Passively Detecting Remote Connectivity Issues Using Flow Accounting. 2nd EMANICS Workshop on Netflow/IPFIX usage in network management



Similar documents
Extracting Performance Metrics from NetFlow in Enterprise Networks

pmacct: introducing BGP natively into a NetFlow/sFlow collector

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

The Value of Flow Data for Peering Decisions

Traffic & Peering Analysis

NetFlow/IPFIX Various Thoughts

NetFlow Tracker Overview. Mike McGrath x ccie CTO mike@crannog-software.com

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

BGP FORGOTTEN BUT USEFUL FEATURES. Piotr Wojciechowski (CCIE #25543)

BGP route monitoring. Mar, 25, 2008 Matsuzaki maz Yoshinobu

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

NetFlow & BGP multi-path: quo vadis?

Flow Analysis Versus Packet Analysis. What Should You Choose?

Anomaly Detection in Backbone Networks: Building A Security Service Upon An Innovative Tool

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it

BGP Convergence in much less than a second Clarence Filsfils - cf@cisco.com

How to Configure BGP Tech Note

BGP (Border Gateway Protocol)

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Outline. Outline. Outline

Cisco IOS Flexible NetFlow Technology

Interdomain Routing. Outline

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

EE627 Lecture 22. Multihoming Route Control Devices

Exterior Gateway Protocols (BGP)

NetFlow & BGP multi-path: quo vadis?

Inter-domain Routing. Outline. Border Gateway Protocol

Network Measurement. Why Measure the Network? Types of Measurement. Traffic Measurement. Packet Monitoring. Monitoring a LAN Link. ScienLfic discovery

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Network Configuration Settings

APNIC elearning: BGP Basics. Contact: erou03_v1.0

Open Source in Network Administration: the ntop Project

MikroTik RouterOS Workshop Load Balancing Best Practice. Warsaw MUM Europe 2012

TCP/IP Basis. OSI Model

F5 Silverline DDoS Protection Onboarding: Technical Note

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Anycast Rou,ng: Local Delivery. Tom Daly, CTO h<p://dyn.com Up,me is the Bo<om Line

Policy Based Forwarding

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Basic Network Configuration

Detecting BGP hijacks in 2014

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Internet Privacy Options

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

LOAD BALANCING WHITE PAPER OPTIONS FOR HANDLING MULTIPLE ISP LINES AT HOTELS

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

Based on Computer Networking, 4 th Edition by Kurose and Ross

An Architecture View of Softbank

Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently.

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

Approaches for DDoS an ISP Perspective.

pmacct: introducing BGP na2vely into a NetFlow/sFlow collector

Quick Scan Features Setup Guide

Network provider filter lab

Firewalls P+S Linux Router & Firewall 2013

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Secure Web Appliance. Reverse Proxy

Flow processing and the rise of the middle.

TRUFFLE Broadband Bonding Network Appliance. A Frequently Asked Question on. Link Bonding vs. Load Balancing

Network Level Multihoming and BGP Challenges

6.0. Getting Started Guide

Network Monitoring and Management NetFlow Overview

GLOBAL SERVER LOAD BALANCING WITH SERVERIRON

E : Internet Routing

ExamPDF. Higher Quality,Better service!

Routing in Small Networks. Internet Routing Overview. Agenda. Routing in Large Networks

nfdump and NfSen 18 th Annual FIRST Conference June 25-30, 2006 Baltimore Peter Haag 2006 SWITCH

FAQ: BroadLink Multi-homing Load Balancers

Polycom. RealPresence Ready Firewall Traversal Tips

Chapter 7 Configuring Trunk Groups and Dynamic Link Aggregation

TELE9752 Network Operations and Control Week 10p: Performance

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers

NetFlow v9 Export Format

configure WAN load balancing

Networking and High Availability

Boosting Capacity Utilization in MPLS Networks using Load-Sharing MPLS JAPAN Sanjay Khanna Foundry Networks

Lecture 18: Border Gateway Protocol"

Intelligent Routing Platform White Paper

Outline. EE 122: Interdomain Routing Protocol (BGP) BGP Routing. Internet is more complicated... Ion Stoica TAs: Junda Liu, DK Moon, David Zats

LAB II: Securing The Data Path and Routing Infrastructure

Inside Dropbox: Understanding Personal Cloud Storage Services

Data Analysis Load Balancer

The Internet. Internet Technologies and Applications

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

Mail Server Scenarios and Configurations

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Transcription:

Passively Detecting Remote Connectivity Issues Using Flow Accounting 2nd EMANICS Workshop on Netflow/IPFIX usage in network management 08.10.2009 Jacobs University Bremen, Germany Tim Kleefass, Simon Leinen Jochen Kögel, Dominik Schatzmann SWITCH, University of Stuttgart, ETH Zurich 1 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Overview 1 Motivation 2 to detect remote connectivity issues 3 with selected events 4 Conclusion and Outlook 2 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Introduction Basic idea Introduction We want to find: Remote connectivity issue A network outage outside the own network Caused by BGP depeering/hardware/software/... failures Network operator wants to know that before his customers call Examples: YouTube vs. Pakistan (2008) Pakistan Telecom hijacked a /24 prefix All traffic to YouTube was lost Level(3) Cogent depeering (2005) Depeering of two Tier-1 ISPs Single homed customer were not reachable 3 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Introduction Basic idea Basic idea Network properties SWITCHlan: Swiss research and educational network Partial and hot potato routing Default route to (two) global transit ISPs Looking at BGP routing table is not enough Unsampled NetFlow export at border routers Basis for our approach Basic idea In case of remote connectivity issue: False positives A lot of forward flows, but no reverse flows E.g., failed TCP connection setup Scanning (port scans, Skype,...) Shut down services, stale DNS records,... 4 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Definitions Connectivity Matrix Definitions Our interest: Can our users reach the entire Internet? Forward flow ( request ) Leaving the own network to well known services/ports Reverse flow ( answers ) Corresponding to forward flows, with inverse key Balanced flow If there is a reverse flow to a forward flow (within t) Balance of a /24 prefix pair (binary) { balanced if there is at least one balanced flow (src, dst) is unbalanced else 5 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Definitions Connectivity Matrix Connectivity Matrix Collecting connectivity information between prefix pairs Fill and clear connectivity matrix every 5 minutes Measure of Balance Sum of prefix pairs per destination /24 prefix 6 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

( YouTube vs. Pakistan, HTTP traffic) High number of unbalanced prefix pairs 7 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Sensitivity during YouTube vs. Pakistan event Parameter s for sensitivity setting: number of source prefixes 8 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Sensitivity during another single /24 outage 2 destination prefixes with 20 unbalanced source prefixes 9 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

ing destination prefixes: Example An adserver which was shut down, but people still try to use it 10 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Sensitivity during Level(3)-Cogent depeering (DNS traffic) Only one border router, only Cogent single homed users! 11 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Towards a tool for network administrators Present a list of /24 prefixes with issues (e.g., on a website) Display last/changes in BGP path (e.g., route views project) Tier-1 outage could be seen fast Link to BGP play and other useful tools Link to blacklist IP addresses/prefixes/... Network administrator can blacklist known issues or false positives Network administrator has to decide about each issue 12 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

Conclusion and Outlook Summary Method to find remote connectivity issues Passive approach using unsampled NetFlow from border routers Method based on aggregated prefixes Resistant against scanning Efficient processing and real-time capable Also works with IPv6 Outlook Better display for Tier-1/ISP failures Live-display Integrate in pmacct (from Paolo Lucente)? 13 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

The end. Thanks for your attention! Questions? Tim Kleefass SWITCH/University of Stuttgart Simon Leinen SWITCH Jochen Kögel IKR, University of Stuttgart Dominik Schatzmann CSG, ETH Zurich 14 Kleefass, Leinen, Kögel, Schatzmann Passively Detecting Remote Connectivity Issues

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information