IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Size: px
Start display at page:

Download "IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令"

Transcription

1 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1

2 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2

3 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where, when, and how 流 量 整 形 流 量 工 程 网 络 规 划 异 常 检 测 行 为 分 析 以 及 Qos 保 证 等 数 据 来 源 SNMP: mibs Raw Data: Tcpdump 流 信 息 :Netflow/IPFIX 3

4 流 量 分 析 4 What we needs application performance application-based accounting network security Network behavior, application recognition debug ip packet in router? IP Sniffing in shared LAN (or using switch to do so) Port Span in switch (how about port span in router?) Circuit Sniffing Netflow What we prefer in backbone: Embeded Fixed length partial packet export Real-time filtered packet export

5 Netflow 的 应 用 范 围 5 Network Monitoring Network planning Security Analysis Application Monitoring User Monitoring Traffic Engineering Peering Agreement Usage-base Billing Destination sensitive billing

6 IPv6 带 来 的 变 化 数 据 报 文 差 别 流 量 模 式 变 化 用 户 行 为 安 全 事 件 的 演 进 模 式 变 更 检 测 方 法 6

7 IPv6 Header IPv4 Header 20 bytes IPv6 Header, 40 bytes fixed Version IHL Type of Service Total Length Version Traffic Class Flow Label Identification Flags Fragment Offset Time to Live Protocol Header Checksum Payload Length Next Header Hop Limit Source Address Destination Address Source Address Options Padding 例 图 -IPv4 与 IPv6 相 同 的 域 - 仅 IPv4 有 的 域 -IPv6 与 IPv4 名 称 不 同 功 能 类 似 的 域 -IPv6 新 增 的 域 Destination Address 7

8 IPv6 Extension Headers 8 IPv6 Header Next Header = 6 TCP IPv6 Header Next Header = 43 Routing IPv6 Header Next Header = 43 Routing 8-bits Option Type (Next) TCP Header + Data Routing Header Next Header = 6 TCP Routing Header Next Header = 44 Fragment 8-bits Option Data Length TCP Header + Data Fragment Header Next Header = 6 TCP Fragment of TCP Header + Data Option Data (Variable Length) Next Header Field: 0 Hop-by-Hop Options 60 Destination Options (If Routing header is used) 43 Routing 44 Fragment 46 RSVP 51 AH 50 ESP 88 EIGRP 89 OSPF 6 TCP 17 UDP 58 ICMPv6 135 Mobility Header 59 None (no next header)

9 流 量 模 式 ( 用 户 行 为 ) 变 化 应 用 程 序 的 网 络 行 为 流 媒 体 P2P 一 个 节 点 多 个 IPv6 地 址 不 同 用 途 优 先 级 问 题 过 渡 阶 段 双 栈 隧 道 网 关 9

10 关 注 用 户 行 为 谁 占 用 了 最 多 的 带 宽, 所 占 比 例? 网 络 的 用 户 数 量 多 少 用 户 使 用 网 络 的 时 间 点 和 长 度 哪 些 站 点 比 较 热 门, 站 点 间 有 无 关 联 用 户 使 用 网 络 的 习 惯 如 何 有 无 明 显 网 络 代 理 行 为 有 无 攻 击 病 毒 特 征 用 户 体 验 评 估 10

11 网 络 攻 击 与 检 测 方 式 变 化 扫 描 不 再 有 效? 地 址 空 间 扩 大 增 强 的 安 全 特 性 (IPSec 等 ) 隐 藏 vs 发 掘 LAN 攻 击 第 二 层 信 息 11

12 网 络 攻 击 总 的 流 量 突 然 上 升 网 络 设 备 负 载 增 加 (CPU Memeory) 个 别 节 点 或 服 务 突 然 异 常 ( 慢 无 法 登 陆 等 ) 大 量 的 ACL 冲 突 记 录 流 数 据 急 速 增 长, 大 量 到 同 一 节 点 的 单 向 流 由 同 一 节 点 发 出 的 大 量 不 同 目 标 的 流 某 种 类 型 的 流 量 突 然 增 加, 如 ICMP 突 然 增 加 的 未 知 应 用 类 型 的 流 量 12

13 Netflow 检 测 网 络 攻 击 命 令 : Router# sh ip(v6) cache flow inc xxx.xxx.xxx.xxx Router# sh mls netflow ip(v6) 可 确 定 问 题 源 及 时 响 应 可 配 合 acl 使 用 分 析 工 具 更 全 面 高 效 历 史 记 录 13

14 14 What Does a DOS Attack Look Like?

15 一 些 IPv6 的 攻 击 由 IPv4 演 进 的 攻 击 蠕 虫 僵 尸 网 络 IPv6 隐 信 道 (covert channels) 攻 击 Covert Channels in IPv6, N.B Lucena, G. Lewandowski etc, Lecture Notes in Computer Science, Volume 3856, 2006, 来 自 IPv4 的 攻 击 Tunnel, 双 栈 协 议 发 展 不 完 善 的 地 方 DAD( 类 似 IPv4 的 ARP) 15

16 IPv6 与 流 信 息 采 集 IPv4 环 境 常 用 Netflow v5 扩 展 性 问 题 不 能 处 理 IPv6 数 据 Netflow v9 / IPFIX IETF 推 荐 的 标 准 使 用 模 板 来 适 应 不 同 的 要 求 IPv6 MPLS Multicast 设 备 支 持 :cisco, huawei, juniper 16

17 设 备 支 持 情 况 Cisco Netflow v9 IPv6 packets captured (needs IPv6 CEF) Still uses IPv4 transport 12.2(33)SRB of Cisco 7600 began to support IPv6 export May need to update your own Netflow collector Huawei Netstream Juniper: Jflow 17

18 NetFlow Version 9 18 Version 9 is an export protocol No changes to the metering process Version 9 based on templates and separate flow records Templates composed of type and length Flow records composed of template ID and value Sent the template regularly (configurable), because of UDP Support: 800, 1700, 1800, 2600, 2800, 3200, 3600, 3700, 6500/7600, 7200, 7300, 7500, cat6000, 7600, 10000, 12000, CRS-1, ASR 1000 RFC3954 Cisco Systems NetFlow Services Export Version 9 NetFlow patent: intellectual property right statement on the IETF website

19 19 Netflow Version 9 Scenario

20 NetFlow v9 Export Packet To support technologies such as MPLS or Multicast, this export format can be leveraged to easily insert new fields Flows from Interface A Flows from Interface B Header (version, # packets, sequence #, Source ID) Template FlowSet Template Record Template ID #1 (specific Field types and lengths) Template Record Template ID #2 (specific Field types and lengths) Data FlowSet FlowSet ID #1 Data Record Data Record (Field values) (Field values) Data FlowSet FlowSet ID #2 Data Record (Field values) Option Template FlowSet Template ID (specific Field types and lengths) Option Data FlowSet FlowSet ID Option Data Record (Field values) Option Data Record (Field values) Matching ID #s is the way to associate Template to the Data Records The Header follows the same format as prior NetFlow versions so Collectors will be backward compatible Each Data Record represents one flow If exported flows have the same fields then they can be contained in the same Template Record e.g. unicast traffic can be combined with multicast records If exported flows have different fields then they can t be contained in the same Template Record e.g. BGP next-hop can t be combined with MPLS Aware NetFlow records

21

22 问 题 Netflow v9 信 息 足 够? Experiences with IPFIX-based Traffic Measurement for IPv6 Networks,N Choi, H Son, Y Lee, Y Choi,Proc. of ACM IPv6 07 Flexible Netflow(FNF)* Cisco IOS Release 12.4(20)T 可 自 定 义 字 段, 灵 活 目 标 : 不 同 的 目 标 采 用 不 同 的 模 板 22

23 Netflow 不 同 的 部 署 目 的 NetFlow for Monitoring NetFlow for Security NetFlow for Peering ISP 23

24 Flexible NetFlow Multiple Monitors with Unique Key Fields Traffic Flow Monitor 1 Flow Monitor 2 Key Fields Packet 1 Non-Key Fields Key Fields Packet 1 Non-Key Fields Source IP Packets Source IP Packets Destination IP Bytes Dest IP Timestamps Source Port 23 Timestamps Input Interface Ethernet 0 Destination Oort Next Hop Address SYN Flag 0 Layer 3 Protocol TCP - 6 TOS Byte 0 Input Interface Ethernet 0 Traffic Analysis Cache Source IP Dest. IP Source Port Dest. Port Protocol TOS Input I/F Pkts E Security Analysis Cache Source IP Dest. IP Input I/F Flag Pkts E Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 24

25 Flexible Flow Record: Key Fields Flow IPv4 IPv6 Sampler ID Direction Interface IP (Source or Destination) Prefix (Source or Destination) Payload Size Packet Section (Header) IP (Source or Destination) Prefix (Source or Destination) Payload Size Packet Section (Header) Input Output Layer 2 Source VLAN Destination VLAN Source MAC address Mask (Source or Destination) Minimum-Mask (Source or Destination) Protocol Fragmentation Flags Fragmentation Offset Identification Packet Section (Payload) TTL Options bitmap Version Precedence DSCP Mask (Source or Destination) Minimum-Mask (Source or Destination) Protocol Traffic Class Flow Label Option Header Packet Section (Payload) DSCP Extension Headers Hop-Limit Length Next-header Destination MAC address Header Length Total Length TOS Header Length Payload Length Version Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25

26 设 备 配 置 * 以 Cisco 设 备 为 例 Netflow v9 Flexible Netflow 26

27 Netflow v9 for IPv6 Configure on Cisco IOS release 12.2(33)SRB or later Router(config)# ipv6 unicast-routing Router(config)# mls flow ipv6 interface-full Router(config)# mls nde sender Router(config)# ip flow-export version 9 Router(config)# ip flow-export destination Router(config)# interface FastEthernet1/1 Router(config)# ipv6 address 2001:0DB8::1/64 Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27

28 Flexible Netflow* Configure the Exporter Router(config)# flow exporter my-exporter Router(config-flow-exporter)# destination Configure the Flow Record Router(config)# flow record my-record Router(config-flow-record)# match ipv4 destination address Router(config-flow-record)# match ipv4 source address Router(config-flow-record)# collect counter bytes Configure the Flow Monitor Router(config)# flow monitor my-monitor Router(config-flow-monitor)# exporter my-exporter Router(config-flow-monitor)# record my-record Configure the Interface Router(config)# interface s3/0 Router(config-if)# ip flow monitor my-monitor input Presentation_ID 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 28

29 流 量 工 具 介 绍 按 功 能 分 采 集 工 具 和 分 析 工 具 按 目 的 分 行 为 分 析 安 全 分 析 计 费 按 是 否 收 费 分 商 业 免 费 ( 含 开 源 ) 按 支 持 数 据 源 分 单 一 混 合 29

30 Cisco Netflow 商 业 合 作 伙 伴 流 量 分 析 NetFlow Collector 安 全 计 费 CS-Mars 30 More info:

31 Some Open Source NetFlow Tools 31 Product Name Primary Use Comment OS Cflowd Traffic Analysis No longer supported UNIX Flow-tools Collector Device Scalable UNIX Flowd Collector Device Support V9 BSD, Linux FlowScan IPFlow Reporting for Flow- Tools Traffic Analysis Support V9, IPv4, IPv6, MPLS, SCTP, etc.. UNIX Linux, FreeBSD, Solaris SilkTools Security analysis Support V9/IPFIX, IPv6 BSD, Linux NetFlow Monitor Traffic Analysis Supports V9 UNIX Ntop/nProbe Security Monitoring Support V9, IPv6 UNIX Panoptis Security Monitoring UNIX NfSen Collector Device Support V9, IPv6 Linux Stager Reporting for Flow- Tools UNIX Different Costs: Implementation and Customization

32 Flow-tools Flow-tools is library and a collection of programs used to collect, send, process, and generate reports from NetFlow data. Can be used together on a single server or distributed to multiple servers for large deployments. The flow-tools library provides an API for development of custom applications for NetFlow export versions 1,5,6 and the 14 currently defined version 8 subversions. Version 9 is not supported now 32

33 33 Silktools

34 34 Ntop

35 未 完 35 Some equipments can t support netflowbased IPv6 flow data collecting/exporting Update version or device Use nprobe or YAF instead Performance impact aecd802a0eb9.shtml Open questions sampling Algorithms Data mining Auto discovery

36 总 结 流 量 分 析 是 网 络 运 行 的 重 要 工 具 IPv6 下 的 流 量 分 析 : 挑 战 与 机 遇 36

37 谢 谢 幻 灯 片 内 容 多 来 自 网 络, 未 一 一 列 出 引 用 Cisco 公 司 Sang 提 供 了 丰 富 的 资 料 37

NetFlow/IPFIX Various Thoughts

NetFlow/IPFIX Various Thoughts NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

Business and IT are Changing Like Never Before

Business and IT are Changing Like Never Before ADVANCED NETFLOW Business and IT are Changing Like Never Before Drastic Change in Application Type, Delivery, and Consumption Public/Hybrid Cloud SaaS/IaaS Storage Users/ Machines Proliferation of Devices

More information

HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS

HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS HUNTING ATTACKERS WITH NETWORK AUDIT TRAILS Tom Cross tcross@lancope.com Charles Herring cherring@lancope.com 1 CREATING THE AUDIT TRAIL 2 Creating the Trail Logging Provides user and application details

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

Configuring Flexible NetFlow

Configuring Flexible NetFlow CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields

More information

Advanced NetFlow for Service Providers. Aamer Akhter (aa@cisco.com) Benoit Claise (bclaise@cisco.com)

Advanced NetFlow for Service Providers. Aamer Akhter (aa@cisco.com) Benoit Claise (bclaise@cisco.com) Advanced NetFlow for Service Providers Aamer Akhter (aa@cisco.com) Benoit Claise (bclaise@cisco.com) 1 Agenda Introduction NetFlow Version 9 Interesting Features on Traditional NetFlow Flexible NetFlow

More information

Network Management & Monitoring

Network Management & Monitoring Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview. PacNOG 6 Nadi, Fiji Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

More information

- Multiprotocol Label Switching -

- Multiprotocol Label Switching - 1 - Multiprotocol Label Switching - Multiprotocol Label Switching Multiprotocol Label Switching (MPLS) is a Layer-2 switching technology. MPLS-enabled routers apply numerical labels to packets, and can

More information

Agenda. Cisco Research SCRIPT and the Big Picture. Building Blocks for the SCRIPT Project

Agenda. Cisco Research SCRIPT and the Big Picture. Building Blocks for the SCRIPT Project Cisco Research SCRIPT and the Big Picture Ralf Wolter, Cisco Systems 1 Agenda Building Blocks for the SCRIPT Project Cisco Research Center (CRC) NetFlow: the story and the challenge IPFIX @ IETF Cisco

More information

Network Monitoring and Management NetFlow Overview

Network Monitoring and Management NetFlow Overview Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Cisco IOS Flexible NetFlow Command Reference

Cisco IOS Flexible NetFlow Command Reference Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION

More information

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data NetFlow is a technology that provides highly granular per-flow statistics on traffic in a Cisco router. The NetFlow MIB feature provides

More information

Introduction to Netflow

Introduction to Netflow Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

Cisco Performance Monitor Commands

Cisco Performance Monitor Commands 1 action (policy react and policy inline react) Cisco Performance Monitor Commands action (policy react and policy inline react) To configure which applications which will receive an alarm or notification,

More information

Scalable Extraction, Aggregation, and Response to Network Intelligence

Scalable Extraction, Aggregation, and Response to Network Intelligence Scalable Extraction, Aggregation, and Response to Network Intelligence Agenda Explain the two major limitations of using Netflow for Network Monitoring Scalability and Visibility How to resolve these issues

More information

NetFlow v9 Export Format

NetFlow v9 Export Format NetFlow v9 Export Format With this release, NetFlow can export data in NetFlow v9 (version 9) export format. This format is flexible and extensible, which provides the versatility needed to support new

More information

NetFlow Configuration Guide, Cisco IOS Release 12.2SR

NetFlow Configuration Guide, Cisco IOS Release 12.2SR NetFlow Configuration Guide, Cisco IOS Release 12.2SR Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

NetFlow Configuration Guide, Cisco IOS Release 15M&T

NetFlow Configuration Guide, Cisco IOS Release 15M&T Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION

More information

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B. ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow

More information

Network layer: Overview. Network layer functions IP Routing and forwarding

Network layer: Overview. Network layer functions IP Routing and forwarding Network layer: Overview Network layer functions IP Routing and forwarding 1 Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every host, router application

More information

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6 (Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means

More information

Configuring NetFlow-lite

Configuring NetFlow-lite CHAPTER 55 Note NetFlow-lite is only supported on Catalyst 4948E Ethernet Switch. This chapter describes how to configure NetFlow-lite on the Catalyst 4948E switch. NetFlow-lite provides traffic monitoring

More information

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes NetFlow Aggregation This document describes the Cisco IOS NetFlow Aggregation feature, which allows Cisco NetFlow users to summarize NetFlow export data on an IOS router before the data is exported to

More information

NetFlow Configuration Guide, Cisco IOS Release 12.4

NetFlow Configuration Guide, Cisco IOS Release 12.4 NetFlow Configuration Guide, Cisco IOS Release 12.4 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)

More information

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact Netflow 6/12/07 1 Overview Why use netflow? What is a flow? Deploying Netflow Performance Impact 2 Caveats Netflow is a brand name like Kleenex. It was developed by Cisco Juniper uses the term cflowd for

More information

Cisco IOS NetFlow Version 9 Flow-Record Format

Cisco IOS NetFlow Version 9 Flow-Record Format Cisco IOS NetFlow Version 9 Flow-Record Format Last updated: February 007 Overview Cisco IOS NetFlow services provide network administrators with access to information concerning IP flows within their

More information

NetFlow The De Facto Standard for Traffic Analytics

NetFlow The De Facto Standard for Traffic Analytics NetFlow The De Facto Standard for Traffic Analytics A Webinar on NetFlow and its uses in Enterprise Networks for Bandwidth and Traffic Analytics Don Thomas Jacob Technical Marketing Engineer ManageEngine

More information

IPv6 network management. Where and when?

IPv6 network management. Where and when? IPv6 network management 1 Contributions Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco Munechika Sumikawa, Hitachi Patrick Paul, 6WIND 2 Agenda

More information

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 1 IPv6 Security Considerations Patrick Grossetete pgrosset@cisco.com Dennis Vogel dvogel@cisco.com 2 Agenda Native security in IPv6 IPv6 challenges

More information

Introduction to IP v6

Introduction to IP v6 IP v 1-3: defined and replaced Introduction to IP v6 IP v4 - current version; 20 years old IP v5 - streams protocol IP v6 - replacement for IP v4 During developments it was called IPng - Next Generation

More information

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing 9025- TCP/IP Networking History and Standards ARPA NCP TCP, IP, ARPANET PARC Collaborative Network Requirements One Protocol? Peer-to-Peer Protocols Documentation and RFCs RFC Categories Where to Find

More information

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS Eric Vyncke (@evyncke) Cisco Session ID: ARCH W01 Session Classification: Advanced Agenda Status of WorldWide IPv6 Deployment IPv6 refresher:

More information

NetFlow 101 Seminar Series, 2012

NetFlow 101 Seminar Series, 2012 NetFlow 101 Seminar Series, 2012 An Introduction to Cisco s NetFlow Technology Know Your Network, Run Your Business Agenda Introduction to NetFlow how it works, what it is Why is NetFlow so popular? NetFlow

More information

IPv6 network management. Malta, April 2006

IPv6 network management. Malta, April 2006 IPv6 network management Contributions Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco Munechika Sumikawa, Hitachi Patrick Paul, 6WIND Agenda

More information

Configuring NetFlow Data Export (NDE)

Configuring NetFlow Data Export (NDE) 49 CHAPTER Prerequisites for NDE, page 49-1 Restrictions for NDE, page 49-1 Information about NDE, page 49-2 Default Settings for NDE, page 49-11 How to Configure NDE, page 49-11 Note For complete syntax

More information

Cisco IOS NetFlow Version 9 Flow-Record Format

Cisco IOS NetFlow Version 9 Flow-Record Format White Paper Cisco IOS NetFlow Version 9 Flow-Record Format Last updated: May 0 Overview Cisco IOS NetFlow services provide network administrators with access to information concerning IP flows within their

More information

How-To Configure NetFlow v5 & v9 on Cisco Routers

How-To Configure NetFlow v5 & v9 on Cisco Routers How-To Configure NetFlow v5 & v9 on Cisco Routers Share: Visibility into the network is an indispensable tool for network administrators. Network visibility can be achieved through daily troubleshooting,

More information

UltraFlow -Cisco Netflow tools-

UltraFlow -Cisco Netflow tools- UltraFlow UltraFlow is an application for collecting and analysing Cisco Netflow data. It is written in Python, wxpython, Matplotlib, SQLite and the Python based Twisted network programming framework.

More information

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o. NetFlow: What is it, why and how to use it?, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda What is NetFlow? What are the benefits? How to deploy NetFlow? Questions 2 / 22 What is NetFlow? NetFlow

More information

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support IPv6 network management 6DEPLOY. IPv6 Deployment and Support 1 Contributions Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco 10/28/2010 IPv6

More information

IPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas

IPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas IPv6 Fundamentals Chapter 1: Introduction ti to IPv6 Copyright Cisco Academy Yannis Xydas The Network Today The Internet of today is much different that it was 30, 15 or 5 years ago. 2 Technology Tomorrow

More information

IPv6 network management

IPv6 network management IPv6 network management Contributions Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco Munechika Sumikawa, Hitachi Patrick Paul, 6WIND 1 Agenda

More information

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Net-flow. PacNOG 6 Nadi, Fiji

Net-flow. PacNOG 6 Nadi, Fiji Net-flow PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools etc

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 RSPAN CONFIGURATION... 2-1 CHAPTER 3 SFLOW CONFIGURATION...

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 CHAPTER 2 RSPAN CONFIGURATION... 2-1 CHAPTER 3 SFLOW CONFIGURATION... Content Content CHAPTER 1 MIRROR CONFIGURATION... 1-1 1.1 INTRODUCTION TO MIRROR... 1-1 1.2 MIRROR CONFIGURATION TASK LIST... 1-1 1.3 MIRROR EXAMPLES... 1-2 1.4 DEVICE MIRROR TROUBLESHOOTING... 1-3 CHAPTER

More information

The Value of Flow Data for Peering Decisions

The Value of Flow Data for Peering Decisions The Value of Flow Data for Peering Decisions Hurricane Electric IPv6 Native Backbone Massive Peering! Martin J. Levy Director, IPv6 Strategy Hurricane Electric 22 nd August 2012 Introduction Goal of this

More information

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

CS 457 Lecture 19 Global Internet - BGP. Fall 2011 CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with

More information

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.

More information

Monitoring high-speed networks using ntop. Luca Deri

Monitoring high-speed networks using ntop. Luca Deri <deri@ntop.org> Monitoring high-speed networks using ntop Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

Chapter 8 TCP/IP. Chapter Figures

Chapter 8 TCP/IP. Chapter Figures Chapter 8 TCP/IP Chapter Figures Application Application TCP UDP ICMP IP ARP RARP Network interface Figure 8. HTTP Request Header contains source & destination port numbers TCP header Header contains source

More information

NetFlow Subinterface Support

NetFlow Subinterface Support NetFlow Subinterface Support Feature History Release Modification 12.2(14)S This feature was introduced. 12.2(15)T This feature was integrated into Cisco IOS Release 12.2 T. This document describes the

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs

and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs ICmyNet.Flow: NetFlow based traffic investigation, analysis, and reporting Slavko Gajin slavko.gajin@rcub.bg.ac.rs AMRES Academic Network of Serbia RCUB - Belgrade University Computer Center ETF Faculty

More information

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,

More information

NetFlow Auditor Manual Getting Started

NetFlow Auditor Manual Getting Started NetFlow Auditor Manual Getting Started Setting up NetFlow Check if your Routers or Switches Supports NetFlow. Almost all Cisco devices support NetFlow since its introduction in the 11.1 train of Cisco

More information

IPv6 network management. ATHENS 2005 Simon MUYAL

IPv6 network management. ATHENS 2005 Simon MUYAL IPv6 network management ATHENS 2005 Simon MUYAL 1 Simon Muyal, RENATER Bernard Tuy, RENATER Jérôme Durand, RENATER Ralf Wolter, Cisco Patrick Grossetête, Cisco Munechika Sumikawa, Hitachi Patrick Paul,

More information

Internet Protocol. Raj Jain. Washington University in St. Louis.

Internet Protocol. Raj Jain. Washington University in St. Louis. Internet Protocol Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 13-1 Overview! Internetworking

More information

IP (Internet Protocol) -Offered Services -Packet Format -ICMP

IP (Internet Protocol) -Offered Services -Packet Format -ICMP IP (Internet Protocol) -Offered Services -Packet Format -ICMP IP Communication Service Connectionless packet-oriented (or datagram) paradigm Two packets meant for the same destination may be handled in

More information

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting Document ID: 70974 Introduction Prerequisites Requirements Components Used Conventions Background Information Configure Network Diagram

More information

Flow Based Traffic Analysis

Flow Based Traffic Analysis Flow based Traffic Analysis Muraleedharan N C-DAC Bangalore Electronics City murali@ncb.ernet.in Challenges in Packet level traffic Analysis Network traffic grows in volume and complexity Capture and decode

More information

OpenDaylight Project Proposal Dynamic Flow Management

OpenDaylight Project Proposal Dynamic Flow Management OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table

More information

Flow Monitor for WhatsUp Gold v16.1 User Guide

Flow Monitor for WhatsUp Gold v16.1 User Guide Flow Monitor for WhatsUp Gold v16.1 User Guide Contents Table of Contents Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System

More information

CISCO IOS NETFLOW AND SECURITY

CISCO IOS NETFLOW AND SECURITY CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network

More information

IPv6 Security. Scott Hogg, CCIE No. 5133 Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA

IPv6 Security. Scott Hogg, CCIE No. 5133 Eric Vyncke. Cisco Press. Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA IPv6 Security Scott Hogg, CCIE No. 5133 Eric Vyncke Cisco Press Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA Contents Introduction xix Chapter 1 Introduction to IPv6 Security 3 Reintroduction

More information

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export Last Updated: November 28, 2011 This module contains the minimum amount of information about and instructions necessary for configuring

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Lab 4.1.2 Characterizing Network Applications

Lab 4.1.2 Characterizing Network Applications Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1

More information

IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine

IP - The Internet Protocol. Magda El Zarki Dept. of CS UC Irvine 1 IP - The Internet Protocol Magda El Zarki Dept. of CS UC Irvine Email: elzarki@uci.edu http://www.ics.uci.edu/~magda 2 Overview IP (Internet Protocol) is a Network Layer Protocol. Several versions most

More information

Open Source in Network Administration: the ntop Project

Open Source in Network Administration: the ntop Project Open Source in Network Administration: the ntop Project Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

An overview of traffic analysis using NetFlow

An overview of traffic analysis using NetFlow The LOBSTER project An overview of traffic analysis using NetFlow Arne Øslebø UNINETT Arne.Oslebo@uninett.no 1 Outline What is Netflow? Available tools Collecting Processing Detailed analysis security

More information

SonicOS 5.8: NetFlow Reporting

SonicOS 5.8: NetFlow Reporting SonicOS 5.8: NetFlow Reporting Document Scope Rapid growth of IP networks has created interest in new business applications and services. These new services have resulted in increases in demand for network

More information

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE) 1/28 2/28 TE in action S-38.3192 Verkkopalvelujen tuotanto S-38.3192 Network Service Provisioning Networking laboratory 3/28 4/28 Concept of Traffic Engineering (TE) Traffic Engineering (TE) (Traffic Management)

More information

Chapter 13 Internet Protocol (IP)

Chapter 13 Internet Protocol (IP) Chapter 13 Internet Protocol (IP) Introduction... 13-5 IP Packets... 13-5 Addressing... 13-7 Subnets... 13-8 Assigning an IP Address... 13-9 Multihoming... 13-11 Local Interfaces... 13-11 Address Resolution

More information

Configuring Denial of Service Protection

Configuring Denial of Service Protection 24 CHAPTER This chapter contains information on how to protect your system against Denial of Service (DoS) attacks. The information covered in this chapter is unique to the Catalyst 6500 series switches,

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information

WhatsUpGold. v15.0. Flow Monitor User Guide

WhatsUpGold. v15.0. Flow Monitor User Guide WhatsUpGold v15.0 Flow Monitor User Guide Contents CHAPTER 1 Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System requirements...

More information

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre The feature overcomes the requirement that a carrier support multiprotocol label switching (MPLS) by allowing you to provide MPLS connectivity between networks that are connected by IP-only networks. This

More information

How to securely operate an IPv6 network

How to securely operate an IPv6 network How to securely operate an IPv6 network https://tools.ietf.org/html/draft-ietf-opsec-v6-06 LACNIC 23 Enrique Davila enriqued@cisco.com Released: May 2015 Agenda Ø Management Plane Ø Control Plane Routing

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER CHAPTER 19 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 19-1 Licensing Requirements

More information

- IPv4 Addressing and Subnetting -

- IPv4 Addressing and Subnetting - 1 Hardware Addressing - IPv4 Addressing and Subnetting - A hardware address is used to uniquely identify a host within a local network. Hardware addressing is a function of the Data-Link layer of the OSI

More information

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus Router Architecture Overview Two key router functions: run routing algorithms/protocol (RIP, OSPF, BGP) forwarding grams from incoming to outgoing link Input Port Functions Physical layer: bit-level reception

More information

Internet Protocol Version 6 (IPv6)

Internet Protocol Version 6 (IPv6) Internet Protocol Version 6 (IPv6) Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 14-1 Overview

More information

How Routers Forward Packets

How Routers Forward Packets Autumn 2010 philip.heimer@hh.se MULTIPROTOCOL LABEL SWITCHING (MPLS) AND MPLS VPNS How Routers Forward Packets Process switching Hardly ever used today Router lookinginside the packet, at the ipaddress,

More information

Flow Monitor for WhatsUp Gold v16.2 User Guide

Flow Monitor for WhatsUp Gold v16.2 User Guide Flow Monitor for WhatsUp Gold v16.2 User Guide Contents Table of Contents Flow Monitor Overview Welcome to WhatsUp Gold Flow Monitor... 1 What is Flow Monitor?... 2 How does Flow Monitor work?... 2 System

More information

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Flow Analysis. Make A Right Policy for Your Network. GenieNRM Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do

More information

Appendix A Remote Network Monitoring

Appendix A Remote Network Monitoring Appendix A Remote Network Monitoring This appendix describes the remote monitoring features available on HP products: Remote Monitoring (RMON) statistics All HP products support RMON statistics on the

More information

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER CHAPTER 16 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 16-1 Licensing Requirements

More information

IPv6 - The Next Generation Internet

IPv6 - The Next Generation Internet IPv6 - The Next Generation Internet Subnetting and Classless Inter-domain Routing (CIDR) improve utilization of IP address space and slow growth of routing information, but at some point, they will not

More information

William Stallings Data and Computer Communications. Chapter 15 Internetwork Protocols

William Stallings Data and Computer Communications. Chapter 15 Internetwork Protocols William Stallings Data and Computer Communications Chapter 15 Internetwork Protocols Internetworking Terms (1) Communications Network Facility that provides data transfer service An internet Collection

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) Relates to Lab 2: A short module on the Internet Control Message Protocol (ICMP). 1 Overview The IP (Internet Protocol) relies on several other protocols to perform

More information

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches Revised 2/1/2007 Introduction...2 Requirements...2 Catalyst 4500 Series...2 Enabling NetFlow...2 Configuring a NetFlow Destination...3

More information

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router This module describes the configuration of NetFlow on the Cisco ASR 9000 Series Aggregation Services Router. A NetFlow flow is a

More information