Network traffic monitoring and management. Sonia Panchen 11 th November 2010

Size: px
Start display at page:

Download "Network traffic monitoring and management. Sonia Panchen sonia.panchen@inmon.com 11 th November 2010"

Transcription

1 Network traffic monitoring and management Sonia Panchen 11 th November 2010

2 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring system design considerations Overview of traffic monitoring technologies SNMP polling RMON Cisco NetFlow sflow Real world examples Summary

3 Control theory applied to network management Reference Thresholds Usage policies Service policies + - Measured error Controller Controls Network System performance Measured performance Sensor Current network state Utilization Users Applications Network monitoring SNMP polling Traffic monitoring

4 What is network traffic management? Understanding the use of the network Understanding the requirements of users Measuring how well user requirements are met Making changes to improve the quality of service experienced by users Monitoring the effectiveness of the changes Monitoring network traffic is an effective way to measure demand and usage

5 Traffic management applications Detecting and resolving congestion Identifying and correcting performance problems Identifying and mitigating security breaches Planning for future growth and new applications Billing for usage

6 Traffic monitoring system design considerations Accurate Quantitative traffic measurements Measure all types of traffic Data on how traffic is routed Timely Up-to-date view of entire network under all traffic loads Monitor all of the time Scalable Monitor all the devices in the network Monitor all speeds of links (1G, 10G, 40G ) Minimal impact on performance Switch or router CPU utilisation Network overhead Low cost embedded implementation Encourage pervasive deployment Focus complexity in the central collector Traffic monitoring system includes measurement, data collection and analysis

7 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring system design considerations Overview of traffic monitoring technologies SNMP polling RMON Cisco NetFlow sflow Real world examples Summary

8 SNMP polling RFC1213 iftable (SNMP OID ) defines counters recording total volume of traffic carried by each interface: ifinoctets, ifinucastpkts, ifinmulticastpkts, ifinbroadcastpkts, ifindiscards, ifinerrors, ifinunknownprotos, ifoutoctets, ifoutucastpkts, ifoutmulticastpkts, ifoutbroadcastpkts, ifoutdiscards, ifouterrors Commonly polled using SNMP GET every 5 minutes Delta between consecutive values gives value for 5 minute interval Delta values stored by management entity Sequence of values used to present trend (eg over day, week, month)

9 SNMP polling in practice Good for understanding overall usage iftable widely supported by network devices Does not give any insight into who and why the network is being used Measurements are quite coarse and brief spikes will be missed Scalability limitations: CPU intensive for devices especially those with large numbers of interfaces Polling application (eg Cacti, MRTG) can be CPU intensive limiting the number of devices that can be monitored by a single system Incurs high network load when polling a large number of devices

10 RMON Remote Network MONitoring Information Base (RFC 1757) Developed by the IETF during the early 1990s to standardise network monitoring probes Assumed that a single probe would see all the traffic in the network Standard defines: 20 types (groups) of measurements made and stored by a probe MIB used to access the data via SNMP polling

11 RMON implementation in switches Onset of switching in mid 1990s dramatically increased number of probes required to monitor traffic (one for each switch port!) Switch vendors pressured to provide RMON functionality in switches Most useful RMON functions (eg matrix, hosttopn) require significant resources and were not implemented by switch vendors Switch vendors commonly implement 4 groups (1, 2, 3, 9) providing very limited capability

12 Cisco NetFlow Originally designed as a way to manage the size of the flow cache used to optimise routing decisions Flow cache accumulated on the router for routed traffic Flow cache can be exported over UDP (push/event based) Expired flows (TCP FIN flag) At regular intervals ( typically flow cache timeout >= 5mins) When the cache is full Example here is NetFlow v5 the most common implementation

13 NetFlow v5 in practice Can provide accurate data on TCP/IP flows Good for monitoring WAN traffic Provides TCP/IP v4 data for routed flows only Does not monitor L2 traffic or traffic that is switched Does not monitor IPv6 traffic Exported data can be delayed (flow cache time out) Scalability limitations CPU and memory intensive especially with large numbers of connections and high speed (eg 10G links) Exported data is bursty and impacts network performance Not robust under difficult conditions (eg denial of service) Router runs out of memory and cannot export data quickly enough UDP = exported data may be dropped by network Accuracy affected but error cannot be quantified Often requires additional hardware (feature card, memory).

14 NetFlow variants Juniper cflow and J-Flow Addresses some scalability issues by using sampled packets to update the flow cache Huawei NetStream Cisco NetFlow v9 aka Flexible NetFlow Addresses some issues with NetFlow v5 by including different fields in the flow cache (MAC addresses, IPv6) Internet Protocol Flow Information Export (IPFIX) IETF standard derived from NetFlow v9

15 Internet Protocol Flow Information Export (IPFIX) Defines the protocol for information export Template describing flow cache keys defined on device allows more flexible measurements than NetFlow v5 eg source MAC, destination MAC, ethertype Template exported periodically in separate control channel Management entity listens for templates and uses to interpret data Each vendor must define the templates supported Defines sampling mechanisms to improve scalability IPFIX compliant devices must be able to export data over Stream Control Transmission Protocol Addresses reliability issues Increases implementation complexity and cost IPFIX compliant devices must be able to encrypt exported data Addresses concerns with data privacy Increases implementation cost Not yet widely supported by router or network management vendors

16 sflow Standard maintained by industry standard s body, sflow.org Defines measurements and data export Implemented by most switch vendors and supported by many network management application vendors

17 sflow architecture Internet all switches/routers, all interfaces, all protocols, all of the time sflow collector Simple Agents 1 in N sampling of packets Time-based counter sampling Easy to implement Embedded, wire-speed Numerous (every device, every port) Smart Collector Collects sflow from all network devices Scales to monitor the entire network Performs complex analysis Alerts on abnormal traffic

18 sflow sampling algorithms sflow Datagram Packet sampling process Total_Packets = 0 Total_Samples = 0 Skip = NextSkip(Rate) Wait for Packet sflow Agent Yes Exclude Packet? No Assign Destination Interface Decrement Skip Increment Total_Packets Interface counter sample (time-based sampling eg every 20s) Packet sample (including forwarding decision associated with sampled packet) Skip = NextSkip(Rate) Increment Total_Samples Send to Agent: Copy of Sampled Packet Source Interface Destination Interface Total_Samples Total_Packets Yes Skip = 0? No Send Packet to Destination Interface

19 sflow exports packet headers Don t expect layer 2 devices to decode the data Much easier to add decodes to central collector than to every device in a multi-vendor network (e.g. IPv6, FCoE etc.) Packet header captures complex layering MAC, VLAN, MPLS, IPv4, IPv6 that is critical for tracing packet paths through network

20 sflow replaces counter polling sflow agent automatically pushes full set of SNMP iftable counters Compared to SNMP polling, counter push results in 10-20x fewer packets on network, reduces CPU load on switch and on network management software XDR* is easier to encode/decode than ASN.1 used by SNMP Counter push is not synchronised between devices Single sflow collector can easily monitor 200,000 switch ports with 1 minute granularity. SNMP polling with 5 minute granularity requires 5-10 collectors. *XDR (RFC 1832) is a standard for describing and encoding data transferred between systems with different architectures

21 Two types of measurement that are scalable with known accuracy Periodic sampling of counters Counting is fast, hardware supports counting, most systems count events, transactions, errors etc. Statistical sampling of packets A variant on packet counting, count down to zero, capture the packet, reset the counter with a new random number Why are these mechanisms scalable? 1. They require minimal, fixed size state (just a block of counters per node). Total state space grows linearly with number of nodes. 2. Very few operations required, easy to implement in hardware, very small impact when implemented in software 3. Asynchronous, easily implemented without synchronization or locking mechanisms on: multi-port, multi-module, multi-thread, multi-core devices etc Accuracy 1. Not 100% accurate but sufficiently accurate for many applications including billing 2. Sampling accuracy determined by number of samples, not total population (http://blog.sflow.com/2009/05/scalability-and-accuracy-of-packet.html)

22 Lecture outline What is network traffic management? Traffic management applications Traffic monitoring system design considerations Overview of traffic monitoring technologies SNMP polling RMON Cisco NetFlow sflow Real world examples Summary

23 Real world example: Outage 24 th September 2009 caused by high load on Contacts Service Network issue in the data centre Unusually high load on the Contacts Service Update to Gmail which also placed a high load on Contacts Service Illustrates complex dependencies between networked components Monitoring traffic would have identified: Network issue in data center Abnormal connection rate to Contacts Service Monitoring enables rapid identification of issues so that mitigating action can be taken promptly

24 Real world example: CERN Large Hadron Collider High speed switched network used to collect measurements from the experiment and control the experiment Sophisticated monitoring of the network is essential for successful operation of the experiments CERN uses sflow because of its scalability "Because there are so many ports in the core switches, the SNMP query of interface counters takes a long time and occupies a lot CPU and memory resource."

25 Real world example: CERN Invesitigation of Network Behaviour and Anomaly Detection (CINBAD) "CERN's campus network has more than 50,000 active user devices interconnected by 10,000 km of cables and fibres, with more than 2500 switches and routers. The potential 4.8 Tbps throughput within the network core and 140 Gbps connectivity to external networks offers countless possibilities to different network applications." "Even in CERN 'academic' environment, we can not afford network downtimes, especially when LHC starts to produce peta bytes of data." "To acquire knowledge about the network status and behaviour, CINBAD collects and analyses data from numerous sources. A naive approach might be to look at all of the packets flying over the CERN network. However, if we did this we would need to analyse even more data than the LHC could generate. The LHC data are only a subset of the total data crossing via these links." "CINBAD overcomes this issue by applying statistical analysis and using sflow, a technology for monitoring high-speed switched networks that provides randomly sampled packets from the network traffic."

26 Summary Network traffic monitoring and management manages the quality of service provided by the network Critical for the operation of modern networks Various technologies with different approaches to addressing the key design focus of scalability

27 References RMON NetFlow IPFIX sflow XDR CERN

Traffic Monitoring using sflow

Traffic Monitoring using sflow Making the Network Visible www.sflow.org Traffic Monitoring using sflow With the ever-increasing reliance on network services for business critical applications, the smallest change in network usage can

More information

Data network visibility and control. You can t control what you can t measure Tom DeMarco. Monday, July 16, 12

Data network visibility and control. You can t control what you can t measure Tom DeMarco. Monday, July 16, 12 Data network visibility and control You can t control what you can t measure Tom DeMarco 1 Reason 1: Widely supported industry standard 2 Reason 1: Widely supported industry standard 2 Reason 1: Widely

More information

sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007

sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007 sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007 Richard A. Steenbergen nlayer Communications, Inc. What is sflow? sflow is a standards based protocol for exporting

More information

AlliedWare Plus OS How To Use sflow in a Network

AlliedWare Plus OS How To Use sflow in a Network AlliedWare Plus OS How To Use sflow in a Network Introduction sflow is an industry-standard sampling system that is embedded in Allied Telesis' high-performing Layer 3 switches. sflow enables you to use

More information

Network congestion control using NetFlow

Network congestion control using NetFlow Network congestion control using NetFlow Maxim A. Kolosovskiy Elena N. Kryuchkova Altai State Technical University, Russia Abstract The goal of congestion control is to avoid congestion in network elements.

More information

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o.

NetFlow: What is it, why and how to use it? Miloš Zeković, milos.zekovic@soneco.rs. ICmyNet Chief Customer Officer Soneco d.o.o. NetFlow: What is it, why and how to use it?, milos.zekovic@soneco.rs Soneco d.o.o. Serbia Agenda What is NetFlow? What are the benefits? How to deploy NetFlow? Questions 2 / 22 What is NetFlow? NetFlow

More information

Scalable Extraction, Aggregation, and Response to Network Intelligence

Scalable Extraction, Aggregation, and Response to Network Intelligence Scalable Extraction, Aggregation, and Response to Network Intelligence Agenda Explain the two major limitations of using Netflow for Network Monitoring Scalability and Visibility How to resolve these issues

More information

NetFlow/IPFIX Various Thoughts

NetFlow/IPFIX Various Thoughts NetFlow/IPFIX Various Thoughts Paul Aitken & Benoit Claise 3 rd NMRG Workshop on NetFlow/IPFIX Usage in Network Management, July 2010 1 B #1 Application Visibility Business Case NetFlow (L3/L4) DPI Application

More information

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004 Cisco NetFlow TM Briefing Paper Release 2.2 Monday, 02 August 2004 Contents EXECUTIVE SUMMARY...3 THE PROBLEM...3 THE TRADITIONAL SOLUTIONS...4 COMPARISON WITH OTHER TECHNIQUES...6 CISCO NETFLOW OVERVIEW...7

More information

UKCMG Industry Forum November 2006

UKCMG Industry Forum November 2006 UKCMG Industry Forum November 2006 Capacity and Performance Management of IP Networks Using IP Flow Measurement Agenda Challenges of capacity and performance management of IP based networks What is IP

More information

TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT. Aiko Pras pras@cs.utwente.nl

TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT. Aiko Pras pras@cs.utwente.nl TUTORIAL SNMP: STATUS AND APPLICATION FOR LAN/MAN MANAGEMENT 9 July 1996 Aiko Pras pras@cs.utwente.nl http://wwwtios.cs.utwente.nl/~pras http://wwwtios.cs.utwente.nl/ http://wwwsnmp.cs.utwente.nl/ Copyright

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

Flow Based Traffic Analysis

Flow Based Traffic Analysis Flow based Traffic Analysis Muraleedharan N C-DAC Bangalore Electronics City murali@ncb.ernet.in Challenges in Packet level traffic Analysis Network traffic grows in volume and complexity Capture and decode

More information

Research on Errors of Utilized Bandwidth Measured by NetFlow

Research on Errors of Utilized Bandwidth Measured by NetFlow Research on s of Utilized Bandwidth Measured by NetFlow Haiting Zhu 1, Xiaoguo Zhang 1,2, Wei Ding 1 1 School of Computer Science and Engineering, Southeast University, Nanjing 211189, China 2 Electronic

More information

Traffic monitoring with sflow and ProCurve Manager Plus

Traffic monitoring with sflow and ProCurve Manager Plus An HP ProCurve Networking Application Note Traffic monitoring with sflow and ProCurve Manager Plus Contents 1. Introduction... 3 2. Prerequisites... 3 3. Network diagram... 3 4. About the sflow protocol...

More information

Traffic Monitoring in a Switched Environment

Traffic Monitoring in a Switched Environment Traffic Monitoring in a Switched Environment InMon Corp. 1404 Irving St., San Francisco, CA 94122 www.inmon.com 1. SUMMARY This document provides a brief overview of some of the issues involved in monitoring

More information

Beyond Monitoring Root-Cause Analysis

Beyond Monitoring Root-Cause Analysis WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1 Overview Challenge To troubleshoot capacity and quality problems and to understand

More information

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels Scrutinizer Competitor Worksheet Scrutinizer Malware Incident Response Scrutinizer is a massively scalable, distributed flow collection system that provides a single interface for all traffic related to

More information

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways APPLICATION NOTE Juniper Flow Monitoring J-Flow on J Series Services Routers and Branch SRX Series Services Gateways Copyright 2011, Juniper Networks, Inc. 1 APPLICATION NOTE - Juniper Flow Monitoring

More information

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-9-6 (Integrated) Technology White Paper Issue 01 Date 2012-9-6 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means

More information

Lecture 12: Network Management Architecture

Lecture 12: Network Management Architecture Lecture 12: Network Management Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 12-1 Defining Network Management Contains multiple layers: Business

More information

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令 1 内 容 流 量 分 析 简 介 IPv6 下 的 新 问 题 和 挑 战 协 议 格 式 变 更 用 户 行 为 特 征 变 更 安 全 问 题 演 化 流 量 导 出 手 段 变 化 设 备 参 考 配 置 流 量 工 具 总 结 2 流 量 分 析 简 介 流 量 分 析 目 标 who, what, where,

More information

PANDORA FMS NETWORK DEVICE MONITORING

PANDORA FMS NETWORK DEVICE MONITORING NETWORK DEVICE MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS is able to monitor all network devices available on the marke such as Routers, Switches, Modems, Access points,

More information

PANDORA FMS NETWORK DEVICES MONITORING

PANDORA FMS NETWORK DEVICES MONITORING NETWORK DEVICES MONITORING pag. 2 INTRODUCTION This document aims to explain how Pandora FMS can monitor all the network devices available in the market, like Routers, Switches, Modems, Access points,

More information

NetFlow-Lite offers network administrators and engineers the following capabilities:

NetFlow-Lite offers network administrators and engineers the following capabilities: Solution Overview Cisco NetFlow-Lite Introduction As networks become more complex and organizations enable more applications, traffic patterns become more diverse and unpredictable. Organizations require

More information

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

Flow Analysis. Make A Right Policy for Your Network. GenieNRM Flow Analysis Make A Right Policy for Your Network GenieNRM Why Flow Analysis? Resolve Network Managers Challenge as follow: How can I know the Detail and Real-Time situation of my network? How can I do

More information

Transport Layer Protocols

Transport Layer Protocols Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements

More information

Beyond Monitoring Root-Cause Analysis

Beyond Monitoring Root-Cause Analysis WHITE PAPER With the introduction of NetFlow and similar flow-based technologies, solutions based on flow-based data have become the most popular methods of network monitoring. While effective, flow-based

More information

Network Monitoring and Management NetFlow Overview

Network Monitoring and Management NetFlow Overview Network Monitoring and Management NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Netflow Overview. PacNOG 6 Nadi, Fiji

Netflow Overview. PacNOG 6 Nadi, Fiji Netflow Overview PacNOG 6 Nadi, Fiji Agenda Netflow What it is and how it works Uses and Applications Vendor Configurations/ Implementation Cisco and Juniper Flow-tools Architectural issues Software, tools

More information

NetFlow The De Facto Standard for Traffic Analytics

NetFlow The De Facto Standard for Traffic Analytics NetFlow The De Facto Standard for Traffic Analytics A Webinar on NetFlow and its uses in Enterprise Networks for Bandwidth and Traffic Analytics Don Thomas Jacob Technical Marketing Engineer ManageEngine

More information

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER CHAPTER 16 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 16-1 Licensing Requirements

More information

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA What is ReporterAnalyzer? ReporterAnalyzer gives network professionals insight into how application traffic is impacting network performance.

More information

Network Monitoring Comparison

Network Monitoring Comparison Network Monitoring Comparison vs Network Monitoring is essential for every network administrator. It determines how effective your IT team is at solving problems or even completely eliminating them. Even

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper EXTENDING NETWORK VISIBILITY BY LEVERAGING NETFLOW AND SFLOW TECHNOLOGIES This paper shows how a network analyzer that can leverage and sflow technologies can provide extended

More information

TELE9752 Network Operations and Control Week 10p: Performance

TELE9752 Network Operations and Control Week 10p: Performance TELE9752 Network Operations and Control Week 10p: Performance 2J Copyright Tim Moors 2013 1 Outline Context Other courses References FCAPS links Measuring performance Service Level Agreements (SLAs) Flow

More information

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS WHITE PAPER INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS Network administrators and security teams can gain valuable insight into network health in real-time by

More information

Best Practices for NetFlow/IPFIX Analysis and Reporting

Best Practices for NetFlow/IPFIX Analysis and Reporting WHITEPAPER Best Practices for NetFlow/IPFIX Analysis and Reporting IT managers and network administrators are constantly making decisions affecting critical business activity on the network. Management

More information

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Extending Network Visibility by Leveraging NetFlow and sflow Technologies Extending Network Visibility by Leveraging and sflow Technologies This paper shows how a network analyzer that can leverage and sflow technologies can provide extended visibility into enterprise networks

More information

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to nexus7k-docfeedback@cisco.com. CHAPTER CHAPTER 19 This chapter describes how to configure the NetFlow feature on Cisco NX-OS devices. This chapter includes the following sections: Information About NetFlow, page 19-1 Licensing Requirements

More information

Packet Sampling and Network Monitoring

Packet Sampling and Network Monitoring Packet Sampling and Network Monitoring CERN openlab Monthly Technical Meeting 13 th November, 2007 Milosz Marian Hulboj milosz.marian.hulboj@cern.ch Ryszard Erazm Jurga ryszard.jurga@cern.ch What is Network

More information

Traffic Analysis With Netflow. The Key to Network Visibility

Traffic Analysis With Netflow. The Key to Network Visibility Summary Today, Enterprises know that the WAN is one of their most important assets. It needs to be up and running 24x7 for the enterprise to function smoothly. To make this possible, IT administrators

More information

Wireshark Developer and User Conference

Wireshark Developer and User Conference Wireshark Developer and User Conference Using NetFlow to Analyze Your Network June 15 th, 2011 Christopher J. White Manager Applica6ons and Analy6cs, Cascade Riverbed Technology cwhite@riverbed.com SHARKFEST

More information

Network Management Back to the Basics. Brad Hale

Network Management Back to the Basics. Brad Hale Network Management Back to the Basics Brad Hale Table of Contents The Fundamental Protocols of Network Management... 3 Simple Network Management Protocol (SNMP)...4 Management Information Base (MIB)...6

More information

The use of SNMP and other network management tools in UNINETT. Arne Øslebø arne.oslebo@uninett.no March 4, 2014

The use of SNMP and other network management tools in UNINETT. Arne Øslebø arne.oslebo@uninett.no March 4, 2014 The use of SNMP and other network management tools in UNINETT Arne Øslebø arne.oslebo@uninett.no March 4, 2014 1 UNINETTs network GEANT 3 4 What is monitored? Link status Are all connections up? General

More information

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com NetFlow Tracker Overview Mike McGrath x ccie CTO mike@crannog-software.com 2006 Copyright Crannog Software www.crannog-software.com 1 Copyright Crannog Software www.crannog-software.com 2 LEVELS OF NETWORK

More information

Monitoring high-speed networks using ntop. Luca Deri

Monitoring high-speed networks using ntop. Luca Deri <deri@ntop.org> Monitoring high-speed networks using ntop Luca Deri 1 Project History Started in 1997 as monitoring application for the Univ. of Pisa 1998: First public release v 0.4 (GPL2) 1999-2002:

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

Computer Network. Interconnected collection of autonomous computers that are able to exchange information

Computer Network. Interconnected collection of autonomous computers that are able to exchange information Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.

More information

Introduction to Cisco IOS Flexible NetFlow

Introduction to Cisco IOS Flexible NetFlow Introduction to Cisco IOS Flexible NetFlow Last updated: September 2008 The next-generation in flow technology allowing optimization of the network infrastructure, reducing operation costs, improving capacity

More information

Configuring Flexible NetFlow

Configuring Flexible NetFlow CHAPTER 62 Note Flexible NetFlow is only supported on Supervisor Engine 7-E, Supervisor Engine 7L-E, and Catalyst 4500X. Flow is defined as a unique set of key fields attributes, which might include fields

More information

Introduction to Netflow

Introduction to Netflow Introduction to Netflow Mike Jager Network Startup Resource Center mike.jager@synack.co.nz These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)

More information

MANAGING NETWORK COMPONENTS USING SNMP

MANAGING NETWORK COMPONENTS USING SNMP MANAGING NETWORK COMPONENTS USING SNMP Abubucker Samsudeen Shaffi 1 Mohanned Al-Obaidy 2 Gulf College 1, 2 Sultanate of Oman. Email: abobacker.shaffi@gulfcollegeoman.com mohaned@gulfcollegeoman.com Abstract:

More information

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Extending Network Visibility by Leveraging NetFlow and sflow Technologies Extending Network Visibility by Leveraging and sflow Technologies This paper shows how a network analyzer that can leverage and sflow technologies can provide extended visibility into enterprise networks

More information

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC) james@cert.org.tw Network Monitoring On Large Networks Yao Chuan Han (TWCERT/CC) james@cert.org.tw 1 Introduction Related Studies Overview SNMP-based Monitoring Tools Packet-Sniffing Monitoring Tools Flow-based Monitoring

More information

NetFlow v9 Export Format

NetFlow v9 Export Format NetFlow v9 Export Format With this release, NetFlow can export data in NetFlow v9 (version 9) export format. This format is flexible and extensible, which provides the versatility needed to support new

More information

Brocade sflow for Network Traffic Monitoring

Brocade sflow for Network Traffic Monitoring WHITE PAPER Service provider Brocade sflow for Network Traffic Monitoring Although both sflow and NetFlow enjoy widespread industry adoption, sflow is the better technology for traffic monitoring. Business

More information

SolarWinds Certified Professional. Exam Preparation Guide

SolarWinds Certified Professional. Exam Preparation Guide SolarWinds Certified Professional Exam Preparation Guide Introduction The SolarWinds Certified Professional (SCP) exam is designed to test your knowledge of general networking management topics and how

More information

Traffic Analysis with Netflow The Key to Network Visibility

Traffic Analysis with Netflow The Key to Network Visibility Traffic Analysis with Netflow The Key to Network Visibility > WHITEPAPER Executive Summary Enterprises today, know that the WAN is one of their most important assets. It needs to be up and running 24x7

More information

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches APPLICATION NOTE Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2009, Juniper Networks,

More information

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX Martin Elich 1,3, Matěj Grégr 1,2 and Pavel Čeleda1,3 1 CESNET, z.s.p.o., Prague, Czech Republic 2 Brno University of Technology,

More information

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document Produced by AMRES NMS Group (AMRES BPD 104) Author: Ivan Ivanović November 2011 TERENA 2010. All rights reserved.

More information

Gaining Operational Efficiencies with the Enterasys S-Series

Gaining Operational Efficiencies with the Enterasys S-Series Gaining Operational Efficiencies with the Enterasys S-Series Hi-Fidelity NetFlow There is nothing more important than our customers. Gaining Operational Efficiencies with the Enterasys S-Series Introduction

More information

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) 1 SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Mohammad S. Hasan Agenda 2 Looking at Today What is a management protocol and why is it needed Addressing a variable within SNMP Differing versions Ad-hoc Network

More information

Enhancing Flow Based Network Monitoring

Enhancing Flow Based Network Monitoring Enhancing Flow Based Network Monitoring Flow-based technologies such as NetFlow, sflow, J-Flow, and IPFIX are increasingly popular tools used by network operators. The tools leverage the capabilities embedded

More information

A Summary of Network Traffic Monitoring and Analysis Techniques

A Summary of Network Traffic Monitoring and Analysis Techniques http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_monitoring/index.html 1 of 9 A Summary of Network Traffic Monitoring and Analysis Techniques Alisha Cecil, acecil19@yahoo.com Abstract As company intranets

More information

52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller

52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller 52-20-15 RMON, the New SNMP Remote Monitoring Standard Nathan J. Muller Payoff The Remote Monitoring (RMON) Management Information Base (MIB) is a set of object definitions that extend the capabilities

More information

8. 網路流量管理 Network Traffic Management

8. 網路流量管理 Network Traffic Management 8. 網路流量管理 Network Traffic Management Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error

More information

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES APPLICATION NOTE MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES Exporting sflow to Collectors Through a Separate Virtual Routing Instance Copyright 2010, Juniper Networks,

More information

ITEC310 Computer Networks II

ITEC310 Computer Networks II ITEC310 Computer Networks II Chapter 28 Network Management: Department of Information Technology Eastern Mediterranean University Objectives 2/60 After completing this chapter you should be able to do

More information

Integrated Traffic Monitoring

Integrated Traffic Monitoring 61202880L1-29.1F November 2009 Configuration Guide This configuration guide describes integrated traffic monitoring (ITM) and its use on ADTRAN Operating System (AOS) products. Including an overview of

More information

OpenDaylight Project Proposal Dynamic Flow Management

OpenDaylight Project Proposal Dynamic Flow Management OpenDaylight Project Proposal Dynamic Flow Management Ram (Ramki) Krishnan, Varma Bhupatiraju et al. (Brocade Communications) Sriganesh Kini et al. (Ericsson) Debo~ Dutta, Yathiraj Udupi (Cisco) 1 Table

More information

SNMP and Beyond: A Survey of Network Performance Monitoring Tools

SNMP and Beyond: A Survey of Network Performance Monitoring Tools http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_traffic_monitors2/ind... 1 of 11 SNMP and Beyond: A Survey of Network Performance Monitoring Tools Paul Moceri, paul.moceri@gmail.com Abstract The growing

More information

TEIN2 Measurement and Monitoring Workshop Passive Measurements. Bruce.Morgan@aarnet.edu.au

TEIN2 Measurement and Monitoring Workshop Passive Measurements. Bruce.Morgan@aarnet.edu.au TEIN2 Measurement and Monitoring Workshop Passive Measurements Bruce.Morgan@aarnet.edu.au Passive Measurements Syslog SNMP Syslog Syslog is a means where messages originating on a device are logged Normally

More information

Network Management & Monitoring

Network Management & Monitoring Network Management & Monitoring NetFlow Overview These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/)

More information

Study of Network Performance Monitoring Tools-SNMP

Study of Network Performance Monitoring Tools-SNMP 310 Study of Network Performance Monitoring Tools-SNMP Mr. G.S. Nagaraja, Ranjana R.Chittal, Kamod Kumar Summary Computer networks have influenced the software industry by providing enormous resources

More information

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE) 1/28 2/28 TE in action S-38.3192 Verkkopalvelujen tuotanto S-38.3192 Network Service Provisioning Networking laboratory 3/28 4/28 Concept of Traffic Engineering (TE) Traffic Engineering (TE) (Traffic Management)

More information

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco NetFlow Generation Appliance (NGA) 3140 Q&A Cisco NetFlow Generation Appliance (NGA) 3140 General Overview Q. What is Cisco NetFlow Generation Appliance (NGA) 3140? A. Cisco NetFlow Generation Appliance 3140 is purpose-built, high-performance

More information

A Guide to Understanding SNMP

A Guide to Understanding SNMP A Guide to Understanding SNMP Read about SNMP v1, v2c & v3 and Learn How to Configure SNMP on Cisco Routers 2013, SolarWinds Worldwide, LLC. All rights reserved. Share: In small networks with only a few

More information

The ntop Project: Open Source Network Monitoring

The ntop Project: Open Source Network Monitoring The ntop Project: Open Source Network Monitoring Luca Deri 1 Agenda 1. What can ntop do for me? 2. ntop and network security 3. Integration with commercial protocols 4. Embedding ntop 5. Work in

More information

CISCO IOS NETFLOW AND SECURITY

CISCO IOS NETFLOW AND SECURITY CISCO IOS NETFLOW AND SECURITY INTERNET TECHNOLOGIES DIVISION FEBRUARY 2005 1 Cisco IOS NetFlow NetFlow is a standard for acquiring IP network and operational data Benefits Understand the impact of network

More information

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B. ICND2 NetFlow Question 1 What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring B. Network Planning C. Security Analysis D. Accounting/Billing Answer: A C D NetFlow

More information

Foglight NMS Overview

Foglight NMS Overview Page 1 of 5 Foglight NMS Overview Foglight Network Management System (NMS) is a robust and complete network monitoring solution that allows you to thoroughly and efficiently manage your network. It is

More information

Lab 4.1.2 Characterizing Network Applications

Lab 4.1.2 Characterizing Network Applications Lab 4.1.2 Characterizing Network Applications Objective Device Designation Device Name Address Subnet Mask Discovery Server Business Services 172.17.1.1 255.255.0.0 R1 FC-CPE-1 Fa0/1 172.17.0.1 Fa0/0 10.0.0.1

More information

Securing and Monitoring BYOD Networks using NetFlow

Securing and Monitoring BYOD Networks using NetFlow Securing and Monitoring BYOD Networks using NetFlow How NetFlow can help with Security Analysis, Application Detection and Traffic Monitoring Don Thomas Jacob Technical Marketing Engineer ManageEngine

More information

NetFlow Performance Analysis

NetFlow Performance Analysis NetFlow Performance Analysis Last Updated: May, 2007 The Cisco IOS NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device. Network

More information

Agenda. sflow intro. sflow architecture. sflow config example. Summary

Agenda. sflow intro. sflow architecture. sflow config example. Summary sflow Features Agenda sflow intro. sflow architecture sflow config example Summary 1 What is sflow? sflow is a technology for monitoring traffic in data networks containing switches and routers. S9700

More information

Appendix A Remote Network Monitoring

Appendix A Remote Network Monitoring Appendix A Remote Network Monitoring This appendix describes the remote monitoring features available on HP products: Remote Monitoring (RMON) statistics All HP products support RMON statistics on the

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference New to Networking Volume 3 NetFlow Basics and Deployment Strategies Section 1 The Need for Flow Analysis...1 Section 2 How does NetFlow Work?...1 The NetFlow Cache...2 The

More information

White Paper. Jim Frey, Enterprise Management Associates

White Paper. Jim Frey, Enterprise Management Associates Using NetFlow for Real-Time Performance Management Introduction Network managers must constantly balance the need to maximize network resources with the ability to foresee any potential negative performance

More information

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview

IP SLAs Overview. Finding Feature Information. Information About IP SLAs. IP SLAs Technology Overview This module describes IP Service Level Agreements (SLAs). IP SLAs allows Cisco customers to analyze IP service levels for IP applications and services, to increase productivity, to lower operational costs,

More information

Take the NetFlow Challenge!

Take the NetFlow Challenge! TM Scrutinizer NetFlow and sflow Analysis Scrutinizer is a NetFlow and sflow analyzer that provides another layer of cyber threat detection and incredibly detailed network utilization information about

More information

UPPER LAYER SWITCHING

UPPER LAYER SWITCHING 52-20-40 DATA COMMUNICATIONS MANAGEMENT UPPER LAYER SWITCHING Gilbert Held INSIDE Upper Layer Operations; Address Translation; Layer 3 Switching; Layer 4 Switching OVERVIEW The first series of LAN switches

More information

Observer Probe Family

Observer Probe Family Observer Probe Family Distributed analysis for local and remote networks Monitor and troubleshoot vital network links in real time from any location Network Instruments offers a complete line of software

More information

Chapter 9. IP Secure

Chapter 9. IP Secure Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.

More information

Qcast : IP Multicast Traffic Monitoring System with IPFIX/PSAMP

Qcast : IP Multicast Traffic Monitoring System with IPFIX/PSAMP IPTV Traffic Qcast : IP Multicast Traffic Monitoring System with IPFIX/PSAMP Shingo Kashima and Atsushi Kobayashi NTT Information Sharing Platform Laboratories FloCon 2010 2009 NTT Information Sharing

More information

Network Management Functions - Performance. Network Management

Network Management Functions - Performance. Network Management Network Management Functions - Performance Network Management 1 Lectures Schedule Week Week 1 Topic Computer Networks - Network Management Architectures & Applications Week 2 Network Management Standards

More information