SCRIPT: An Architecture for IPFIX Data Distribution

Similar documents
Traffic Flow Measurements within IP Networks: Requirements, Technologies and Standardization

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097

Seven Criteria for a Sound Investment in WAN Optimization

Cisco NAC Profiler Architecture Overview

From NetFlow to IPFIX the evolution of IP flow information export

Network delay estimation to remote locations based on passive RTT measurements A digest of recent related works at Salzburg Research

Hardware-Accelerated Flexible Flow Measurement

End-to-End Flow Monitoring with IPFIX

Experiences with IPFIX-based Traffic Measurement for IPv6 Networks. Nakjung Choi, Hyeongu Son*, Youngseok Lee* and Yanghee Choi

This chapter provides information to configure Cflowd.

The Loopback Interface

Intelligent WAN NetFlow Monitoring Deployment Guide

Characterization of accuracy problems in NetFlow data and approaches to handle them

Configuring AVC to Monitor MACE Metrics

Contents. Introduction

Configuring Cisco Nexus 9000 Series Switches in ACI Mode (DCAC9K) v3.0

DDoS Protection in Backbone Networks Deployed at Trenka Informatik AG (

Internet Engineering Task Force (IETF) Request for Comments: TU Muenchen K. Ishibashi NTT. April 2011

Subscriber Data Correlation

NetFlow Monitoring. NetFlow Monitoring

Management of Biometric Data in a Distributed Internet Environment

Technology Overview. Overview CHAPTER

How the Internet sees you

The Loopback Interface

Recent Advances in MPLS Traffic Engineering

Hands-On IP Multicasting for Multimedia Distribution Networks

Network Element Configuration

Cisco IOS Flexible NetFlow Command Reference

Virtualized Network Services SDN solution for enterprises

Course Outline. Lesson 2, Azure Portals, describes the two current portals that are available for managing Azure subscriptions and services.

RIPE76 - Rebuilding a network data pipeline. Louis Poinsignon

VISION ONE: SECURITY WITHOUT SACRIFICE

Integrating NetScaler ADCs with Cisco ACI

Cisco Stealthwatch Endpoint License with Cisco AnyConnect NVM

NetFlow Traffic Analyzer

Towards a collaborative, flow-based, distributed inter-domain Intrusion Detection System

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Autonomic Networking Use Case for Distributed Detection of SLA Violations

VXLAN Overview: Cisco Nexus 9000 Series Switches

Flexible Netflow Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Configuring Encrypted Traffic Analytics

Virtualized Network Services SDN solution for service providers

The Measurement Manager Modular End-to-End Measurement Services

WeChat Adobe Campaign Integration - User Guide

Administering WebLogic Server on Java Cloud Service I Ed 1 Coming Soon

Developing Microsoft Azure Solutions

FlowIntegrator. Integrating Flow Technologies with Mainstream Event Management Systems. Sasha Velednitsky

DYNAMO: AMAZON S HIGHLY AVAILABLE KEY-VALUE STORE. Presented by Byungjin Jun

Answering Queries Using Cooperative Semantic Caching

Flexible NetFlow IPFIX Export Format

Flow-based Accounting: Applications and Standardisation

Large-Scale Geolocation for NetFlow

Network Working Group. Category: Informational Fraunhofer FOKUS J. Quittek M. Stiemerling NEC P. Aitken Cisco Systems, Inc.

Configuring Data Export for Flexible NetFlow with Flow Exporters

Course Outline. Developing Microsoft Azure Solutions Course 20532C: 4 days Instructor Led

Covert channel detection using flow-data

Data Center Configuration. 1. Configuring VXLAN

IMC Network Traffic Analyzer 7.3 (E0504) Copyright 2015, 2017 Hewlett Packard Enterprise Development LP

Configuring Flexible NetFlow

Monitoring network bandwidth on routers and interfaces; Monitoring custom traffic on IP subnets and IP subnets groups; Monitoring end user traffic;

Developing Microsoft Azure Solutions (MS 20532)

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Citrix NetScaler 10.5 Essentials for ACE Migration (CNS-208)

Self-driving Datacenter: Analytics

Course AZ-100T01-A: Manage Subscriptions and Resources

Network Automation using Contrail Cloud (NACC)

Developing Microsoft Azure Solutions: Course Agenda

Protocol for Tetherless Computing

Click to edit Master title style

Configuring NetFlow. About NetFlow. This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices.

OpenIAM Identity and Access Manager Technical Architecture Overview

Motivation There are applications for which it is critical to establish certain availability, consistency, performance etc.

Flows at Masaryk University Brno

TECHNICAL BRIEF. 3Com. XRN Technology Brief

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

Monitoring Multicast Traffic in Wireless Heterogeneous Networks

Application Layer Switching: A Deployable Technique for Providing Quality of Service

SDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich

NetFlow Traffic Analyzer

PSOACI Tetration Overview. Mike Herbert

A packet based method for passive performance monitoring

Overlay Networks. Behnam Momeni Computer Engineering Department Sharif University of Technology

FloCon Netflow Collection and Analysis at a Tier 1 Internet Peering Point. San Diego, CA. Fred Stringer

Rendezvous Point Engineering

Wireless Sensor Networks: Clustering, Routing, Localization, Time Synchronization

Future Service Adaptive Access/Aggregation Network Architecture

Raw Data Formatting: The RDR Formatter and NetFlow Exporting

9.2(1)SU1 OL

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Messaging Overview. Introduction. Gen-Z Messaging

MSActivator Technical Description

NAT Box-to-Box High-Availability Support

Solace JMS Broker Delivers Highest Throughput for Persistent and Non-Persistent Delivery


Raw Data Formatting: The RDR Formatter and NetFlow Exporting

Configuring Flexible NetFlow

Connection Logging. Introduction to Connection Logging

CONTENTS. Technology Overview. Workflow Integration. Sample Customers. How It Works

A Convergence Architecture for GRID Computing and Programmable Networks

Transcription:

SCRIPT Public Workshop January 20, 2010, Zurich, Switzerland SCRIPT: An Architecture for IPFIX Data Distribution Peter Racz Communication Systems Group CSG Department of Informatics IFI University of Zürich UZH

Motivation Proposed Solution Outline SCRIPT Application Scenarios SCRIPT Architecture SCRIPT Node SCRIPT Controller Deployment

Motivation Situation Increasing link speed and network traffic More data to be processed by an analysis application Analysis application requirements Correlation of flow records from multiple exporters Problem Scalability of a centralized collector Current approach Packet sampling and flow sampling Measurement inaccuracy Dedicated hardware Higher costs Replace hardware if performance is not enough Higher costs

Proposed Solution Distribute traffic data to multiple traffic analyzers Make use of the resources of multiple nodes Reduce the amount of data to be processed on a single node Increase the time available to process a single flow record Trade-off More network traffic SCRIPT Distributed platform for IP flow accounting and analysis Based on NetFlow v9 / IPFIX records Goals Increase the amount of data that can be analyzed Dynamic configuration (add/remove resources) Avoid single point of failures Provide load-balancing of workload No dedicated hardware

Scenario 1: Flow Record Storage SCRIPT platform is used to store flow records To increase the storage capacity To balance the usage of storage capacities of SCRIPT nodes To achieve redundant storage To reduce query time of stored flow records Flow record exporting Record can contain any attribute B A D Flow record routing Routing based on different attributes Flow-keys-based distribution (e.g., 5-tuple) Exporter-based distribution Template-based distribution C

Scenario 2: One-Way Delay Measurement Measure one-way delay based on flow records To distribute the processing overhead among SCRIPT nodes To perform delay calculation in near real-time Flow record exporting Flow records for single packets Sampling function such that if a packet is selected by one exporter, then it will be selected by all exporters on the path Flow record has to include 5-tuple Timestamp of the flow creation Origin exporter Hash value calculated on (part of) the payload Clocks have to be synchronized Flow record routing Flow records generated for the same packet but exported by different routers are routed to the same SCRIPT node B A C D

Scenario 3: Asymmetric Route Detection Detect asymmetric routes based on flow records To distribute the processing overhead among SCRIPT nodes To detect asymmetric routes in near real time Flow record exporting Flow records have to include 5-tuple Timestamp of the first packet Origin exporter Clocks have to be synchronized Flow record routing Flow records belonging to the same flow (in both directions) but exported by different routers are routed to the same SCRIPT node. B A C D

SCRIPT Architecture P2P-based flow record routing overlay Built by SCRIPT nodes Receive flow records from routers Distribute flow records to SCRIPT nodes based on IPFIX Supports Flexible flow record routing policies Different analysis applications Load distribution and scalability Exporters Have one or more SCRIPT nodes registered as flow collectors Can switch between SCRIPT nodes In case of failure In case of overload of a single SCRIPT node IP Network SCRIPT controller P2P Network of SCRIPT nodes exporter SCRIPT node flow record SCRIPT protocol

SCRIPT Node SCRIPT Node SCRIPT Applications SCRIPT API SCRIPT Middleware SCRIPT protocol Flow records (NetFlow v5/v9, IPFIX) Flow records (IPFIX) SCRIPT node A logical entity that runs the SCRIPT middleware and one or more SCRIPT applications Receive flow records from exporters (do not generate flow records) Can forward flow records to other SCRIPT nodes (flow record routing) SCRIPT middleware A common communication and coordination layer between SCRIPT nodes Provides common functionality for applications Management and coordination of SCRIPT nodes, P2P overlay management (join/leave) Flow collecting, exporting processes, flow record routing, mediation function Delivery of flow records to applications SCRIPT application Implements a certain traffic analysis application based on flow records On top of the middleware using the SCRIPT API

SCRIPT Controller A central entity responsible for management tasks SCRIPT node identity assignment SCRIPT node bootstrapping Flow template management and synchronization Does not participate in flow record routing

Template Synchronization Same template definition may carry different template IDs e.g. when exported by different routers, or after a router reboot SCRIPT matches different template IDs of the same template definition to a global template ID Mechanism: SCRIPT controller maintains a database of template definitions and their global template IDs Each SCRIPT node locally maintains such a database which is updated in time When receiving a template definition, if it is a new one, it is sent to the Controller The controller searches the template database and returns a corresponding global template ID The SCRIPT node locally maps (exporterid, templateid) global template ID The template ID for each received record is set to the corresponding global template ID

Deployment SCRIPT Node on a PC flow records flow records SCRIPT Node on a router with AXP card Exporter flow records Exporters Create and export flow records to SCRIPT nodes Using IPFIX, NetFlow v5, or NetFlow v9 SCRIPT nodes can be deployed on Linux servers AXP cards installed in a Cisco router

Thank you for your attention!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback