Access Control List Demo
Upcoming SlideShare
Loading in...5
×
 

Access Control List Demo

on

  • 1,783 views

if u want get information about access control list u can visit my profile

if u want get information about access control list u can visit my profile

Statistics

Views

Total Views
1,783
Slideshare-icon Views on SlideShare
1,780
Embed Views
3

Actions

Likes
0
Downloads
69
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Access Control List Demo Access Control List Demo Presentation Transcript

  • NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT NOVEMBER 2003
  • Overview of NetFlow and Network-Based Application Recognition
    • NetFlow
      • Pioneering IP accounting technology
      • Invented and patented by Cisco
      • IETF export standard
    • Network-Based Application Recognition (NBAR)
      • Intelligent application recognition
      • Analyzes and identifies application traffic in real time
    NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved.
  • NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core
    • Attack mitigation
    • Billing
    • AS Peer monitoring
    • Traffic engineering
    • Network Planning
    NetFlow
    • Application classification
    • Precise Quality of Service (QoS) treatment
    • Application statistics for bandwidth provisioning
      • Top-n views
      • Threshold settings
    • Mapping applications to an SP’s service offering
    NBAR
    • User (IP) monitoring
    • Application monitoring
    • Traffic analysis
    • Attack Mitigation
    • Chargeback Billing
  • NetFlow and NBAR Benefit Footprints Enterprise Backbone Enterprise Premise Edge Service Provider Aggregation Edge Service Provider Core
    • Cisco Catalyst 6500 and 7600 Series
      • FlexWAN, MWAM Planned ASIC
    • Cisco 7500 Series
    • Cisco Catalyst 6500 and 7600 Series
      • FlexWAN, MWAM
      • Planned ASIC
    • Cisco 7100, 7200, and 7500 Series
    • Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series
    • Cisco 10000 and 12000 Series Internet Routers ASIC
    • Cisco Catalyst 5000 and 6500 Series; Cisco 7600 Series ASIC
    • Cisco 7500 Series
    • Cisco Catalyst 5000, 6500 Series HW Acceleration
    • Cisco Catalyst 4500 Series ASIC
    • Cisco 7100, 7200, 7300, 75000 Series
    • Cisco AS5300,AS5400, AS5800 Series
    • Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series
    • Cisco Catalyst 4500, 5000, 6500 Series; Cisco 7600 Series ASIC
    • Cisco 7100, 7200, 7300, 75000 Series
    • Cisco AS5300 and AS5800 Series
    • Cisco MGX8000 Series
    NetFlow
    • Cisco Catalyst 6500 and 7600 Series
      • FlexWAN, MWAM
      • Planned ASIC
    • Cisco 7100, 7200, and 7500 Series
    • Cisco Catalyst 6500 and 7600 Series
      • MSFC
      • Planned ASIC
    NBAR
    • Cisco Catalyst 4500, 5000, 6500, 7600 Series ASIC
  • NetFlow and NBAR: Main Objectives and Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Cisco Internal Use Only Persistent Network Usage Record Traffic & routing information analysis IP accounting and Billing Technology Which users utilize the network What types of traffic When is the network utilized Where does the traffic go NetFlow Flow Characterization Network Usage Capacity Planning, Traffic Engineering, Peering Data Export Optimize application performance via QoS NBAR Main Benefit Main Objective Validation or reclassification of ToS marking based on packet inspection Identify & classify traffic based on payload attributes & protocol characteristics
  • NetFlow and NBAR: Additional Objectives and Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Cisco Internal Use Only IETF IPFIX WG Standard and NetFlow v.9 flexible extensible format Optimized Edge Routing (OER) Permanent Record of network activity Capacity Planning and Traffic Engineering DDOS & Worm Detection NetFlow Flow Characterization Network Usage Billing Capacity, Traffic Eng, Peering Data Export NBAR Side Benefits Main Objective Application statistics for bandwidth provisioning Detection & dropping/limiting of undesired traffic – peer-to-peer file sharing, worms, … Identify & classify traffic based on payload attributes & protocol characteristics
  • Uniqueness and Strengths of NetFlow and NBAR NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. New New New
    • IPv6, MPLS, Multicast, BGP NH technology integration
    • Billing, Capacity Planning, Traffic Engineering
    • Internet Access Monitoring: Peering & Traffic
    • IETF Standard for Data Sampling and Export
    • Security DDOS Monitoring Tool
    • Flow timers, timing of network traffic types
    • Who what where when in the network
    • Large NMS partner community & open source tools
    NetFlow
    • Deep & Stateful Packet Inspection
    • Protocol Discovery with application statistics
    • Enables precise classification & QoS treatment
    • Pre-defined protocol & application recognition
    • User-Defined Custom Application Classification
    • New application signatures w/o software upgrade
    • Integration with IP Services (QoS, NAT, Firewall, IDS)
    NBAR
  • NetFlow and NBAR Differentiation NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved. Interface Source IP Address IP Header TCP/UDP Header Source Port Data Packet Destination Port Protocol Link Layer Header Deep Packet (Payload) Inspection TOS NetFlow NBAR NetFlow and NBAR both leverage Layer 3 and 4 Header Information Destination IP Address
    • NetFlow
    • Monitors data in Layers 2 thru 4
    • Determines applications by port
    • Utilizes a 7-tuple for flow
    • NBAR
    • Examines data from Layers 3 through 7
    • Uses Layers 3 & 4 plus packet inspection for classification
    • Stateful inspection of dynamic-port traffic
  • NetFlow and NBAR useful for Security NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved.
    • Signature-based detection
    • Not historically a main focus for NBAR
      • Real-time loadable PDLMs could provide rapid-update mechanism for new signatures
      • Not staffed to react against malicious applications
    • NBAR can detect worms based on payload signatures
      • Nimbda
      • Code Red
      • Slammer
    • Cisco PSIRT provided customers with NBAR solution to combat Code Red & Nimbda
    • NetFlow Mitigates Attacks
      • Identify the attack
        • Count the Flows
        • Inactive flows signal a worm attack
      • Classify the attack
        • Small size flows to same destination
        • What is being attacked and origination of attack
    • NetFlow Security partners Arbor Networks and Mazu, Adlex
    • Cisco IT prevented SQL slammer at Cisco by watching flows per port
    Flow information is useful against attacks
  • Summary of Benefits NetFlow and NBAR, November 2003 © 2003 Cisco Systems, Inc. All rights reserved.
    • Deep & Stateful Packet Inspection
      • Protocol & Application Discovery
        • Standard protocols
        • Corporate applications (Citrix, ...)
        • Undesired traffic (peer-to-peer, worms, …)
    • Real-time PDLM Signature Update
    NBAR
    • Internet Access Monitoring
      • Protocol distribution
      • Where traffic is going/ coming
    • User Monitoring
    • Application Monitoring
    • Accounting and Billing
    • DDOS Monitoring
    • Peering Arrangements
    • Network Planning
    • Traffic Engineering
    NetFlow
  • © 2003 Cisco Systems, Inc. All rights reserved. NetFlow and NBAR, November 2003