SlideShare a Scribd company logo

Traffic analysis for Planning, Peering and Security by Julie Liu

MyNOG
MyNOG

This document discusses how xFlow technology can provide value to internet service providers (xSPs) through traffic visibility, peering analysis, and infrastructure security. It describes how xFlow data collection and analysis can generate traffic matrices for capacity planning, peering analysis, and anomaly detection. The document also explains how flow-based learning and detection techniques can identify infrastructure security threats like DDoS attacks. Finally, it discusses how cloud-based mitigation techniques like RTBH, BGP FlowSpec, and out-of-path traffic cleaning can divert anomalous traffic to protect networks and services.

1 of 29
Download to read offline
Traffic Analysis for Peering, and Security Utilizing xFlow Technologies August 2014 Julie Liu
Agenda  What is xFlow Technology?  What values can xFlow propose to xSPs?  Traffic Visibility for Peering Analysis  Infrastructure Security
What is xFlow Technology? (A quick foreword, in case you are not familiar with it…)  Definition of a Flow  A unidirectional set of packets that arrive at a router on the same interface, have the same source/destination IP addresses, Layer 4 protocol, TCP/UDP source/destination ports, and the same ToS byte in the IP headers  A technology to gather information on forwarded packets  In router/switch caches  And exported to collectors Client Server Request Response TWO flows for ONE TCP connection Client ServerContent ONE flow for ONE UDP Stream Flow Cache Table • Active Timeout • Inactive timeout
How xFlow Can Benefit xSPs? Traffic Matrix Visibility Security Protection Capacity Planning xFlow Collection & Analysis Traffic Engineer- ing Peering Analysis Anomaly Detection In-cloud Mitigation
TRAFFIC MATRIX VISIBILITY Traffic Matrix Visibility Security Protection Capacity Planning xFlow Collection & Analysis Traffic Engineer- ing Peering Analysis Anomaly Detection In-cloud Mitigation
Why Traffic Matrix Visibility?  Traffic Matrix Visibility  The amount of data transmitted between every pair of network "instances" (router-level, Pop-level, network-level)  Provide end-to-end, network-wide traffic visibility, in contrast to the individual link load stats  Traffic Matrix Visibility for what purposes?  Capacity planning (build capacity where needed)  Traffic engineering (steer traffic where capacity is available)  Peering Analysis (support peering decisions, TE at the border)  Better understand traffic patterns (what is normal or abnormal)
Challenges of xFlow Only Flow duplicates  Collect from where?  Usually multiple Flow measurement sources in a data path  However, if collecting from multiple xFlow sources in a data path, will duplicate the Flow data results for counting traffic toward a network instance  Network topology data is needed! Count once on the network boundary of the instance to be monitored
Challenges of xFlow Only From point into path measurements  xFlow only  Can tell you where traffic is going now  Some simple information about origin-AS or peer-AS  Not only peer or origin, the transit ASes also matter!  Embed a BGP (passive) peer on the Flow Collector to correlate Flow data with all the BGP attributes (path, communities, etc.)  Use of full AS Path information to determine where traffic is going and coming from and how existing transit/peer is used  BGP carries the topology (i.e. path) information helps extend local measure view to completely across the Internet
Peering Analysis What is Peering? (Just a quick reminder…)  What is Peering?  The Internet is a collection of many individual networks (ASes), who interconnect with each other under the common framework of ensuring global reachability between any two points  There are 3 primary positions for this interconnection:  Transit Provider – Typically someone you pay money to, who has the responsibility of routing your packets to/from the entire Internet  Transit Customer – Typically someone who pays you money, with the expectation that you will route their packets to/from the entire Internet  Peer – Two networks who get together and agree to exchange traffic between each others’ networks, typically for free
Peering Analysis Peering and its benefits…  One major benefit of Peering  Reduced operating costs  Peering traffic is “free”. If you no longer pay a transit provider to deliver some portion of your traffic, it reduces your transit bills Provider A Provider B Provider C Customer Customer Customer Customer Customer Customer Multi-homed Customer Peering Transit
Peering Analysis Why traffic visibility for Peering?  To decide if you should peer with a new network  To convince other networks to peer with you  To manage traffic engineering to other networks  To defend your network against depeering actions  To make intelligent transit purchasing decisions
Peering Analysis Peering traffic requirements  Traffic Volume  A peer may be required to exchange a certain minimum amount of traffic to be considered  Traffic Ratios  Inbound vs. outbound traffic ratio  Traffic is “hot potato” routed (i.e. get it off your network ASAP)  Push traffic coming from Network A gets hauled primarily by Network B, and vice versa  If the ratio is 1:1, both peers share backhaul costs equally  Others: PoP requirements, interconnect locations, routing stability, operations requirements, business concerns…
Peering Analysis Peering evaluation questions " A Business Case for Peering," William B. Norton Does the AS send me about as much traffic as I send to it? How much of the traffic originates from the potential peer? Does the volume of traffic justify a direct peering effort? How much traffic is transited through the potential peer? AS101 AS100 AS21 ASC AS23 AS4 AS1 AS2 AS3 Home Internet Peer AS Origin AS Transit AS
Peering Analysis Route-flow fusion analysis answers this… " A Business Case for Peering," William B. Norton Source-sink/transit traffic distribution TopN ASNs sourcing-sinking/transiting traffic with me1 In/Out traffic ratio2 3
Peering Analysis Peering cost analysis  In theory, peering is “free” right?  The fact is that the overhead associated with peering can be higher than transit costs (if the peered traffic is not huge enough)  How much does it save/ cost? Which transit provider(s)? How much transit traffic can be offloaded? US$ Internet Transit Price Transit A $1.6 per Mbps Transit B $1.8 per Mbps Transit C $1.2 per Mbps AS101 AS100 AS21Peer Candidate AS23 AS4 Transit A Transit B Transit C Home Internet
SECURITY PROTECTION Traffic Matrix Visibility Security Protection Capacity Planning xFlow Collection & Analysis Traffic Engineer- ing Peering Analysis Anomaly Detection In-cloud Mitigation
Infrastructure Security Threats DDoS attacks DDoS attack traffic consumes SP network capacity DDoS attack traffic saturates in-line security devices DDoS attacks launched from compromised systems (bots) DDoS attack traffic targets applications and services Internet Service Provider Network Enterprise or IDC Bots Victim Why traditional in-line security solution fails preventing infrastructure security threats? Volumetric attacks must be removed from the cloud Tradition security products are easy targets of it (stateful in-line solution) Deployment costs Single point of failure and latency Anomaly traffic Normal traffic
Infrastructure Security A Flow-based solution  Flow-based solution building blocks Flow-based Learning Flow-based Detection Cloud-based Mitigation •Network-wide: Collects xFlow data from various router locations and correlates the data into a comprehensive network model •Dynamic Behaviour Analysis: During peace time, the system creates a network-wide view of the traffic patterns and learns thresholds for representing 'what is 'normal' •Detection Engines: compare the collected real-time Flow data and thresholds •Once significant threshold violations identified, the system sends alarms and enable cloud-based mitigation actions •Cloud-based mitigation action options: - Remote Triggered Black Hole (RTBH) - BGP FlowSpec -OOP Traffic Cleaning
Flow-based Learning & Detection The idea  Flow-based Network Behavior Anomaly Detection (NBAD)  DOES:  Analyze Flows data (IP header info, byte/pkt count) from routers  Detect anomalies by observing network traffic behaviors – knowing what is normal, and hence identify abnormal when it happens  DOESN'T:  Analyze L7, packet contents from raw packets  Detect anomalies by matching content signatures – knowing what is bad, and then catch the bad from the good  First-line protection for the network infrastructure  Trading DPI precision off for carrier-grade scalability and performance
Flow-based Learning & Detection Network behavior analysis examples What's Normal? What can be Abnormal? Example A server accepts requests from clients Over 5,000 SYN requests per second and lasts over 3 minutes TCP SYN Flooding A client connects to few destination hosts / ports Over 100 connection requests per second to destination hosts / ports Port Scan / IP Scan Various packet sizes Fixed packet size (e.g. UDP/1434, packet size = 404) SQL Slammer The source address ≠ the destination address The source address is the same as the destination address LAND Attack The traffic rate for this network scope is usually around 150M bps Over 180M bps traffic rate appears in this network scope Zero-day attack (generic traffic floods)
Flow-based Learning & Detection The mechanisms  Flow-based NBADMechanism Type Detection Engine Examples Fingerprint-based Protocol anomaly TCP Flag Null, IP Fragment, IP Protocol Null, Land Attack, Ping of death, TCP XMAS attack… Flood attack ICMP Flooding, UDP Flooding, TCP SYN Flooding, TCP RST Flooding, TCP ACK Flooding… Specific behaviour attack IP Scan, Port Scan, DNS Flooding, e-Mail Spam, Trojan Heloag, MS Blaster, Sasser, Code Red, SQL Slammer… Baseline Heuristic Baseline deviation Zero-day attacks (generic traffic floods) 1-Jul 11-Jul 21-Jul 31-Jul TrafficLevel Learning peacetime Flow data samples "Baseline": what is the "normal" traffic rates?
Infrastructure Security Cloud-based mitigation with RTBH All traffic to the victim is discarded Remotely triggered black hole filtering at SP edge BGP prefix with next- hop set to a pre-defined black hole route Internet Service Provider Network Enterprise or IDC Bots Victim RTBH RTBH Anomaly traffic Normal traffic BGP announcement
Infrastructure Security Cloud-based mitigation w/ BGP FlowSpec Suspicious traffic recognized is filtered at the SP network edge Only filtered traffic is delivered to the enterprise/IDC network BGP FlowSpec distributes traffic filter lists to routers Internet Service Provider Network Enterprise or IDC Bots Victim  RFC 5575;Selectively drop traffic flows based on L3/L4 information FlowSpec Anomaly traffic Normal traffic BGP FlowSpec FlowSpec
Infrastructure Security Cloud-based mitigation w/ OOP cleaning Suspicious traffic is diverted at the SP network edge Divert victim prefix traffic via BGP Internet Service Provider Network Enterprise or IDC Bots Victim  The "Cleaning Centre" is typically a shared resource in the network infrastructure to reduce the deployment costs Malicious traffic Benign traffic BGP announcement Cleaned traffic tunnelled back DPI-capable mitigation appliance (application-layer attack, asymmetric detection) Cleaning Centre No impacts to other traffic to other networks
Infrastructure Security xFlow-based OOP solution value proposition
Flow Technology Network Resource Impact Issues  NetFlow data volume? 1K FPS ≒ 338K bps NetFlow traffic  However, to estimate Flows/ second based on the given network traffic bps is a much more complex task!  Typically 1~4% link rate  Leverage data reduction techniques:  Partial coverage (i.e. a few POPs, selective boundaries)  Tune the active & inactive timeouts  Flow Sampling  In addition to the data volume, 'full NetFlow’ may inflict a burden on memory and router CPU intensive. Therefore sampled xFlow is preferred… Flow/sec Pkt/sec Byte/sec bps 1,000 33 49,500 338.37K
Flow Technology Flow Sampling  To alleviate the performance penalty incurred by turning on xFlow on routers  Allow users to sample one out of every “N” IP packets being forwarded (a user can configure the “N” interval)  Substantially decreases the CPU utilization needed to account for Flow packets  CPU utilization varies, depending on the sampling rate and the routers  Example:  Cisco 12000 Series Router to handle 65K flows  In “full-flow” mode required 24% more CPU; the same router using 1:100 sampling required only 3% additional CPU  Cisco 7500 Router
References  Yann Berthier, "NetFlow to guard the infrastructure," NANOG 39, 2007  Thomas Telkamp, “Best Practices for Determining the Traffic Matrix in IP Networks V 3.0,” NANOG 39, 2007  Richard A Steenbergen, "A Guide to Peering on the Internet," NANOG 51, 2011  William B. Norton, " A Business Case for Peering in 2010," http://drpeering.net/white-papers/A-Business-Case-For-Peering.php  RFC 5575, Dissemination of Flow Specification Rules  Leonardo Serodio, "Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec," NANOG 58, 2013  Cisco Systems Inc., "NetFlow Performance Analysis," 2007

Recommended

Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul Islam
MyNOG
 
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiManaging Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
MyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
ETE405-lec9.pdf
ETE405-lec9.pdfETE405-lec9.pdf
ETE405-lec9.pdf
mashiur
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2
Zobair Khan
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNs
MyNOG
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PROIDEA
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
MyNOG
 

Recommended

Prefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul IslamPrefix Filtering Design Issues and Best Practise by Nurul Islam
Prefix Filtering Design Issues and Best Practise by Nurul Islam
MyNOG
 
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiManaging Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed Rawi
MyNOG
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
MyNOG
 
ETE405-lec9.pdf
ETE405-lec9.pdfETE405-lec9.pdf
ETE405-lec9.pdf
mashiur
 
Go with the Flow-v2
Go with the Flow-v2Go with the Flow-v2
Go with the Flow-v2
Zobair Khan
 
Traffic Engineering for CDNs
Traffic Engineering for CDNsTraffic Engineering for CDNs
Traffic Engineering for CDNs
MyNOG
 
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...
PROIDEA
 
How Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC LimHow Data Center Traffic is Changing Your Network by KC Lim
How Data Center Traffic is Changing Your Network by KC Lim
MyNOG
 
bgp(border gateway protocol)
bgp(border gateway protocol)bgp(border gateway protocol)
bgp(border gateway protocol)
Noor Ul Hudda Memon
 
IETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTPIETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTP
Victor Pascual Ávila
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
MyNOG
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
MyNOG
 
Qo s 09-integrated and red
Qo s 09-integrated and redQo s 09-integrated and red
Qo s 09-integrated and red
Abhishek Kesharwani
 
integrated and diffrentiated services
integrated and diffrentiated services integrated and diffrentiated services
integrated and diffrentiated services
Rishabh Gupta
 
Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17
daniel ayalew
 
SDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionSDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural Evolution
APNIC
 
CGNAT Wide Screen
CGNAT Wide ScreenCGNAT Wide Screen
CGNAT Wide Screen
ZCorum
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
MyNOG
 
Mpls Qos Jayk
Mpls Qos JaykMpls Qos Jayk
Mpls Qos Jayk
Suraj Kumar
 
CoAP protocol -Internet of Things(iot)
CoAP protocol -Internet of Things(iot)CoAP protocol -Internet of Things(iot)
CoAP protocol -Internet of Things(iot)
Sabahat Nowreen Shaik
 
Fundamental of Quality of Service(QoS)
Fundamental of Quality of Service(QoS) Fundamental of Quality of Service(QoS)
Fundamental of Quality of Service(QoS)
Reza Farahani
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
hamsa nandhini
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)
Juniper Networks
 
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)
Faisal Jatt
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
Olivier Bonaventure
 
Unit iii - mobile ip and wireless access protocol
Unit iii - mobile ip and wireless access protocolUnit iii - mobile ip and wireless access protocol
Unit iii - mobile ip and wireless access protocol
RamannagariKeerthana
 
Sapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpSapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbp
Mustafa Golam
 
Internet measurement (Presentation)
Internet measurement (Presentation)Internet measurement (Presentation)
Internet measurement (Presentation)
Amir Hossein Mandegar
 
20070605 Radware
20070605 Radware20070605 Radware
20070605 Radware
INFOTIME
 

More Related Content

What's hot

bgp(border gateway protocol)
bgp(border gateway protocol)bgp(border gateway protocol)
bgp(border gateway protocol)
Noor Ul Hudda Memon
 
IETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTPIETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTP
Victor Pascual Ávila
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
MyNOG
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
MyNOG
 
Qo s 09-integrated and red
Qo s 09-integrated and redQo s 09-integrated and red
Qo s 09-integrated and red
Abhishek Kesharwani
 
integrated and diffrentiated services
integrated and diffrentiated services integrated and diffrentiated services
integrated and diffrentiated services
Rishabh Gupta
 
Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17
daniel ayalew
 
SDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionSDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural Evolution
APNIC
 
CGNAT Wide Screen
CGNAT Wide ScreenCGNAT Wide Screen
CGNAT Wide Screen
ZCorum
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
MyNOG
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
MyNOG
 
Mpls Qos Jayk
Mpls Qos JaykMpls Qos Jayk
Mpls Qos Jayk
Suraj Kumar
 
CoAP protocol -Internet of Things(iot)
CoAP protocol -Internet of Things(iot)CoAP protocol -Internet of Things(iot)
CoAP protocol -Internet of Things(iot)
Sabahat Nowreen Shaik
 
Fundamental of Quality of Service(QoS)
Fundamental of Quality of Service(QoS) Fundamental of Quality of Service(QoS)
Fundamental of Quality of Service(QoS)
Reza Farahani
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
hamsa nandhini
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)
Juniper Networks
 
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)
Faisal Jatt
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
Olivier Bonaventure
 
Unit iii - mobile ip and wireless access protocol
Unit iii - mobile ip and wireless access protocolUnit iii - mobile ip and wireless access protocol
Unit iii - mobile ip and wireless access protocol
RamannagariKeerthana
 
Sapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpSapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbp
Mustafa Golam
 

What's hot (20)

bgp(border gateway protocol)
bgp(border gateway protocol)bgp(border gateway protocol)
bgp(border gateway protocol)
 
IETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTPIETF 79 - Diameter Over SCTP
IETF 79 - Diameter Over SCTP
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
 
Qo s 09-integrated and red
Qo s 09-integrated and redQo s 09-integrated and red
Qo s 09-integrated and red
 
integrated and diffrentiated services
integrated and diffrentiated services integrated and diffrentiated services
integrated and diffrentiated services
 
Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17Integrated and Differentiated services Chapter 17
Integrated and Differentiated services Chapter 17
 
SDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural EvolutionSDN Traffic Engineering, A Natural Evolution
SDN Traffic Engineering, A Natural Evolution
 
CGNAT Wide Screen
CGNAT Wide ScreenCGNAT Wide Screen
CGNAT Wide Screen
 
APNIC Updates
APNIC UpdatesAPNIC Updates
APNIC Updates
 
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenExperience of Implementing IPTV in an ISP Network by Thong Hawk Yen
Experience of Implementing IPTV in an ISP Network by Thong Hawk Yen
 
Mpls Qos Jayk
Mpls Qos JaykMpls Qos Jayk
Mpls Qos Jayk
 
CoAP protocol -Internet of Things(iot)
CoAP protocol -Internet of Things(iot)CoAP protocol -Internet of Things(iot)
CoAP protocol -Internet of Things(iot)
 
Fundamental of Quality of Service(QoS)
Fundamental of Quality of Service(QoS) Fundamental of Quality of Service(QoS)
Fundamental of Quality of Service(QoS)
 
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPNP - Unit 5 - Bootstrap, Autoconfigurion and BGP
NP - Unit 5 - Bootstrap, Autoconfigurion and BGP
 
Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)Flowspec @ Bay Area Juniper User Group (BAJUG)
Flowspec @ Bay Area Juniper User Group (BAJUG)
 
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)
 
Innovation is back in the transport and network layers
Innovation is back in the transport and network layersInnovation is back in the transport and network layers
Innovation is back in the transport and network layers
 
Unit iii - mobile ip and wireless access protocol
Unit iii - mobile ip and wireless access protocolUnit iii - mobile ip and wireless access protocol
Unit iii - mobile ip and wireless access protocol
 
Sapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbpSapc upcc-pcrf- part 2 tbp
Sapc upcc-pcrf- part 2 tbp
 

Similar to Traffic analysis for Planning, Peering and Security by Julie Liu

Internet measurement (Presentation)
Internet measurement (Presentation)Internet measurement (Presentation)
Internet measurement (Presentation)
Amir Hossein Mandegar
 
20070605 Radware
20070605 Radware20070605 Radware
20070605 Radware
INFOTIME
 
Network Flow Analysis
Network Flow AnalysisNetwork Flow Analysis
Network Flow Analysis
guest23ccda3
 
Network Flow Analysis
Network Flow AnalysisNetwork Flow Analysis
Network Flow Analysis
guest23ccda3
 
Antony review
Antony reviewAntony review
Antony review
Antony jeberson
 
Transport layer
Transport layer Transport layer
Transport layer
Mukesh Chinta
 
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...
IOSR Journals
 
Building Accurate Traffic Matrices with Demand Deduction (White Paper)
Building Accurate Traffic Matrices with Demand Deduction (White Paper)Building Accurate Traffic Matrices with Demand Deduction (White Paper)
Building Accurate Traffic Matrices with Demand Deduction (White Paper)
Cisco Service Provider Mobility
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Flow analysis overview
Flow analysis overviewFlow analysis overview
Flow analysis overview
csk selva
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel Minařík
Security Session
 
Presentacion QoS.pptx
Presentacion QoS.pptxPresentacion QoS.pptx
Presentacion QoS.pptx
Daniel Viveros Sepulveda
 
A Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos AttackA Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos Attack
theijes
 
Realtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLibRealtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLib
Ryan Bosshart
 
Proposal for System Analysis and Desing
Proposal for System Analysis and DesingProposal for System Analysis and Desing
Proposal for System Analysis and Desing
Md Khaza Main Uddin
 
Route Server Peering Improves End User "Quality of Experience"
Route Server Peering Improves End User "Quality of Experience"Route Server Peering Improves End User "Quality of Experience"
Route Server Peering Improves End User "Quality of Experience"
APNIC
 
Aplication and Transport layer- a practical approach
Aplication and Transport layer- a practical approachAplication and Transport layer- a practical approach
Aplication and Transport layer- a practical approach
Sarah R. Dowlath
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
BGA Cyber Security
 
internet protocols
internet protocolsinternet protocols
internet protocols
Srinivasa Rao
 
Wiki2010 Unit 4
Wiki2010 Unit 4Wiki2010 Unit 4
Wiki2010 Unit 4
Rebecca Buono
 

Similar to Traffic analysis for Planning, Peering and Security by Julie Liu (20)

Internet measurement (Presentation)
Internet measurement (Presentation)Internet measurement (Presentation)
Internet measurement (Presentation)
 
20070605 Radware
20070605 Radware20070605 Radware
20070605 Radware
 
Network Flow Analysis
Network Flow AnalysisNetwork Flow Analysis
Network Flow Analysis
 
Network Flow Analysis
Network Flow AnalysisNetwork Flow Analysis
Network Flow Analysis
 
Antony review
Antony reviewAntony review
Antony review
 
Transport layer
Transport layer Transport layer
Transport layer
 
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...
 
Building Accurate Traffic Matrices with Demand Deduction (White Paper)
Building Accurate Traffic Matrices with Demand Deduction (White Paper)Building Accurate Traffic Matrices with Demand Deduction (White Paper)
Building Accurate Traffic Matrices with Demand Deduction (White Paper)
 
Security Delivery Platform: Best practices
Security Delivery Platform: Best practicesSecurity Delivery Platform: Best practices
Security Delivery Platform: Best practices
 
Flow analysis overview
Flow analysis overviewFlow analysis overview
Flow analysis overview
 
Co se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel MinaříkCo se skrývá v datovém provozu? - Pavel Minařík
Co se skrývá v datovém provozu? - Pavel Minařík
 
Presentacion QoS.pptx
Presentacion QoS.pptxPresentacion QoS.pptx
Presentacion QoS.pptx
 
A Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos AttackA Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos Attack
 
Realtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLibRealtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLib
 
Proposal for System Analysis and Desing
Proposal for System Analysis and DesingProposal for System Analysis and Desing
Proposal for System Analysis and Desing
 
Route Server Peering Improves End User "Quality of Experience"
Route Server Peering Improves End User "Quality of Experience"Route Server Peering Improves End User "Quality of Experience"
Route Server Peering Improves End User "Quality of Experience"
 
Aplication and Transport layer- a practical approach
Aplication and Transport layer- a practical approachAplication and Transport layer- a practical approach
Aplication and Transport layer- a practical approach
 
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
8 Ocak 2015 SOME Etkinligi - A10 Networks - Accelerating and Securing Applica...
 
internet protocols
internet protocolsinternet protocols
internet protocols
 
Wiki2010 Unit 4
Wiki2010 Unit 4Wiki2010 Unit 4
Wiki2010 Unit 4
 

More from MyNOG

MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIAMEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MyNOG
 
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s HotspotsMalaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
MyNOG
 
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICESHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
MyNOG
 
Building a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of InterconnectionBuilding a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of Interconnection
MyNOG
 
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIESCOHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
MyNOG
 
Strategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data LandscapeStrategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data Landscape
MyNOG
 
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya KaulSRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
MyNOG
 
Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
MyNOG
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
MyNOG
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
MyNOG
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
MyNOG
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
MyNOG
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
MyNOG
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
MyNOG
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
MyNOG
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
MyNOG
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
MyNOG
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
MyNOG
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
MyNOG
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
MyNOG
 

More from MyNOG (20)

MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIAMEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
MEASURING THE HEALTH AND RESILIENCE OF THE INTERNET: MALAYSIA
 
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s HotspotsMalaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
Malaysia’s Emerging Trends in Data Center: Identifying Tomorrow’s Hotspots
 
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICESHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
SHADOWSERVER: INTERNET CRITICAL SECURITY AS A PUBLIC SERVICE
 
Building a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of InterconnectionBuilding a Connected Future: The Power of Interconnection
Building a Connected Future: The Power of Interconnection
 
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIESCOHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
COHERENT OPTICAL TRANSCEIVERS – CURRENT CAPABILITIES AND FUTURE POSSIBILITIES
 
Strategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data LandscapeStrategies for Seamless Recovery in a Dynamic Data Landscape
Strategies for Seamless Recovery in a Dynamic Data Landscape
 
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya KaulSRv6: DEPLOYMENT & USECASES by Aditya Kaul
SRv6: DEPLOYMENT & USECASES by Aditya Kaul
 
Peering Personal MyNOG-10
Peering Personal MyNOG-10Peering Personal MyNOG-10
Peering Personal MyNOG-10
 
Embedded CDNs in 2023
Embedded CDNs in 2023Embedded CDNs in 2023
Embedded CDNs in 2023
 
Edge virtualisation for Carrier Networks
Edge virtualisation for Carrier NetworksEdge virtualisation for Carrier Networks
Edge virtualisation for Carrier Networks
 
Equinix: New Markets, New Frontiers
Equinix: New Markets, New FrontiersEquinix: New Markets, New Frontiers
Equinix: New Markets, New Frontiers
 
Securing the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native InfrastructureSecuring the Onion: 5G Cloud Native Infrastructure
Securing the Onion: 5G Cloud Native Infrastructure
 
Hierarchical Network Controller
Hierarchical Network ControllerHierarchical Network Controller
Hierarchical Network Controller
 
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformAether: The First Open Source 5G/LTE Connected Edge Cloud Platform
Aether: The First Open Source 5G/LTE Connected Edge Cloud Platform
 
Cleaning up your RPKI invalids
Cleaning up your RPKI invalidsCleaning up your RPKI invalids
Cleaning up your RPKI invalids
 
Introducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIXIntroducing Peering LAN 2.0 at DE-CIX
Introducing Peering LAN 2.0 at DE-CIX
 
Load balancing and Service in Kubernetes
Load balancing and Service in KubernetesLoad balancing and Service in Kubernetes
Load balancing and Service in Kubernetes
 
Cloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKICloud SDN: BGP Peering and RPKI
Cloud SDN: BGP Peering and RPKI
 
SDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable ParadigmSDM – A New (Subsea) Cable Paradigm
SDM – A New (Subsea) Cable Paradigm
 
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDEAI in Networking: Transforming Network Operations with Juniper Mist AIDE
AI in Networking: Transforming Network Operations with Juniper Mist AIDE
 

Recently uploaded

manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 

Recently uploaded (16)

manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 

Traffic analysis for Planning, Peering and Security by Julie Liu

  • 1. Traffic Analysis for Peering, and Security Utilizing xFlow Technologies August 2014 Julie Liu
  • 2. Agenda  What is xFlow Technology?  What values can xFlow propose to xSPs?  Traffic Visibility for Peering Analysis  Infrastructure Security
  • 3. What is xFlow Technology? (A quick foreword, in case you are not familiar with it…)  Definition of a Flow  A unidirectional set of packets that arrive at a router on the same interface, have the same source/destination IP addresses, Layer 4 protocol, TCP/UDP source/destination ports, and the same ToS byte in the IP headers  A technology to gather information on forwarded packets  In router/switch caches  And exported to collectors Client Server Request Response TWO flows for ONE TCP connection Client ServerContent ONE flow for ONE UDP Stream Flow Cache Table • Active Timeout • Inactive timeout
  • 4. How xFlow Can Benefit xSPs? Traffic Matrix Visibility Security Protection Capacity Planning xFlow Collection & Analysis Traffic Engineer- ing Peering Analysis Anomaly Detection In-cloud Mitigation
  • 5. TRAFFIC MATRIX VISIBILITY Traffic Matrix Visibility Security Protection Capacity Planning xFlow Collection & Analysis Traffic Engineer- ing Peering Analysis Anomaly Detection In-cloud Mitigation
  • 6. Why Traffic Matrix Visibility?  Traffic Matrix Visibility  The amount of data transmitted between every pair of network "instances" (router-level, Pop-level, network-level)  Provide end-to-end, network-wide traffic visibility, in contrast to the individual link load stats  Traffic Matrix Visibility for what purposes?  Capacity planning (build capacity where needed)  Traffic engineering (steer traffic where capacity is available)  Peering Analysis (support peering decisions, TE at the border)  Better understand traffic patterns (what is normal or abnormal)
  • 7. Challenges of xFlow Only Flow duplicates  Collect from where?  Usually multiple Flow measurement sources in a data path  However, if collecting from multiple xFlow sources in a data path, will duplicate the Flow data results for counting traffic toward a network instance  Network topology data is needed! Count once on the network boundary of the instance to be monitored
  • 8. Challenges of xFlow Only From point into path measurements  xFlow only  Can tell you where traffic is going now  Some simple information about origin-AS or peer-AS  Not only peer or origin, the transit ASes also matter!  Embed a BGP (passive) peer on the Flow Collector to correlate Flow data with all the BGP attributes (path, communities, etc.)  Use of full AS Path information to determine where traffic is going and coming from and how existing transit/peer is used  BGP carries the topology (i.e. path) information helps extend local measure view to completely across the Internet
  • 9. Peering Analysis What is Peering? (Just a quick reminder…)  What is Peering?  The Internet is a collection of many individual networks (ASes), who interconnect with each other under the common framework of ensuring global reachability between any two points  There are 3 primary positions for this interconnection:  Transit Provider – Typically someone you pay money to, who has the responsibility of routing your packets to/from the entire Internet  Transit Customer – Typically someone who pays you money, with the expectation that you will route their packets to/from the entire Internet  Peer – Two networks who get together and agree to exchange traffic between each others’ networks, typically for free
  • 10. Peering Analysis Peering and its benefits…  One major benefit of Peering  Reduced operating costs  Peering traffic is “free”. If you no longer pay a transit provider to deliver some portion of your traffic, it reduces your transit bills Provider A Provider B Provider C Customer Customer Customer Customer Customer Customer Multi-homed Customer Peering Transit
  • 11. Peering Analysis Why traffic visibility for Peering?  To decide if you should peer with a new network  To convince other networks to peer with you  To manage traffic engineering to other networks  To defend your network against depeering actions  To make intelligent transit purchasing decisions
  • 12. Peering Analysis Peering traffic requirements  Traffic Volume  A peer may be required to exchange a certain minimum amount of traffic to be considered  Traffic Ratios  Inbound vs. outbound traffic ratio  Traffic is “hot potato” routed (i.e. get it off your network ASAP)  Push traffic coming from Network A gets hauled primarily by Network B, and vice versa  If the ratio is 1:1, both peers share backhaul costs equally  Others: PoP requirements, interconnect locations, routing stability, operations requirements, business concerns…
  • 13. Peering Analysis Peering evaluation questions " A Business Case for Peering," William B. Norton Does the AS send me about as much traffic as I send to it? How much of the traffic originates from the potential peer? Does the volume of traffic justify a direct peering effort? How much traffic is transited through the potential peer? AS101 AS100 AS21 ASC AS23 AS4 AS1 AS2 AS3 Home Internet Peer AS Origin AS Transit AS
  • 14. Peering Analysis Route-flow fusion analysis answers this… " A Business Case for Peering," William B. Norton Source-sink/transit traffic distribution TopN ASNs sourcing-sinking/transiting traffic with me1 In/Out traffic ratio2 3
  • 15. Peering Analysis Peering cost analysis  In theory, peering is “free” right?  The fact is that the overhead associated with peering can be higher than transit costs (if the peered traffic is not huge enough)  How much does it save/ cost? Which transit provider(s)? How much transit traffic can be offloaded? US$ Internet Transit Price Transit A $1.6 per Mbps Transit B $1.8 per Mbps Transit C $1.2 per Mbps AS101 AS100 AS21Peer Candidate AS23 AS4 Transit A Transit B Transit C Home Internet
  • 17. Infrastructure Security Threats DDoS attacks DDoS attack traffic consumes SP network capacity DDoS attack traffic saturates in-line security devices DDoS attacks launched from compromised systems (bots) DDoS attack traffic targets applications and services Internet Service Provider Network Enterprise or IDC Bots Victim Why traditional in-line security solution fails preventing infrastructure security threats? Volumetric attacks must be removed from the cloud Tradition security products are easy targets of it (stateful in-line solution) Deployment costs Single point of failure and latency Anomaly traffic Normal traffic
  • 18. Infrastructure Security A Flow-based solution  Flow-based solution building blocks Flow-based Learning Flow-based Detection Cloud-based Mitigation •Network-wide: Collects xFlow data from various router locations and correlates the data into a comprehensive network model •Dynamic Behaviour Analysis: During peace time, the system creates a network-wide view of the traffic patterns and learns thresholds for representing 'what is 'normal' •Detection Engines: compare the collected real-time Flow data and thresholds •Once significant threshold violations identified, the system sends alarms and enable cloud-based mitigation actions •Cloud-based mitigation action options: - Remote Triggered Black Hole (RTBH) - BGP FlowSpec -OOP Traffic Cleaning
  • 19. Flow-based Learning & Detection The idea  Flow-based Network Behavior Anomaly Detection (NBAD)  DOES:  Analyze Flows data (IP header info, byte/pkt count) from routers  Detect anomalies by observing network traffic behaviors – knowing what is normal, and hence identify abnormal when it happens  DOESN'T:  Analyze L7, packet contents from raw packets  Detect anomalies by matching content signatures – knowing what is bad, and then catch the bad from the good  First-line protection for the network infrastructure  Trading DPI precision off for carrier-grade scalability and performance
  • 20. Flow-based Learning & Detection Network behavior analysis examples What's Normal? What can be Abnormal? Example A server accepts requests from clients Over 5,000 SYN requests per second and lasts over 3 minutes TCP SYN Flooding A client connects to few destination hosts / ports Over 100 connection requests per second to destination hosts / ports Port Scan / IP Scan Various packet sizes Fixed packet size (e.g. UDP/1434, packet size = 404) SQL Slammer The source address ≠ the destination address The source address is the same as the destination address LAND Attack The traffic rate for this network scope is usually around 150M bps Over 180M bps traffic rate appears in this network scope Zero-day attack (generic traffic floods)
  • 21. Flow-based Learning & Detection The mechanisms  Flow-based NBADMechanism Type Detection Engine Examples Fingerprint-based Protocol anomaly TCP Flag Null, IP Fragment, IP Protocol Null, Land Attack, Ping of death, TCP XMAS attack… Flood attack ICMP Flooding, UDP Flooding, TCP SYN Flooding, TCP RST Flooding, TCP ACK Flooding… Specific behaviour attack IP Scan, Port Scan, DNS Flooding, e-Mail Spam, Trojan Heloag, MS Blaster, Sasser, Code Red, SQL Slammer… Baseline Heuristic Baseline deviation Zero-day attacks (generic traffic floods) 1-Jul 11-Jul 21-Jul 31-Jul TrafficLevel Learning peacetime Flow data samples "Baseline": what is the "normal" traffic rates?
  • 22. Infrastructure Security Cloud-based mitigation with RTBH All traffic to the victim is discarded Remotely triggered black hole filtering at SP edge BGP prefix with next- hop set to a pre-defined black hole route Internet Service Provider Network Enterprise or IDC Bots Victim RTBH RTBH Anomaly traffic Normal traffic BGP announcement
  • 23. Infrastructure Security Cloud-based mitigation w/ BGP FlowSpec Suspicious traffic recognized is filtered at the SP network edge Only filtered traffic is delivered to the enterprise/IDC network BGP FlowSpec distributes traffic filter lists to routers Internet Service Provider Network Enterprise or IDC Bots Victim  RFC 5575;Selectively drop traffic flows based on L3/L4 information FlowSpec Anomaly traffic Normal traffic BGP FlowSpec FlowSpec
  • 24. Infrastructure Security Cloud-based mitigation w/ OOP cleaning Suspicious traffic is diverted at the SP network edge Divert victim prefix traffic via BGP Internet Service Provider Network Enterprise or IDC Bots Victim  The "Cleaning Centre" is typically a shared resource in the network infrastructure to reduce the deployment costs Malicious traffic Benign traffic BGP announcement Cleaned traffic tunnelled back DPI-capable mitigation appliance (application-layer attack, asymmetric detection) Cleaning Centre No impacts to other traffic to other networks
  • 25. Infrastructure Security xFlow-based OOP solution value proposition
  • 26. Flow Technology Network Resource Impact Issues  NetFlow data volume? 1K FPS ≒ 338K bps NetFlow traffic  However, to estimate Flows/ second based on the given network traffic bps is a much more complex task!  Typically 1~4% link rate  Leverage data reduction techniques:  Partial coverage (i.e. a few POPs, selective boundaries)  Tune the active & inactive timeouts  Flow Sampling  In addition to the data volume, 'full NetFlow’ may inflict a burden on memory and router CPU intensive. Therefore sampled xFlow is preferred… Flow/sec Pkt/sec Byte/sec bps 1,000 33 49,500 338.37K
  • 27. Flow Technology Flow Sampling  To alleviate the performance penalty incurred by turning on xFlow on routers  Allow users to sample one out of every “N” IP packets being forwarded (a user can configure the “N” interval)  Substantially decreases the CPU utilization needed to account for Flow packets  CPU utilization varies, depending on the sampling rate and the routers  Example:  Cisco 12000 Series Router to handle 65K flows  In “full-flow” mode required 24% more CPU; the same router using 1:100 sampling required only 3% additional CPU  Cisco 7500 Router
  • 28.
  • 29. References  Yann Berthier, "NetFlow to guard the infrastructure," NANOG 39, 2007  Thomas Telkamp, “Best Practices for Determining the Traffic Matrix in IP Networks V 3.0,” NANOG 39, 2007  Richard A Steenbergen, "A Guide to Peering on the Internet," NANOG 51, 2011  William B. Norton, " A Business Case for Peering in 2010," http://drpeering.net/white-papers/A-Business-Case-For-Peering.php  RFC 5575, Dissemination of Flow Specification Rules  Leonardo Serodio, "Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec," NANOG 58, 2013  Cisco Systems Inc., "NetFlow Performance Analysis," 2007