Agenda. Cisco Research SCRIPT and the Big Picture. Building Blocks for the SCRIPT Project



Similar documents
NetFlow/IPFIX Various Thoughts

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Introduction to Cisco IOS Flexible NetFlow

Cisco IOS Flexible NetFlow Technology

Configuring Flexible NetFlow

Flow Analysis Versus Packet Analysis. What Should You Choose?

Scalable Extraction, Aggregation, and Response to Network Intelligence

Business and IT are Changing Like Never Before

Advanced NetFlow for Service Providers. Aamer Akhter Benoit Claise

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Cisco IOS Flexible NetFlow Command Reference

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

PANDORA FMS NETWORK DEVICE MONITORING

Configuring NetFlow-lite

PANDORA FMS NETWORK DEVICES MONITORING

IPv6 network management. Where and when?

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

NetFlow-Lite offers network administrators and engineers the following capabilities:

Network Management & Monitoring

Cisco Performance Monitor Commands

From NetFlow to IPFIX the evolution of IP flow information export

Autonomous NetFlow Probe

Monitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX

OpenDaylight Project Proposal Dynamic Flow Management

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

CISCO IOS NETFLOW AND SECURITY

Network Monitoring and Management NetFlow Overview

NetFlow v9 Export Format

NetFlow Configuration Guide, Cisco IOS Release 15M&T

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Network Performance Monitoring at Minimal Capex

Flow Based Traffic Analysis

Network traffic monitoring and management. Sonia Panchen 11 th November 2010

NetFlow Configuration Guide, Cisco IOS Release 12.4

"Charting the Course to Your Success!" QOS - Implementing Cisco Quality of Service 2.5 Course Summary

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

Securing and Monitoring BYOD Networks using NetFlow

How-To Configure NetFlow v5 & v9 on Cisco Routers

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

NetFlow Configuration Guide, Cisco IOS Release 12.2SR

NetFlow The De Facto Standard for Traffic Analytics

IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS)

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Enhancing Flow Based Network Monitoring

Open Source in Network Administration: the ntop Project

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Comprehensive IP Traffic Monitoring with FTAS System

Netflow Overview. PacNOG 6 Nadi, Fiji

Introduction to Netflow

Appendix A Remote Network Monitoring

The Value of Flow Data for Peering Decisions

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Chapter 9. IP Secure

Cisco Catalyst 4948E NetFlow- lite

Network congestion control using NetFlow

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Network layer: Overview. Network layer functions IP Routing and forwarding

IPv6 network management

Cisco NetFlow Generation Appliance (NGA) 3140

How To Mirror On An Ipfix On An Rspan Vlan On A Pc Or Mac Or Ipfix (Networking) On A Network On A Pnet (Netnet) On An Uniden (Netlan

Configuring NetFlow on Cisco ASR 9000 Series Aggregation Services Router

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Signature-aware Traffic Monitoring with IPFIX 1

Infoblox vnios Software for CISCO AXP

Flow Monitor for WhatsUp Gold v16.2 User Guide

How To Set Up Foglight Nms For A Proof Of Concept

UltraFlow -Cisco Netflow tools-

IPv6 Fundamentals Ch t ap 1 er I : ntroducti ti t on I o P IPv6 Copyright Cisco Academy Yannis Xydas

Facility Usage Scenarios

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

Standardizing IP Traffic Flow Measurement at the IETF

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Cisco IOS Flexible NetFlow Overview

IP Addressing Introductory material.

SonicOS 5.8: NetFlow Reporting

WhatsUpGold. v15.0. Flow Monitor User Guide

How To Manage Ipv6 Networks On A Network With Ipvv6 (Ipv6) On A Pc Or Ipv4 (Ip6) (Ip V6) Or Ip V6 ( Ipv5) ( Ip V5

Exam 1 Review Questions

Wireshark Developer and User Conference

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

and reporting Slavko Gajin

AlliedWare Plus OS How To Use sflow in a Network

The use of SNMP and other network management tools in UNINETT. Arne Øslebø March 4, 2014

NfSen Plugin Supporting The Virtual Network Monitoring

Flow Monitor for WhatsUp Gold v16.1 User Guide

Description: To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Cisco IOS NetFlow Version 9 Flow-Record Format

Interconnecting Cisco Network Devices 1 Course, Class Outline

Transcription:

Cisco Research SCRIPT and the Big Picture Ralf Wolter, Cisco Systems 1 Agenda Building Blocks for the SCRIPT Project Cisco Research Center (CRC) NetFlow: the story and the challenge IPFIX @ IETF Cisco AXP SCRIPT - Motivation Q&A 2

Cisco Research Center 3 Cisco & Research at Universities External Research and Talent Cisco Cisco Motivation Push Cisco into new business areas Influence Access to the best talent Give back to the community Deliver combo of: - Short term results for BUs - Long term results for Cisco Researcher Motivation Calibration to real world Leverage Recognition 4

Cisco Research Center A 21st Century Strategy Include external research in our virtual team Build relationships with professors and students Connect BUs and researchers Our Tools: Gift research awards Contract awards In-kind donations: equipment & services Cisco champions and reviewers Internal lectures + symposia Conference sponsorships Graduate internships + full time hires 5 Results Example Successes CRS-1 Architecture: Washington U. St. Louis Jon Turner & Guru Parulkar GSR Architecture, NetFPGA: Stanford Nick McKeown Bloom Filters & Deep Packet Inspection, NetSift in Hawkeye (DCBU & IOS Software): UCSD George Varghese, Sumeet Singh AFD (Approximate Fair Dropping) in Cat 3k, 7600, NEXUS 7000, ISR (SPTG; ISBU; DCBU): Stanford Balaji Prabakar & Rong Pan (now at Cisco) Service Node, Improving Traffic Locality in BitTorrent via Biased Neighbor Selection: Stanford Bindal et. al. IP SLA, Traffic and Performance Measurement using Active Probing Techniques (Benoit Claise, Ernie Mikulic): Fraunhofer Institute (FOKUS) Tanja Zseby Packet classification for encrypted flows (CPOL 957116), Location based services (CPOL 960256), GSBU: Harvard Mitzenmacher LASOR (Label Switched Optical Router) Project, DARPA funded (Gary Epps, HERBU): UCSB Dan Blumenthal 6

Accuracy Impact Random Packet NetFlow Sampling Packet Sampling for Flow Accounting: Challenges and Limitations, Tanja Zseby, Thomas Hirsch, Benoit Claise, PAM 2008 Square sum of bytes available in flexible NetFlow #Packets N f Estimation Accuracy (PLT_NZIX1, S24D00, Cisco, f=5% Mean Packet Size μ f Packet Size Standard Deviation σ f 7 NetFlow the Story and the Challenge 8

NetFlow Origination Developed by Darren Kerr and Barry Bruins at Cisco Systems in 1996 US Patent 6,243,667 The value of information in the cache was a secondary discovery Initially designed as a switching path Answers questions regarding IP traffic: who, what, where, when, and how A looooooong journey from a stealth feature to the IETF Standard for Accounting Technology 9 Version 5 Flow Format Flow Key vs. Non-Key Field From/to Usage Time of Day Packet count Byte count Start sysuptime End sysuptime Source IP address Destination IP address Source TCP/UDP port Destination TCP/UDP port Port Utilization QoS Input ifindex Output ifindex Type of service TCP flags Protocol Next hop address Source AS number Dest. AS number Source prefix mask Dest. Prefix mask Application Routing and Peering 10

NetFlow Version 9 Export Packet Template 1 Template 2 H E A D E R Template FlowSet Template Record Template ID #1 (Specific Field Types and Lengths) Template Record Template ID #2 (Specific Field Types and Lengths) Data FlowSet FlowSet ID #1 Data Record (Field Values) Data Record (Field Values) Data FlowSet ID #1 FlowSet ID #2 Data Record (Field Values) 11 Flexible NetFlow Model Interface Monitor A Monitor B Monitor C Record X Exporter M Exporter M Exporter N Exporter N Record Z Record Y A single record per monitor Potentially multiple monitors per interface Potentially multiple exporters per monitor 12

Flexible Flow Record: Key Fields Flow IPv4 IPv6 Sampler ID Direction Interface Input Output Layer 2 Source VLAN Destination VLAN IP (Source or Prefix (Source or Mask (Source or Minimum-Mask (Source or Protocol Fragmentation Flags Payload Size Packet Section (Header) Packet Section (Payload) TTL Options bitmap Version IP (Source or Prefix (Source or Mask (Source or Minimum-Mask (Source or Protocol Traffic Class Payload Size Packet Section (Header) Packet Section (Payload) DSCP Extension Headers Hop-Limit Source MAC address Destination MAC address Fragmentation Offset Identification Header Length Total Length Precedence DSCP TOS Flow Label Option Header Header Length Payload Length Length Next-header Version 13 Network Based Application Recognition NetFlow + NBAR Link Layer Header IP Header Interface ToS Protocol Source IP Address NetFlow NetFlow Monitors data in Layers 2 thru 4 Determines applications by port Utilizes a seven-tuple for flow TCP/UDP Header Destination IP Address Source Port Destination Port Flow information who, what, when, where NBAR Examines data from Layers 3 thru 7 Data Packet Deep Packet (Payload) Inspection NBAR Utilizes Layers 3 and 4 plus packet inspection for classification Stateful inspection of dynamic-port traffic Packet and byte counts 14

IETF IP Flow Information Export WG (IPFIX) 15 IETF: IP Flow Information Export WG (IPFIX) IPFIX is an effort to: Define the notion of a "standard IP flow" Devise data encoding for IP flows Consider the notion of IP flow information export based upon packet sampling Identify and address any security privacy concerns affecting flow data Specify the transport mapping for carrying IP flow information (IETF approved congestion-aware transport protocol) IPFIX web sites Charter: http://www.ietf.org/html.charters/ipfix-charter.html All IPFIX related drafts: http://tools.ietf.org/wg/ipfix/ Internal email alias: ipfix@cisco.com 16

IETF: IP Flow Information Export WG (IPFIX) RFC3954 Cisco Systems NetFlow Services Export Version 9 RFC3917 Requirements for IP Flow Information Export Gathers all IPFIX requirements for the IPFIX evaluation process RFC3955 Evaluation of Candidate Protocols for IPFIX RFC5101 Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information RFC5102 Information Model for IP Flow Information Export RFC5103 Bidirectional Flow Export using IP Flow Information Export (IPFIX) 17 IPFIX History BOF at IETF51 draft-gsadasiv-ipfix-proposal Several candidates discussion: CRANE, LFAP, Diameter, sflow RFC3917: IPFIX Requirements RFC3954: NetFlow V9 RFC3955: Evaluation of the IPFIX Candidates Transport discussion: UDP vs TCP vs SCTP RFC5101: IPFIX Protocol RFC5102: IPFIX Information Model RFC5103: Biflow RFC5153: Implementation Guidelines 2001 2002 2003 2004 2005 2006 2007 2008 2009 18

IPFIX History (Part 2) RFC5470: IPFIX Architecture RFC5471: IPFIX Guidelines for IPFIX testing RFC5472: IPFIX Applicability RFC5473: Reducing Redundancy more to come RFC5610: Exporting IPFIX type for IE PSAMP MIB moved to the IPFIX WG 2009 2010 2011 19 Cisco s Application extension Platform (AXP) 20

Branch Recorder Payment Gateway Health Care Router Fax-over-IP Router Green Router Device Mgmt. Router 2008 Cisco Systems, Inc. All rights reserved. 21 Cisco Public AXP High-Level Architecture Cisco ISR Router Cisco ISR IOS IOS Interface IOS Interface API API IOS Scripts, Workflow Processes, External Systems AXP Module AXP Module Plug-In Plug-In Plug-In Plug-In Application Middleware Management Agent System (AXP OS) (IOS) Extensible IOS-likeNetwork CLI Cisco Linux OS API Plug-In Management Console Open Schema Alerts 24x7 Network/Security Operations Center 2008 Cisco Systems, Inc. All rights reserved. Management Server Database Cisco Public Reports & Analysis 22

AXP Technical Overview Cisco ISR Router AXP Module Cisco IOS Configuration Monitoring Event Triggers Control Plane Data Plane IOS Interface (C/C++) App Perl/Python Virtualized OS Extensible IOS-like CLI Cisco Linux OS Java Application OSGI Java Virtualized OS Logging/Debugging facilities AUX GE-1 GE-2 23 SCRIPT Problem Statement 24

NetFlow Performance Challenge Moving Bottleneck Consumes a lot of CPU - Packet sampling - Metering process in hardware Collisions in the cache - Improved the hash function - Increased the cache size Consumes much bandwidth - Flexible flow record per interface, per direction - Export cache type per collector - Flow sampling CPU impact, bandwidth impact, and accuracy impact 25 Typical NetFlow Deployment NetFlow for Monitoring NetFlow for Security NetFlow for Core Traffic Matrix NetFlow for Peering ISP 26

SCRIPT Problem Statement Bottleneck: the collection infrastructure 27 Future 28

Questions? 29 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information