A NetFlow/IPFIX implementation with OpenFlow

Similar documents
Network traffic classification: From theory to practice

On the challenges of network traffic classification with NetFlow/IPFIX

Towards a NetFlow implementation for OpenFlow Software-Defined Networks

Software-Defined Networking (Continued)

Distributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018

Software Defined Networking

ITMgen - A First-principles Approach to Generating Synthetic Interdomain Traffic Matrices

CS November 2018

Lecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

Internet Technology. 15. Things we didn t get to talk about. Paul Krzyzanowski. Rutgers University. Spring Paul Krzyzanowski

Data Sheet GigaSECURE Cloud

CS November 2017

The threat landscape is constantly

MAGIC OF SDN IN NETWORKING

TALK THUNDER SOFTWARE FOR BARE METAL HIGH-PERFORMANCE SOFTWARE FOR THE MODERN DATA CENTER WITH A10 DATASHEET YOUR CHOICE OF HARDWARE

in Action Delivering the digital enterprise Human Centric Innovation Ralf Salzmann Manager OEM

WHITE PAPER Hybrid Approach to DDoS Mitigation

OTSDN What is it? Does it help?

SIEM: Five Requirements that Solve the Bigger Business Issues

Comprehensive datacenter protection

OpenCache. A Platform for Efficient Video Delivery. Matthew Broadbent. 1 st Year PhD Student

Using SDN and NFV to Realize a Scalable and Resilient Omni-Present Firewall

Introduction to Software-Defined Networking UG3 Computer Communications & Networks (COMN)

Application of SDN: Load Balancing & Traffic Engineering

NKN is a new kind of network connectivity protocol & ecosystem powered by blockchain for an open, decentralized, and shared Internet.

AKAMAI CLOUD SECURITY SOLUTIONS

Cloud Load Balancer CDNetworks Inc. All rights reserved.

Data-Driven DevOps: Bringing Visibility to Any Cloud, Any App, & Any Device. Erik Giesa SVP of Marketing and Business Development, ExtraHop Networks

BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK

CS 5114 Network Programming Languages Data Plane. Nate Foster Cornell University Spring 2013

Software-Defined Networking (SDN) Overview

End to End SLA for Enterprise Multi-Tenant Applications

DevoFlow: Scaling Flow Management for High Performance Networks

Evolution of connectivity in the era of cloud

Global IP Network (GIN) Connects You to the World

The Programmable Network

Brocade Flow Optimizer

The IBM Platform Computing HPC Cloud Service. Solution Overview

SDN Use-Cases. internet exchange, home networks. TELE4642: Week8. Materials from Prof. Nick Feamster is gratefully acknowledged

Manage the Performance of SaaS and Cloud Hosted Applications

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Huawei CloudFabric Solution Optimized for High-Availability/Hyperscale/HPC Environments

Service Mesh and Microservices Networking

Improving Network Security by SDN OrchSec and AutoSec Architectures

The Why, What, and How of Cisco Tetration

BIG MON CONTROLLERS BIG MON ANALYTICS NODE. Multi-Terabytes L2-GRE 1/10/25/40/100G ETHERNET SWITCH FABRIC. Optional BIG MON BIG MON SERVICE NODES

Cisco Tetration Analytics

IN THE FRAME. Computacenter Public Sector Frameworks FRAMEWORK

Managing Security While Driving Digital Transformation

SD-WAN / Hybrid WAN : Leveraging SDN-NFV for Networks Agility

It s Flow Time! The Role and Importance of Flow Monitoring in Network Operations and Security

CASE STUDY GLOBAL CONSUMER GOODS MANUFACTURER ACHIEVES SIGNIFICANT SAVINGS AND FLEXIBILITY THE CUSTOMER THE CHALLENGE

THE CUSTOMER SITUATION. The Customer Background

SOFTWARE DEFINED NETWORKING/ OPENFLOW: A PATH TO PROGRAMMABLE NETWORKS

Design and Implementation of Virtual TAP for Software-Defined Networks

NEXT GENERATION SECURITY OPERATIONS CENTER

CenturyLink IQ Networking: MPLS

New Zealand Government IbM Infrastructure as a service

Centec V350 Product Introduction. Centec Networks (Suzhou) Co. Ltd R

Computer Science 461 Final Exam May 22, :30-3:30pm

What is SDN, Current SDN projects and future of SDN VAHID NAZAKTABAR

Optimisation drives digital transformation

Trisul Network Analytics - Traffic Analyzer

Features. HDX WAN optimization. QoS

Cloud Security Myths Paul Mazzucco, Chief Security Officer

VISIBILITY INTO CLOUD COMPUTING

Software Defined Networks and OpenFlow. Courtesy of: AT&T Tech Talks.

Citrix CloudBridge Product Overview

Live Migration of Virtualized Edge Networks: Analytical Modeling and Performance Evaluation

Hybrid Network present & future

An Architecture to Manage Incoming Traffic of Inter-Domain Routing Using OpenFlow Networks

Subscriber Data Correlation

Communication System Design Projects. Communication System Design:

Cloudsourced Network Analytics

Data Sheet Gigamon Visibility Platform for AWS

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

Flow Measurement. For IT, Security and IoT/ICS. Pavel Minařík, Chief Technology Officer EMITEC, Swiss Test and Measurement Day 20 th April 2018

Transformation Through Innovation

Oracle Buys Palerra Extends Oracle Identity Cloud Service with Innovative Cloud Access Security Broker

Taxonomy of SDN. Vara Varavithya 17 January 2018

Diffusing Your Mobile Apps: Extending In-Network Function Virtualisation to Mobile Function Offloading

VMware vcloud Networking and Security Overview

QLogic/Lenovo 16Gb Gen 5 Fibre Channel for Database and Business Analytics

Networks

Brocade and VMware Strategic Partners. Kyle Creason Brocade Systems Engineer

Unlocking the Power of the Cloud

Get Your Datacenter SDN Ready. Ahmad Chehime Cisco ACI Strategic Product Sales Specialist SPSS Emerging Region

SDN Applications and Use Cases. Copyright 2015 ITRI

Rethinking Security: The Need For A Security Delivery Platform

To the Designer Where We Need Your Help

Enhancing Infrastructure: Success Stories

Windows Server The operating system

MWC 2015 End to End NFV Architecture demo_

OSSIR. 8 Novembre 2005

QLogic 16Gb Gen 5 Fibre Channel for Database and Business Analytics

How DPI enables effective deployment of CloudNFV. David Le Goff / Director, Strategic & Product Marketing March 2014

VERISIGN DISTRIBUTED DENIAL OF SERVICE TRENDS REPORT

Comprehensive Citrix HDX visibility powered by NetScaler Management and Analytics System

WELCOME. Chicago Juniper Users Group SEPT 18TH, 2013

Transcription:

A NetFlow/IPFIX implementation with OpenFlow José Suárez-Varela jsuarezv@ac.upc.edu Pere Barlet-Ros pbarlet@ac.upc.edu Valentín Carela-Español vcarela@talaia.io

Talaia is Catalan for Watchtower The Watchtower for your network Network Visibility Solution that collects and enriches network traffic metadata (flow-based) Worldwide Customer Base Decades of Networking Expertise We have clients from Australia to Silicon Valley, in 10 countries and 3 continents. Our customers range from terabit-per-second scale ISPs and tier-1 cloud providers to financial services companies. The company is builds upon decades of research in Network Visibility done primarily at UPC-BarcelonaTech. We continue to heavily invest in R&D, and focus on continuous improvement to bring innovations to market.

Network Operations Operational Insights Identify unwanted applications, congestion, top talkers, protocol usage, etc Drill Down Quickly cycle through visualizations to drill down into points of interest Agile Analysis A next-gen, snappy interface that offers results quickly, even at terabit-per-second scale networks

Network Security Attack Detection Artificial Intelligence automatically signals attacks or other anomalous behaviour Network Forensic Flow storage and easy retrieval, in-app analysis and exporting Regulation Compliance Pain-free compliance with Government regulation regarding Metadata Retention

Strategic Network Planning Top Talkers Quickly find and identify network hogs, bandwidth abuse, or network-intensive apps Capacity Planning Understand how the network is utilized to plan network upgrades with the right info Peering Decisions See what Autonomous Systems you exchange data with as input for peering decisions

Motivation SDN-Polygraph: Cloud-based Monitoring Service for Software Defined Networks H2020 SME Instrument Phase 2 (nº726763) Migration of Talaia s network visibility solution to the SDN paradigm To provide not only visibility features but also actuation features (e.g., attack mitigation, traffic shaping) SDN-based Features Non SDN-based Features Distributed and Automatized Infrastructure for Large Scale Service SDN Acquisition Traditional Acquisition

Motivation SDN Acquisition Current input for Talaia is NetFlow/IPFIX. Can we get this output from SDN-based devices? Not all of them (e.g., HP E3500, NEC IP8800) Find a NetFlow/IPFIX implementation for SDN-based devices Collaboration between UPC BarcelonaTech and Talaia Networks

Proposal Solution based on OpenFlow It is one of the most extended protocols in SDN Each entry has packets and bytes counters X Different versions of OpenFlow and different implementations X OpenFlow/SDN scalability limitations - Number of entries in switches is limited - The controller is a critical point and it is prone to become a bottleneck Flow sampling-based solutions depending on OpenFlow constraints

Flow sampling-based solution 2 Phases 1) Add sampling rules proactively Decoupling monitoring function from other network functions Flow table #0 Flow table #1 2) Add flow (5-tuple) monitoring rules reactively Sampling and monitoring module Linked flow tables (OpenFlow 1.1+) Other module

IP/Port-based Approaches Initial flow rules for sampling: (Proactively installed) Flow table #0 Flow table #1 IP-based 1 rule with a mask fixing the last m and n bits of the source and destination IPs Sampled flows Go to table 1 Sampling flow rule(s) Output to controller Other module Port-based m ans n rules with source or destination port matches where: Go to table 1 Default flow rule Go to table 1 Pair of ports

Hash-based Approach Output to controller Initial flow rules for sampling: (Proactively installed) 1) Create new group table and buckets Group table Round robin n buckets with only one that apply the action output to controller where: Flow table #0 Sampled flows Go to table 1 Bucket #0 Sample flow n buckets or 1 bucket with weight n = 1 / sampling rate Buckets with weights 2 buckets Sampling flow rule (IP packets) Default flow rule (non-ip packets) Go to group Go to table 1 Go to table 1 Flow table #1 Other module Drop - Bucket #0 (weight 1) Output to controller - Bucket #1 (weight = 1/sampling rate - 1) Drop 2) Create flow rule to link table #0 with group table and table #1 for IP packets

Flow-sampling based solutions Port-based vs IP-based sampling IP-based sampling needs to add less flow rules to sample the traffic IP-based -> 1 rule (with wildcards in the IP field) Port-based -> O(sampling rate) rules Hash-based sampling Round robin -> O(1/sampling rate) rules Buckets with weights -> 2 rules It is required that hardware implements an appropriate load balancing algorithm

Results Evaluation scenario CAIDA Dataset: 10 Gbps link in Chicago Feb 16 2,353,413 flows of TCP and UDP traffic An OpenDayLight controller, an Open vswitch, and a VM injecting traffic Accuracy by the sampling rate applied

Summary OpenFlow-based solution to provide NetFlow/IPFIX-like output IP/Port-based solutions Hash-based solution Suitable for current off-the-shelf OpenFlow devices Only needs OpenFlow v1.1 Transparent -> Monitoring system decoupled from others Scalable -> Flow sampling

A NetFlow/IPFIX implementation with OpenFlow José Suárez-Varela jsuarezv@ac.upc.edu Pere Barlet-Ros pbarlet@ac.upc.edu Valentín Carela-Español vcarela@talaia.io

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback