CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Similar documents
ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Cisco IOS Flexible NetFlow Technology

CISCO IOS NETFLOW AND SECURITY

Best Practices for NetFlow/IPFIX Analysis and Reporting

Gaining Operational Efficiencies with the Enterasys S-Series

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

Flow Based Traffic Analysis

Introduction to Cisco IOS Flexible NetFlow

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Network Visibility Guide

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: Doc Type: Q & A with Explanations Total Questions: 50

How Cisco IT Protects Against Distributed Denial of Service Attacks

Traffic Analysis With Netflow. The Key to Network Visibility

Netflow Overview. PacNOG 6 Nadi, Fiji

Traffic Analysis with Netflow The Key to Network Visibility

WAN Traffic Management with PowerLink Pro100

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Course Contents CCNP (CISco certified network professional)

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Overview of NetFlow NetFlow and ITSG-33 Existing Monitoring Tools Network Monitoring and Visibility Challenges Technology of the future Q&A

NetQoS Delivers Distributed Network

Cisco IOS Advanced Firewall

Network Management & Monitoring

Maximize Network Visibility with NetFlow Technology. Andy Wilson Senior Systems Engineer Lancope

Securing and Monitoring BYOD Networks using NetFlow

INTRUSION DETECTION SYSTEMS and Network Security

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

whitepaper Network Traffic Analysis Using Cisco NetFlow Taking the Guesswork Out of Network Performance Management

SolarWinds Certified Professional. Exam Preparation Guide

NetFlow Tips and Tricks

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Deploying Firewalls Throughout Your Organization

Network Performance Management Solutions Architecture

Network Monitoring and Management NetFlow Overview

Network Management. 8.1 Centralized Monitoring, Reporting, and Troubleshooting Monitoring Challenges and Solutions CHAPTER

Extreme Networks CoreFlow2 Technology TECHNOLOGY STRATEGY BRIEF

NSC E

NetFlow Configuration Guide, Cisco IOS Release 15M&T

Private IP Overview. Feature Description Benefit to the Customer

NetFlow Configuration Guide, Cisco IOS Release 12.4

Routing & Traffic Analysis for Converged Networks. Filling the Layer 3 Gap in VoIP Management

Take the NetFlow Challenge!

Cisco Certified Security Professional (CCSP)

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Introduction to Netflow

Cisco SR 520-T1 Secure Router

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

NetFlow Configuration Guide, Cisco IOS Release 12.2SR

Simac ICT Netherlands ::

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Designing for Cisco Internetwork Solutions

Network traffic monitoring and management. Sonia Panchen 11 th November 2010

NetFlow/IPFIX Various Thoughts

Application Visibility and Monitoring >

Scalable Extraction, Aggregation, and Response to Network Intelligence

Network-Wide Class of Service (CoS) Management with Route Analytics. Integrated Traffic and Routing Visibility for Effective CoS Delivery

Service Description DDoS Mitigation Service

with NetFlow Technology Adam Powers Chief Technology Officer

Traffic Monitoring using sflow

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

IP Telephony Management

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Network Performance Monitoring at Minimal Capex

Introduction. The Inherent Unpredictability of IP Networks # $# #

Network Management and Monitoring Software

RAVEN, Network Security and Health for the Enterprise

Cisco Network Analysis Module Software 4.0

WAN Optimization Integrated with Cisco Branch Office Routers Improves Application Performance and Lowers TCO

Network Monitoring and Traffic CSTNET, CNIC

Flow Analysis Versus Packet Analysis. What Should You Choose?

How-To Configure NetFlow v5 & v9 on Cisco Routers

Voice Over IP and Firewalls

Efficient Network Monitoring Access

Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

NetFlow Performance Analysis

NetFlow-Lite offers network administrators and engineers the following capabilities:

Recommended IP Telephony Architecture

Whitepaper. Controlling the Network Edge to Accommodate Increasing Demand

Link Controller ENSURES RELIABLE NETWORK CONNECTIVITY

Cisco IP Solution Center MPLS VPN Management 5.0

Security Toolsets for ISP Defense

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

Beyond Monitoring Root-Cause Analysis

ethernet services for multi-site connectivity security, performance, ip transparency

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

DEFENSE NETWORK FAQS DATA SHEET

Network-Wide Capacity Planning with Route Analytics

Unified network traffic monitoring for physical and VMware environments

Enhancing Network Monitoring with Route Analytics

Cisco Virtual Office Unified Contact Center Architecture

Transcription:

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY CISCO INFORMATION TECHNOLOGY SEPTEMBER 2004 1

Overview Challenge To troubleshoot capacity and quality problems and to understand usage, network managers need to see application flows through the network Networks provide views of application flows, but don t provide information about them Seeing packet flows per port helps, but a growing number of applications use dynamic ports, which complicating traffic characterization Solution Cisco IOS NetFlow (already part of the network) Tools to capture and format the data Results Cisco IOS NetFlow supports capacity planning, network protection against denial of service (DoS) attacks, and other forms of undesirable traffic and provides new information about network use Next Steps Expand the use of the NetFlow technology to other parts of the network 2

Challenge No Application Flow Information Cisco Systems almost exclusively relied on Simple Network Management Protocol (SNMP) to monitor Internet bandwidth Although SNMP facilitates capacity planning, it does very little to characterize traffic applications, essential for understanding how well the network supports the business Cisco needed a more granular understanding of Cisco bandwidth usage Port flow was monitored, but many newer applications dynamically select new ports for each use 3

Challenge Application Usage 4

Solution Cisco NetFlow Technology With its NetFlow Technology Cisco gained ability to characterize and analyze network traffic flows Cisco IOS NetFlow technology is built into most Cisco switches and routers using a specialized application-specific integrated circuit (ASIC) and some specialized features of Cisco IOS Software and Cisco Catalyst Operating System Software Cisco IOS NetFlow has become a primary network accounting technology and anomaly-detection technology in the industry Cisco IOS NetFlow answers the following questions about network traffic: Who, what, when, where, and how? Cisco IOS NetFlow Version 9 was chosen for a proposed IETF standard called IP Flow Information Export (IPFIX) in 2003 IPFIX defines the format by which IP flow information can be transferred from an exporter, such as a Cisco router, to a collector application that analyzes the data 5

Solution Cisco NetFlow Technology To export data routers represent each network traffic flow based on: Source and destination IP address Source and destination port Layer 3 protocol type Type of service Input logical interface 6

YOU CAN THINK OF NETFLOW AS A FORM OF TELEMETRY PUSHED FROM ROUTERS AND LAYER 3 SWITCHES, EACH ONE ACTING AS A SENSOR. JOHN CORNELL, CISCO IT TECHNICAL STAFF 2004, Cisco Systems, Inc. All rights reserved. 7

Solution Flow Information 8

Solution Export Packets 9

Results Characterize Traffic by Application Cisco IOS NetFlow Data by Arbor Networks Peakflow Traffic 10

Results Cost Effective Cisco IOS NetFlow is more cost effective in gathering network traffic information than Remote Monitoring (RMON) probes Cisco IOS NetFlow feature is enabled in several places on the Cisco network that process incoming and outgoing traffic, for a total of more than 1900 WAN interfaces Information from each location is useful on its own, as well as in combination with other network related business intelligence For example, the combination of Cisco IOS NetFlow and Border Gateway Protocol (BGP) routing information provides visibility into the origin and destination of Cisco network traffic, which helps to ensure optimal peering with Internet service providers (ISPs) 11

Results Analysis Software (Data Collection) Network Location Internet gateway routers that connect to ISP links Routers at inner edge of public-facing network WAN core (aggregation layer) WAN edge Core routers on public-facing network Network Address Translation (NAT) gateway Analysis Software Arbor Networks Peakflow Traffic Arbor Networks Peakflow DoS Arbor Networks Peakflow DoS NetQoS ReporterAnalyzer NetQoS ReporterAnalyzer OSU flow-tools from splintered.net OSU flow-tools from splintered.net Anomaly detection Purpose Network traffic analysis by application Correlation of network traffic with BGP routing information Anomaly detection Network traffic analysis by application for capacity planning Network traffic analysis by application for capacity planning Collection of historical data, useful for forensics and diagnostics Collection of historical data, useful for forensics and diagnostics Auditing of addresses that have undergone NAT ( NATed addresses) 12

Results Internet and Security Benefits Avoidance of Structured Query Language (SQL) Slammer Worm On January 24, 2003 the SQL Slammer worm, also called Sapphire, propagated worldwide in just eight minutes Networks fell worldwide, including entire networks of automated teller machines and leading enterprises Cisco did not experienced any loss of business continuity from SQL Slammer due to: Teamwork Established communications plan Robust network architecture Effective use of Cisco IOS NetFlow technology 13

Results DoS Attacks and Other Undesirable Traffic Cisco Information Technology uses NetFlow data to protect the network from viruses and attacks and to understand the effects of current and planned applications on the network From time to time, Cisco receives traffic intended to produce a DoS attack DoS attacks flood the network with packets, often of an unusual size, from an untrusted source to a single destination Cisco detects and prevents DoS attacks by using Cisco IOS NetFlow to collect: Packet source Destination Protocol number Port number Packet size Collected information is sent to Arbor Peakflow DoS for anomaly detection 14

Results Anomaly Detection Report 15

Results WAN Traffic Detection of Unauthorized WAN Traffic Cisco has avoided costly upgrades by identifying the applications causing congestion and, if appropriate, changing the usage policy Reduction in Peak WAN Traffic Cisco Information Technology uses NetFlow statistics to measure WAN traffic improvement from application-policy changes Validation of QoS Parameters By using Cisco IOS NetFlow and NetQoS ReporterAnalyzer IT is able to confirm that appropriate bandwidth has been allocated to each class of service (CoS) and that no CoS is over- or under-subscribed Analysis of VPN Traffic and Teleworker Behavior Cisco Information Technology can easily identify teleworker traffic because it all travels over identifiable tunnels This type of traffic analysis facilitates capacity planning for Internet access and understanding of home worker behavior 16

Results Total Cost of Ownership Calculation To prevent unexpected effects on the WAN, Cisco application development groups first deploy new applications in a test environment Cisco IOS NetFlow is used to measure how much WAN traffic the application is likely to generate when released to a larger population Testing applications helps to calculate Total Cost of Ownership (TCO) more accurately Benefits of Cisco IOS Netflow for Cisco include: Cost effective deployment of applications Constant availability of services for all employees, customers, and partners worldwide 17

Next Steps Summary Cisco Information Technology next steps: To benefit from the increasing value of the network data being collected To expand the use of NetFlow to other parts of the network As Cisco continues to collect more NetFlow historical data, capacity planning will become easier Cisco anticipates extending capacity planning methodologies used for Internet connectivity to internal networks on the Cisco WAN 18

Cisco IOS NetFlow Technology As converged networks and IP telephony become more prevalent, the ability to characterize traffic on the network both for capacity planning and anomaly detection becomes even more critical NetFlow provides that capability for Cisco 19

Case Overview, Study, 09/04 20

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information