How good can databases deal with Netflow data



Similar documents
UltraFlow -Cisco Netflow tools-

Windows Server Performance Monitoring

Network Management & Monitoring

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Network Monitoring and Management NetFlow Overview

Practical Experience with IPFIX Flow Collectors

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Fluke Networks NetFlow Tracker

NetQoS Delivers Distributed Network

Introduction to Netflow

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Application Latency Monitoring using nprobe

Question: 3 When using Application Intelligence, Server Time may be defined as.

Database Scalability and Oracle 12c

Design and Implementation of an Interactive DBMS-supported Network Traffic Analysis and Visualization System

Netflow Overview. PacNOG 6 Nadi, Fiji

Research on Errors of Utilized Bandwidth Measured by NetFlow

Sawmill Log Analyzer Best Practices!! Page 1 of 6. Sawmill Log Analyzer Best Practices

Management by Network Search

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Application Compatibility Best Practices for Remote Desktop Services

Passively Monitoring Networks at Gigabit Speeds Using Commodity Hardware and Open Source Software. Luca Deri January 2003

Network Monitoring Comparison

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

SolarWinds Technical Reference

Cisco.Selftestengine v by.Amy.32q

and reporting Slavko Gajin

Management of lambda paths

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact

Geospatial Server Performance Colin Bertram UK User Group Meeting 23-Sep-2014

Maintaining Non-Stop Services with Multi Layer Monitoring

Cisco IOS Flexible NetFlow Technology

Configuring Apache Derby for Performance and Durability Olav Sandstå

theguard! Service Management Center (Valid for Version 6.3 and higher)

Distributed Network Traffic Monitoring and Analysis using Load Balancing Technology

Sampled NetFlow. Feature Overview. Benefits

How To Understand The Power Of The Internet

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

NetFlow The De Facto Standard for Traffic Analytics

How To Set Up Foglight Nms For A Proof Of Concept

Quick Reference Guide: Server Hosting

CentOS Linux 5.2 and Apache 2.2 vs. Microsoft Windows Web Server 2008 and IIS 7.0 when Serving Static and PHP Content

An overview of traffic analysis using NetFlow

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

General system requirements

Chapter 3. Internet Applications and Network Programming

Performance Guideline for syslog-ng Premium Edition 5 LTS

COMPSCI 314: SDN: Software Defined Networking

Hardware Performance Optimization and Tuning. Presenter: Tom Arakelian Assistant: Guy Ingalls

Real-Time Handling of Network Monitoring Data Using a Data-Intensive Framework

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

I.T. System Requirements 2015

Configuring NetFlow Switching

Virtuoso and Database Scalability

Working With Flow Data in an Academic Environment in the DDoSVax Project at ETH Zuerich

Technology Announcement - SQL Server Database Transition

Mini-Challenge 3. Data Descriptions for Week 1

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express

NetFlow v9 Export Format

Experiences Deploying and Operating a Large-Scale Monitoring Infrastructure

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 15. AKIPS Pty Ltd

The Ultimate Business & Enterprise Hosting Solutions.

PANDORA FMS NETWORK DEVICES MONITORING

Cloud Service SLA Declaration

WhatsUpGold. v NetFlow Monitor User Guide

Hybrid network traffic engineering system (HNTES)

Best Practices for Deploying SSDs in a Microsoft SQL Server 2008 OLTP Environment with Dell EqualLogic PS-Series Arrays

W H I T E P A P E R : T E C H N I C A L. Understanding and Configuring Symantec Endpoint Protection Group Update Providers

SolarWinds Technical Reference

Technology and Cost Considerations for Cloud Deployment: Amazon Elastic Compute Cloud (EC2) Case Study

With Cloud Computing, Who Needs Performance Testing?

8. 網路流量管理 Network Traffic Management

Limitations of Packet Measurement

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

HTGR- Netflow. or, how to know what your network really did without going broke

4 Internet QoS Management

Use case: Merging heterogeneous network measurement data

Optimizing Data Center Networks for Cloud Computing

PANDORA FMS NETWORK DEVICE MONITORING

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Everything under control OpenTAS Network Monitor. Simple, fast and affordable.

Optimizing Linux Performance

Hardware Configuration Guide

Preparing a SQL Server for EmpowerID installation

An Oracle White Paper June High Performance Connectors for Load and Access of Data from Hadoop to Oracle Database

Get Your FIX: Flow Information export Analysis and Visualization

Expert Reference Series of White Papers. Introduction to Amazon Relational Database Service (Amazon RDS)

Distributed applications monitoring at system and network level

Introduction to MPIO, MCS, Trunking, and LACP

Software Defined Networks

CISCO IOS NETFLOW AND SECURITY

Mark Bennett. Search and the Virtual Machine

AKIPS Network Monitor Installation, Configuration & Upgrade Guide Version 16. AKIPS Pty Ltd

Quick Start Guide. GV-Redundant Server GV-Failover Server. 1 Introduction. Packing List

Vantage Report. Quick Start Guide

Transcription:

How good can databases deal with Netflow data Bachelorarbeit Supervisor: bernhard fabian@net.t-labs.tu-berlin.de Inteligent Networks Group (INET) Ernesto Abarca Ortiz eabarca@net.t-labs.tu-berlin.de

OVERVIEW INTRODUCTION METHODOLOGY RESULTS Hardware resource usage Data insertion Data quering CONCLUSIONS FUTURE WORK QUESTIONS 2

INTRODUCTION GROWING TRAFFIC Networks and Broadband Access are becoming even faster + Multimedia streaming, social networks, P2P and more users + More applications and protocols are available = More data is generated and crossing our networks Network monitoring and data analysis is more complex 3

INTRODUCTION NETFLOW (I) FLOW: Network connection's aggregated data - Time stamp; source/destination for ip, mask, as and port - Flow length in bytes / packets, other info NETFLOW: Protocol for router / switches to send flow data - How? - When? - Where? Src: Wikipedia 4

INTRODUCTION NETFLOW (II) POSSIBLE USES: - Traffic statistics - Network Security - Autonomous Systems (AS) routers behaviour NETFLOWS ARE STORED IN BINARY FILES - Vendor specific options/tools - File-based limitations WHAT ABOUT A DATABASE TO STORE NETFLOWS? - But which one? - And how? 5

INTRODUCTION DATABASES DATABASE: Organized and structured collection of data DBMS: Complete system to manage databases - Multi-server, backup, security... Data can be encoded/stored in different field formats: - Numeric, text, date/time, raw - And fields can be indexed Mar 17 2001 05:12:45 984802365 192.168.54.345 3232249689 SQL: Common and independent Structured Query Language TRANSACTION: Multiple SQL orders executed together 6

INTRODUCTION CHALLENGES FIELD TYPE? - GENERIC: Only integer types - SPECIFIC: IP Address, Time/Date FIELD INDEXING? - Slow insertions, fast queries - Is it worth? TRANSACTIONS FOR DATA INSERTION? HARDWARE REQUIREMENTS? BOTTLENECKS? 7

METHODOLOGY Netflow fields selection, database indexes and query design FLOW-EXPORT tool enhancements: - Support for postgresql & sqlite - Field type conversion - Transaction support - Generate statistics: > Disk I/O usage > Time spent processing flows Hardware monitoring for bottlenecks - MRTG, top, dstat, iostat Optimize hardware / software only if required 8

RESULTS RESOURCE USAGE STORAGE REQUIREMENTS: - FLOW-TOOLS binary file: > About 17 Million flows > 1.1 Gbytes - DATABASE: Integer fields NOT INDEXED INDEXED (Max) MySQL 0.9 GB 2.3 GB POSTGRESQL 2.3 GB 5.9 GB SQLITE 1.4 GB 2.9 GB CPU USAGE - BOTTLENECK: No multiprocessor support - Mainly used for index creation or complex queries RAM - Some GB required for index creation and complex queries 9

RESULTS DATA INSERTION (I) CONSTANT BEHAVIOUR POSTGRESQL FLUCTUATES AS IT WRITES MORE DATA TO DISK MYSQL IS TWICE FASTER: 14K FLOWS/SEC 10

RESULTS DATA INSERTION (II) ON INDEXING, TIME DEPENDS ON AMOUNT OF DATA WRITTEN SQLITE IS NEARLY TWO TIMES SLOWER THAN POSTGRESQL EXTRANGE BEHAVIOUR AT THE END 11

RESULTS DATA INSERTION (III) TRANSACTIONS MAKE SQLITE FASTER THAN PGSQL; OTHERS JUST A BIT INDEXING REQUIRES MUCH MORE RESOURCES 12

RESULTS DATA QUERY - Flow-tools always require the same execution time - Databases are faster when specific data is requested - Flow-tools are much faster aggregating data - Databases required more than 4 gb of ram There are no big differences when querying Integer or specific fields 13

RESULTS DATA DIVERSITY AND SCALABILITY DATA DIVERSITY: Important in index creation and aggregation queries SCALABILITY: Is feasible but can depend on data diversity 14

CONCLUSIONS IS IT FEASIBLE TO USE NETFLOW WITH DATABASES? - Yes! - But requires: Twice HDD storage and about 8 GB RAM - Database multiprocessor support is recommendable - Data diversity and traffic pattern can be important for indexing BEST SOLUTION: MySQL - Integer fields - No indexes - Transactions: optional 15

FUTURE WORK - DATABASE NORMALIZATION - DATABASE SERVER OPTIMIZATION - COMPARE IT WITH NON SQL DATABASE SYSTEMS 16

QUESTIONS Questions? Answer: 42 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information