Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alle Rechte vorbehalten © 2005, Alcatel sFlow solutions as a differentiator for Alcatel.

Published byGabrielle Duncan Modified over 10 years ago

Similar presentations

Presentation on theme: "Alle Rechte vorbehalten © 2005, Alcatel sFlow solutions as a differentiator for Alcatel."— Presentation transcript:

1 Alle Rechte vorbehalten © 2005, Alcatel sFlow solutions as a differentiator for Alcatel

2 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen The industry standard for monitoring traffic in high-speed, multi-layer switched networks wired edge distributioncore dc central mgmt intranet internet Measurements from every port, all of the time = network-wide visibility Informed decisions that ensure high performance and reliable networks

3 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Network management without visibility guess experiment control decisions based on guesswork Run around with a protocol analyser during an emergency Delayed control decisions based on partial data Business productivity impacted by slow resolution to network problems Untargeted reactive controls cause significant business impact Labour intensive resolutions = high cost

4 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Why is sFlow important to customers? Why is the network slow? It is not normally the network, but how do I prove it? Are the network usage policies being violated? Are servers running unauthorised services Are unauthorised clients accessing servers Are end hosts running p2p? Are end hosts generating SPAM, DoS attacks? Are there propagating viruses and worms? Which are the infected hosts and where are they located? Are users experiencing good QoS for VoIP? What is the quality of service experienced by VoIP? Is data traffic impacting QoS? Who is using the network resources and for what purposes? Accounting/charge back covers cost of upgrades, discourages misuse How much multicast traffic do I have? Is multicast affecting network performance? Are the BGP peering arrangements optimal? …. Customer goal: Ensure reliable and high performance networks Challenge: Many different problems affect network reliability and performance. Basic questions must be answered if problems are to be resolved:

5 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Switching ASIC 1 in N sampling sFlow in operation packet headersrc/dst i/fsampling parmsforwardinguser IDURLi/f counters sFlow agent forwarding tables interface counters sFlow Datagram eg 128Brate pool src 802.1p/Q dst 802.1p/Q next hop src/dst mask AS path communities localPref MPLS src/dst Radius TACACS sFlow Collector & Analyser Switch/Router

6 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen sFlow Sampling theory (1) The sFlow statistical sampling is a count-based (or packet- based) sampling technique. On average, one packet in N is sampled and forwarded for analysis. An element of randomness is introduced into the sampling process to prevent synchronization with any periodic patterns in the traffic.

7 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen sFlow Sampling theory (2) Sampling error: The following equation can be used to determine the %Error where c is the number of the samples representing a particular class of traffic (e.g. voice traffic):

8 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen sFlow Sampling theory (3) Example for Sampling Error: In an environment in which the sampling rate is set to 1 in 1000, approximately 33,000 samples will be taken from traffic sent by a source which transmits 5 GB during a month with average packet size of 150B. Using the equation above, the %Error would be within 1.07%. Vice versa the correct sampling rate can be calculated if a maximum error value must not be exceeded

9 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Sampling Rates The following table provides recommended sampling rates for different interface speeds and traffic levels: ifSpeed LightMediumHeavy 10Mb/s64128256 100Mb/s128256512 1Gb/s2565121024 10Gb/s51210242048 The Light, Medium and Heavy traffic levels correspond to the following situations: Light: Administrative office environment. Medium: Typical mixed use environment with file servers and web browsing. Heavy: Computing clusters, large ISP backbone/hosting

10 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen sFlow monitoring system architecture sFlow Collector/Analyzer E.g. InMon Traffic Sentinel Software Always-on, real-time measurements from every port sent to a single sFlow collector forms central, network-wide view Armchair management and control sFlow

11 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen sFlow in comparison to other technologies

12 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen InMon support for the Alcatel sales cycle Pre-sales Goal: sFlow recognised as a differentiator Ensure customers understand the value of sFlow How: Create an eye-opening experience Materials, demos etc. with InMon support Deploy simple solution in customer environment –Alcatel switch and sFlowTrend –InMon supported evaluations Post-sales Goal: Create the lock-in sFlow is a requirement for future purchases How: Ensure customers become addicted to sFlow Deploy production sFlow analysis software

13 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen InMons breadth of solutions sFlowTrend-Pro sFlowTrend Traffic Sentinel Free! Java (ie any OS) Simple install & use Single switch Basic trending Basic security threat detection (2H06) Teaser Addicted $$ Linux server/web client 100s of switches – total coverage Sophisticated threat detection Advanced analysis Real-time alerts Intuitive drill down Long term historical reporting Mapping … Beginner $ Java (ie any OS) Simple install & use Multiple switches Basic trending Basic security threat detection Export of reports (available 2H 2006)

14 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen InMons unique sFlow solutions 1/2 Real-time alerts to security threats Anomaly detection Signature recognition Scanning behaviour (worm/virus propagation) Policy violation (eg unauthorised NAT devices) Interface for automated actions on alerts Audit trail analysis for corroboration and full understanding of extent of problem RTP QoS analysis Identification of RTP applications in use Reporting on quality of service actually seen be VoIP

15 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen InMons unique sFlow solutions 2/2 Troubleshooting Why is the network slow? Active topology inference and mapping Up to the minute host location to determine precise control points Diagnosing connectivity and performance problems Pinpointing cause of spanning tree and multicast loops Accounting and chargeback for usage Optimise BGP peering Inventory Switches, firmware versions Unused interfaces End host operating systems

16 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Firewall, IDS necessary for perimeter defence but… Perimeter protection may be breached or evaded Cannot rely on integrity of or access to end hosts

17 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen sFlow and Traffic Sentinel detects internal security threats Continuous, network-wide monitoring with sFlow immediately detects anomalous behavior and threat signatures from the inside

18 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Security in depth Alert on anomalous host behaviour: This host appears to have been compromised Alert on specific signatures: I know that packet should not be on my network Back it up with a detailed traffic history: Who else did he talk to? how much data was transferred? what other services is he running?

19 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Alert on anomalous behaviour: Scanning Security alert raised on detection of anomalous scanning behaviour 172.16.144.52 has been observed connecting to a large number of hosts using TCP ports 445 and 139

20 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Back it up with detailed traffic history Scanning behavior has been consistent for the last hour. Large number of ICMP destination unreachable messages often associated with scanning Hosts are grouped into security zones. Fan indicates scanning activity contained within single zone

21 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Locate the host to apply control at source Full details about the host. Rapidly identify switch interface connecting host. Link to management console to disable access or apply access control

22 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Alert on specific signatures: Attempted user privilege gain Signature describing known vulnerability Alert raised when traffic matches rule Packet trace confirms match and documents event Rapidly identify switch interface connecting host to isolate host at source.

23 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Detect policy violations: Unauthorised NAT device Policy forbids users to attach their own NAT devices, since this could allow unauthorised hosts to obtain unrestricted access to the network

24 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Detection of unauthorised NAT device Detect unauthorised NAT device by correlating TTL values exported in sFlow and raise alert Identify NAT device manufacturer by MAC address Identify switch and interface connecting NAT device

25 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Ensure quality of service if no Alcatel VoIP solution is implemented VoIP is carried by RTP which provides distributed connectivity for load balancing and redundancy. Traffic Sentinels network-wide monitoring with sFlow is uniquely suited to directly identifying QoS problems

26 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Reports identify QoS issues Packet loss is fairly consistentBut spike in jitter at 10:35 Problem is confined to Embarcadero zone

27 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Ensure QoS by tightly controlling utilisation, error rates and discards Alert on thresholds Pinpoint the problem Identify the cause

28 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Control the problem Locate the culprit host Understand the details and path of the connection

29 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Account for traffic Recover and control costs, discourage misuse Fair charging for network services is enabled by detailed accounting reports Identification of top users by department builds confidence in fairness and provides management a tool for controlling costs

30 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Optimise peering: top AS paths 7500-2516-577 is the most heavily used AS path and also the longest View the detailed description for this AS path

31 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Optimise peering – flows on AS paths Understand the flows carried by this AS path

32 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen Optimise peering – map major AS paths Width of links is scaled by the volume of traffic

33 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen More information sFlow information http://www.sflow.org Inmon Information: http://www.inmon.com Application notes Technology section sFlowTrend free download Products -> sFlowTrend or http://www.inmon.com/products/sFlowTrend.php Traffic Sentinel demo Demo section for product tour http://preview.inmon.com http://www.inmon.com/technology/sflow.php - Open source sFlow tool

34 Alle Rechte vorbehalten © 2005, Alcatel Übersicht – Lösungen www.alcatel-ipswitch.com

Download ppt "Alle Rechte vorbehalten © 2005, Alcatel sFlow solutions as a differentiator for Alcatel."

Similar presentations

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION

NETFLOW & NETWORK-BASED APPLICATION RECOGNITION
Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Copyright © sFlow.org. 2004 All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.

Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
OSI Model.

OSI Model.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

Similar presentations

Ads by Google