Passive Measurement in CSTNET

Size: px
Start display at page:

Download "Passive Measurement in CSTNET"

Transcription

1 Passive Measurement in CSTNET Chunjing Han Aug CSTNET, CNIC

2 Topics 1. Passive measurement systems introduction in CSTNET 2. Large - scale distributed traffic analysis system in IPv6

3 1, Passive measurement systems introduction in CSTNET

4 Background introduction IPv4 address will soon be depleted the Asia-Pacific region(april 2011) In the last three years, the number of ipv4 addresses assigned has a downward trend in China. This figure comes from CNNIC We need migrate to the IPv6 network and do not wait

5 Background introduction China Next Generation Internet (CNGI) IPv6 high-speed network IPv4-IPv6 dual network and support IPv6 in the whole CSTNET Traffic increasing continuously, congestion link, IPv6 ARP attack No-commercial IPv6 capable network management and traffic monitoring system We need monitor IPv6 traffic analyzers

6 Passive measurement systems CNMS Cloud network management system LDTM Large - scale distributed network monitoring system

7 Large - scale distributed traffic analysis system

8 LDTM( Large scale distribution traffic monitor) Netflow and DPI technology Goal: IPv6 support and can monitor the backbone and boundary of CSTNET Using cloud plus probe to implement LDTM Cloud: collect, process, and merge the raw flows, storage the aggregated records, and provide visual service. probe: create the improved Netflow packets and send network data to Cloud.

9 One cloud processing center, multi probes Deployment of LDTM This is typical implementation of multi - tenant cloud services model the collecting servers web servers, database, storage device.

10 Multiple layers for traffic collector Software architecture of LDTM

11 Flexible deployments Software deployment

12 An uniform CMDB Distributed collector design model Distributed collectors regularly synchronize the configuration from the CMDB, guarantee the correct monitoring scope of links and monitor objects Using the multi-process data loader tools and data dispatch map, to load big block data into the database cluster correctly and quickly

13 Key technology Property of IP address Continent, country, city, organization, customer information Enrich this information to each raw flows real-time Advance a IPv4-IPv6 attribution information searching algorithm based Patricia Tree 128 bits IPv6 address Provide uniform interface for IPv4&IPv6 A root node and two sub-tree Left IPv4 sub-tree Right IPv6 sub-tree

14 Key technology Aggregate huge raw flow recording Time granularity: min, hour, day, week, month Function aggregation: continent, country, protocol, application, host, session, packet size Advance the visual link concept: merge the traffic of multiple links as a visual link Long-term storing the raw flow records Create the raw flow file every five minutes Put it in the exclusive storage resource and do not occupy the space of the collecting servers.

15 Key technology Storage technology improvement for massive data Parallel database and database clusters Min granularity record small files stand-alone database Hour, day, week and month granularity record cluster big files database Cluster GBase 8a MPP GCluster sg01 sg02 sg03 sg 千 兆 局 域 网 数 据 分 发 机 &8a 单 机 & 后 台 服 务 器

16 Features list Traffic weather map Distribution analysis Top N analysis Configuration Overview volume Top host Collecting Application Top session Exporter Organization Top protocol Link Region Continents Packe size Raw flows research IP utilization IP location Visual link Monitor object Application Traffic billing

17 Traffic weather map A geo-view traffic distribution Two levels of zoom: continent, region The IPv6 and IPv4 view separately Traffic of Top IP session, organization and region distribution,by using threedimensional flex model

18 Traffic distibution and Top N Organization distribution Top IPv6 address Top IP session Application distribution

19 Raw flow analysis Our can display a back trace of the current and history transferring flows. Enrich the raw flow using the GeoIP and institutes information of CSTNET. For IPv6, information of GeoIP is very limit. Provide the filter configuration of IP,port, protocol and link Provide downloading function of the raw flow records

20 Active IP address statistic Active IP address statistic is very important to evaluate the IP utilization. A statistics once a month---the active and inactive IP address We have stored the result in to the database and have not a good visualization for IPv6, due to the long address format and huge number of inactive IP address A time-consuming work

21 Traffic billing For the ISP and customer, LDTM provides a traffic billing inquiry of each customer in every day and month. For a customer, LDTM can query a special IP address traffic, including every application traffic and detail traffic records.

22 Providing a IP location service IP address location

23 Future work The active and passive measurement of IPv6 performance. Perfosonar Performance Probe passive data The active IPv6 address statistic A good algorithm to quickly get the result Suitable visualization, huge IPv6 address number Research of measurement method of IPv6 transition Dual stack Translation Tunnel THANK YOU

Network Monitoring and Traffic CSTNET, CNIC

Network Monitoring and Traffic CSTNET, CNIC Network Monitoring and Traffic Analysis in CSTNET Chunjing Han Aug. 2013 CSTNET, CNIC Topics 1. The background of network monitoring 2. Network monitoring protocols and related tools 3. Network monitoring

More information

IPv6 measurement in CSTNET. CSTNET, CNIC, Sep. 2014

IPv6 measurement in CSTNET. CSTNET, CNIC, Sep. 2014 IPv6 measurement in CSTNET Chunjing Han chjhan@cstnet.cn CSTNET, CNIC, Sep. 2014 1. The activities of IPv6 measurement in CSTNET 2. IPv6 traffic analysis and user behavior Topics 1. The activities of IPv6

More information

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.

More information

Experimentation driven traffic monitoring and engineering research

Experimentation driven traffic monitoring and engineering research Experimentation driven traffic monitoring and engineering research Amir KRIFA (Amir.Krifa@sophia.inria.fr) 11/20/09 ECODE FP7 Project 1 Outline i. Future directions of Internet traffic monitoring and engineering

More information

NfSen Plugin Supporting The Virtual Network Monitoring

NfSen Plugin Supporting The Virtual Network Monitoring NfSen Plugin Supporting The Virtual Network Monitoring Vojtěch Krmíček krmicek@liberouter.org Pavel Čeleda celeda@ics.muni.cz Jiří Novotný novotny@cesnet.cz Part I Monitoring of Virtual Network Environments

More information

Foglight NMS Overview

Foglight NMS Overview Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is

More information

Implementing IP Addressing Services

Implementing IP Addressing Services Implementing IP Addressing Services Accessing the WAN Chapter 7 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Configure DHCP in an enterprise branch network Configure

More information

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand

More information

TRILL Large Layer 2 Network Solution

TRILL Large Layer 2 Network Solution TRILL Large Layer 2 Network Solution Contents 1 Network Architecture Requirements of Data Centers in the Cloud Computing Era... 3 2 TRILL Characteristics... 5 3 Huawei TRILL-based Large Layer 2 Network

More information

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B. ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

Network Traffic Performance & Security Monitoring

Network Traffic Performance & Security Monitoring Network Traffic Performance & Security Monitoring Project proposal minimal project Orsenna;Invea-Tech FLOWMON PROBES 1000 & 100 Contents 1. Introduction... 2 1.1. General System Requirements... 2 1.2.

More information

NTT - A global IPv6 deployment case study

NTT - A global IPv6 deployment case study About NTT NTT - A global IPv6 deployment case study Adoption considerations An Adoption how-to IPv6 beyond the transition Hikari-TV Earthquake warning service 6 All backbone equipment needs to be audited

More information

CIRA s experience in deploying IPv6

CIRA s experience in deploying IPv6 CIRA s experience in deploying IPv6 Canadian Internet Registration Authority (CIRA) Jacques Latour Director, Information Technology Ottawa, April 29, 2011 1 About CIRA The Registry that operates the Country

More information

Detecting rogue systems

Detecting rogue systems Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE

LOG INTELLIGENCE FOR SECURITY AND COMPLIANCE PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become

More information

The Purview Solution Integration With Splunk

The Purview Solution Integration With Splunk The Purview Solution Integration With Splunk Integrating Application Management and Business Analytics With Other IT Management Systems A SOLUTION WHITE PAPER WHITE PAPER Introduction Purview Integration

More information

50. DFN Betriebstagung

50. DFN Betriebstagung 50. DFN Betriebstagung IPS Serial Clustering in 10GbE Environment Tuukka Helander, Stonesoft Germany GmbH Frank Brüggemann, RWTH Aachen Slide 1 Agenda Introduction Stonesoft clustering Firewall parallel

More information

RAVEN, Network Security and Health for the Enterprise

RAVEN, Network Security and Health for the Enterprise RAVEN, Network Security and Health for the Enterprise The Promia RAVEN is a hardened Security Information and Event Management (SIEM) solution further providing network health, and interactive visualizations

More information

Optimizing Data Center Networks for Cloud Computing

Optimizing Data Center Networks for Cloud Computing PRAMAK 1 Optimizing Data Center Networks for Cloud Computing Data Center networks have evolved over time as the nature of computing changed. They evolved to handle the computing models based on main-frames,

More information

Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012

Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012 Traffic delivery evolution in the Internet ENOG 4 Moscow 23 rd October 2012 January 29th, 2008 Christian Kaufmann Director Network Architecture Akamai Technologies, Inc. way-back machine Web 1998 way-back

More information

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight

More information

Multicast monitoring and visualization tools. A. Binczewski R. Krzywania R. apacz

Multicast monitoring and visualization tools. A. Binczewski R. Krzywania R. apacz Multicast monitoring and visualization tools A. Binczewski R. Krzywania R. apacz Multicast technology now - briefly Bright aspects: Well-known technology Reduces network traffic and conserves the bandwidth

More information

EAGLE EYE IP TAP. 1. Introduction

EAGLE EYE IP TAP. 1. Introduction 1. Introduction The Eagle Eye - IP tap is a passive IP network application platform for lawful interception and network monitoring. Designed to be used in distributed surveillance environments, the Eagle

More information

SolarWinds. Understanding SolarWinds Charts and Graphs Technical Reference

SolarWinds. Understanding SolarWinds Charts and Graphs Technical Reference SolarWinds Understanding SolarWinds Charts and Graphs Technical Reference Copyright 1995-2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any

More information

SANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises

SANS Technology Institute Group Discussion/Written Project. The Rapid Implementation of IPv6 at GIAC Enterprises SANS Technology Institute Group Discussion/Written Project The Rapid Implementation of IPv6 at GIAC Enterprises 12/9/2010 Stacy Jordan Beth Binde Glen Roberts Table of Contents Executive Summary 3 Background

More information

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs Decoding DNS data Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs The Domain Name System (DNS) is a core component of the Internet infrastructure,

More information

Innovative, High-Density, Massively Scalable Packet Capture and Cyber Analytics Cluster for Enterprise Customers

Innovative, High-Density, Massively Scalable Packet Capture and Cyber Analytics Cluster for Enterprise Customers Innovative, High-Density, Massively Scalable Packet Capture and Cyber Analytics Cluster for Enterprise Customers The Enterprise Packet Capture Cluster Platform is a complete solution based on a unique

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík

Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík Network Security Monitoring and Behavior Analysis Pavel Čeleda, Petr Velan, Tomáš Jirsík {celeda velan jirsik}@ics.muni.cz Part I Introduction P. Čeleda et al. Network Security Monitoring and Behavior

More information

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco NetFlow Generation Appliance (NGA) 3140 Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance

More information

Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on Errors of Utilized Bandwidth Measured by NetFlow Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

More information

Virtual Machine in Data Center Switches Huawei Virtual System

Virtual Machine in Data Center Switches Huawei Virtual System Virtual Machine in Data Center Switches Huawei Virtual System Contents 1 Introduction... 3 2 VS: From the Aspect of Virtualization Technology... 3 3 VS: From the Aspect of Market Driving... 4 4 VS: From

More information

Broadband Network Architecture

Broadband Network Architecture Broadband Network Architecture Jan Martijn Metselaar May 24, 2012 Winitu Consulting Klipperaak 2d 2411 ND Bodegraven The Netherlands slide Broadband Services! Dual play, Triple play, Multi play! But what

More information

Network Layers. CSC358 - Introduction to Computer Networks

Network Layers. CSC358 - Introduction to Computer Networks Network Layers Goal Understand how application processes set up a connection and exchange messages. Understand how addresses are determined Data Exchange Between Application Processes TCP Connection-Setup

More information

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by

More information

Comprehensive IP Traffic Monitoring with FTAS System

Comprehensive IP Traffic Monitoring with FTAS System Comprehensive IP Traffic Monitoring with FTAS System Tomáš Košňar kosnar@cesnet.cz CESNET, association of legal entities Prague, Czech Republic Abstract System FTAS is designed for large-scale continuous

More information

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

NetFlow use cases. ICmyNet / NetVizura. Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o. NetFlow use cases ICmyNet / NetVizura, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda ICmyNet / NetVizura overview Use cases / case studies Statistics per exporter/interfaces Traffic Patterns NREN

More information

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE Game changing Technology für Ihre Kunden Thomas Bürgis System Engineering Manager CEE Threats have evolved traditional firewalls & IPS have not Protection centered around ports & protocols Expensive to

More information

Guide to TCP/IP Fourth Edition. Chapter 10: Transitioning from IPv4 to IPv6: Interoperation

Guide to TCP/IP Fourth Edition. Chapter 10: Transitioning from IPv4 to IPv6: Interoperation Guide to TCP/IP Fourth Edition Chapter 10: Transitioning from IPv4 to IPv6: Interoperation Objectives Describe the various methods that allow IPv4 and IPv6 networks to interact, including dual stack and

More information

Cover. White Paper. (nchronos 4.1)

Cover. White Paper. (nchronos 4.1) Cover White Paper (nchronos 4.1) Copyright Copyright 2013 Colasoft LLC. All rights reserved. Information in this document is subject to change without notice. No part of this document may be reproduced

More information

ITL BULLETIN FOR JANUARY 2011

ITL BULLETIN FOR JANUARY 2011 ITL BULLETIN FOR JANUARY 2011 INTERNET PROTOCOL VERSION 6 (IPv6): NIST GUIDELINES HELP ORGANIZATIONS MANAGE THE SECURE DEPLOYMENT OF THE NEW NETWORK PROTOCOL Shirley Radack, Editor Computer Security Division

More information

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT

STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT STANDPOINT FOR QUALITY-OF-SERVICE MEASUREMENT 1. TIMING ACCURACY The accurate multi-point measurements require accurate synchronization of clocks of the measurement devices. If for example time stamps

More information

Service Assurance based on Packet Capture

Service Assurance based on Packet Capture Service Assurance based on Packet Capture Mobigen OmniStream provides comprehensive and intelligent service assurance capability together with packet capture and analysis technology in IP-based service

More information

Craig Labovitz, Scott Iekel-Johnson, Danny McPherson Arbor Networks Jon Oberheide, Farnam Jahanian University of Michigan

Craig Labovitz, Scott Iekel-Johnson, Danny McPherson Arbor Networks Jon Oberheide, Farnam Jahanian University of Michigan Internet Inter-Domain Traffic Craig Labovitz, Scott Iekel-Johnson, Danny McPherson Arbor Networks Jon Oberheide, Farnam Jahanian University of Michigan Motivation Measuring the Internet is hard Significant

More information

Introduction to IP v6

Introduction to IP v6 IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation

More information

FlowMon. Complete solution for network monitoring and security. INVEA-TECH info@invea-tech.com

FlowMon. Complete solution for network monitoring and security. INVEA-TECH info@invea-tech.com FlowMon Complete solution for network monitoring and security INVEA-TECH info@invea-tech.com INVEA-TECH University spin-off company 10 years of development, participation in EU funded projects project

More information

Figure 1. perfsonar architecture. 1 This work was supported by the EC IST-EMANICS Network of Excellence (#26854).

Figure 1. perfsonar architecture. 1 This work was supported by the EC IST-EMANICS Network of Excellence (#26854). 1 perfsonar tools evaluation 1 The goal of this PSNC activity was to evaluate perfsonar NetFlow tools for flow collection solution and assess its applicability to easily subscribe and request different

More information

Service Description DDoS Mitigation Service

Service Description DDoS Mitigation Service Service Description DDoS Mitigation Service Interoute, Walbrook Building, 195 Marsh Wall, London, E14 9SG, UK Tel: +800 4683 7681 Email: info@interoute.com Contents Contents 1 Introduction...3 2 An Overview...3

More information

Traffic Analysis With Netflow. The Key to Network Visibility

Traffic Analysis With Netflow. The Key to Network Visibility Summary Today, Enterprises know that the WAN is one of their most important assets. It needs to be up and running 24x7 for the enterprise to function smoothly. To make this possible, IT administrators

More information

Strategies for Getting Started with IPv6

Strategies for Getting Started with IPv6 Strategies for Getting Started with IPv6 IPv6 Transition Acceleration Options for Web Applications and Services By Scott Hogg GTRI - Director of Technology Solutions CCIE #5133, CISSP #4610 IPv6 Transition

More information

Configuring and Managing Token Ring Switches Using Cisco s Network Management Products

Configuring and Managing Token Ring Switches Using Cisco s Network Management Products Configuring and Managing Token Ring Switches Using Cisco s Network Management Products CHAPTER 12 Cisco offers several network management applications that you can use to manage your Catalyst Token Ring

More information

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region

IPv6 SECURITY. May 2011. The Government of the Hong Kong Special Administrative Region IPv6 SECURITY May 2011 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the express

More information

Traffic Analysis with Netflow The Key to Network Visibility

Traffic Analysis with Netflow The Key to Network Visibility Traffic Analysis with Netflow The Key to Network Visibility > WHITEPAPER Executive Summary Enterprises today, know that the WAN is one of their most important assets. It needs to be up and running 24x7

More information

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Flow Analysis. Make A Right Policy for Your Network. GenieNRM Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do

More information

A Brief. Introduction. of MG-SOFT s SNMP Network Management Products. Document Version 1.3, published in June, 2008

A Brief. Introduction. of MG-SOFT s SNMP Network Management Products. Document Version 1.3, published in June, 2008 A Brief Introduction of MG-SOFT s SNMP Network Management Products Document Version 1.3, published in June, 2008 MG-SOFT s SNMP Products Overview SNMP Management Products MIB Browser Pro. for Windows and

More information

Monitoring commercial cloud service providers

Monitoring commercial cloud service providers Monitoring commercial cloud service providers July Author: Lassi Kojo Supervisor: Stefan Lüders CERN openlab Summer Student Report Abstract There is a growing tendency by individuals to sign-up for public

More information

Open Source in Network Administration: the ntop Project

Open Source in Network Administration: the ntop Project Open Source in Network Administration: the ntop Project Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:

More information

NetFlow-Based Approach to Compare the Load Balancing Algorithms

NetFlow-Based Approach to Compare the Load Balancing Algorithms 6 IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.1, October 8 NetFlow-Based Approach to Compare the Load Balancing Algorithms Chin-Yu Yang 1, and Jian-Bo Chen 3 1 Dept.

More information

Massive Cloud Auditing using Data Mining on Hadoop

Massive Cloud Auditing using Data Mining on Hadoop Massive Cloud Auditing using Data Mining on Hadoop Prof. Sachin Shetty CyberBAT Team, AFRL/RIGD AFRL VFRP Tennessee State University Outline Massive Cloud Auditing Traffic Characterization Distributed

More information

The use of SNMP and other network management tools in UNINETT. Arne Øslebø arne.oslebo@uninett.no March 4, 2014

The use of SNMP and other network management tools in UNINETT. Arne Øslebø arne.oslebo@uninett.no March 4, 2014 The use of SNMP and other network management tools in UNINETT Arne Øslebø arne.oslebo@uninett.no March 4, 2014 1 UNINETTs network GEANT 3 4 What is monitored? Link status Are all connections up? General

More information

Report from HEPiX 2012: Network, Security and Storage. david.gutierrez@cern.ch Geneva, November 16th

Report from HEPiX 2012: Network, Security and Storage. david.gutierrez@cern.ch Geneva, November 16th Report from HEPiX 2012: Network, Security and Storage david.gutierrez@cern.ch Geneva, November 16th Network and Security Network traffic analysis Updates on DC Networks IPv6 Ciber-security updates Federated

More information

464XLAT: Breaking Free of IPv4. Cameron.Byrne@T-Mobile.com APRICOT 2014

464XLAT: Breaking Free of IPv4. Cameron.Byrne@T-Mobile.com APRICOT 2014 464XLAT: Breaking Free of IPv4 Cameron.Byrne@T-Mobile.com APRICOT 2014 1 Background T-Mobile US is a GSM / UMTS / LTE provider in the USA with 45+ Million subscribers In 2008, T-Mobile launched the first

More information

Development of the FITELnet-G20 Metro Edge Router

Development of the FITELnet-G20 Metro Edge Router Development of the Metro Edge Router by Tomoyuki Fukunaga * With the increasing use of broadband Internet, it is to be expected that fiber-tothe-home (FTTH) service will expand as the means of providing

More information

Limitations of Packet Measurement

Limitations of Packet Measurement Limitations of Packet Measurement Collect and process less information: Only collect packet headers, not payload Ignore single packets (aggregate) Ignore some packets (sampling) Make collection and processing

More information

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

More information

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad

More information

IPv6 Network Management. touch@coe.psu.ac.th

IPv6 Network Management. touch@coe.psu.ac.th IPv6 Network Management touch@coe.psu.ac.th Outline Introduction Managing IPv6 networks SNMP over IPv6 Management platforms Management tools IPv6 LAN IPv6 MAN/WAN Examples/Demos Introduction Manage a network:

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

Industry Automation White Paper Januar 2013 IPv6 in automation technology

Industry Automation White Paper Januar 2013 IPv6 in automation technology Table of contents: 1 Why another White Paper IPv6?... 3 2 IPv6 for automation technology... 3 3 Basics of IPv6... 3 3.1 Turning point/initial situation... 3 3.2 Standardization... 4 3.2.1 IPv6 address

More information

PRODUCT OVERVIEW SUITE DEALS. Combine our award-winning products for complete performance monitoring and optimization, and cost effective solutions.

PRODUCT OVERVIEW SUITE DEALS. Combine our award-winning products for complete performance monitoring and optimization, and cost effective solutions. Creating innovative software to optimize computing performance PRODUCT OVERVIEW Performance Monitoring and Tuning Server Job Schedule and Alert Management SQL Query Optimization Made Easy SQL Server Index

More information

Challenges in NetFlow based Event Logging

Challenges in NetFlow based Event Logging Challenges in NetFlow based Event Logging Stefan Künkel IsarNet sk@isarnet.de 31.03.2012 Agenda Introduction Getting Events Example NSEL What is it? Analysis Example CGN Motivation NAT overview NAT Logging

More information

Observer Analysis Advantages

Observer Analysis Advantages In-Depth Analysis for Gigabit and 10 Gb Networks For enterprise management, gigabit and 10 Gb Ethernet networks mean high-speed communication, on-demand systems, and improved business functions. For enterprise

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

The Value of Flow Data for Peering Decisions

The Value of Flow Data for Peering Decisions The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this

More information

UKCMG Industry Forum November 2006

UKCMG Industry Forum November 2006 UKCMG Industry Forum November 2006 Capacity and Performance Management of IP Networks Using IP Flow Measurement Agenda Challenges of capacity and performance management of IP based networks What is IP

More information

SolarWinds Certified Professional. Exam Preparation Guide

SolarWinds Certified Professional. Exam Preparation Guide SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how

More information

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,

More information

Internet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks

Internet Peering, IPv6, and NATs. Mike Freedman V22.0480-005 Networks Internet Peering, IPv6, and NATs Mike Freedman V22.0480-005 Networks Internet Peering Review: Routing Internet has a loose hierarchy of domains Hosts now local router Local routers know site routers Site

More information

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o. NetFlow: What is it, why and how to use it?, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda What is NetFlow? What are the benefits? How to deploy NetFlow? Questions 2 / 22 What is NetFlow? NetFlow

More information

Application. Transport. Network. Data Link. Physical. Network Layers. Goal

Application. Transport. Network. Data Link. Physical. Network Layers. Goal Layers Goal Understand how application processes set up a connection and exchange messages. Understand how addresses are determined 1 2 Data Exchange Between Processes TCP Connection-Setup Between Processes

More information

Chapter 3. Enterprise Campus Network Design

Chapter 3. Enterprise Campus Network Design Chapter 3 Enterprise Campus Network Design 1 Overview The network foundation hosting these technologies for an emerging enterprise should be efficient, highly available, scalable, and manageable. This

More information

An apparatus for P2P classification in Netflow traces

An apparatus for P2P classification in Netflow traces An apparatus for P2P classification in Netflow traces Andrew M Gossett, Ioannis Papapanagiotou and Michael Devetsikiotis Electrical and Computer Engineering, North Carolina State University, Raleigh, USA

More information

Hortonworks & SAS. Analytics everywhere. Page 1. Hortonworks Inc. 2011 2014. All Rights Reserved

Hortonworks & SAS. Analytics everywhere. Page 1. Hortonworks Inc. 2011 2014. All Rights Reserved Hortonworks & SAS Analytics everywhere. Page 1 A change in focus. A shift in Advertising From mass branding A shift in Financial Services From Educated Investing A shift in Healthcare From mass treatment

More information

NetSpective Global Proxy Configuration Guide

NetSpective Global Proxy Configuration Guide NetSpective Global Proxy Configuration Guide Table of Contents NetSpective Global Proxy Deployment... 3 Configuring NetSpective for Global Proxy... 5 Restrict Admin Access... 5 Networking... 6 Apply a

More information

Interconnecting IPv6 Domains Using Tunnels

Interconnecting IPv6 Domains Using Tunnels Interconnecting Domains Using Tunnels Version History Version Number Date Notes 1 30 July 2002 This document was created. 2 19 May 2003 Updated the related documents section. This document describes how

More information

Network Packet Monitoring Optimizations Powered By SDN

Network Packet Monitoring Optimizations Powered By SDN We're going to be able to ask our computers to monitor things for us, and when certain conditions happen, the computers will take certain actions and inform us after the fact. ~ Steve Jobs Network Packet

More information

Hardware acceleration enhancing network security

Hardware acceleration enhancing network security Hardware acceleration enhancing network security Petr Kaštovský kastovsky@invea-tech.com High-Speed Networking Technology Partner Threats Number of attacks grows together with damage caused Source: McAfee

More information

Towards Smart and Intelligent SDN Controller

Towards Smart and Intelligent SDN Controller Towards Smart and Intelligent SDN Controller - Through the Generic, Extensible, and Elastic Time Series Data Repository (TSDR) YuLing Chen, Dell Inc. Rajesh Narayanan, Dell Inc. Sharon Aicler, Cisco Systems

More information

464XLAT in mobile networks

464XLAT in mobile networks STRATEGIC WHITE PAPER IPv6 migration strategies for mobile networks To cope with the increasing demand for IP addresses, most mobile network operators (MNOs) have deployed Carrier Grade Network Address

More information

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN-001391-01

vsphere Networking vsphere 6.0 ESXi 6.0 vcenter Server 6.0 EN-001391-01 vsphere 6.0 ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more

More information

Secospace elog. Secospace elog

Secospace elog. Secospace elog Secospace elog Product Overview With the development of networks, security events continually occur on hosts, databases, and Web servers. These range from Trojans, worms, and SQL injections, to Web page

More information

Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010

Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Network traffic monitoring and management Sonia Panchen sonia.panchen@inmon.com 11 th November 2010 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring

More information

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,

More information

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN-001074-02

vsphere Networking vsphere 5.5 ESXi 5.5 vcenter Server 5.5 EN-001074-02 vsphere 5.5 ESXi 5.5 vcenter Server 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more

More information

MULTI WAN TECHNICAL OVERVIEW

MULTI WAN TECHNICAL OVERVIEW MULTI WAN TECHNICAL OVERVIEW The Multi WAN feature will allow the service provider to load balanced all client TCP and UDP traffic only. It also provides redundancy for HA. Traffic that is load balanced:

More information

Application-Centric Analysis Helps Maximize the Value of Wireshark

Application-Centric Analysis Helps Maximize the Value of Wireshark Application-Centric Analysis Helps Maximize the Value of Wireshark The cost of freeware Protocol analysis has long been viewed as the last line of defense when it comes to resolving nagging network and

More information