Slideshare.net (beta)

Home My Slidespace Upload Community Tags Widgets

Latest | Most Viewed | Most Embedded | Featured | Most Favorited | Most Downloaded | Slidecasts

 
Post: 
Myspace Hi5 Friendster Xanga LiveJournal Facebook Blogger Tagged Typepad Freewebs BlackPlanet gigya icons

All comments

Add a comment on Slide 1

If you have a SlideShare account, login to comment; else you can comment as a guest


Showing 1-50 of 0 (more)

Access Control List Demo

From ricky_nayyar, 3 months ago

if u want get information about access control list u can visit my more

52 views  |  0 comments  |  0 favorites  |  6 downloads
 

Tags

ccna topic

 
 

Groups / Events

 

 
Embed
options

More Info

This slideshow is Public
Total Views: 52
on Slideshare: 52
from embeds: 0

Slideshow transcript

Slide 1: NETFLOW & NETWORK-BASED APPLICATION RECOGNITION ITD PRODUCT MANAGEMENT NOVEMBER 2003 NetFlow and NBAR, November 2003 1 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 2: Overview of NetFlow and Network-Based Application Recognition • NetFlow Pioneering IP accounting technology Invented and patented by Cisco IETF export standard • Network-Based Application Recognition (NBAR) Intelligent application recognition Analyzes and identifies application traffic in real time NetFlow and NBAR, November 2003 2 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 3: NetFlow and NBAR Benefit Footprints Enterprise Enterprise Service Provider Core Service Provider Backbone Premise Edge Aggregation Edge NetFlow • • User (IP) monitoring Attack mitigation • Application monitoring • Billing • Traffic analysis • AS Peer monitoring • • Attack Mitigation Traffic engineering • Chargeback Billing • Network Planning NBAR • Application classification • Precise Quality of Service (QoS) treatment • Application statistics for bandwidth provisioning Top-n views Threshold settings • Mapping applications to an SP’s service offering NetFlow and NBAR, November 2003 3 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 4: NetFlow and NBAR Benefit Footprints Enterprise Enterprise Service Provider Core Service Provider Backbone Premise Edge Aggregation Edge NetFlow • Cisco Catalyst • Cisco Catalyst 5000, 6500 Series • Cisco Catalyst 4500, • Cisco 10000 and 12000 4500, 5000, HW Acceleration 5000, 6500 Series; Cisco Series Internet Routers 6500, 7600 7600 Series ASIC ASIC • Cisco Catalyst 4500 Series ASIC Series ASIC • Cisco 7100, 7200, 7300, • Cisco Catalyst 5000 and • Cisco 7100, 7200, 7300, 75000 75000 Series 6500 Series; Cisco 7600 Series Series ASIC • Cisco AS5300 and • Cisco AS5300,AS5400, AS5800 • Cisco 7500 Series AS5800 Series Series • Cisco MGX8000 Series • Cisco 830, 1400, 1700, 2600, 3600, and 3700 Series NBAR • Cisco • Cisco Catalyst 6500 and 7600 • Cisco Catalyst 6500 and Cisco Catalyst 6500 and 7600 Series Catalyst 6500 Series 7600 Series FlexWAN, MWAM and 7600 FlexWAN, MWAM FlexWAN, MWAM Planned ASIC Series Planned ASIC Planned ASIC • Cisco 7500 Series MSFC • Cisco 7100, 7200, and 7500 Series • Cisco 7100, 7200, and Planned 7500 Series • Cisco 830, 1400, 1700, 2600, 3600, ASIC and 3700 Series NetFlow and NBAR, November 2003 4 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 5: NetFlow and NBAR: Main Objectives and Benefits Main Objective Main Benefit NetFlow Flow Characterization Which users utilize the network What types of traffic When is the network utilized Where does the traffic go Network Usage IP accounting and Billing Technology Capacity Planning, Traffic Engineering, Traffic & routing information analysis Peering Data Export Persistent Network Usage Record NBAR Identify & classify traffic based on payload Optimize application performance via QoS attributes & protocol characteristics Validation or reclassification of ToS marking based on packet inspection Cisco Internal Use Only NetFlow and NBAR, November 2003 5 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 6: NetFlow and NBAR: Additional Objectives and Benefits Main Objective Side Benefits NetFlow Flow Characterization DDOS & Worm Detection Network Usage Capacity Planning and Traffic Engineering Billing Permanent Record of network activity Capacity, Traffic Eng, Peering Optimized Edge Routing (OER) Data Export IETF IPFIX WG Standard and NetFlow v.9 flexible extensible format NBAR Detection & dropping/limiting of undesired Identify & classify traffic based on payload traffic – peer-to-peer file sharing, worms, … attributes & protocol characteristics Application statistics for bandwidth provisioning Cisco Internal Use Only NetFlow and NBAR, November 2003 6 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 7: Uniqueness and Strengths of NetFlow and NBAR NBAR NetFlow • IPv6, MPLS, Multicast, BGP NH • Deep & Stateful Packet Inspection technology integration • Protocol Discovery with • Billing, Capacity Planning, application statistics Traffic Engineering • Enables precise classification • Internet Access Monitoring: Peering & & QoS treatment Traffic • Pre-defined protocol & application • IETF Standard for Data Sampling and recognition Export New • User-Defined Custom Application • Security DDOS Monitoring Tool Classification New • Flow timers, timing of network traffic • New application signatures w/o types software upgrade • Who what where when in the network • Integration with IP Services • Large NMS partner community (QoS, NAT, Firewall, IDS) New & open source tools NetFlow and NBAR, November 2003 7 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 8: NetFlow and NBAR Differentiation Link Layer Interface Header NetFlow and NBAR both NetFlow TOS leverage Layer 3 and 4 Protocol Header Information IP Source Header IP Address NetFlow Destination • Monitors data in Layers 2 thru 4 IP Address • Determines applications by port Source • Utilizes a 7-tuple for flow TCP/UDP Port Header Destination NBAR Port • Examines data from Layers 3 through 7 • Uses Layers 3 & 4 plus packet inspection for classification Deep Packet Data • Stateful inspection of dynamic- NBAR (Payload) Packet port traffic Inspection NetFlow and NBAR, November 2003 8 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 9: NetFlow and NBAR useful for Security Flow information is useful against attacks • Signature-based detection • NetFlow Mitigates Attacks • Not historically a main focus Identify the attack for NBAR Count the Flows Real-time loadable PDLMs could Inactive flows signal a worm provide rapid-update mechanism for attack new signatures Classify the attack Not staffed to react against malicious applications Small size flows to same destination • NBAR can detect worms based on payload signatures What is being attacked and origination of attack Nimbda • NetFlow Security partners Arbor Code Red Networks and Mazu, Adlex Slammer • Cisco IT prevented SQL slammer at • Cisco PSIRT provided customers with Cisco by watching flows NBAR solution to combat Code Red per port & Nimbda NetFlow and NBAR, November 2003 9 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 10: Summary of Benefits NetFlow NBAR • Internet Access Monitoring Protocol distribution • Deep & Stateful Packet Inspection Where traffic is going/ coming Protocol & Application Discovery • User Monitoring Standard protocols • Application Monitoring Corporate applications (Citrix, ...) • Accounting and Billing Undesired traffic • DDOS Monitoring (peer-to-peer, worms, …) • Real-time PDLM Signature • Peering Arrangements Update • Network Planning • Traffic Engineering NetFlow and NBAR, November 2003 10 © 2003 Cisco Systems, Inc. All rights reserved.

Slide 11: NetFlow and NBAR, November 2003 11 © 2003 Cisco Systems, Inc. All rights reserved.

© 2008 SlideShare Inc. All Rights Reserved.
App08 is serving you.