Traffic Flow Measurements within IP Networks: Requirements, Technologies and Standardization

Similar documents
Master Course Computer Networks IN2097

Master Course Computer Networks IN2097

Domain Based Metering

From NetFlow to IPFIX the evolution of IP flow information export

Flow-based Accounting: Applications and Standardisation

IP Multicast Traffic Measurement Method with IPFIX/PSAMP

SCRIPT: An Architecture for IPFIX Data Distribution

Network Working Group. Category: Informational Hitachi Europe N. Brownlee CAIDA B. Claise Cisco Systems, Inc. March 2009

Sampling Challenges. Tanja Zseby Competence Center Network Research Fraunhofer Institute FOKUS Berlin. COST TMA September 22, 2008

Internet Engineering Task Force (IETF) Category: Standards Track. J. Quittek. NEC Europe Ltd. October 2012

Internet Engineering Task Force (IETF) B. Claise Cisco Systems, Inc. G. Muenz Technische Universitaet Muenchen April 2010

Passive One-Way-Delay Measurements and Data Export

SUSIE - Charging and Accounting for QoS-enhanced IP Multicast

Internet Engineering Task Force (IETF) Request for Comments: TU Muenchen K. Ishibashi NTT. April 2011

Network Working Group. Category: Informational Fraunhofer FOKUS J. Quittek M. Stiemerling NEC P. Aitken Cisco Systems, Inc.

D31 - MOME Standardisation Plan and Recommendations

Mechanisms for Value-Added IP Services

This chapter provides information to configure Cflowd.

The State of Standardization Efforts to support Data Exchange in the Security Domain

Introduction to Netflow

Adaptation of Real-time Temporal Resolution for Bitrate Estimates in IPFIX Systems

ECEN 689 Special Topics in Data Science for Communications Networks

End-to-End Flow Monitoring with IPFIX

Interface Utilization vs. Flow Analysis

Internet Engineering Task Force (IETF) Request for Comments: November 2012

Network Management and Monitoring

Towards a collaborative, flow-based, distributed inter-domain Intrusion Detection System

Configuring sflow. Information About sflow. sflow Agent. This chapter contains the following sections:

Sampling for Passive Internet Measurement: A Review

How the Internet sees you

Experiences with IPFIX-based Traffic Measurement for IPv6 Networks. Nakjung Choi, Hyeongu Son*, Youngseok Lee* and Yanghee Choi

sflow Agent Contents 14-1

IPv6 Quality of Service Measurement Issues and Solutions

Flexible NetFlow IPFIX Export Format

Internet Engineering Task Force (IETF) Request for Comments: 7125 Category: Informational. February 2014

Hardware-Accelerated Flexible Flow Measurement

Trajectory Sampling: White Paper Draft

Real-Time and Resilient Intrusion Detection: A Flow-Based Approach

Intelligent WAN NetFlow Monitoring Deployment Guide

Internet Engineering Task Force (IETF) Request for Comments: 8038 Category: Standards Track. S. B S Mojo Networks, Inc. C. McDowall.

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Quality-of-Service Option for Proxy Mobile IPv6

Network Measurement & AAA Overview of My Previous Work

IBM Aurora Flow-Based Network Profiling System

Network Working Group Request for Comments: 3955 Category: Informational October 2004

Enterprise QoS. Tim Chung Network Architect Google Corporate Network Operations March 3rd, 2010

IP Multicast Traffic Measurement Method with IPFIX/PSAMP. Atsushi Kobayashi Yutaka Hirokawa Haruhiko Nishida NTT

Flow export an visualization (Flowviz)

Rule-based Modular Representation of QoS Policies

Configuring AVC to Monitor MACE Metrics

Zone-Based Firewall Logging Export Using NetFlow

Packet Sampling for Flow Accounting: Challenges and Limitations

Configuring NetFlow and NetFlow Data Export

Recent Advances in MPLS Traffic Engineering

Quality of Service II

Configuring NetFlow. Feature History for Configuring NetFlow. Release This feature was introduced.

High Quality IP Video Streaming with Adaptive Packet Marking

Advanced NetFlow Accounting

Raw Data Formatting: The RDR Formatter and NetFlow Exporting

Support for Notifications in CCN ( draft-ravi-ccn-notification-00.txt ) IETF/ICN-RG -93, Prague

FlowMonitor for WhatsUp Gold v16.3 User Guide

Monitoring network bandwidth on routers and interfaces; Monitoring custom traffic on IP subnets and IP subnets groups; Monitoring end user traffic;

Fundamentals of IP Networking 2017 Webinar Series Part 4 Building a Segmented IP Network Focused On Performance & Security

Configure Link Layer Discovery Protocol (LLDP) Properties on a Switch

Multi Protocol Label Switching Current State of Interoperability and Performance Testing. CeBIT, Network Information Center 2002

IPv6 Flow Label Specification

Configuring Data Export for Flexible NetFlow with Flow Exporters

Internet Engineering Task Force (IETF) Request for Comments: November 2012

A packet based method for passive performance monitoring

Solving the Middlebox Problem

Autonomic Networking Use Case for Distributed Detection of SLA Violations

Using NetFlow Sampling to Select the Network Traffic to Track

NetFlow Traffic Analyzer

Configuring Flexible NetFlow

sflow ( Agent Software Description

Service Level Specifications, Cornerstone to E2E QoS across the Internet?

A Flow Label Based QoS Scheme for End-to-End Mobile Services

Network Working Group Request for Comments: 3563 Category: Informational July 2003

Lecture 13. Quality of Service II CM0256

Diameter. Term Paper Seminar in Communication Systems. Author: Christian Schulze Student ID: Date: February 4, 2003 Tutor: Martin Gutbrod

Information, Gravity, and Traffic Matrices

Cisco Systems June 2009

ETSF05/ETSF10 Internet Protocols. Performance & QoS Congestion Control

Measurements for Network Operations

Simulation model of a user-manageable quality of service control method

Subscriber Data Correlation

Implementing Cisco Quality of Service 2.5 (QOS)

Performance Metrics and Performance Measurements for Interprovider Connections

Network Traffic Management

Activity-Based Congestion Management for Fair Bandwidth Sharing in Trusted Packet Networks

Configuring RMON. Understanding RMON CHAPTER

RID IETF Draft Update

Category: Standards Track July 2002

Tutorial 9 : TCP and congestion control part I

IPv6 Sampled NetFlow feature was introduced. Destination-based Netflow Accounting feature was introduced.

GLOSSARY. See ACL. access control list.

How to Export sflow from a Cisco ASR 9k

QoS in IPv6. Madrid Global IPv6 Summit 2002 March Alberto López Toledo.

NetFlow Traffic Analyzer

Cisco IOS Flexible NetFlow Command Reference

Transcription:

Traffic Flow Measurements within IP Networks: Requirements, Technologies and Standardization Jürgen Quittek NEC Europe Ltd., Network Laboratories, Heidelberg, Germany Tanya Szeby, Georg Carle, Sebastian Zander FhI FOKUS, Berlin, Germany

Outline Scope and general requirements Applications requiring detailed flow-based traffic measurements Requirements analysis Capabilities of existing technologies Standardization efforts at the IETF Network Laboratories, Heidelberg 2

Scope and General Requirements Goal: Find or develop a basic common IP Traffic Flow measurement technology to be available on (almost) all future routers Fulfilling requirements of many applications Low hardware/software costs Simple and scalable Metering to be integrated in general purpose IP routers and other devices (probes, middleboxes) Data processing to be integrated into various applications Interoperability by openness or standardization Network Laboratories, Heidelberg 3

Applications (1) Requiring Traffic Flow Measurement Usage-based accounting input to charging and billing various business model time-based, volume-based, QoS class-based per application, per user, per user group Traffic engineering optimizing network usage traffic analysis on congested links origin of traffic type of traffic dynamic behavior (bursty, adaptive, ) Traffic profiling Network Laboratories, Heidelberg 4

Applications (2) Requiring Traffic Flow Measurement QoS monitoring (passive) measurement of QoS properties validating Service Level Agreements Attack detection and analysis detecting (high volume) traffic patterns investigation of origin of attacks Intrusion detection detecting unexpected or illegal packets Network Laboratories, Heidelberg 5

Requirements (1) Distinguishing flows by 5-tuple IP addresses, transport type, port numbers Supporting MPLS, DiffServ Flexible aggregation of flows Metering Process Reliability Timestamps, time synchronization Flow timeouts Overload behavior sampling, simplifying, stopping Network Laboratories, Heidelberg 6

Requirements (2) Data Export Information model many header fields and statistics required Data model flexible, extensible anonymization? Data Transfer reliability security push and pull model reporting? regular reporting interval notification on specific events Configuration Network Laboratories, Heidelberg 7

Existing Technologies IETF standards RTFM RMON, RMON2 Proprietary technologies NetFlow (Cisco) sflow (InMon) LFAP (Riverstone) Crane (XACCT) Network Laboratories, Heidelberg 8

Real-Time Flow Measurement (RTFM) Very flexible and powerful meter Application programmable rule sets can serve several readers Manager programmable overload behavior Reader Reader polls meter Realization by SNMP Meter MIB Free software implementation Meter NeTraMet No acceptance at manufacturers Complicated to use (too powerful) Specified by RFCs 2720-2724 Network Laboratories, Heidelberg 9

Remote Network Monitoring MIB Very flexible and powerful Serves more general goals (analysis on layers 2-4) Just a monitoring tool, no measurement architecture defined Suited for very specific analysis tasks High (hardware) performance requirements Too complicated and too expensive for massive usage in routers Specified by RFCs 2021(RMON2), 2613, 2819(RMON), 2895, 2896, 3144 Network Laboratories, Heidelberg 10

NetFlow Proprietary by Cisco, but de-facto standard Fast and efficient, implemented for IOS Configurable measurement per 5-tuple Unreliable (measurement & data transport) Hardware-supported on some models Not well documented re-engineered by Juniper Versions 1-7 fixed data model Version 9 (under development) data model templates optional reliable transport Application Data collector Meter Router Network Laboratories, Heidelberg 11

sflow By InMon Corporation Includes metering and data transmission Probabilistic sampling at meter Packet sampling and counter sampling Timestamping by data collector Configuration by sflow MIB Poorly documented by informational RFC 3176 Not adapted yet by other vendors Application Data collector smon Meter Network Laboratories, Heidelberg 12

LFAP Light-weight Flow Accounting Protocol Application Proprietary by Riverstone (Cabletron) Just data transfer protocol FAS Meter at Connection Control Entity (CCE) communicates to Flow Accounting Server (FAS) Tight and reliable interaction CCE between CCE and FAS Reliable data transport Flexible TLV coding of transferred data Larger overhead than NetFlow More cost-intensive at meter/cce and at data collector/fas See <draft-riverstone-lfap-00.txt> Network Laboratories, Heidelberg 13

CRANE Common Reliable Accounting for Network Element (CRANE) Protocol Proprietary by XACCT Just data transfer protocol Template-based data model Focus on reliability Not yet in extensive commercial use See <draft-kzhang-crane-protocol-02.txt> Network Laboratories, Heidelberg 14

IETF IPFIX Working Group Current standardization effort at IETF: IP Flow Information export (IPFIX) working group Preparations 12/00 and 08/01, active since 10/01 Successor of RTFM Target (official): standardizing current practise Target (unofficial): standardizing NetFlow Planned documents Requirements RFC (almost completed) Architecture RFC (just starting) Data model RFC (not yet started) Protocol development not yet chartered, but protocol evaluation/selection Configuration of meter will not be standardized Network Laboratories, Heidelberg 15

IPFIX Architecture Overview Flow Information Export Application Exporter Probe (meter) Flow Record Collector PAYLOAD HEAD PAYLOAD HEAD PAYLOAD HEAD PAYLOAD HEAD PAYLOAD HEAD PAYLOAD HEAD PAYLOAD HEAD PAYLOAD HEAD Observation Point Network Laboratories, Heidelberg 16

IPFIX Flow Definition A flow is a set of packets passing an observation point in the network during a certain time interval. All packets belonging to a particular flow have a set of common properties derived from the data contained in the packet and from the packet treatment at the observation point. Rather general definition Not closely related to application-level flows Network Laboratories, Heidelberg 17

Many Open IPFIX Issues Support of bi-directional flow model? Reliability vs. costs vs. congestion-friendliness Overload behavior dynamic flow timeouts? dynamic flow measurement rules? dynamic sampling on/off? stop measuring? stop forwarding packets? Take any existing protocol as baseline for IPFIX? NetFlow, LFAP, CRANE? Network Laboratories, Heidelberg 18

IPFIX Outlook Good support from IESG High interest from equipment manufacturers Cisco intend(ed) to have NetFlow version 9 compliant to IPFIX standards Highly skilled design team approx. 15 people from Cisco, NEC, Riverstone, CAIDA, XACCT, Progress on schedule Requirements almost agreed Completion in planned in 2002 More information at http://ipfix.doit.wisc.edu Further help is very welcome! Please join us! Network Laboratories, Heidelberg 19

IETF PSAMP Working Group Establishment under discussion Focus on sampling and capturing packets and on transferring them to data collectors Target applications traffic profiling monitoring network behavior Closely related to IPFIX Preparation meeting planned for March Initial document <draft-duffield-framework-papame-00.txt> Network Laboratories, Heidelberg 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback