Presentation is loading. Please wait.

Presentation is loading. Please wait.

1NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT.

Similar presentations


Presentation on theme: "1NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT."— Presentation transcript:

1 1NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT NOVEMBER 2003

2 2NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. 2NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Overview of NetFlow and Network-Based Application Recognition NetFlow Pioneering IP accounting technology Invented and patented by Cisco IETF export standard Network-Based Application Recognition (NBAR) Intelligent application recognition Analyzes and identifies application traffic in real time

3 3NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR Benefit Footprints NetFlow User (IP) monitoring Application monitoring Traffic analysis Attack Mitigation Chargeback Billing Attack mitigation Billing AS Peer monitoring Traffic engineering Network Planning NBAR Application classification Precise Quality of Service (QoS) treatment Application statistics for bandwidth provisioning Top-n views Threshold settings Mapping applications to an SPs service offering Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core

4 4NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core NetFlow Cisco Catalyst 4500, 5000, 6500, 7600 Series ASIC Cisco Catalyst 5000, 6500 Series HW Acceleration Cisco Catalyst 4500 Series ASIC Cisco 7100, 7200, 7300, 75000 Series Cisco AS5300,AS5400, AS5800 Series Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series Cisco Catalyst 4500, 5000, 6500 Series; Cisco 7600 Series ASIC Cisco 7100, 7200, 7300, 75000 Series Cisco AS5300 and AS5800 Series Cisco MGX8000 Series Cisco 10000 and 12000 Series Internet Routers ASIC Cisco Catalyst 5000 and 6500 Series; Cisco 7600 Series ASIC Cisco 7500 Series NBAR Cisco Catalyst 6500 and 7600 Series MSFC Planned ASIC Cisco Catalyst 6500 and 7600 Series FlexWAN, MWAM Planned ASIC Cisco 7100, 7200, and 7500 Series Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series Cisco Catalyst 6500 and 7600 Series FlexWAN, MWAM Planned ASIC Cisco 7100, 7200, and 7500 Series Cisco Catalyst 6500 and 7600 Series FlexWAN, MWAM Planned ASIC Cisco 7500 Series

5 5NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. 5NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Cisco Internal Use Only NetFlow and NBAR: Main Objectives and Benefits Main Objective Main Benefit NetFlow Flow CharacterizationWhich users utilize the network What types of traffic When is the network utilized Where does the traffic go Network UsageIP accounting and Billing Technology Capacity Planning, Traffic Engineering, Peering Traffic & routing information analysis Data ExportPersistent Network Usage Record NBAR Identify & classify traffic based on payload attributes & protocol characteristics Optimize application performance via QoS Validation or reclassification of ToS marking based on packet inspection

6 6NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. 6NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Cisco Internal Use Only Main Objective Side Benefits NetFlow Flow CharacterizationDDOS & Worm Detection Network UsageCapacity Planning and Traffic Engineering BillingPermanent Record of network activity Capacity, Traffic Eng, PeeringOptimized Edge Routing (OER) Data ExportIETF IPFIX WG Standard and NetFlow v.9 flexible extensible format NBAR Identify & classify traffic based on payload attributes & protocol characteristics Detection & dropping/limiting of undesired traffic – peer-to-peer file sharing, worms, … Application statistics for bandwidth provisioning NetFlow and NBAR: Additional Objectives and Benefits

7 7NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. 7NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Uniqueness and Strengths of NetFlow and NBARNetFlow IPv6, MPLS, Multicast, BGP NH technology integration Billing, Capacity Planning, Traffic Engineering Internet Access Monitoring: Peering & Traffic IETF Standard for Data Sampling and Export Security DDOS Monitoring Tool Flow timers, timing of network traffic types Who what where when in the network Large NMS partner community & open source tools NewNBAR Deep & Stateful Packet Inspection Protocol Discovery with application statistics Enables precise classification & QoS treatment Pre-defined protocol & application recognition User-Defined Custom Application Classification New application signatures w/o software upgrade Integration with IP Services (QoS, NAT, Firewall, IDS) New

8 8NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. 8NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Interface Source IP Address IP Header TCP/UDP Header Source Port Data Packet Destination Port NetFlow and NBAR Differentiation Protocol Link Layer Header Deep Packet (Payload) Inspection TOS NetFlow NBAR NetFlow and NBAR both leverage Layer 3 and 4 Header Information Destination IP Address NetFlow Monitors data in Layers 2 thru 4 Determines applications by port Utilizes a 7-tuple for flow NBAR Examines data from Layers 3 through 7 Uses Layers 3 & 4 plus packet inspection for classification Stateful inspection of dynamic- port traffic

9 9NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR useful for Security 9NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Flow information is useful against attacks NetFlow Mitigates Attacks Identify the attack Count the Flows Inactive flows signal a worm attack Classify the attack Small size flows to same destination What is being attacked and origination of attack NetFlow Security partners Arbor Networks and Mazu, Adlex Cisco IT prevented SQL slammer at Cisco by watching flows per port Signature-based detection Not historically a main focus for NBAR Real-time loadable PDLMs could provide rapid-update mechanism for new signatures Not staffed to react against malicious applications NBAR can detect worms based on payload signatures Nimbda Code Red Slammer Cisco PSIRT provided customers with NBAR solution to combat Code Red & Nimbda

10 10NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. 10NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Summary of BenefitsNBAR Deep & Stateful Packet Inspection Protocol & Application Discovery Standard protocols Corporate applications (Citrix,...) Undesired traffic (peer-to-peer, worms, …) Real-time PDLM Signature Update NetFlow Internet Access Monitoring Protocol distribution Where traffic is going/ coming User Monitoring Application Monitoring Accounting and Billing DDOS Monitoring Peering Arrangements Network Planning Traffic Engineering

11 11 © 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR, November 2003


Download ppt "1NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT."

Similar presentations


Ads by Google