1 How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik
2 Agenda Inter-domain traffic: o how does NOC monitor and control it? Common case as example: new BGP peer activation -> new uncontrolled traffic balance Tools: o Control plane bgpviz (Ripe RIS) -> partial or limited information o Traffic port counters -> indistinct traffic Class usage counters -> AS peer stats only Netflow data -> AS origin per port stats How to collect AS origin data o Implementation Example: GARR AsTracker
12 Ripe RIS / BGPViz It help to understand inter-domain traffic reroutes Limits: few collection points (RIS route servers) = some ASes only no traffic amount information
13 Ripe RIS / BGPViz Make a request about a worldwide announced network timeslot selection
14 Ripe RIS / BGPViz
15 Ripe RIS / BGPViz update LOG example: changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to
16 Interface counters got by snmp protocol interface aggregated traffic o no details about moved traffic
17 Class usage counters Source and Destination Class Usage as-path based counters useful for IXP peering o peer aggregate traffic number of class usage limited
18 Netflow data IP flow data: got by Netflow protocol IP flow (unidirectional) data: o protocol o IP addresses, o TCP/UDP ports, o AS numbers, o input/output interfaces, o TCP flags, o counters(bytes, pkts, flows) two choices: AS peer or AS origin It is possible to get worldwide AS stats ~ AS stats historical data (RRD files) per interface AS stats, good for analysis on: o balancing o asymmetries o re-routing
19 How to collect AS data implementation example = GARR AsTracker AS ranks single flow deep analysis simple AS stats multi AS (stacked) stats per user-as couple analysis
20 GARR AsTracker Real-time views Historical views data grouped by type: research commodity peer national IXPs direct peering Aggregates: by group stacked
21 GARR AsTracker backend: o make RRD o fill a database with AS stats for ranking pourpose o written in C language frontend o GUI: AS live ranking graph generation aggregations deep flow inspection o written in php (nfsen plugin)
22 GARR AsTracker homepage (live) all group aggregate "stacked" (some ASes) peer view
23 GARR AsTracker AS Traffic ranks: by peer by group general one week one month three months
24 GARR AsTracker deep flow inspection: o by site lookup function o by flow
25 GARR AsTracker AsTracker is used for: load balancing and billing policies control inter-domain routing troubleshooting Network planning
26 Example of use: new BGP peer = new traffic balance Telia + GlobalCrossing + Level3 New peering: Cogent
27 Tiscali AS example Telia (dismissed in september) Level3 GlobalCrossing Cogent (activated in november)
28 Tiscali AS example All TISCALI incoming traffic flows through GlobalCrossing All upcoming traffic is balanced flows through all commodity peers (GlobalCrossing, Level3 and Cogent)
29 Tiscali AS example
30 Tiscali AS example Traffic "close" to Rome goes through Cogent: RT.RM2-RE0>show route inet.0: destinations, routes ( active, 5 holddown, 614 hidden) + = Active Route, - = Last Active, * = Both /15 *[BGP/170] 2w6d 14:15:08, MED 11010, localpref 100 AS path: I > to via ge-4/1/0.44 [BGP/170] 2w3d 13:36:53, MED 0, localpref 100, from AS path: I > via so-4/0/0.0 [BGP/170] 1w1d 05:16:08, MED 2503, localpref 100, from AS path: I > via so-4/0/0.0 HOT POTATO!
31 Tiscali AS example Traffic "close" to Milan goes through Level3: RT.MI2-RE0> show route inet.0: destinations, routes ( active, 10 holddown, 249 hidden) + = Active Route, - = Last Active, * = Both /15 *[BGP/170] 2w3d 13:43:03, MED 0, localpref 100, from AS path: I > to via so-0/0/0.0 to via so-5/2/0.0 [BGP/170] 1w1d 05:22:18, MED 2503, localpref 100, from AS path: I > via so-3/0/0.0 [BGP/170] 2w6d 14:21:18, MED 11010, localpref 100, from AS path: I > via so-4/0/0.0 HOT POTATO!
32 Thanks for listening Questions?
34 Netflow data In case of IXP peerings, it is possible to understand what peer send our AS traffic with mac layer accounting data. This feature is supported by Netflow version 9 and IPFIX protocols only.
Accounting and Routing in the Internet Introduction There has been discussion of proposals to engage in the collection of traffic flow measurement information for monitoring and to support charging and
Chapter I1 Monitoring, Management And Configuration Of Networks And Networking Devices A Critical View Of The Sensitivity Of Transit ASS To Internal Failures Steve Uhlig* and SCbastien Tandel*" Computing
Section 2: Network monitoring based on flow measurement techniques This research is performed within the scope of the SURFnet Research on Networking (RON) project (Activity 1.2 - Measurement Scenarios).
Outline Challenges in High Performance Network Monitoring How to monitor networks that become faster and faster Fulvio Risso (email@example.com) http://staff.polito.it/fulvio.risso/ Introduction What
http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, firstname.lastname@example.org Abstract The growing
Practical Experience with IPFIX Flow Collectors Petr Velan CESNET, z.s.p.o. Zikova 4, 160 00 Praha 6, Czech Republic email@example.com Abstract As the number of Internet applications grows, the number
Logentries Insights: The State of Log Management & Analytics for AWS Trevor Parsons Ph.D Co-founder & Chief Scientist Logentries 1 1. Introduction The Log Management industry was traditionally driven by
Network Monitoring Based on IP Data Flows Best Practice Document Produced by CESNET led working group on Network monitoring (CBPD131) Authors: Martin Žádník March 2010 TERENA 2010. All rights reserved.
BGP routing policies in ISP networks Matthew Caesar UC Berkeley Jennifer Rexford Princeton University Abstract The Internet has quickly evolved into a vast global network owned and operated by thousands
with Route Analytics Executive Summary IP networks are critical infrastructure, transporting application and service traffic that powers productivity and customer revenue. Yet most network operations departments
LISP-TREE: A DNS Hierarchy to Support the LISP Mapping System Loránd Jakab, Albert Cabellos-Aparicio, Florin Coras, Damien Saucez and Olivier Bonaventure 1 Abstract During the last years several operators
WHITE PAPER Service provider Brocade sflow for Network Traffic Monitoring Although both sflow and NetFlow enjoy widespread industry adoption, sflow is the better technology for traffic monitoring. Business
THE CORALREEF SOFTWARE SUITE AS A TOOL FOR SYSTEM AND NETWORK ADMINISTRATORS 1 The CoralReef software suite as a tool for system and network administrators David Moore, Ken Keys, Ryan Koga, Edouard Lagache,
BGP Techniques for Internet Service Providers Philip Smith MENOG 2 19-21 November 2007 Doha, Qatar 1 Presentation Slides Will be available on ftp://ftp-eng.cisco.com /pfs/seminars/menog2-bgp-techniques.pdf
Network Monitoring with Software Defined Networking Towards OpenFlow network monitoring Vassil Nikolaev Gourov Master of Science Thesis Network Architectures and Services Faculty of Electrical Engineering,
BGP Techniques for Internet Service Providers Philip Smith NANOG 50 3-6 October 2010 Atlanta, GA 1 Presentation Slides Will be available on ftp://ftp-eng.cisco.com /pfs/seminars/nanog50-bgp-techniques.pdf
TOTAL VIEW ONE Technical FAQ System Overview What kind of data does TVO provide and how is it effectively delivered? TVO mirrors and records the state of every connection to deliver actionable real-time
Gateway IRENE INTELLIGENT ROUTER FOR ENHANCED NETWORKING WITH ETHERNET PROTOCOLS Intelligence between POS terminal and authorization system Increased security, availability and transparency. »»» MORE INSIGHT
Building A Better Network Monitoring System A report submitted in fulfillment of the requirements for the degree of Bachelor of Computing and Mathematical Sciences with Honours at The University of Waikato
Annals of Telecommunications manuscript No. (will be inserted by the editor) Virtual Networks: Isolation, Performance, and Trends Natalia C. Fernandes Marcelo D. D. Moreira Igor M. Moraes Lyno Henrique
Log Management and SIEM Evaluation Checklist Authors: Frank Bijkersma ( firstname.lastname@example.org ) Vinod Shankar (email@example.com) Published on www.infosecnirvana.com, www.frankbijkersma.com Date:
Monitoring Tools for Network Services and Systems Best Practice Document Produced by CSC/Funet led working group on AccessFunet Author[s]: Kaisa Haapala, Janne Oksanen 13.05.2011 TERENA 2010. All rights
Lightpath Planning and Monitoring Ronald van der Pol 1, Andree Toonk 2 1 SARA, Kruislaan 415, Amsterdam, 1098 SJ, The Netherlands Tel: +31205928000, Fax: +31206683167, Email: firstname.lastname@example.org 2 SARA, Kruislaan
A Highly Scalable Monitoring Tool for Wi-Fi Networks Machaka, P. 1, Bagula, A. 1 and De Wet, N. 2 1 Intelligent Systems and Advanced Telecommunication Laboratory(ISAT) Department of Computer Science, Room
White Paper Is SIP Trunking on Your Horizon? Sue Bradshaw, Technology Writer This white paper from Integrated Research discusses how understanding your call flows, PSTN trunk capacity and usage today will