Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud Aware Network Management

344 views

Published on

What are key considerations, strategies, technologies and tactics for network management as dependence on the cloud for tools and revenue increases?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cloud Aware Network Management

  1. 1. Cloud-Aware Network Management Alex Henthorn-Iwane VP Marketing KentikTechnologies alex@kentik.com
  2. 2. The Cloud is a Digital Supply Chain • SaaS, PaaS, IaaS are major suppliers for your users • Enterprises are offering more cloud-based services • Mobile apps • E-commerce • Which function and depend on Web APIs • Maps, Search, Ads, etc. • The Internet is the global freight routing system • Must be high performing
  3. 3. Cloud-Aware Net Mgmt:Strategic Considerations • Assures delivery of performance and user experience • Deals with reality of Internet security • Particularly DDoS because it is as much an operational availability issue as a security challenge • Leverages redundancy via multi-homing and CDN infrastructure
  4. 4. Cloud-Aware Net Mgmt:Tactics • Collect detailed traffic flow information • Instrument key nexus servers with performance metrics collection • Utilize advanced analytics • Deploy synthetic testing to understand availability • Limited reliance on traditional deep packet capture techniques, which are cumbersome for cloud networking
  5. 5. Elements of Cloud NetworkManagement • NetFlow, sFlow, IPFIX traffic flow data export • Sampled flows are fine • Passive BGP peering • Cost-effective server-side network instrumentation • Granular, tune-able alerts for anomalies & attacks • Deep analytical visibility • Automated remediation
  6. 6. MonitoringConsiderations • Global visibility • Top-down visibility • Full details for drill-downs • More than just summaries • Not siloed • Integrate with other tools, dashboards, etc. • Data/views easily shared with many functional teams • Supports fully hybrid environments
  7. 7. Alerting Considerations • Network-wide • Scalable with detail • Host-level capable • Dynamic anomaly detection (self-learning what is normal behavior) • Flexible integration with your choice of notification as well as automated remediation • E.g. DDoS scrubbers, load balancers, network orchestration • Alerting & detection needs to be complemented by deep analytics
  8. 8. Reality of NetworkBig Data • Network data is big data • Commonplace to generate hundreds of millions of data records per day • Traditional approaches very limited • Only produced roll-up summaries • Okay for top-level views • Useless for real action • Compute/storage scale means big data analytics are now relevant • Recent announcement by Cisco on Tetration Analytics is major signal • Key is to go past BI and have operational speed
  9. 9. Big Data Challenges for NetworkAnalytics • Ingest speed • Latency to query • Time to query response • Pre-computed cubes • On the fly
  10. 10. Advanced (Big Data) NetworkAnalytics • Need to enable engineers to leverage their technical and institutional knowledge effectively • Ad-hoc queries across massive datasets in a timely manner • Multi-dimensional analytics • Combine and visualize multiple fields • Like a massive pivot table • Complemented by automated analyses that reveal complex relationships • Practically speaking, turning insightful ad-hoc queries into dashboards
  11. 11. Cloud-BasedAnalytics • SaaS network management is now becoming more common • Big data approaches: DIY or SaaS • Very easy to adopt, fast time to value, but not feasible for all
  12. 12. A Case Study: Advanced Analytics of a DDoS Attack
  13. 13. Starting from Top-Level View • Seemingly Normal Variations over Several Days….?
  14. 14. Geo-Based Analytics • Looking at only SRC=CN (China)
  15. 15. A Closer Look • Zooming in time range on Second Spike
  16. 16. Checking AnotherDimension • Number of Unique Source IP Addresses
  17. 17. Where is the Traffic Going? • Flip to: Destination Addresses
  18. 18. PullingBack to Gauge the Situation • Looking at all inbound traffic to the target victim Dest IP
  19. 19. Narrowing in on the Actual Attack • Attack details by protocol
  20. 20. The Finding: Multi-LayerAttack • Multiple simultaneous vectors at hand
  21. 21. The MitigationPlan • Finding the Necessary Details for Setting Filter Policies
  22. 22. Case Example: Summary - Unusual traffic patterns from suspect Geo - Turned out to be DNS Amplification targeting a specific dest IP - But main attack was hiding other attacks/exploits - Data harvested for mitigation - Time required to complete this analysis: 3 minutes!
  23. 23. Closing Thoughts • Cloud isn’t just an external resource, it’s a way of business • Internet traffic should be more top of mind • Summary level views are insufficient and behind the curve • Big data analytics and SaaS network management tools are now WE HAVE MET THE CLOUD AND HE IS US
  24. 24. www.kentik.com Thank You!

×