Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

Published byGladys Carson Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund."— Presentation transcript:

1 1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund

2 5/31/2002 AT&T Proprietary2 Netflow Measurements  Detailed IP flow measurements Attributes defining flows Source IP, Destination IP, Source Port, Destination Port, Protocol, etc, Statistics about flows Bytes, Packets, Start time, End time, etc.  Semi-standard Cisco, Juniper, etc.

3 5/31/2002 AT&T Proprietary3 Pro and Cons  Pro Detailed On all time everywhere. Router feature (e.g., part of the router)  Con Huge amount of data (500GB/day) Router feature How well is this feature supported. We have had lots of problems.  Conclusion This is the only way currently to get detailed IP measurements for ubiquitous deployment.

4 5/31/2002 AT&T Proprietary4 TAP Traffic Analysis Project  Collection Servers Servers in each major POP that collects the netflow measurements  Aggregation Software that processes the netflow measurements and create aggregate summaries  Reports Generate various reports for end users of the system  Joint Project Development, Product Mgt, and Research

5 5/31/2002 AT&T Proprietary5 TAP Architecture TAP ar1 ar2 ar3 igr1 ar1 ar2 ar3 igr1 Central Server Collected Data TAP Router Measurement Servers

6 5/31/2002 AT&T Proprietary6 Aggregation: Tap Query  Query API for the distributed Netflow collection system Analogous to SQL for RDBMS.  Simple query language

7 5/31/2002 AT&T Proprietary7 TAP Query Architecture Application User ar1 ar2 ar3 igr1 Tap Query API ar1 ar2 ar3 igr1 Central Server External Data catcher Tap Query Netflow Data Aggregate Data catcher Controller Tap Query queries

8 5/31/2002 AT&T Proprietary8 Features  Join: joining netflow data with external data sources  Filter: simple (straight line program) based on field by field comparisons.  Aggregation  Multiple simultaneous queries  Add new queries on the fly  High level specification of query location

9 5/31/2002 AT&T Proprietary9 Features (continued)  Context-dependent external data sources  On-the-fly update of external data sources  Automatic, configurable loss correction  Sophisticated netflow sampling  Efficiency  Also works offline

10 5/31/2002 AT&T Proprietary10 Domain Specific Language

11 5/31/2002 AT&T Proprietary11 Smart Sampling  We need to sample the netflow stream Problem: Some records are more important than others. E.g., huge file transfers. Solution: Size dependent sampling. Sampling Probability 1 Flow size samplingFactor

12 5/31/2002 AT&T Proprietary12 The Whole Process Flow Creation 4211 Packet Sampling Netflow Data Loss 1612 Smart Sampling 421 (e.g. 25% loss) (e.g. 1 in 3 sampling) (e.g. samplingFactor=3) = 4*3/0.75 = 3*3/0.75

13 5/31/2002 AT&T Proprietary13 Status  In production mode for Peering links Subset of cable costumer interfaces (MSO) Planned deployment on whole access side in 2002Q3.

14 5/31/2002 AT&T Proprietary14 Data Volumes

15 5/31/2002 AT&T Proprietary15 Current/future Applications Real-time and Offline  Traffic Engineering Traffic matrices (Capacity Management) BGP TE  Traffic monitoring (DNS traffic, etc.)  Application Profiles e.g., 50% of AT&T Broadband traffic is P2P (E.g., Kazaa, Gnutella, etc) AT&T Broadband is a large content provider.  Costumer Profiles  Content Provider Profiles  Content Provider Performance Monitoring  Security (DDOS, IDS)  Etc….

Download ppt "1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund."

Similar presentations

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.

Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
The Sprint IP Monitoring Project and Traffic Dynamics at a Backbone POP Supratik Bhattacharyya Sprint ATL

The Sprint IP Monitoring Project and Traffic Dynamics at a Backbone POP Supratik Bhattacharyya Sprint ATL
Measurement and Monitoring Nick Feamster Georgia Tech.

Measurement and Monitoring Nick Feamster Georgia Tech.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Analyzing Peer-to-Peer Traffic Across Large Networks Jia Wang Joint work with Subhabrata Sen AT&T Labs - Research.

Analyzing Peer-to-Peer Traffic Across Large Networks Jia Wang Joint work with Subhabrata Sen AT&T Labs - Research.
Winter 2005-2006 Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Similar presentations

Ads by Google