1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

Slides:

Advertisements

Similar presentations

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION

Advertisements

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

Trajectory Sampling for Direct Traffic Observation Matthias Grossglauser joint work with Nick Duffield AT&T Labs – Research.

1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson

Traffic Engineering With Traditional IP Routing Protocols

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

The Sprint IP Monitoring Project and Traffic Dynamics at a Backbone POP Supratik Bhattacharyya Sprint ATL

Measurement and Monitoring Nick Feamster Georgia Tech.

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Analyzing Peer-to-Peer Traffic Across Large Networks Jia Wang Joint work with Subhabrata Sen AT&T Labs - Research.

Winter Consolidated Server Deployment Guide for Hosted Messaging and Collaboration version 3.5 Philippe Maurent Principal Consultant Microsoft.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

Copyright © 2002 OSI Software, Inc. All rights reserved. PI-NetFlow and PacketCapture Eric Tam, OSIsoft.

COEN 252 Computer Forensics

Chapter 6: Packet Filtering

Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.

Common Devices Used In Computer Networks

INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security John Hicks TransPAC2 Indiana University 22nd APAN Conference – Singapore 20-July-2006.

Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.

Networking Functions of windows NT Sever

Department of Information Engineering The Chinese University of Hong Kong A Framework for Monitoring and Measuring a Large-Scale Distributed System in.

Using Measurement Data to Construct a Network-Wide View Jennifer Rexford AT&T Labs—Research Florham Park, NJ

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

1 © 2004 Cisco Systems, Inc. All rights reserved. CCNA 2 v3.1 Module 11 Access Control Lists (ACLs)

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Metadata Management of Terabyte Datasets from an IP Backbone Network: Experience and Challenges Sue B. Moon and Timothy Roscoe.

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.

Open-Eye Georgios Androulidakis National Technical University of Athens.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 9 Virtual Trunking Protocol.

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

CCDA DESCRIBE THE METHODOLOGY USED TO DESIGN A NETWORK.

PART3 Data collection methodology and NM paradigms 1.

Net Flow Network Protocol Presented By : Arslan Qamar.

DDoS flooding attack detection through a step-by-step investigation

BGP Routing Stability of Popular Destinations Jennifer Rexford, Jia Wang, Zhen Xiao, and Yin Zhang AT&T Labs—Research Florham Park, NJ All flaps are not.

CMSC 691B Multi-Agent System A Scalable Architecture for Peer to Peer Agent by Naveen Srinivasan.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

1 Monitoring: from research to operations Christophe Diot and the IP Sprintlabs ipmon.sprintlabs.com.

COMPUTER NETWORKS Hwajung Lee. Image Source:

Application Protocol - Network Link Utilization Capability: Identify network usage by aggregating application protocol traffic as collected by a traffic.

NetFlow Analyzer Best Practices, Tips, Tricks. Agenda Professional vs Enterprise Edition System Requirements Storage Settings Performance Tuning Configure.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

BGP Routing Stability of Popular Destinations

Lightweight Application Classification for Network Management

Network management system

Network and Services Management

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Data collection methodology and NM paradigms

NetFlow Analysis with Elastic Stack

Chapter 8: Monitoring the Network

Netscope: Traffic Engineering for IP Networks

Data collection methodology and NM paradigms

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Presentation transcript:

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund

5/31/2002 AT&T Proprietary2 Netflow Measurements  Detailed IP flow measurements Attributes defining flows Source IP, Destination IP, Source Port, Destination Port, Protocol, etc, Statistics about flows Bytes, Packets, Start time, End time, etc.  Semi-standard Cisco, Juniper, etc.

5/31/2002 AT&T Proprietary3 Pro and Cons  Pro Detailed On all time everywhere. Router feature (e.g., part of the router)  Con Huge amount of data (500GB/day) Router feature How well is this feature supported. We have had lots of problems.  Conclusion This is the only way currently to get detailed IP measurements for ubiquitous deployment.

5/31/2002 AT&T Proprietary4 TAP Traffic Analysis Project  Collection Servers Servers in each major POP that collects the netflow measurements  Aggregation Software that processes the netflow measurements and create aggregate summaries  Reports Generate various reports for end users of the system  Joint Project Development, Product Mgt, and Research

5/31/2002 AT&T Proprietary5 TAP Architecture TAP ar1 ar2 ar3 igr1 ar1 ar2 ar3 igr1 Central Server Collected Data TAP Router Measurement Servers

5/31/2002 AT&T Proprietary6 Aggregation: Tap Query  Query API for the distributed Netflow collection system Analogous to SQL for RDBMS.  Simple query language

5/31/2002 AT&T Proprietary7 TAP Query Architecture Application User ar1 ar2 ar3 igr1 Tap Query API ar1 ar2 ar3 igr1 Central Server External Data catcher Tap Query Netflow Data Aggregate Data catcher Controller Tap Query queries

5/31/2002 AT&T Proprietary8 Features  Join: joining netflow data with external data sources  Filter: simple (straight line program) based on field by field comparisons.  Aggregation  Multiple simultaneous queries  Add new queries on the fly  High level specification of query location

5/31/2002 AT&T Proprietary9 Features (continued)  Context-dependent external data sources  On-the-fly update of external data sources  Automatic, configurable loss correction  Sophisticated netflow sampling  Efficiency  Also works offline

5/31/2002 AT&T Proprietary10 Domain Specific Language

5/31/2002 AT&T Proprietary11 Smart Sampling  We need to sample the netflow stream Problem: Some records are more important than others. E.g., huge file transfers. Solution: Size dependent sampling. Sampling Probability 1 Flow size samplingFactor

5/31/2002 AT&T Proprietary12 The Whole Process Flow Creation 4211 Packet Sampling Netflow Data Loss 1612 Smart Sampling 421 (e.g. 25% loss) (e.g. 1 in 3 sampling) (e.g. samplingFactor=3) = 4*3/0.75 = 3*3/0.75

5/31/2002 AT&T Proprietary13 Status  In production mode for Peering links Subset of cable costumer interfaces (MSO) Planned deployment on whole access side in 2002Q3.

5/31/2002 AT&T Proprietary14 Data Volumes

5/31/2002 AT&T Proprietary15 Current/future Applications Real-time and Offline  Traffic Engineering Traffic matrices (Capacity Management) BGP TE  Traffic monitoring (DNS traffic, etc.)  Application Profiles e.g., 50% of AT&T Broadband traffic is P2P (E.g., Kazaa, Gnutella, etc) AT&T Broadband is a large content provider.  Costumer Profiles  Content Provider Profiles  Content Provider Performance Monitoring  Security (DDOS, IDS)  Etc….