This document discusses how xFlow technology can provide value to internet service providers (xSPs) through traffic visibility, peering analysis, and infrastructure security. It describes how xFlow data collection and analysis can generate traffic matrices for capacity planning, peering analysis, and anomaly detection. The document also explains how flow-based learning and detection techniques can identify infrastructure security threats like DDoS attacks. Finally, it discusses how cloud-based mitigation techniques like RTBH, BGP FlowSpec, and out-of-path traffic cleaning can divert anomalous traffic to protect networks and services.
Prefix Filtering Design Issues and Best Practise by Nurul IslamMyNOG
The document discusses best practices for prefix filtering design when receiving prefixes from upstream networks. It outlines four options for handling prefixes from customers: single-homed with non-portable prefixes, single-homed with portable prefixes, multi-homed with non-portable prefixes, and multi-homed with portable prefixes. For each option, it describes considerations for route filtering policies at the internet service provider and customer networks to filter routes and traffic appropriately based on the prefix and source autonomous system.
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiMyNOG
BGP Flow Specs allow more flexible traffic filtering than previous methods like RTBH by allowing matching of traffic based on multiple fields like source/destination IP and port, protocol, etc. and specifying multiple actions like rate-limiting, redirecting, or marking traffic. Flow specs are distributed using BGP and validated by checking the origin AS matches the best route for the destination prefix. Work is ongoing to support Flow Specs for IPv6 and traffic redirect using an IP next hop.
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
This document discusses challenges faced by service providers and proposes an evolved programmable network architecture to address them. It summarizes that service providers face a degraded business climate, diminished relevance as services are commoditized, and strained legacy infrastructure. A new architecture is proposed using virtualization, automation, and programming to simplify processes, optimize service delivery, and leverage secure hybrid clouds. This evolved approach aims to streamline costs, increase innovation rates, provide elastic scalable services, and optimize network delivery through automation.
QoS refers to class of service and type of service, which aim to achieve needed bandwidth and latency for applications. A class of service groups packet flows by requirements, while type of service uses fields in IP headers. Effective QoS focuses on network results rather than specific tools. Tools like weighted fair queuing, priority queuing, traffic shaping, and packet classification help allocate bandwidth and prioritize traffic. Proper configuration is important to avoid problems like starvation of certain applications.
Flow-tools is a library and collection of programs used to analyze NetFlow data exported from routers. It includes flow-capture to collect NetFlow records and flow-stat to generate reports and statistics. Key information that can be extracted includes top talkers by IP/AS, traffic patterns between IP/AS pairs, and potential DoS/DDoS sources and targets. The tool provides network visibility without deep packet inspection and with minimal resources.
The document discusses traffic engineering for content delivery networks (CDNs). It describes how CDNs like Akamai use DNS-based mapping to direct users to the optimal edge server based on their location. This allows Akamai to serve over 30 terabits per second of traffic daily to over 2 trillion requests from its global network of over 189,000 servers. However, because CDNs operate as independent clusters without a private backbone, standard BGP techniques often do not work as expected to influence traffic patterns. The document provides examples of how traffic from ISPs may shift locations within 24 hours as the CDN mapping system reacts to routing changes. Effective traffic engineering requires coordination between the CDN and ISPs.
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
The document discusses key considerations for peering planning and implementation. It recommends having a blend of transit, public peering, and private peering according to traffic volumes. Specifically, it suggests planning for 20%+ annual traffic growth, including peering as part of the IP traffic growth strategy, understanding the benefits of campus peering over distributed peering models, and expecting private peering traffic to outgrow public peering traffic over the long run. The document uses Equinix as an example, highlighting their large ecosystem of networks that can help lower IP transit costs and support robust public and private peering options.
How Data Center Traffic is Changing Your Network by KC LimMyNOG
This document discusses how data center traffic is changing networks and outlines key trends driving growth in the data center interconnect market. It notes that global data center IP traffic and storage capacity are growing significantly each year. It also discusses the various participants in the data center ecosystem like cloud/internet providers, carriers, and data center operators. The document advocates for disaggregated, open line systems that use multi-vendor components to provide more flexibility and reduce costs compared to traditional integrated DWDM network solutions. It provides examples of how an open line system could be deployed over existing ROADM networks from vendors like Ciena, Cyan, Juniper and BTI.
Prefix Filtering Design Issues and Best Practise by Nurul IslamMyNOG
The document discusses best practices for prefix filtering design when receiving prefixes from upstream networks. It outlines four options for handling prefixes from customers: single-homed with non-portable prefixes, single-homed with portable prefixes, multi-homed with non-portable prefixes, and multi-homed with portable prefixes. For each option, it describes considerations for route filtering policies at the internet service provider and customer networks to filter routes and traffic appropriately based on the prefix and source autonomous system.
Managing Traffic Flows via BGP Flowspec by Mohd Izni Zuhdi Mohamed RawiMyNOG
BGP Flow Specs allow more flexible traffic filtering than previous methods like RTBH by allowing matching of traffic based on multiple fields like source/destination IP and port, protocol, etc. and specifying multiple actions like rate-limiting, redirecting, or marking traffic. Flow specs are distributed using BGP and validated by checking the origin AS matches the best route for the destination prefix. Work is ongoing to support Flow Specs for IPv6 and traffic redirect using an IP next hop.
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
This document discusses challenges faced by service providers and proposes an evolved programmable network architecture to address them. It summarizes that service providers face a degraded business climate, diminished relevance as services are commoditized, and strained legacy infrastructure. A new architecture is proposed using virtualization, automation, and programming to simplify processes, optimize service delivery, and leverage secure hybrid clouds. This evolved approach aims to streamline costs, increase innovation rates, provide elastic scalable services, and optimize network delivery through automation.
QoS refers to class of service and type of service, which aim to achieve needed bandwidth and latency for applications. A class of service groups packet flows by requirements, while type of service uses fields in IP headers. Effective QoS focuses on network results rather than specific tools. Tools like weighted fair queuing, priority queuing, traffic shaping, and packet classification help allocate bandwidth and prioritize traffic. Proper configuration is important to avoid problems like starvation of certain applications.
Flow-tools is a library and collection of programs used to analyze NetFlow data exported from routers. It includes flow-capture to collect NetFlow records and flow-stat to generate reports and statistics. Key information that can be extracted includes top talkers by IP/AS, traffic patterns between IP/AS pairs, and potential DoS/DDoS sources and targets. The tool provides network visibility without deep packet inspection and with minimal resources.
The document discusses traffic engineering for content delivery networks (CDNs). It describes how CDNs like Akamai use DNS-based mapping to direct users to the optimal edge server based on their location. This allows Akamai to serve over 30 terabits per second of traffic daily to over 2 trillion requests from its global network of over 189,000 servers. However, because CDNs operate as independent clusters without a private backbone, standard BGP techniques often do not work as expected to influence traffic patterns. The document provides examples of how traffic from ISPs may shift locations within 24 hours as the CDN mapping system reacts to routing changes. Effective traffic engineering requires coordination between the CDN and ISPs.
PLNOG16: Public IX is the tip of the Internet Iceberg. The 9:1 PNI rule, Mart...PROIDEA
The document discusses key considerations for peering planning and implementation. It recommends having a blend of transit, public peering, and private peering according to traffic volumes. Specifically, it suggests planning for 20%+ annual traffic growth, including peering as part of the IP traffic growth strategy, understanding the benefits of campus peering over distributed peering models, and expecting private peering traffic to outgrow public peering traffic over the long run. The document uses Equinix as an example, highlighting their large ecosystem of networks that can help lower IP transit costs and support robust public and private peering options.
How Data Center Traffic is Changing Your Network by KC LimMyNOG
This document discusses how data center traffic is changing networks and outlines key trends driving growth in the data center interconnect market. It notes that global data center IP traffic and storage capacity are growing significantly each year. It also discusses the various participants in the data center ecosystem like cloud/internet providers, carriers, and data center operators. The document advocates for disaggregated, open line systems that use multi-vendor components to provide more flexibility and reduce costs compared to traditional integrated DWDM network solutions. It provides examples of how an open line system could be deployed over existing ROADM networks from vendors like Ciena, Cyan, Juniper and BTI.
This document proposes using Datagram Transport Layer Security (DTLS) over Stream Control Transmission Protocol (SCTP) as a security mechanism for Diameter over SCTP. It motivates this by noting limitations of Transport Layer Security (TLS) over SCTP and how DTLS overcomes them. It also proposes mapping all Diameter messages to SCTP stream 0 with the unordered flag set to avoid head-of-line blocking while maintaining simplicity and performance. The document asks the Diameter working group if this is something that should be standardized and whether it should be done in an update to RFC 3588 or a separate document.
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
This document discusses the development of Internet exchange points (IXPs) in the Asia Pacific region and provides recommendations for their continued growth. It begins by explaining what IXPs are and their benefits, such as keeping local internet traffic local to improve performance and reduce costs. It then discusses factors for IXP success, challenges around scalability, and different IXP models appropriate for developed versus developing economies. The document concludes by outlining best practices and a step-by-step approach for IXP development.
The Next Generation Internet Number Registry ServicesMyNOG
This document provides an overview of registry services, including the Registration Data Access Protocol (RDAP) and the Resource Public Key Infrastructure (RPKI). RDAP is designed to replace the aging WHOIS protocol by providing structured query and response formats to enable automation. RDAP also supports access control, internationalization, redirection and extensibility. RPKI is a PKI framework that adds Internet number resource information to certificates to cryptographically validate resource ownership and authorization of routing announcements. It enables applications like route origin validation to secure the routing system. The document discusses how RDAP and RPKI work and provide benefits like improved security, automation and verification of registry data.
This document discusses integrated services and differentiated services for providing quality of service (QoS) in IP networks. It introduces integrated services architecture (ISA) which allows applications to reserve resources. ISA uses RSVP for signaling and implements services like guaranteed service and controlled load service using queue management techniques like weighted fair queueing. Differentiated services provides QoS by classifying traffic into aggregates based on DS field values and applying different per-hop behaviors like assured forwarding and expedited forwarding. Interior routers apply simple queuing rules based on DS values while boundary routers do traffic conditioning functions like classification, metering, marking and shaping.
This document discusses integrated services and differentiated services for providing quality of service (QoS) on the internet. Integrated services uses resource reservation and traffic classification to provide guaranteed, controlled load, and best effort services. It requires per-flow state maintenance in routers. Differentiated services provides a simpler approach using traffic conditioning and per-hop behavior based on DS codepoints, without per-flow state. It aggregates traffic into behavior aggregates for forwarding.
Integrated and Differentiated services Chapter 17daniel ayalew
The document discusses integrated and differentiated services for managing internet traffic. Integrated services (ISA) allow traffic to reserve resources and receive guaranteed quality of service. Differentiated services classify traffic into groups that receive different treatment. Interior routers implement per-hop behaviors like expedited forwarding to give preferential treatment based on packet codes. Boundary routers condition traffic to enforce service level agreements.
SDN traffic engineering provides a simpler and more optimal approach compared to traditional offline and on-device traffic engineering. It uses segment routing to encode paths, push-based telemetry for real-time traffic matrices, and an SDN controller running a traffic engineering application to optimize paths network-wide in a centralized manner. This approach alleviates congestion, uses as few tunnels as necessary, and easily adapts to failures or network changes.
ZCorum is a privately held company that provides broadband and networking solutions including carrier-grade network address translation (CGNAT) to help telecommunications companies reduce costs and improve the subscriber experience, as CGNAT allows operators to extend limited IPv4 addresses and facilitate migration to IPv6 while maintaining quality of service.
This document provides information about Resource Public Key Infrastructure (RPKI) and IPv4 transfers. It discusses how RPKI helps secure internet routing by preventing route hijacking and minimizing errors. Details are given on how to create and maintain ROA objects. Statistics show uptake of RPKI in various countries and economies in Southeast Asia. The document also covers who can do IPv4 transfers, the transfer process in MyAPNIC, and tips for pre-approval and listing transfers.
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenMyNOG
This document summarizes the challenges of implementing IPTV in an ISP network based on a presentation. It discusses 1) the lack of local references and experience, 2) issues with choosing between multiple technology options, 3) multivendor challenges, 4) traditional multicast not fitting the needs, 5) platform requirements, 6) difficulties testing without a live network, 7) integrating third party content, and 8) stringent latency and jitter requirements. It also covers challenges dimensioning the network and sharing experiences gained.
The document discusses QoS models and differentiated services model features. It provides an overview of MPLS QoS, including mapping IP precedence to MPLS experimental bits, supporting DiffServ over MPLS using E-LSPs and L-LSPs, and examples of configuring MPLS QoS on PE routers including classification, policy maps, and attaching policies to interfaces.
constrained application protocol(CoAP) is a specialized web transfer protocol for use with constrained networks in internet of things and constrained devices such as microcontrollers.
Fundamental of Quality of Service(QoS) Reza Farahani
This slide contains fundamental concept about Quality of Service (QoS) technolog, according to the latest version of Cisco books (CCIE R&S and CCIE SP) and i taught it at IRAN TIC company.In the next slide, i upload advanced topic about this attractive technology.
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPhamsa nandhini
This document discusses bootstrap and autoconfiguration protocols like DHCP and IPv6 Neighbor Discovery, as well as the inter-autonomous system routing protocol BGP. It provides details on how DHCP and NDP allow devices to automatically obtain IP addresses and configuration information. It also explains that BGP is used for routing between autonomous systems, as it propagates reachability between systems without exchanging internal metric information due to administrative boundaries. Key concepts covered include DHCP client-server interaction, NDP neighbor discovery functions, BGP message types for peer setup and route exchange, and how BGP supports routing policies between autonomous systems.
It's a presentation on DHCP (Dynamic Host Configuration Protocol) in networking. Everyone can take help from this presentation. I hope it would be helpful for all of you. Enjoy your day. Thank you.keep sharing
Keynote given at DRCN2018, shows that innovation is back in the transport and network layer with a description of Multipath TCP, QUIC and IPv6 Segment Routing.
The document discusses Mobile IP and the Wireless Application Protocol (WAP). Mobile IP allows devices to change their network point of attachment while maintaining ongoing connections. It uses home and foreign agents to register devices' locations and tunnel traffic to their new addresses. WAP provides a standard for internet access from wireless devices. It defines protocols like WML, WTP, and WDP to support limited devices over various wireless networks.
In This Presentation, Following Topics for PCRF advanced, with details of E// SAPC, are clarified and presented.
Connectivity to the SAPC
O&M Process
Bundle Configuration
Redirection
Threshold Configuration
LDAP
Database etc
1) The document discusses the challenges of application delivery including increasing online business volumes, poor performance over long distances, security threats, and costly downtimes.
2) It introduces APSolute as a solution for application delivery and security that provides guaranteed availability, accelerated performance, and assured security through technologies like load balancing, WAN optimization, intrusion prevention, and a web application firewall.
3) APSolute integrates multiple technologies to deliver applications securely, optimize network resources, and provide centralized security reporting.
This document proposes using Datagram Transport Layer Security (DTLS) over Stream Control Transmission Protocol (SCTP) as a security mechanism for Diameter over SCTP. It motivates this by noting limitations of Transport Layer Security (TLS) over SCTP and how DTLS overcomes them. It also proposes mapping all Diameter messages to SCTP stream 0 with the unordered flag set to avoid head-of-line blocking while maintaining simplicity and performance. The document asks the Diameter working group if this is something that should be standardized and whether it should be done in an update to RFC 3588 or a separate document.
The Stories of IXP Development and the Way Forward by Che-Hoo ChengMyNOG
This document discusses the development of Internet exchange points (IXPs) in the Asia Pacific region and provides recommendations for their continued growth. It begins by explaining what IXPs are and their benefits, such as keeping local internet traffic local to improve performance and reduce costs. It then discusses factors for IXP success, challenges around scalability, and different IXP models appropriate for developed versus developing economies. The document concludes by outlining best practices and a step-by-step approach for IXP development.
The Next Generation Internet Number Registry ServicesMyNOG
This document provides an overview of registry services, including the Registration Data Access Protocol (RDAP) and the Resource Public Key Infrastructure (RPKI). RDAP is designed to replace the aging WHOIS protocol by providing structured query and response formats to enable automation. RDAP also supports access control, internationalization, redirection and extensibility. RPKI is a PKI framework that adds Internet number resource information to certificates to cryptographically validate resource ownership and authorization of routing announcements. It enables applications like route origin validation to secure the routing system. The document discusses how RDAP and RPKI work and provide benefits like improved security, automation and verification of registry data.
This document discusses integrated services and differentiated services for providing quality of service (QoS) in IP networks. It introduces integrated services architecture (ISA) which allows applications to reserve resources. ISA uses RSVP for signaling and implements services like guaranteed service and controlled load service using queue management techniques like weighted fair queueing. Differentiated services provides QoS by classifying traffic into aggregates based on DS field values and applying different per-hop behaviors like assured forwarding and expedited forwarding. Interior routers apply simple queuing rules based on DS values while boundary routers do traffic conditioning functions like classification, metering, marking and shaping.
This document discusses integrated services and differentiated services for providing quality of service (QoS) on the internet. Integrated services uses resource reservation and traffic classification to provide guaranteed, controlled load, and best effort services. It requires per-flow state maintenance in routers. Differentiated services provides a simpler approach using traffic conditioning and per-hop behavior based on DS codepoints, without per-flow state. It aggregates traffic into behavior aggregates for forwarding.
Integrated and Differentiated services Chapter 17daniel ayalew
The document discusses integrated and differentiated services for managing internet traffic. Integrated services (ISA) allow traffic to reserve resources and receive guaranteed quality of service. Differentiated services classify traffic into groups that receive different treatment. Interior routers implement per-hop behaviors like expedited forwarding to give preferential treatment based on packet codes. Boundary routers condition traffic to enforce service level agreements.
SDN traffic engineering provides a simpler and more optimal approach compared to traditional offline and on-device traffic engineering. It uses segment routing to encode paths, push-based telemetry for real-time traffic matrices, and an SDN controller running a traffic engineering application to optimize paths network-wide in a centralized manner. This approach alleviates congestion, uses as few tunnels as necessary, and easily adapts to failures or network changes.
ZCorum is a privately held company that provides broadband and networking solutions including carrier-grade network address translation (CGNAT) to help telecommunications companies reduce costs and improve the subscriber experience, as CGNAT allows operators to extend limited IPv4 addresses and facilitate migration to IPv6 while maintaining quality of service.
This document provides information about Resource Public Key Infrastructure (RPKI) and IPv4 transfers. It discusses how RPKI helps secure internet routing by preventing route hijacking and minimizing errors. Details are given on how to create and maintain ROA objects. Statistics show uptake of RPKI in various countries and economies in Southeast Asia. The document also covers who can do IPv4 transfers, the transfer process in MyAPNIC, and tips for pre-approval and listing transfers.
Experience of Implementing IPTV in an ISP Network by Thong Hawk YenMyNOG
This document summarizes the challenges of implementing IPTV in an ISP network based on a presentation. It discusses 1) the lack of local references and experience, 2) issues with choosing between multiple technology options, 3) multivendor challenges, 4) traditional multicast not fitting the needs, 5) platform requirements, 6) difficulties testing without a live network, 7) integrating third party content, and 8) stringent latency and jitter requirements. It also covers challenges dimensioning the network and sharing experiences gained.
The document discusses QoS models and differentiated services model features. It provides an overview of MPLS QoS, including mapping IP precedence to MPLS experimental bits, supporting DiffServ over MPLS using E-LSPs and L-LSPs, and examples of configuring MPLS QoS on PE routers including classification, policy maps, and attaching policies to interfaces.
constrained application protocol(CoAP) is a specialized web transfer protocol for use with constrained networks in internet of things and constrained devices such as microcontrollers.
Fundamental of Quality of Service(QoS) Reza Farahani
This slide contains fundamental concept about Quality of Service (QoS) technolog, according to the latest version of Cisco books (CCIE R&S and CCIE SP) and i taught it at IRAN TIC company.In the next slide, i upload advanced topic about this attractive technology.
NP - Unit 5 - Bootstrap, Autoconfigurion and BGPhamsa nandhini
This document discusses bootstrap and autoconfiguration protocols like DHCP and IPv6 Neighbor Discovery, as well as the inter-autonomous system routing protocol BGP. It provides details on how DHCP and NDP allow devices to automatically obtain IP addresses and configuration information. It also explains that BGP is used for routing between autonomous systems, as it propagates reachability between systems without exchanging internal metric information due to administrative boundaries. Key concepts covered include DHCP client-server interaction, NDP neighbor discovery functions, BGP message types for peer setup and route exchange, and how BGP supports routing policies between autonomous systems.
It's a presentation on DHCP (Dynamic Host Configuration Protocol) in networking. Everyone can take help from this presentation. I hope it would be helpful for all of you. Enjoy your day. Thank you.keep sharing
Keynote given at DRCN2018, shows that innovation is back in the transport and network layer with a description of Multipath TCP, QUIC and IPv6 Segment Routing.
The document discusses Mobile IP and the Wireless Application Protocol (WAP). Mobile IP allows devices to change their network point of attachment while maintaining ongoing connections. It uses home and foreign agents to register devices' locations and tunnel traffic to their new addresses. WAP provides a standard for internet access from wireless devices. It defines protocols like WML, WTP, and WDP to support limited devices over various wireless networks.
In This Presentation, Following Topics for PCRF advanced, with details of E// SAPC, are clarified and presented.
Connectivity to the SAPC
O&M Process
Bundle Configuration
Redirection
Threshold Configuration
LDAP
Database etc
1) The document discusses the challenges of application delivery including increasing online business volumes, poor performance over long distances, security threats, and costly downtimes.
2) It introduces APSolute as a solution for application delivery and security that provides guaranteed availability, accelerated performance, and assured security through technologies like load balancing, WAN optimization, intrusion prevention, and a web application firewall.
3) APSolute integrates multiple technologies to deliver applications securely, optimize network resources, and provide centralized security reporting.
This document discusses network flow analysis of traffic data from the Internet2 Abilene network. It provides an overview of Netflow data collection and analysis techniques, along with some preliminary results. Future work is proposed to further examine the dynamics, structure, and anomalies within the large-scale network flow data.
This document discusses network flow analysis of traffic data from the Internet2 Abilene network. It provides an overview of Netflow data collection and analysis techniques, along with some preliminary results. Future work is proposed to further analyze the dynamics, structure, and anomalies within the large-scale network flow data.
This document proposes a technique for detecting network traffic anomalies through analyzing packet header data. It focuses on monitoring outgoing traffic at an egress router to detect attacks and anomalies close to their source. The existing approaches rely on multiple data sources or established rules, while the proposed method analyzes a single link's destination addresses and port numbers using discrete wavelet transform and statistical analysis. It aims to reduce network traffic by preventing the transmission of large files through ingress and egress routing.
The transport layer provides efficient, reliable, and cost-effective process-to-process delivery by making use of network layer services. The transport layer works through transport entities to achieve its goal of reliable delivery between application processes. It provides an interface for applications to access its services.
Cataloging Of Sessions in Genuine Traffic by Packet Size Distribution and Ses...IOSR Journals
Abstract: Cataloging traffic keen on precise network applications is vital for application-aware network
organization and it turn into more taxing because modern applications incomprehensible their network
behaviors. Whereas port number-based classifiers work merely for a little renowned application and signaturebased
classifiers are not significant to encrypted packet payloads, researchers are inclined to classify network
traffic rooted in behaviors scrutinized in network applications. In this document, a session level Flood
Cataloging (SLFC) approach is proposed to organize network Floods as a session, which encompasses of
Floods in the equal discussion. SLFC initially classifies flood into the analogous applications by packet size
distribution (PSD) and subsequently faction Floods as sessions by port locality. With PSD, each Flood is
distorted into a set of points in a two-Dimension space and the remoteness among all Flood and the
representatives of preselected applications are calculated. The Flood is predicted as the application having a
least distance. Meanwhile, port locality is accustomed to cluster Floods as sessions since an application often
uses successive port statistics surrounded by a session. If flood of a session are categorized into diverse
applications, an arbitration algorithm is invoked to make the improvement.
Keywords: Flood Cataloging; session grouping; session Cataloging; packet size distribution
This paper outlines the need for traffic matrices and describes how Demand Deduction works. You will learn what a traffic matrix is and how Demand Deduction creates reliable traffic matrices; Demand Deduction as a proven accurate, complete, and useful traffic simulation.
More Information: http://cisco.com/go/quantum
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
This document discusses network flows and flow analysis. It defines flows as sequences of packets sent from a source to a destination. Flow analysis describes and characterizes traffic flows by identifying where they occur and what performance they require. Flows can be individual, representing a single application, or composite, representing the combination of requirements from multiple applications sharing a network. Flow models help categorize flows based on environment type. Prioritizing flows determines which get more resources based on importance factors.
This document summarizes a presentation about network traffic monitoring and analysis. It discusses traditional monitoring tools like SNMP and newer tools that provide deeper traffic visibility. It explains how flow monitoring works and standards like NetFlow. The presentation also demonstrates how tools can analyze flow data to detect security issues, troubleshoot problems, and capture packets for forensic analysis. Real examples are shown of using these techniques to identify a malware infection and resolve a email delivery problem.
This document discusses Quality of Service (QoS) in converged networks. It describes how traffic characteristics have changed with converged networks, bringing together constant small-packet voice flows and bursty data flows. This requires that critical traffic like voice and video be prioritized to address issues like delays, jitter, and packet loss. The document then discusses various factors that can cause these quality issues, such as lack of bandwidth, end-to-end delay, jitter, and packet loss. It proposes different QoS mechanisms to classify traffic, prioritize time-sensitive traffic, and prevent congestion including IntServ, DiffServ, traffic policing, shaping, queuing techniques, and dropping policies. The goal is to apply these techniques to
A computer network plays a major part in the development of any industry. Nowadays, in this fast paced
networking world each and every industry depends on internet for their progress. As said above this is the fast
paced world, the attack to disable the progress are also fast paced. DDoS (Distributed Denial of Service) is one
among them. Though it is one of the many attacks, they temporarily disable a service provided by the company.
This paper proposes a series of steps which not only checks the possible attack but also tries its best to thwart
them. Instead of going for conventional approach of blocking the excess traffic, the proposed approach will
prolong the access to the service. In the mean time checking for the possible attack is done. Thus, not only it
thwarts the attacks but also gives them reliable user their access with a little bit of delay, resulting in high
reliability.
Realtime Detection of DDOS attacks using Apache Spark and MLLibRyan Bosshart
In this talk we will show how Hadoop Ecosystem tools like Apache Kafka, Spark, and MLLib can be used in various real-time architectures and how they can be used to perform real-time detection of a DDOS attack. We will explain some of the challenges in building real-time architectures, followed by walking through the DDOS detection example and a live demo. This talk is appropriate for anyone interested in Security, IoT, Apache Kafka, Spark, or Hadoop.
Presenter Ryan Bosshart is a Systems Engineer at Cloudera and is the first 3 time presenter at BigDataMadison!
Route Server Peering Improves End User "Quality of Experience"APNIC
Route server peering at the DE-CIX internet exchange improves end user quality of experience by creating more efficient network interconnects. DE-CIX route servers allow over 380 network operators to announce their prefixes and exchange over 67% of total traffic through multilateral peering. Route servers are made transparent through features like automatic BFD sessions between customer routers and distributing availability information. Route servers also apply security measures like AS path and prefix filtering to prevent route hijacking.
Aplication and Transport layer- a practical approachSarah R. Dowlath
This presentation was done for a Networking course. It really shows from a more practical standpoint how the application layer and the transport layer communicates with each other and operates on a whole to get the job done. It gives the reader more insight of how the pieces come together in an IT networking world.
This document summarizes the key aspects of routing protocols for mobile ad hoc networks (MANETs). It discusses three categories of routing protocols: proactive, reactive, and hybrid protocols. Proactive protocols maintain routing tables through regular table updates, while reactive protocols find routes on demand through route discovery. Common proactive protocols described include DSDV and OLSR, while reactive protocols like AODV are now more widely used due to lower overhead. Hybrid routing protocols incorporate aspects of both approaches.
Similar to Traffic analysis for Planning, Peering and Security by Julie Liu (20)
Digital Realty operates over 310 data centers globally with a presence in major metro and edge markets. It supports customers' global footprints through multi-tenant data center coverage, capacity, connectivity and control via its PlatformDIGITAL®. It has connectivity to ecosystems in third party facilities and implements best-of-breed infrastructure and services in multiple metros globally. Contact information is provided for representatives in cloud and digital cloud as well as network service providers.
- Embedded CDNs involve placing CDN servers within ISP networks to serve local end-users. This can improve performance by locating content closer to users.
- Many major CDNs and content providers now offer embedded servers, including Akamai, Netflix, Google, Amazon, and Facebook. Traffic from embedded servers accounts for around 14% of total CDN traffic based on one study.
- Benefits for ISPs include offloading external traffic and improving performance for end-users. CDNs use techniques like BGP, DNS, and geolocation to map users to the closest embedded server.
- The document discusses moving carrier networks towards a virtualized edge model using open-source containers and software-defined networking. This allows centralized orchestration and dynamic allocation of network resources.
- It proposes virtualizing traditional network services like MPLS and hosting them on virtualized edge nodes to add value for wholesale and enterprise customers. This could also enable use cases like secure SD-WAN connectivity and edge caching.
- Edge virtualization opens opportunities to host third-party and customer services on the edge through APIs. Examples include regional packet gateways, security services, and CDN expansion. The next steps outlined are to standardize key scenarios and conduct proofs-of-concept.
Equinix is expanding its global footprint with new data centers in Johor, Malaysia and Chennai, India. The Johor data center, called JH1, will have an initial capacity of 500 cabinets and 2.4MW of power, with a targeted launch in Q1 2024. Equinix is also expanding in Chennai with a new data center called CN1 that will provide over 4,960 cabinets and more than 16MW of power capacity upon full build out. In Malaysia, Equinix envisions developing a strong interconnection ecosystem in Johor to position the state as a data center hub to benefit from capacity constraints in neighboring Singapore.
Securing the Onion: 5G Cloud Native InfrastructureMyNOG
1) The document discusses securing 5G cloud native infrastructure using the Service Proxy for Kubernetes (SPK) and Secure Communication Proxy (SCP).
2) SPK provides ingress and egress services for telco protocols like HTTP/2, Diameter, and SIP to secure Kubernetes deployments. SCP simplifies and secures communications between network functions.
3) SCP and SPK work together to provide a secure "onion model" architecture for distributed 5G core deployments using mutual TLS and traffic management capabilities.
The document discusses the concept of a hierarchical network controller that can abstract and provide control over complex multi-domain, multi-vendor SDN transport networks. A hierarchical network controller sits above domain-specific SDN controllers and provides an end-to-end view of the network, combining capabilities from different network domains like IP, optical, and others. This allows domain controllers to focus on domain-specific functions while the hierarchical controller provides cross-domain intelligence and optimization for end-to-end services across technology and vendor boundaries. The document also presents a case study of Vodafone using such a hierarchical approach to manage its European transport network.
Aether: The First Open Source 5G/LTE Connected Edge Cloud PlatformMyNOG
The document discusses Aether, an open source 5G/LTE connected edge cloud platform from the Open Networking Foundation (ONF). It aims to enable digital transformation through a cloud-native platform that supports disaggregated and virtualized mobile networks. Aether provides a common, neutral platform for building distributed edge applications and allows enterprises to deploy private 4G/5G networks. It has global deployments across multiple continents and edges that are centrally orchestrated from the cloud.
This document discusses reducing invalid routes in the RPKI system by cleaning up RPKI invalids. It provides information on ROA adoption rates in Southeast Asia, including a table showing the rates for several countries. It then reviews what RPKI and ROAs are, how route origin validation works, and examples of valid and invalid validation results. The document suggests tools and services like ROA prevalidation, routing status alerts, and ROA alert filters that can help clean up RPKI invalids. It also provides a summary of creating ROAs and notes continuous improvements are being made to documentation.
1) DE-CIX implemented a new "Peering LAN 2.0" architecture using an ARP/ND agent to reduce broadcast traffic and prevent IP spoofing in their peering LANs.
2) Previously, broadcast, unknown unicast, and multicast traffic exceeded 1.5 Mbps in DE-CIX Frankfurt's peering LAN using the old "Flood and Learn" method.
3) The new EVPN-based architecture with a centralized ARP/ND agent has significantly reduced this broadcast noise by over 90% according to testing results presented.
This document outlines an upcoming presentation on Kubernetes autoscaling and load balancing. The presentation will cover setting up pod and node autoscaling in Kubernetes, load balancing Kubernetes pods using services, and provide use cases for how network operators can take advantage of Kubernetes' scaling and load balancing capabilities for workloads like network operations, AIOps, and 5G functions. The agenda includes introductions to Kubernetes, networking models, capacity planning, horizontal pod and node autoscaling, and load balancing within pods using services.
The document discusses securing internet routing through Border Gateway Protocol (BGP) by:
1. Filtering incoming BGP routes on Google's network using routing data from Internet Routing Registries (IRRs) and Route Origin Validation (ROV) based on the Resource Public Key Infrastructure (RPKI) to validate route origins.
2. Monitoring for route disruptions using first and third party monitoring to detect BGP hijacks and leaks in external networks.
3. Collaborating with internet peers and customers through initiatives like the Mutually Agreed Norms for Routing Security (MANRS) to accelerate progress on securing internet routing.
Spatial Division Multiplexing (SDM) is a new submarine cable paradigm that allows for higher total cable capacity by increasing the number of fiber pairs in a cable, even if capacity per pair is lower. SDM cables sacrifice spectral efficiency per pair in order to add more pairs and compensate with a higher cable capacity overall. This approach helps maximize capacity as we near the limits imposed by Shannon's law. Initial SDM cables deployed around 12-24 fiber pairs and achieved cable capacities over 300Tbps. Future SDM designs could scale to 32 or even 40 fiber pairs to support petabit cable systems.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Traffic analysis for Planning, Peering and Security by Julie Liu
1. Traffic Analysis for Peering, and
Security
Utilizing xFlow Technologies
August 2014
Julie Liu
2. Agenda
What is xFlow Technology?
What values can xFlow propose to xSPs?
Traffic Visibility for Peering Analysis
Infrastructure Security
3. What is xFlow Technology?
(A quick foreword, in case you are not familiar with it…)
Definition of a Flow
A unidirectional set of packets that arrive at a router on the same
interface, have the same source/destination IP addresses, Layer
4 protocol, TCP/UDP source/destination ports, and the same
ToS byte in the IP headers
A technology to gather
information on
forwarded packets
In router/switch caches
And exported to collectors
Client
Server
Request
Response
TWO flows for ONE TCP connection
Client ServerContent
ONE flow for ONE UDP Stream
Flow Cache Table
• Active Timeout
• Inactive timeout
4. How xFlow Can Benefit xSPs?
Traffic
Matrix
Visibility
Security
Protection
Capacity
Planning
xFlow
Collection
& Analysis
Traffic
Engineer-
ing
Peering
Analysis
Anomaly
Detection
In-cloud
Mitigation
6. Why Traffic Matrix Visibility?
Traffic Matrix Visibility
The amount of data transmitted between every pair of network
"instances" (router-level, Pop-level, network-level)
Provide end-to-end, network-wide traffic visibility, in contrast to
the individual link load stats
Traffic Matrix Visibility for what purposes?
Capacity planning (build capacity where needed)
Traffic engineering (steer traffic where capacity is available)
Peering Analysis (support peering decisions, TE at the border)
Better understand traffic patterns (what is normal or abnormal)
7. Challenges of xFlow Only
Flow duplicates
Collect from where?
Usually multiple Flow measurement sources in a data path
However, if collecting from multiple
xFlow sources in a data path, will
duplicate the Flow data results for
counting traffic toward a network
instance
Network topology data is
needed!
Count once on the
network boundary
of the instance to
be monitored
8. Challenges of xFlow Only
From point into path measurements
xFlow only
Can tell you where traffic is going now
Some simple information about origin-AS or peer-AS
Not only peer or origin, the transit ASes also matter!
Embed a BGP (passive) peer on the Flow Collector to correlate
Flow data with all the BGP attributes (path, communities, etc.)
Use of full AS Path information to determine where traffic is
going and coming from and how existing transit/peer is used
BGP carries the topology (i.e. path) information helps extend
local measure view to completely across the Internet
9. Peering Analysis
What is Peering? (Just a quick reminder…)
What is Peering?
The Internet is a collection of many individual networks (ASes),
who interconnect with each other under the common framework
of ensuring global reachability between any two points
There are 3 primary positions for this interconnection:
Transit Provider – Typically someone you pay money to, who has
the responsibility of routing your packets to/from the entire Internet
Transit Customer – Typically someone who pays you money, with
the expectation that you will route their packets to/from the entire
Internet
Peer – Two networks who get together and agree to exchange
traffic between each others’ networks, typically for free
10. Peering Analysis
Peering and its benefits…
One major benefit of Peering
Reduced operating costs
Peering traffic is “free”. If you no longer pay a transit provider to
deliver some portion of your traffic, it reduces your transit bills
Provider
A
Provider
B
Provider
C
Customer
Customer Customer Customer
Customer
Customer
Multi-homed
Customer
Peering
Transit
11. Peering Analysis
Why traffic visibility for Peering?
To decide if you should peer with a new network
To convince other networks to peer with you
To manage traffic engineering to other networks
To defend your network against depeering actions
To make intelligent transit purchasing decisions
12. Peering Analysis
Peering traffic requirements
Traffic Volume
A peer may be required to exchange a certain minimum amount
of traffic to be considered
Traffic Ratios
Inbound vs. outbound traffic ratio
Traffic is “hot potato” routed (i.e. get it off your network ASAP)
Push traffic coming from Network A gets hauled primarily by
Network B, and vice versa
If the ratio is 1:1, both peers share backhaul costs equally
Others: PoP requirements, interconnect locations, routing stability,
operations requirements, business concerns…
13. Peering Analysis
Peering evaluation questions
" A Business Case for Peering," William B. Norton
Does the AS send me about as much traffic as I send to it?
How much of the traffic originates from the potential peer?
Does the volume of traffic justify a direct peering effort?
How much traffic is transited through the potential peer?
AS101
AS100
AS21
ASC
AS23
AS4
AS1
AS2
AS3
Home
Internet
Peer AS
Origin AS
Transit AS
14. Peering Analysis
Route-flow fusion analysis answers this…
" A Business Case for Peering," William B. Norton
Source-sink/transit traffic distribution
TopN ASNs sourcing-sinking/transiting traffic with me1
In/Out traffic ratio2
3
15. Peering Analysis
Peering cost analysis
In theory, peering is “free” right?
The fact is that the overhead associated with peering can be
higher than transit costs (if the peered traffic is not huge enough)
How much does it save/ cost?
Which transit
provider(s)?
How much transit traffic
can be offloaded?
US$
Internet
Transit Price
Transit A $1.6 per Mbps
Transit B $1.8 per Mbps
Transit C $1.2 per Mbps
AS101
AS100
AS21Peer
Candidate
AS23
AS4
Transit A
Transit B
Transit C
Home
Internet
17. Infrastructure Security Threats
DDoS attacks
DDoS attack traffic
consumes SP network
capacity
DDoS attack traffic
saturates in-line security
devices
DDoS attacks launched
from compromised
systems (bots)
DDoS attack traffic
targets applications and
services
Internet
Service Provider
Network
Enterprise or
IDC
Bots
Victim
Why traditional in-line security solution fails preventing infrastructure security threats?
Volumetric attacks must be removed from the cloud
Tradition security products are easy targets of it (stateful in-line solution)
Deployment costs
Single point of failure and latency
Anomaly traffic
Normal traffic
18. Infrastructure Security
A Flow-based solution
Flow-based solution building blocks
Flow-based
Learning
Flow-based
Detection
Cloud-based
Mitigation
•Network-wide: Collects xFlow
data from various router locations
and correlates the data into a
comprehensive network model
•Dynamic Behaviour Analysis:
During peace time, the system
creates a network-wide view of the
traffic patterns and learns
thresholds for representing 'what
is 'normal'
•Detection Engines:
compare the collected
real-time Flow data
and thresholds
•Once significant
threshold violations
identified, the system
sends alarms and
enable cloud-based
mitigation actions
•Cloud-based
mitigation
action options:
- Remote
Triggered Black
Hole (RTBH)
- BGP FlowSpec
-OOP Traffic
Cleaning
19. Flow-based Learning & Detection
The idea
Flow-based Network Behavior Anomaly Detection
(NBAD)
DOES:
Analyze Flows data (IP header info, byte/pkt count) from routers
Detect anomalies by observing network traffic behaviors – knowing
what is normal, and hence identify abnormal when it happens
DOESN'T:
Analyze L7, packet contents from raw packets
Detect anomalies by matching content signatures – knowing what is
bad, and then catch the bad from the good
First-line protection for the network infrastructure
Trading DPI precision off for carrier-grade scalability and performance
20. Flow-based Learning & Detection
Network behavior analysis examples
What's Normal? What can be Abnormal? Example
A server accepts requests
from clients
Over 5,000 SYN requests per
second and lasts over 3 minutes
TCP SYN Flooding
A client connects to few
destination hosts / ports
Over 100 connection requests per
second to destination hosts / ports
Port Scan / IP Scan
Various packet sizes Fixed packet size (e.g. UDP/1434,
packet size = 404)
SQL Slammer
The source address ≠ the
destination address
The source address is the same as
the destination address
LAND Attack
The traffic rate for this
network scope is usually
around 150M bps
Over 180M bps traffic rate appears
in this network scope
Zero-day attack
(generic traffic
floods)
21. Flow-based Learning & Detection
The mechanisms
Flow-based NBADMechanism Type Detection Engine Examples
Fingerprint-based
Protocol anomaly TCP Flag Null, IP Fragment, IP Protocol Null,
Land Attack, Ping of death, TCP XMAS attack…
Flood attack ICMP Flooding, UDP Flooding, TCP SYN
Flooding, TCP RST Flooding, TCP ACK Flooding…
Specific behaviour
attack
IP Scan, Port Scan, DNS Flooding, e-Mail Spam,
Trojan Heloag, MS Blaster, Sasser, Code Red,
SQL Slammer…
Baseline Heuristic Baseline deviation Zero-day attacks (generic traffic floods)
1-Jul 11-Jul 21-Jul 31-Jul
TrafficLevel
Learning peacetime Flow data samples
"Baseline": what is the "normal"
traffic rates?
22. Infrastructure Security
Cloud-based mitigation with RTBH
All traffic to the victim is
discarded
Remotely triggered black
hole filtering at SP edge
BGP prefix with next-
hop set to a pre-defined
black hole route
Internet Service Provider
Network
Enterprise or
IDC
Bots
Victim
RTBH RTBH
Anomaly traffic
Normal traffic
BGP announcement
23. Infrastructure Security
Cloud-based mitigation w/ BGP FlowSpec
Suspicious traffic recognized is
filtered at the SP network edge
Only filtered traffic is delivered
to the enterprise/IDC network
BGP FlowSpec
distributes traffic filter
lists to routers
Internet Service Provider
Network
Enterprise or
IDC
Bots
Victim
RFC 5575;Selectively drop traffic flows based on L3/L4 information
FlowSpec
Anomaly traffic
Normal traffic
BGP FlowSpec
FlowSpec
24. Infrastructure Security
Cloud-based mitigation w/ OOP cleaning
Suspicious traffic is diverted at the
SP network edge
Divert victim prefix
traffic via BGP
Internet Service Provider
Network
Enterprise or
IDC
Bots
Victim
The "Cleaning Centre" is typically a shared resource in the network infrastructure to
reduce the deployment costs
Malicious traffic
Benign traffic
BGP announcement
Cleaned traffic
tunnelled back
DPI-capable mitigation appliance
(application-layer attack,
asymmetric detection)
Cleaning
Centre
No impacts to
other traffic to
other networks
26. Flow Technology
Network Resource Impact Issues
NetFlow data volume? 1K FPS ≒ 338K bps NetFlow traffic
However, to estimate Flows/ second based on the given network traffic
bps is a much more complex task!
Typically 1~4% link rate
Leverage data reduction techniques:
Partial coverage (i.e. a few POPs, selective boundaries)
Tune the active & inactive timeouts
Flow Sampling
In addition to the data volume, 'full NetFlow’ may inflict a burden on
memory and router CPU intensive. Therefore sampled xFlow is
preferred…
Flow/sec Pkt/sec Byte/sec bps
1,000 33 49,500 338.37K
27. Flow Technology
Flow Sampling
To alleviate the performance penalty incurred by
turning on xFlow on routers
Allow users to sample one out of every “N” IP packets being forwarded
(a user can configure the “N” interval)
Substantially decreases the CPU utilization needed to account for
Flow packets
CPU utilization varies, depending on the sampling rate and the routers
Example:
Cisco 12000 Series Router to handle 65K flows
In “full-flow” mode required 24% more CPU; the same router using 1:100
sampling required only 3% additional CPU
Cisco 7500 Router
28.
29. References
Yann Berthier, "NetFlow to guard the infrastructure," NANOG 39,
2007
Thomas Telkamp, “Best Practices for Determining the Traffic Matrix
in IP Networks V 3.0,” NANOG 39, 2007
Richard A Steenbergen, "A Guide to Peering on the Internet,"
NANOG 51, 2011
William B. Norton, " A Business Case for Peering in 2010,"
http://drpeering.net/white-papers/A-Business-Case-For-Peering.php
RFC 5575, Dissemination of Flow Specification Rules
Leonardo Serodio, "Traffic Diversion Techniques for DDoS
Mitigation using BGP Flowspec," NANOG 58, 2013
Cisco Systems Inc., "NetFlow Performance Analysis," 2007