8. 網路流量管理 Network Traffic Management

Similar documents
Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery

Software-Defined Traffic Measurement with OpenSketch

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

NetFlow/IPFIX Various Thoughts

Introduction to Cisco IOS Flexible NetFlow

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Wireshark Developer and User Conference

Configuring Flexible NetFlow

Limitations of Packet Measurement

Netflow Overview. PacNOG 6 Nadi, Fiji

Network Management & Monitoring

Adaptive Flow Aggregation - A New Solution for Robust Flow Monitoring under Security Attacks

Cisco IOS Flexible NetFlow Technology

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Introduction to Netflow

Network Monitoring and Management NetFlow Overview

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

Network congestion control using NetFlow

and reporting Slavko Gajin

NetFlow Performance Analysis

Transport Layer Protocols

Question: 3 When using Application Intelligence, Server Time may be defined as.

Flow Monitoring With Cisco Routers

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

Per-Packet Load Balancing

Using IPM to Measure Network Performance

NetFlow-Lite offers network administrators and engineers the following capabilities:

SDN Programming Languages. Programming SDNs!

CISCO IOS NETFLOW AND SECURITY

IP address format: Dotted decimal notation:

Network Security through Software Defined Networking: a Survey

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

The Value of Flow Data for Peering Decisions

Monitoring and analyzing audio, video, and multimedia traffic on the network

Datagram-based network layer: forwarding; routing. Additional function of VCbased network layer: call setup.

Lab Characterizing Network Applications

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Research on Errors of Utilized Bandwidth Measured by NetFlow

CS514: Intermediate Course in Computer Systems

Configuring NetFlow Switching

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Traffic monitoring with sflow and ProCurve Manager Plus

Network Layer: Network Layer and IP Protocol

Network traffic monitoring and management. Sonia Panchen 11 th November 2010

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

KNOM Tutorial Internet Traffic Measurement and Analysis. Sue Bok Moon Dept. of Computer Science

NetFlow Subinterface Support

Stateful Firewalls. Hank and Foo

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

An apparatus for P2P classification in Netflow traces

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

sflow Why You Should Use It And Like It NANOG 39 February 04-07, 2007

How do I get to

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Case Study: Instrumenting a Network for NetFlow Security Visualization Tools

NetFlow v9 Export Format

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Network Monitoring On Large Networks. Yao Chuan Han (TWCERT/CC)

INTRODUCTION TO FIREWALL SECURITY

Final for ECE374 05/06/13 Solution!!

Network Traffic Analysis

FlowRadar: A Better NetFlow for Data Centers

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Outline. Outline. Outline

co Characterizing and Tracing Packet Floods Using Cisco R

Server Iron Hands-on Training

UKCMG Industry Forum November 2006

Internet Control Protocols Reading: Chapter 3

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

Software Defined Traffic Measurement with OpenSketch

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Cisco IOS Flexible NetFlow Command Reference

IP Accounting C H A P T E R

ACHILLES CERTIFICATION. SIS Module SLS 1508

FIREWALL AND NAT Lecture 7a

OpenDaylight Project Proposal Dynamic Flow Management


Juniper Exam JN0-343 Juniper Networks Certified Internet Specialist (JNCIS-ENT) Version: 10.1 [ Total Questions: 498 ]

Software Defined Networking What is it, how does it work, and what is it good for?

Recommendations for Network Traffic Analysis Using the NetFlow Protocol Best Practice Document

PART III. OPS-based wide area networks

First Midterm for ECE374 03/09/12 Solution!!

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Project Ideas for the George Varghese Espresso Prize

Cisco Configuring Commonly Used IP ACLs

Routing Protocols (RIP, OSPF, BGP)

Solution of Exercise Sheet 5

The Internet: A Remarkable Story. Inside the Net: A Different Story. Networks are Hard to Manage. Software Defined Networking Concepts

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

An overview of traffic analysis using NetFlow

Network Protocol Configuration

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002.

Content Distribution Networks (CDN)

Configuring a Load-Balancing Scheme

Internet Packets. Forwarding Datagrams

NetFlow FlowAnalyzer Overview

Configuring a Load-Balancing Scheme

Transcription:

8. 網路流量管理 Network Traffic Management

Measurement vs. Metrics end-to-end performance topology, configuration, routing, link properties state active measurements active routes active topology link bit error rate average download time of a web page TCP bulk throughput end-to-end delay and loss link utilization traffic matrix demand matrix packet and flow measurements, link load traffic 2

Reducing Measurement Overhead Filtering, Aggregation, and Sampling 3

Reducing Measurement Overhead Measurement overhead In some areas, you could measure everything Information processing not the bottleneck Networking: thinning is crucial! Reducing measurement traffic: Filtering Aggregation Sampling...and combinations thereof 4

Filtering Measure selectively Only record statistics for a subset of traffic Examples Matching a destination prefix For a certain service class Violating an access control list TCP SYN or RST packets (attacks, abandoned http download) 5

Aggregation Coarse-grained statistics Combine related traffic together Example: srcip and dstip src dest # pkts # bytes a.b.c.d m.n.o.p 374 85498 e.f.g.h q.r.s.t 7 280 i.j.k.l u.v.w.x 48 3465......... 6

Sampling Select a random subset of traffic Representative of all traffic Examples Random Round-robin Hash-based X X X X 16 packets: estimate ¾ blue and ¼ red 7

Comparison Filtering Aggregation Sampling Precision exact exact approximate Generality Constrained a-priori Constrained a-priori general Local Processing filter criterion for every object table update for every object only sampling decision Local Memory none one bin per value of interest none Compression Depends on data Depends on data controlled 8

Traffic Monitoring Techniques Links, Flows, and Packets 9

Traffic Monitoring Techniques Link monitoring Group all packets on the same link Average load, loss, corruption, Flow monitoring Group similar packets into flows Same header fields and close in time Packet monitoring Capture first n bytes of a packet 10

IP Flows flow 1 flow 2 flow 3 flow 4 Set of packets that belong together Source/destination IP addresses and port numbers Same protocol, ToS bits, Same input/output interfaces at a router (if known) Packets that are close together in time Max spacing between packets (e.g., 15 sec, 30 sec) Example: flows 2 and 4 are different flows due to time 11

Netflow: Traffic Data Packet header information Src/dst IP, src/dst port numbers, ToS bits, Summary statistics Start and finish times Number of bytes and packets TCP flags (logical OR over all packets) SYN ACK ACK FIN start finish 4 packets 1436 bytes SYN, ACK, & FIN 12

Netflow: Routing Information Routing information Input and output ports Source and destination prefix Source and destination Autonomous System forwarding table Processor BGP table Line card Line card Line card Switching Fabric Line card Line card Line card 13

Netflow: Measuring in Passing source dest input output source prefix source AS intermediate AS dest prefix dest AS Source and destination: IP header Source and dest prefix: forwarding table or BGP table Source and destination AS: BGP table 14

Netflow: Implementation Maintain a cache of active flows Storage of byte/packet counts, timestamps, etc. Compute a key per incoming packet Concatenation of source, destination, port #s, etc. Index into the flow cache based on the key Creation or updating of an entry in the flow cache header key key #bytes, #packets, start, finish packet key #bytes, #packets, start, finish 15

Netflow: Implementation Flow timeout Remove flows that have not received a packet recently Periodic sequencing through the cache to time out flows Cache replacement Remove flow(s) when the flow cache is full Evict existing flow(s) upon creating a new cache entry Apply eviction policy (LRU, random flow, etc.) Long-lived flows Remove flow(s) that persist for a long time (e.g., 30 min) otherwise flow statistics don t become available and the byte and packet counters might overflow 16

Sampled Netflow Packet sampling Perform operations on 1/m packets Reducing overhead Avoid per-packet overhead on (m-1)/m packets Avoid creating records for the many small flows May split some long flows time not sampled timeout two flows 17

Netflow vs. sflow http://blog.sflow.com/2011/10/comparing-sflow-and-netflow-in-vswitch.html Netflow Aggregates (sampled) IP packets into flows (Data-plane overhead of storing flow state) Originally only on Cisco routers sflow Exports packet samples directly Measures layer-two packets (ARP, DHCP) Polls on-switch counters 18

Sketches 19

Streaming Algorithms Processing data streams Input items presented one at a time Each item examined (say) only once Limited resources Processing Memory Approximate answer Based on a summary or sketch of the data Provable space-accuracy trade-off 20

Bloom Filter Set-membership problem Was element x in the input stream? Solution (with false positives) Per-item: compute s hash functions, set bit to1 Query: compute s hashes, check if all bits are 1 x V 0 V m- 1 0 0 0 1 0 0 0 1 0 1 0 1 0 0 0 h 1 (x) h 2 (x) h 3 (x) h s (x) 21

Count Min Sketch Counting problem Count number of occurrences of item x Solution Per-item: compute s hashes, increment counts Query: compute s hashes, select the min value x h 1 (x) h 2 (x) h 3 (x) 19 23 29 30 15 14 27 34 22 18 22 10 30 31 14 22

SDN Measurement OpenFlow 1.0 Rules with byte and packet counters Sending packets to a collector or controller Existing measurement techniques E.g., sflow support What measurement support do we want? 23

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information