicity and speed but limited accuracy due to port randomization by modern applications. Payload-based approaches, known as (DPI), analyze the content of packet payloads against predefined signatures to achieve high precision for known protocols, though they are computationally intensive and ineffective against encryption. Behavioral classification uses to detect patterns in flow statistics like packet sizes, inter-arrival times, and directions, enabling identification of applications without accessing payloads; seminal work in this area includes models that achieve high accuracy on flow-based features. Emerging traffic types present new classification challenges. (IoT) traffic is typically low-volume with high-frequency bursts, such as regular sensor readings every few seconds in smart healthcare or irregular updates in vehicle-to-vehicle communication, demanding efficient handling in constrained networks. Post-2010s, the widespread adoption of (e.g., over 95% of web traffic via ) has obscured payloads, forcing reliance on statistical features like packet timing and lengths, which complicates accurate classification and increases vulnerability to side-channel inferences.

Modeling and Analysis

Traffic Models

Network traffic models provide mathematical frameworks to represent the behavior of flows in communication systems, enabling analysis, prediction, and simulation of . These models abstract complex packet-level dynamics into tractable forms, such as processes or continuous approximations, to study phenomena like queueing delays and resource utilization. Early models focused on circuit-switched , while modern ones address packet-switched networks with bursty, variable-rate . The Poisson model assumes packet or connection arrivals follow a Poisson process, characterized by independent, random events with a constant average rate. This model is particularly suitable for low-load voice traffic, where calls arrive sporadically and independently, approximating traditional systems. The inter-arrival times between packets are exponentially distributed, with the probability density function given by f(t) = \lambda e^{-\lambda t} for t \geq 0, where \lambda is the arrival rate. In wide-area networks, empirical studies have validated the assumption for the arrival of user sessions, such as connections or FTP control channels, though it underperforms for aggregated data traffic exhibiting . Fluid models treat network traffic as a continuous rather than packets, simplifying analysis for large-scale systems with many flows. These models use ordinary differential equations to describe the evolution of traffic rates at routers or links. For instance, the rate of change in queue length x(t) at a link can be modeled as \frac{dx}{dt} = y(t) - \mu, where y(t) is the aggregate input rate from sources and \mu is the service rate (link capacity), assuming drop-tail queueing. This approach has been instrumental in analyzing congestion control protocols like , revealing stability conditions and equilibrium behaviors in networks with . Seminal work demonstrated that fluid approximations accurately predict throughput and queue dynamics for large populations of TCP flows, reducing compared to packet-level simulations. ON/OFF models capture the bursty nature of data traffic, such as web transfers or video streams, by representing sources as alternating between active (ON) periods of transmission and idle (OFF) periods. Each source is modeled as a two-state Markov chain, where transitions between states occur exponentially: the ON state generates packets at a constant rate, while the OFF state produces none. The superposition of multiple such sources approximates aggregate traffic, with parameters tuned to match empirical burst durations and idle times. This framework is effective for modeling variable bit rate sources, as heavy-tailed distributions in ON periods can induce self-similarity in the overall traffic. Validation of these models often involves tools to assess their predictive power for events like . Discrete-event simulators such as NS-3 implement arrivals via inter-arrival generators, approximations through rate-based applications, and ON/OFF behavior with configurable state timers. Studies using NS-3 have shown that these models accurately forecast queue overflows and under varying loads, with suitable for sparse voice and ON/OFF revealing burst-induced bottlenecks in data scenarios. For example, simulations validate models by comparing predicted steady-state rates to observed throughputs in emulated topologies.

Statistical Properties

Network traffic displays heavy-tailed distributions in key attributes such as packet sizes and inter-arrival times, which are frequently characterized by Pareto or lognormal probability distributions. These distributions imply that while most packets are small and inter-arrivals are short, a minority of large packets or long inter-arrivals dominate the overall traffic volume, adhering to the 80/20 rule where approximately 20% of the elements account for 80% of the usage. This property arises from the aggregation of diverse application behaviors and has been empirically observed across and traces, contributing to bursty traffic patterns that challenge traditional Poisson-based assumptions. A prominent statistical feature of network traffic is long-range dependence (LRD), where correlations persist over extended time scales, quantified by the Hurst parameter H > 0.5, indicating positive persistence rather than short-range memory. This self-similar behavior, first demonstrated in Ethernet measurements, results in traffic aggregates that scale similarly across time resolutions, leading to higher variability than predicted by Markovian models. The Hurst parameter is typically estimated using rescaled adjusted range (R/S) analysis, which examines the range of cumulative deviations in traffic traces relative to their standard deviation, revealing H values around 0.8-0.9 in real-world data. Traffic traces also exhibit complex correlation structures, with functions decaying hyperbolically rather than exponentially, underscoring a multifractal nature that captures varying degrees of across moments of the . This multifractality reflects heterogeneous at multiple scales, as opposed to the monofractal in , and has been validated through wavelet-based analysis of high-resolution packet-level from diverse . Such structures imply that traffic is not only long-range dependent but also intermittently intense, with local Hurst exponents varying significantly. Anomalies in network traffic, such as events exemplified by DDoS attack spikes, manifest as extreme deviations from baseline statistical properties, often exceeding detection thresholds set via or tests on packet attributes. These rare, high-impact events disrupt the heavy-tailed and LRD patterns, producing sudden surges in volume or altered inter-arrival distributions that statistical methods can identify by comparing observed rates against historical norms. For instance, DDoS floods may reduce packet size variance while inflating arrival rates, triggering alerts when metrics like source diversity fall below predefined thresholds derived from benign traffic profiles.

Management

Congestion Control

Network congestion arises when the volume of traffic exceeds the capacity of network links or buffers, leading to queue overflows in routers and switches, as well as link saturation. These conditions manifest as symptoms including , where excess packets are discarded, and increased end-to-end due to buffering delays. End-to-end congestion control is primarily managed by transport-layer protocols such as , which adjust sending rates based on inferred network conditions without direct router assistance. employs a congestion window to limit outstanding unacknowledged data, operating in phases like slow start—where the window grows exponentially (doubling every round-trip time) to probe available —and avoidance, where it increases linearly to maintain stability. Upon detecting via , uses the (AIMD) algorithm: the window increases additively by one segment per round-trip time during avoidance and decreases multiplicatively (typically halved) on loss, promoting fairness and preventing collapse. This mechanism, foundational since the late , has been standardized and refined in subsequent specifications. Recent standards, such as RFC 9743 (2025), provide frameworks for developing and assessing new congestion control algorithms to ensure stability in diverse networks. To enable earlier detection without packet drops, network-assisted approaches like (ECN) allow routers to mark congested packets using two bits in the (ECT and CE flags), signaling senders to reduce rates proactively. ECN integrates with by negotiating capability during connection setup and treating marks similarly to losses in congestion response, as defined in RFC 3168 published in 2001. Advanced protocols such as incorporate built-in congestion control tailored for modern , extending TCP-inspired mechanisms like cubic or BBR while operating over to avoid and improve deployment. QUIC's control uses similar window-based adjustments and supports ECN, enabling faster recovery and lower latency in lossy or variable networks, as specified in RFC 9000 (2021).

Quality of Service Mechanisms

Quality of Service (QoS) mechanisms enable networks to provide differentiated treatment to streams, ensuring that specific performance criteria are met for diverse applications. These mechanisms operate by classifying packets into service classes and enforcing policies that control key parameters, including , probability, , and bandwidth allocation. For instance, low-delay classes prioritize time-sensitive flows, while assured bandwidth guarantees prevent during . This differentiation is essential for supporting varied demands without overprovisioning resources across the entire network. In the (DiffServ) architecture, traffic is aggregated into behavior aggregate (BA) classes based on the (DS) field in the , which invokes per-hop behaviors (PHBs) at each router. A prominent example is the Expedited Forwarding (EF) PHB, designed for applications like (VoIP), which requires minimal delay variation and low loss by allocating a fixed portion of link and prioritizing access. DiffServ achieves by avoiding per-flow state, instead relying on devices for conditioning and core devices for simple forwarding based on markings. Conversely, the (IntServ) model provides reservation-based QoS through protocols like , establishing end-to-end resource commitments for individual flows. It defines service classes such as Guaranteed Service, which bounds maximum delay and ensures no loss for conforming traffic, and Controlled-Load Service, which emulates best-effort conditions under light load. These classes address parameters like peak data rate, size for burst tolerance, and minimum policed unit to quantify service levels. Core techniques for implementing QoS include traffic conditioning elements applied at network boundaries or within devices. Traffic shaping smooths bursty flows to conform to specified profiles, preventing downstream congestion; the leaky bucket algorithm exemplifies this by regulating output rate through a virtual bucket that leaks tokens at a constant rate (R), allowing bursts up to size (B) while delaying excess packets until tokens replenish. Policing, in contrast, enforces ingress limits by dropping or remarking non-conforming packets, such as those exceeding committed rates, to protect network resources without introducing delay. Queuing disciplines manage contention at output ports: Weighted Fair Queuing (WFQ) apportions bandwidth among classes based on weights, approximating generalized processor sharing to isolate flows and bound delays proportionally; Fair Queuing (FQ), including variants like Stochastic FQ, ensures equitable allocation across competing flows by simulating round-robin service in packet units, mitigating the impact of greedy sources. These techniques are often combined in a traffic conditioning block, where classification precedes metering, marking, shaping, or policing. Standardized frameworks underpin these mechanisms for interoperability. DiffServ, formalized in RFC 2474 (1998), redefines the IP header's Type of Service octet as the DS field for marking, enabling scalable, stateless QoS across domains without explicit reservations. IntServ, introduced in RFC 1633 (1994), supports fine-grained, reservation-oriented QoS via flow-specific signaling, though its limits scalability in large networks. In practice, routers implement QoS through modular datapaths: access control lists (ACLs), modeled as filter lists matching packet headers (e.g., source/destination , ports, or DSCP values), classify traffic into streams for policy application; LANs (VLANs) segment domains to isolate and prioritize flows at Layer 2, often integrating with QoS policies for end-to-end enforcement. However, encrypted traffic presents significant challenges, as it obscures payload details needed for deep classification, complicating prioritization and forcing reliance on header metadata or , which can degrade accuracy in mechanisms like application-aware policing. QoS is particularly vital for real-time traffic types, such as voice and video, that cannot tolerate high delay or loss.

Applications and Impacts

In Data Networks

In IP-based data networks such as the internet, traffic engineering at the autonomous system (AS) level relies heavily on the Border Gateway Protocol (BGP) to optimize routing and manage backbone flows. BGP enables operators to influence path selection through attributes like local preference and multi-exit discriminators, allowing for load balancing across multiple links and mitigation of congestion in high-capacity backbones. This approach has been formalized in principles that emphasize inter-domain coordination to handle the internet's scale, where traffic volumes often exceed petabits per day. Peering and transit agreements further shape by determining how data traverses between ASes, with offering settlement-free exchange for mutual benefit and providing paid access to the broader . These arrangements impact latency and throughput; for instance, paths typically exhibit lower queueing delays than routes for over 50% of ASes, as they reduce intermediary and costs. In practice, such agreements prioritize balanced ratios to avoid disputes, influencing global decisions and backbone efficiency. Cloud providers like (AWS) distribute traffic using services such as Elastic Load Balancing and Global Accelerator, which route incoming requests across multiple availability zones and edge locations to minimize . Similarly, content delivery networks (CDNs) like Akamai employ edge caching to store content closer to users, reducing round-trip times by offloading requests from origin servers and achieving cache hit ratios that can exceed 80% for popular assets. This caching mechanism not only cuts —often by 50% or more for static content—but also alleviates backbone strain by localizing traffic. Security in data networks involves detecting anomalies like distributed denial-of-service (DDoS) attacks, which generate anomalous traffic floods; in the , records include a 5.6 Tbps assault mitigated in 2024 and a 7.3 Tbps peak in 2025, both leveraging botnets to overwhelm infrastructures. These volumetric attacks, often exceeding 2 Tbps, disrupt legitimate flows by saturating links, prompting defenses like traffic scrubbing integrated into BGP routing. The rollout of since the has expanded addressable traffic by providing a 128-bit , enabling direct end-to-end connectivity without widespread and supporting the internet's growth to over 40% global adoption by 2022, with adoption reaching approximately 45% as of late 2025. This shift, driven by IPv4 exhaustion, has tripled IPv6 traffic shares in some regions from 2016 to 2017 alone, facilitating scalable data flows for emerging applications like .

In Telecommunications

In traditional telecommunications, network traffic in circuit-switched networks like the Public Switched Telephone Network (PSTN) is measured using the Erlang unit, a dimensionless measure of traffic intensity representing the average number of concurrent calls or busy resources over a period, such as one hour. This unit, named after A.K. Erlang and standardized by the ITU, quantifies voice call volume in telephony systems where dedicated circuits are established for the duration of each call, enabling precise dimensioning of switches and trunks to handle offered load without excessive blocking. For instance, in PSTN operations, traffic engineering relies on Erlang-based models like Erlang B for calculating blocking probabilities in circuit groups, ensuring reliable service for real-time voice communications. In mobile telecommunications, and networks exhibit distinct patterns influenced by user mobility, with handovers— the process of transferring active sessions between base stations—often inducing temporary spikes in signaling due to the burst of messages for measurement reporting, , and resource reconfiguration. These spikes, which can overwhelm elements during high-mobility scenarios like vehicular or dense environments, increase and risk service disruptions if not managed through predictive algorithms or load-aware mechanisms. Additionally, allocation profoundly affects handling; limited mid-band (3.3–8.5 GHz) constrains , leading to as demands grow, with projections indicating a 401 MHz shortfall by that could satisfy only 77% of peak in high-density areas. Efficient allocation of additional is essential to support exponential growth while maintaining quality for voice and services. The convergence of circuit-switched and packet-switched domains in telecommunications is exemplified by Voice over LTE (VoLTE), which integrates voice traffic over IP using the IP Multimedia Subsystem (IMS) architecture to deliver carrier-grade multimedia services across 4G networks. IMS, a standardized framework by 3GPP, provides a unified, access-agnostic core with components like the Proxy-CSCF for initial signaling contact, Interrogating-CSCF for routing, and Serving-CSCF for session control, enabling seamless SIP-based voice calls alongside data without fallback to legacy PSTN circuits. This architecture supports enhanced features such as HD voice and supplementary services, with VoLTE deployments reaching 226 operators in 97 countries by 2020 and continuing to expand, with VoLTE/VoNR expected to cover over 70% of global mobile connections by 2030. Globally, mobile data traffic has surged post-2010, growing nearly 300-fold from 2011 to 2021 and outpacing fixed-line broadband growth rates, with total monthly mobile traffic reaching 180 exabytes by Q2 2025 and projected to exceed 200 exabytes by year-end. By the mid-2010s, mobile traffic began surpassing fixed-line in volume for many regions due to smartphone proliferation and 4G adoption, a trend accelerating with 5G. Projections indicate 5G will account for 35% of mobile data traffic by end-2024, rising to over 50% by 2025 and 80% by 2030, driven by enhanced multimedia and IoT applications in telecom infrastructures.

References

  1. [1]
    Network Traffic - Glossary | CSRC
    Definitions: Computer network communications that are carried over wired or wireless networks between hosts. Sources: NIST SP 1800-10B from NIST SP 800-86Missing: authoritative | Show results with:authoritative
  2. [2]
    What is Network Traffic? | Definition from TechTarget
    Apr 24, 2025 · Network traffic is the amount of data that moves across a network during any given time. It is also referred to as data traffic, or simply traffic.Missing: authoritative | Show results with:authoritative
  3. [3]
    What Is Network Traffic? Definition and How To Monitor It - Fortinet
    Network traffic is the data moving across a computer network at any given time. Learn how monitoring traffic can improve network performance and security.Missing: authoritative | Show results with:authoritative
  4. [4]
    [PDF] Introduction to IP Multicast Routing - Stanford University
    There are three fundamental types of IPv4 addresses: unicast, broadcast, and multicast. A unicast address is designed to transmit a packet to a single ...
  5. [5]
    [PDF] A Summary of Network Traffic Monitoring and Analysis Techniques
    RMON allows Administrators to manage local networks as well as remote sites from one central location. It monitors at the Network Layer and below. RMON has 2 ...
  6. [6]
    [PDF] Realistic and Responsive Network Traffic Generation - UCSD CSE
    We define traffic generation to result in a time-stamped series of packets arriving at and departing from a particular network interface with realistic val- ues ...
  7. [7]
    [PDF] Network traffic data analysis - LSU Scholarly Repository
    CAIDA. Cooperative Assosciation for Internet Data Analysis. FTP. File Transfer Protocol. HTTP. Hypertext Transfer Protocol. IP. Internet Protocol.
  8. [8]
    Networking – E 115: Introduction to Computing Environments
    Area Networks ; LAN, Local (building), Private (e.g. home, school) ; WAN, Large, often global, ISPs and corporations ; MAN, City-wide, ISPs or private networks ...
  9. [9]
    Internet and Networking Overview — Winter 2025 ENGR131
    Local Area Network (LAN): Limited to a specific location, such as an office or home. Wide Area Network (WAN): Covers broader regions (e.g., the Internet).
  10. [10]
    [PDF] 1 Self-Similar Network Traffic: An Overview
    Second-order self-similarity (in the exact or asymptotic sense) has been a dominant framework for modeling network traffic and this is also reflected in the ...
  11. [11]
    A Brief History of the Internet - University System of Georgia
    ARPANET and the Defense Data Network officially changed to the TCP/IP standard on January 1, 1983, hence the birth of the Internet. All networks could now ...
  12. [12]
    Imagining the Internet's Quick Look at the Early History of the Internet
    Vinton Cerf of UCLA and Stanford and Robert Kahn from ARPA came up with the ideas for Transmission Control Protocol and Internet Protocol (TCP/IP) over a span ...
  13. [13]
    [PDF] Internet traffic growth: Sources and implications
    Nov 30, 2000 · Many of the new long distance carriers created in the late 1990s have built large backbones, but have hardly any traffic. This is a temporary ...
  14. [14]
    Inter-Switch Link and IEEE 802.1Q Frame Format - Cisco
    Aug 25, 2006 · This document provides the basic information and a summary of the frame fields for Inter-Switch Link (ISL) and IEEE 802.1Q encapsulation.
  15. [15]
    RFC 791: Internet Protocol
    ### Summary of IPv4 Datagram Structure (RFC 791)
  16. [16]
    RFC 1180 - TCP/IP tutorial - IETF Datatracker
    This RFC is a tutorial on the TCP/IP protocol suite, focusing particularly on the steps in forwarding an IP datagram from source host to destination host ...
  17. [17]
    RFC 793: Transmission Control Protocol
    Summary of each segment:
  18. [18]
    RFC 768: User Datagram Protocol
    ### Summary of UDP Datagram Structure
  19. [19]
    What is the Internet of Things (IoT)? - IBM
    IoT refers to a network of devices, vehicles, appliances and other physical objects that are embedded with sensors, software and network connectivity.Missing: background | Show results with:background
  20. [20]
    IP Multicast Technology Overview - Cisco
    IP multicast is a bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to potentially thousands of ...
  21. [21]
    RFC 8911 - Registry for Performance Metrics - IETF Datatracker
    BPS, bits per second ; PPS, packets per second ; EventTotal, for unitless counts ; Multiple, more than one type of unit ; Enumerated, a list of outcomes.
  22. [22]
    RFC 5136: Defining Network Capacity
    This document provides definitions for the terms 'Capacity' and 'Available Capacity' related to IP traffic traveling between a source and destination in an IP ...
  23. [23]
    RFC 6349 - Framework for TCP Throughput Testing - IETF Datatracker
    This framework describes a practical methodology for measuring end- to-end TCP Throughput in a managed IP network.
  24. [24]
    RFC 2679: A One-way Delay Metric for IPPM
    ### Summary of Latency/Delay Definition from RFC 2679
  25. [25]
    RFC 3393: IP Packet Delay Variation Metric for IP Performance Metrics (IPPM)
    ### Definition of Jitter in Networking (Extracted from RFC 3393)
  26. [26]
    RFC 7928 - Characterization Guidelines for Active Queue ...
    2.5. Goodput The goodput has been defined as the number of bits per the unit of time forwarded to the correct destination interface, minus any bits lost or ...
  27. [27]
    RFC 3272 - Overview and Principles of Internet Traffic Engineering
    This memo describes the principles of Traffic Engineering (TE) in the Internet. The document is intended to promote better understanding of the issues ...
  28. [28]
    What Is Packet Sniffing? – IT Explained | PRTG - Paessler
    Packet sniffing is the practice of gathering, collecting, and logging some or all packets that pass through a computer network.
  29. [29]
    Network Sniffing, Technique T1040 - Enterprise | MITRE ATT&CK®
    Network sniffing refers to using the network interface on a system to monitor or capture information sent over a wired or wireless connection.
  30. [30]
    What are NetFlow and sFlow Protocols? [Cisco 8000 Series Routers]
    Jun 13, 2025 · NetFlow and sFlow are both network monitoring technologies that provide insights into network traffic and performance.
  31. [31]
    NetFlow sFlow IPFIX NetStream | Network Traffic Monitoring - Noction
    Nov 19, 2018 · NetFlow is a Cisco proprietary network protocol used for flow analysis. NetFlow collects and aggregates information about network traffic flowing through a ...
  32. [32]
    Network Flow Monitoring Explained: NetFlow vs sFlow vs IPFIX
    Network Flow Monitoring is the collection, analysis, and monitoring of traffic traversing a given network or network segment.How to Use Flow Monitoring... · Benefits of Flow Monitoring · Top 3 Network Flow...
  33. [33]
    What Is Deep Packet Inspection (DPI)? - Fortinet
    Deep packet inspection (DPI), also known as packet sniffing, is a method of examining the content of data packets as they pass by a checkpoint on the network.
  34. [34]
    Deep Packet Inspection (DPI) Explained: OSI Layers, Real ... - Splunk
    Jun 18, 2025 · An advanced network filtering method, deep packet inspection (DPI) examines the actual content (“payload”) of data packets traveling through a network ...
  35. [35]
    Wireshark User's Guide
    Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible.
  36. [36]
    tcpdump(1) man page | TCPDUMP & LIBPCAP
    Jun 30, 2025 · tcpdump prints out a description of the contents of packets on a network interface that match the Boolean expression (see pcap-filter(7) for the expression ...
  37. [37]
    How to use tcpdump to capture and analyze traffic - TechTarget
    Aug 16, 2023 · Tcpdump is a command-line packet analyzer network admins use to examine network data. Analyze tcpdump captures using these guidelines and ...
  38. [38]
    SNMP Monitoring: What It Is & How It Works - Datadog
    SNMP monitoring provides a standardized way for network engineers and admins to gather information about networking equipment.
  39. [39]
    Understanding SNMP polling: A practical guide for sysadmins
    Sep 2, 2025 · SNMP polling is when a manager asks devices for metrics, like a health check, and the devices respond with data from their MIB.
  40. [40]
    Network Taps - Keysight
    The Keysight family of network tap products, including patch taps, optical fiber taps, tough taps and copper taps provides complete visibility into network ...Missing: SolarWinds | Show results with:SolarWinds
  41. [41]
    Network Analysis Tool - Network Analyzer - SolarWinds
    SolarWinds NetFlow Traffic Analyzer (NTA) is a network analysis tool designed to captures and analyzes NetFlow, Juniper J-Flow, and sFlow data.Gain Critical Performance... · Learn How Network Traffic... · Easily Perform Netflow...
  42. [42]
    Packet Analyzer - Network Analysis & Scanning Tool - SolarWinds
    Analyze network packet data and calculate network and application response time with packet analyzer tool in Network Performance Monitor.Missing: Keysight | Show results with:Keysight
  43. [43]
    RFC 5101: Specification of the IP Flow Information Export (IPFIX ...
    This document specifies the IP Flow Information Export (IPFIX) protocol that serves for transmitting IP Traffic Flow information over the network.
  44. [44]
    RFC 7011 - Specification of the IP Flow Information Export (IPFIX ...
    This document specifies the IP Flow Information Export (IPFIX) protocol, which serves as a means for transmitting Traffic Flow information over the network.
  45. [45]
    The History and Future of Internet Traffic - Cisco Blogs
    Aug 28, 2015 · In 1984, total global Internet traffic was 15 Gigabytes per month. By 2014, the average Internet traffic per user was 15 Gigabytes per month.
  46. [46]
    Cisco Annual Internet Report (2018–2023) White Paper
    By 2023, global fixed broadband speeds will reach 110.4 Mbps, up from 45.9 Mbps in 2018. Mobile (cellular) speeds will more than triple by 2023. The average ...
  47. [47]
    None
    ### Summary of Global Internet Traffic Volume and Factors (Sandvine GIPR 2023)
  48. [48]
    [PDF] Self-Similarity in High-Speed Packet Traffic: Analysis and Modeling ...
    Apr 17, 2002 · In this paper, we show how a careful statistical analysis of large sets of actual traffic measurements can reveal new features of network.Missing: patterns diurnal
  49. [49]
    [PDF] On the Self-Similar Nature of Ethernet Traffic (Extended Version)
    On Measuring “Burstiness” for Self-Similar Network. TraJjic. On an intuitive level, the results of our statistical analysis of the Ethernet traffic measurements.Missing: diurnal | Show results with:diurnal
  50. [50]
    The Asymmetric Nature of Internet Traffic - NCTA
    Mar 22, 2021 · In fact, over the last decade the average downstream-to-upstream traffic ratio has grown from 3:1 in 2010 to over 14:1 by the beginning of 2019.<|control11|><|separator|>
  51. [51]
    The AI revolution: Preparing for a surge in 5G uplink traffic | Nokia.com
    Dec 17, 2024 · These spikes can reach up to tens of Mbps, but they only last for 1-2 seconds, making it essential for networks to allocate resources ...
  52. [52]
    RFC 9110: HTTP Semantics
    Summary of each segment:
  53. [53]
    RFC 5321: Simple Mail Transfer Protocol
    Summary of each segment:
  54. [54]
    RFC 3550: RTP: A Transport Protocol for Real-Time Applications
    Summary of each segment:
  55. [55]
    bep_0003.rst_post - BitTorrent.org
    BitTorrent's peer protocol operates over TCP or uTP. Peer connections are symmetrical. Messages sent in both directions look the same, and data can flow in ...Missing: authoritative | Show results with:authoritative
  56. [56]
    Network traffic classification: Techniques, datasets, and challenges
    In this paper, we review existing network classification techniques, such as port-based identification and those based on deep packet inspection.Missing: behavioral seminal
  57. [57]
    [PDF] Network traffic classification via neural networks
    In this paper we use supervised machine learning within a neural network to develop a model capable of achieving high classification accuracy and ...
  58. [58]
    [PDF] Network Traffic Characteristics of the IoT Application Use Cases
    This paper defines network traffic characteristics of IoT applications, aiming to help understand IoT demands on network technologies.
  59. [59]
    [PDF] Machine Learning-Powered Encrypted Network Traffic Analysis
    Sep 22, 2022 · Finally, we discuss the challenges and directions for future research on encrypted traffic analysis. Index Terms—Encrypted traffic analysis, ...
  60. [60]
    From Poisson Processes to Self-Similarity: a Survey of Network ...
    The paper provides a survey of network traffic models. It starts from the description of the Poisson model, born in the context of telephony.
  61. [61]
    [PDF] Wide area traffic: the failure of Poisson modeling - Stanford University
    In this paper we show that for wide area traffic, Poisson processes are valid only for modeling the arrival of user sessions (TIELWET connections, FTP control.
  62. [62]
    [PDF] A new tool for generating realistic Internet traffic in NS-3
    This paper provides a contribution for NS-3 consisting of a new tool for generating Internet traffic. This tool is based on the Poisson Pareto Burst Process ( ...Missing: fluid congestion
  63. [63]
    SPECIAL INVITED PAPER - Project Euclid
    Huge data sets from the teletraffic industry exhibit many nonstandard characteristics such as heavy tails and long range dependence. Various es-.Missing: seminal | Show results with:seminal
  64. [64]
    Variable heavy tails in Internet traffic - ScienceDirect.com
    This paper studies tails of the size distribution of Internet data flows and their “heaviness”. Data analysis motivates the concepts of moderate, far and ...Missing: seminal | Show results with:seminal
  65. [65]
    (PDF) On the relationship between packet size and router ...
    We present a traffic model of a router fed by ON/OFF-type sources with heavy-tailed burst sizes. The traffic model considered is consistent with the evidence ...Missing: seminal | Show results with:seminal
  66. [66]
    [PDF] On the Self-Similar Nature of Ethernet Traffic
    Page 1. On the Self-Similar Nature of Ethernet Traffic. Will E. Leland†. Murad S. Taqqu§ wel@bellcore.com murad@bu-ma.bu.edu. Walter Willinger†. Daniel V.
  67. [67]
    On the self-similar nature of Ethernet traffic - ACM Digital Library
    On the self-similar nature of Ethernet traffic. Special twenty-fifth anniversary issue. Highlights from 25 years of the Computer Communication Review.
  68. [68]
    (PDF) Long-range dependence analysis of Internet traffic
    Aug 10, 2025 · The Hurst parameter provides a good summary of important self-similar scaling properties. We compare a number of different Hurst parameter ...
  69. [69]
    [PDF] A Multifractal Wavelet Model with Application to Network Traffic
    In this paper, we develop a new multiscale modeling framework for characterizing positive-valued data with long-range-dependent correlations (1=f noise). Using ...
  70. [70]
    Statistical approaches to DDoS attack detection and response
    This paper gives a model for detecting DDoS attacks based on network traffic feature to solve the problem above and designs its implementation algorithm ...Missing: swan seminal
  71. [71]
    Statistical and signal‐based network traffic recognition for anomaly ...
    Aug 7, 2025 · In this paper, a framework for recognizing network traffic in order to detect anomalies is proposed. We propose to combine and correlate ...
  72. [72]
    [PDF] Congestion Avoidance and Control - CS 162
    Our measurements and the reports of beta testers sug- gest that the final product is fairly good at dealing with congested conditions on the Internet. This ...
  73. [73]
    [PDF] Techniques for Eliminating Packet Loss in Congested TCP/IP
    When this happens, queues build up in the routers and overflow, causing packets to be dropped. tcp assumes that packet loss is due to congestion and reduces its ...
  74. [74]
    RFC 5681: TCP Congestion Control
    This document defines TCP's four intertwined congestion control algorithms: slow start, congestion avoidance, fast retransmit, and fast recovery.
  75. [75]
    RFC 2475: An Architecture for Differentiated Services
    ### Summary of Key Principles of Differentiated Services (DiffServ) for QoS from RFC 2475
  76. [76]
    RFC 1633 - Integrated Services in the Internet Architecture
    This memo discusses a proposed extension to the Internet architecture and protocols to provide integrated services.
  77. [77]
    RFC 3290 - An Informal Management Model for Diffserv Routers
    1 Leaky Buckets A leaky bucket algorithm is primarily used for shaping traffic as it leaves an interface onto the network (handled under Queues and Schedulers ...
  78. [78]
    RFC 7806 - On Queuing, Marking, and Dropping - IETF Datatracker
    Fair Queuing: Algorithms and History There is extensive history in the set of algorithms collectively referred to as "fair queuing". The model was initially ...
  79. [79]
    RFC 2474 - in the IPv4 and IPv6 Headers - IETF Datatracker
    This document defines the IP header field, called the DS (for differentiated services) field. In IPv4, it defines the layout of the TOS octet; in IPv6, the ...
  80. [80]
    RFC 3670 - Information Model for Describing Network Device QoS ...
    ... queue), one may be a simple implementation (i.e., a FIFO queue) whereas one may be much more complex and robust (e.g., class-based weighted fair queuing (CBWFQ)) ...Missing: FQ | Show results with:FQ
  81. [81]
    RFC 8462: Report from the IAB Workshop on Managing Radio Networks in an Encrypted World (MaRNEW)
    ### Challenges of QoS with Encrypted Traffic (RFC 8462)
  82. [82]
    Designing BGP-based outbound traffic engineering techniques for ...
    In this paper, we demonstrate that designing systematic BGP-based traffic engineering techniques for stub ASes are possible. Our approach to solve this traffic ...
  83. [83]
    [PDF] Performance Comparison of Peering and Transit Interconnections
    Peering paths also have smaller queueing delays as compared to transit paths for more than 50% ASes. I. INTRODUCTION. Background. The traffic dynamics and the ...
  84. [84]
    Network Traffic Distribution – Elastic Load Balancing FAQs
    Elastic Load Balancing automatically distributes incoming application traffic across multiple targets in one or more Availability Zones (AZs).
  85. [85]
    Learn about Akamai's caching
    This document describes how Akamai caches content on its edge servers and how you can control this caching.Learn About Akamai's Caching · Ttl Best Practices · Downstream Caching
  86. [86]
    Cache Hit Ratio: The Key Metric for Happier Users and Lower ...
    Feb 3, 2025 · Akamai's suite of cloud-based software services can help your company increase its cache hit ratio while lowering latency and egress costs.
  87. [87]
    Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for ...
    Jan 21, 2025 · Cloudflare mitigated another record-breaking DDoS attack peaking at 5.6 Tbps. Overall, Cloudflare mitigated 21.3 million DDoS attacks in 2024 ...
  88. [88]
    how Cloudflare blocked a monumental 7.3 Tbps DDoS attack
    Jun 19, 2025 · In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps).
  89. [89]
    The transition to IPv6: Are we there yet? - APNIC Blog
    May 4, 2022 · IPv6 numbers tripled from 5% at the start of 2016 to 17% at the end of 2017. Much of this was due to the rapid deployment of IPv6 in mobile ...Missing: addressable statistics
  90. [90]
    IPv6 Adoption - Google
    We are continuously measuring the availability of IPv6 connectivity among Google users. The graph shows the percentage of users that access Google over IPv6.Missing: increasing addressable 2010s
  91. [91]
    None
    ### Summary of Erlang Unit Definition and Use in Telecommunications
  92. [92]
    https://www.itu.int/dms_pubrec/itu-r/rec/v/R-REC-V.665-2-200005-S!!PDF-E.pdf
  93. [93]
    (PDF) Mitigating Signalling Storms in 5G - ResearchGate
    Sep 17, 2024 · A signalling storm occurs when the volume of control signals exceeds the network's processing capacity, leading to service disruptions. During ...<|separator|>
  94. [94]
    Predictive handover mechanism for seamless mobility in 5G and ...
    Jan 8, 2025 · To improve the mobile handover in 5G and future mobile networks, this article puts forth a predictive handover mechanism using reinforcement ...Missing: spectrum | Show results with:spectrum
  95. [95]
    [PDF] The Looming Spectrum Crisis - CTIA
    Mar 26, 2025 · The US faces a spectrum crisis due to a growing shortfall, with no new spectrum since 2022, and by 2027, the required spectrum will exceed ...Missing: handover | Show results with:handover
  96. [96]
    https://api.ctia.org/wp-content/uploads/2025/03/Looming-Spectrum-Crisis-Accenture.pdf
  97. [97]
    Communication services (VoLTE/VoNR) - 3GPP
    Jan 5, 2024 · VoLTE and VoNR are supported by the IMS networks over EPS and 5GS respectively. The Figure below shows a simplified architecture where ...Communication Services · Service Architecture And... · 3gpp Work On Volte/vonr
  98. [98]
    [PDF] ETSI TS 103 905 V1.1.1 (2024-11)
    Voice over LTE (VoLTE) and Voice over 5G both use the IP Multimedia Subsystem (IMS) framework as defined in. 3GPP. Although the IMS framework remains the same, ...
  99. [99]
    https://www.etsi.org/deliver/etsi_ts/103900_103999/103905/01.01.01_60/ts_103905v010101p.pdf
  100. [100]
    Ericsson Mobility Report: Mobile data traffic increased almost 300 ...
    Nov 30, 2021 · In Q3 alone, mobile data traffic was more than all mobile traffic ever generated up until the end of 2016. New forecasts reveal that total ...Missing: timeline 2010
  101. [101]
    Cisco Visual Networking Index (VNI) Mobile Forecast Projects ...
    Feb 3, 2015 · Key Global Mobile Data Traffic Drivers​​ From 2014 to 2019, Cisco anticipates that global mobile traffic growth will outpace global fixed traffic ...
  102. [102]
    Mobile data traffic forecast – Ericsson Mobility Report
    5G's share of mobile data traffic reached 35 percent at the end of 2024, increased from 26 percent at the end of 2023. This share is forecast to grow to 80 ...Missing: post- 2010