0
NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT NOVEMBER 2003
Overview of NetFlow and  Network-Based Application Recognition <ul><li>NetFlow </li></ul><ul><ul><li>Pioneering IP account...
NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service ...
NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service ...
NetFlow and NBAR: Main Objectives and Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reser...
NetFlow and NBAR:  Additional Objectives and Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All right...
Uniqueness and Strengths  of NetFlow and NBAR  NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reser...
NetFlow and NBAR Differentiation NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Interface...
NetFlow and NBAR useful for Security  NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. <ul>...
Summary of Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. <ul><li>Deep & Statefu...
© 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR, November 2003
Upcoming SlideShare
Loading in...5
×

Access Control List Demo

1,288

Published on

if u want get information about access control list u can visit my profile

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,288
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
74
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Transcript of "Access Control List Demo"

    1. 1. NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT NOVEMBER 2003
    2. 2. Overview of NetFlow and Network-Based Application Recognition <ul><li>NetFlow </li></ul><ul><ul><li>Pioneering IP accounting technology </li></ul></ul><ul><ul><li>Invented and patented by Cisco </li></ul></ul><ul><ul><li>IETF export standard </li></ul></ul><ul><li>Network-Based Application Recognition (NBAR) </li></ul><ul><ul><li>Intelligent application recognition </li></ul></ul><ul><ul><li>Analyzes and identifies application traffic in real time </li></ul></ul>NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved.
    3. 3. NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core <ul><li>Attack mitigation </li></ul><ul><li>Billing </li></ul><ul><li>AS Peer monitoring </li></ul><ul><li>Traffic engineering </li></ul><ul><li>Network Planning </li></ul>NetFlow <ul><li>Application classification </li></ul><ul><li>Precise Quality of Service (QoS) treatment </li></ul><ul><li>Application statistics for bandwidth provisioning </li></ul><ul><ul><li>Top-n views </li></ul></ul><ul><ul><li>Threshold settings </li></ul></ul><ul><li>Mapping applications to an SP’s service offering </li></ul>NBAR <ul><li>User (IP) monitoring </li></ul><ul><li>Application monitoring </li></ul><ul><li>Traffic analysis </li></ul><ul><li>Attack Mitigation </li></ul><ul><li>Chargeback Billing </li></ul>
    4. 4. NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core <ul><li>Cisco Catalyst 6500 and 7600 Series </li></ul><ul><ul><li>FlexWAN, MWAM Planned ASIC </li></ul></ul><ul><li>Cisco 7500 Series </li></ul><ul><li>Cisco Catalyst 6500 and 7600 Series </li></ul><ul><ul><li>FlexWAN, MWAM </li></ul></ul><ul><ul><li>Planned ASIC </li></ul></ul><ul><li>Cisco 7100, 7200, and 7500 Series </li></ul><ul><li>Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series </li></ul><ul><li>Cisco 10000 and 12000 Series Internet Routers ASIC </li></ul><ul><li>Cisco Catalyst 5000 and 6500 Series; Cisco 7600 Series ASIC </li></ul><ul><li>Cisco 7500 Series </li></ul><ul><li>Cisco Catalyst 5000, 6500 Series HW Acceleration </li></ul><ul><li>Cisco Catalyst 4500 Series ASIC </li></ul><ul><li>Cisco 7100, 7200, 7300, 75000 Series </li></ul><ul><li>Cisco AS5300,AS5400, AS5800 Series </li></ul><ul><li>Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series </li></ul><ul><li>Cisco Catalyst 4500, 5000, 6500 Series; Cisco 7600 Series ASIC </li></ul><ul><li>Cisco 7100, 7200, 7300, 75000 Series </li></ul><ul><li>Cisco AS5300 and AS5800 Series </li></ul><ul><li>Cisco MGX8000 Series </li></ul>NetFlow <ul><li>Cisco Catalyst 6500 and 7600 Series </li></ul><ul><ul><li>FlexWAN, MWAM </li></ul></ul><ul><ul><li>Planned ASIC </li></ul></ul><ul><li>Cisco 7100, 7200, and 7500 Series </li></ul><ul><li>Cisco Catalyst 6500 and 7600 Series </li></ul><ul><ul><li>MSFC </li></ul></ul><ul><ul><li>Planned ASIC </li></ul></ul>NBAR <ul><li>Cisco Catalyst 4500, 5000, 6500, 7600 Series ASIC </li></ul>
    5. 5. NetFlow and NBAR: Main Objectives and Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Cisco Internal Use Only Persistent Network Usage Record Traffic & routing information analysis IP accounting and Billing Technology Which users utilize the network What types of traffic When is the network utilized Where does the traffic go NetFlow Flow Characterization Network Usage Capacity Planning, Traffic Engineering, Peering Data Export Optimize application performance via QoS NBAR Main Benefit Main Objective Validation or reclassification of ToS marking based on packet inspection Identify & classify traffic based on payload attributes & protocol characteristics
    6. 6. NetFlow and NBAR: Additional Objectives and Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Cisco Internal Use Only IETF IPFIX WG Standard and NetFlow v.9 flexible extensible format Optimized Edge Routing (OER) Permanent Record of network activity Capacity Planning and Traffic Engineering DDOS & Worm Detection NetFlow Flow Characterization Network Usage Billing Capacity, Traffic Eng, Peering Data Export NBAR Side Benefits Main Objective Application statistics for bandwidth provisioning Detection & dropping/limiting of undesired traffic – peer-to-peer file sharing, worms, … Identify & classify traffic based on payload attributes & protocol characteristics
    7. 7. Uniqueness and Strengths of NetFlow and NBAR NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. New New New <ul><li>IPv6, MPLS, Multicast, BGP NH technology integration </li></ul><ul><li>Billing, Capacity Planning, Traffic Engineering </li></ul><ul><li>Internet Access Monitoring: Peering & Traffic </li></ul><ul><li>IETF Standard for Data Sampling and Export </li></ul><ul><li>Security DDOS Monitoring Tool </li></ul><ul><li>Flow timers, timing of network traffic types </li></ul><ul><li>Who what where when in the network </li></ul><ul><li>Large NMS partner community & open source tools </li></ul>NetFlow <ul><li>Deep & Stateful Packet Inspection </li></ul><ul><li>Protocol Discovery with application statistics </li></ul><ul><li>Enables precise classification & QoS treatment </li></ul><ul><li>Pre-defined protocol & application recognition </li></ul><ul><li>User-Defined Custom Application Classification </li></ul><ul><li>New application signatures w/o software upgrade </li></ul><ul><li>Integration with IP Services (QoS, NAT, Firewall, IDS) </li></ul>NBAR
    8. 8. NetFlow and NBAR Differentiation NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Interface Source IP Address IP Header TCP/UDP Header Source Port Data Packet Destination Port Protocol Link Layer Header Deep Packet (Payload) Inspection TOS NetFlow NBAR NetFlow and NBAR both leverage Layer 3 and 4 Header Information Destination IP Address <ul><li>NetFlow </li></ul><ul><li>Monitors data in Layers 2 thru 4 </li></ul><ul><li>Determines applications by port </li></ul><ul><li>Utilizes a 7-tuple for flow </li></ul><ul><li>NBAR </li></ul><ul><li>Examines data from Layers 3 through 7 </li></ul><ul><li>Uses Layers 3 & 4 plus packet inspection for classification </li></ul><ul><li>Stateful inspection of dynamic-port traffic </li></ul>
    9. 9. NetFlow and NBAR useful for Security NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. <ul><li>Signature-based detection </li></ul><ul><li>Not historically a main focus for NBAR </li></ul><ul><ul><li>Real-time loadable PDLMs could provide rapid-update mechanism for new signatures </li></ul></ul><ul><ul><li>Not staffed to react against malicious applications </li></ul></ul><ul><li>NBAR can detect worms based on payload signatures </li></ul><ul><ul><li>Nimbda </li></ul></ul><ul><ul><li>Code Red </li></ul></ul><ul><ul><li>Slammer </li></ul></ul><ul><li>Cisco PSIRT provided customers with NBAR solution to combat Code Red & Nimbda </li></ul><ul><li>NetFlow Mitigates Attacks </li></ul><ul><ul><li>Identify the attack </li></ul></ul><ul><ul><ul><li>Count the Flows </li></ul></ul></ul><ul><ul><ul><li>Inactive flows signal a worm attack </li></ul></ul></ul><ul><ul><li>Classify the attack </li></ul></ul><ul><ul><ul><li>Small size flows to same destination </li></ul></ul></ul><ul><ul><ul><li>What is being attacked and origination of attack </li></ul></ul></ul><ul><li>NetFlow Security partners Arbor Networks and Mazu, Adlex </li></ul><ul><li>Cisco IT prevented SQL slammer at Cisco by watching flows per port </li></ul>Flow information is useful against attacks
    10. 10. Summary of Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. <ul><li>Deep & Stateful Packet Inspection </li></ul><ul><ul><li>Protocol & Application Discovery </li></ul></ul><ul><ul><ul><li>Standard protocols </li></ul></ul></ul><ul><ul><ul><li>Corporate applications (Citrix, ...) </li></ul></ul></ul><ul><ul><ul><li>Undesired traffic (peer-to-peer, worms, …) </li></ul></ul></ul><ul><li>Real-time PDLM Signature Update </li></ul>NBAR <ul><li>Internet Access Monitoring </li></ul><ul><ul><li>Protocol distribution </li></ul></ul><ul><ul><li>Where traffic is going/ coming </li></ul></ul><ul><li>User Monitoring </li></ul><ul><li>Application Monitoring </li></ul><ul><li>Accounting and Billing </li></ul><ul><li>DDOS Monitoring </li></ul><ul><li>Peering Arrangements </li></ul><ul><li>Network Planning </li></ul><ul><li>Traffic Engineering </li></ul>NetFlow
    11. 11. © 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR, November 2003
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×