Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

Slides:

Advertisements

Similar presentations

Computer Networks TCP/IP Protocol Suite.

Advertisements

Reconsidering Reliable Transport Protocol in Heterogeneous Wireless Networks Wang Yang Tsinghua University 1.

Wenke Lee and Nick Feamster Georgia Tech Botnet and Spam Detection in High-Speed Networks.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.

Tunnel congestion Feedback (draft-wei-tunnel-congestion-feedback-01) Xinpeng Wei Lei Zhu Lingli Deng Huawei Huawei China Mobile IETF 89 London, UK.

SHARKFEST '09 | Stanford University | June 15–18, 2009 The Reality of 10G Analysis Presented by: Network Critical Wednesday, June 17 th, :30 pm –

Chapter 1: Introduction to Scaling Networks

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net

Executional Architecture

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

Agenda SNMP Review SNMP Manager Management Information Base (MIB)

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

Tiziana FerrariQuality of Service for Remote Control in the High Energy Physics Experiments CHEP, 07 Feb Quality of Service for Remote Control in.

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 Diffserv Yang Model

Network Monitoring School of Electronics and Information Kyung Hee University. Choong Seon HONG Selected from ICAT 2003 Material of James W. K. Hong.

1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.

NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Protocol(TCP/IP, HTTP) 송준화 조경민 2001/03/13. Network Computing Lab.2 Layering of TCP/IP-based protocols.

POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.

Transport Layer 3-1 Chapter 3 Transport Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All.

1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.

NetFlow: Digging Flows Out of the Traffic Evandro de Souza ESnet ESnet Site Coordinating Committee Meeting Columbus/OH – July/2004.

DiFMon Distributed Flow Monitor Dario Salvi Consorzio Interuniversitario Nazionale per l’Informatica (CINI) Naples, Italy.

24/10/2015draft-novak-bmwg-ipflow-meth- 03.txt 1 IP Flow Information Accounting and Export Benchmarking Methodology

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

Project Requirements (NetFlow Generator) 정승화 분산 처리 및 네트워크 관리 연구실 포항 공과 대학교

Open-Eye Georgios Androulidakis National Technical University of Athens.

- 1 IPv6 Quality of Service Measurement Issues and Solutions Alessandro Bassi Hitachi Europe SAS RIPE 50 meeting Stockholm, 2 nd May 2005.

Standards Activities on Traffic Measurement. 2 Outline Applications requiring traffic measurement Packet capturing and flow measurement Existing protocols.

A Bandwidth Estimation Method for IP Version 6 Networks Marshall Crocker Department of Electrical and Computer Engineering Mississippi State University.

1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.

PART3 Data collection methodology and NM paradigms 1.

1 PSAMP Protocol Specifications PSAMP IETF-59 March 2, 2004 Benoit Claise Juergen Quittek.

1 PSAMP WG 64th IETF Vancouver November 10, 2005 Discussion: (in Body: subscribe)

Net Flow Network Protocol Presented By : Arslan Qamar.

63rd IETF - IPFIX WG dratf-stephan-isp-template-00.txt I nteroperability requirement for ISPs.

1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

1 Transport Layer: Basics Outline Intro to transport UDP Congestion control basics.

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.

1 PSAMP Protocol Specifications PSAMP IETF-58 November 11, 2003 Benoit Claise Juergen Quittek.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

1 Minneapolis‘ IETF IPFIX Aggregation draft-dressler-ipfix-aggregation-00.txt.

IPFIX Protocol Draft Benoit Claise, Cisco Systems Mark Fullmer, OARnet Reinaldo Penno, Nortel Networks Paul Calato, Riverstone Networks.

IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.

1 PSAMP WGIETF, November 2003PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-04.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:

11 CS716 Advanced Computer Networks By Dr. Amir Qayyum.

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

IETF 64 PSAMP WG1 Path-coupled Meter Configuration Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen Quittek,

Cisco CNS NetFlow Collection Engine Version 5.0

IP Flow Information eXport (IPFIX)

Monitoring MIPv6 Traffic with IPFIX

IPFIX Requirements: Document Changes from Version -07 to Version -09

Data collection methodology and NM paradigms

Transport Protocols Relates to Lab 5. An overview of the transport protocols of the TCP/IP protocol suite. Also, a short discussion of UDP.

Chapter 8: Monitoring the Network

The Transport Layer Chapter 6.

Chapter 3 Transport Layer

Intrusion Detection Systems

William Lupton | | 04-Nov-2018

Presentation transcript:

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe Ltd. Heidelberg, Germany ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011) Geneva, 24 March 2011

…… Flows can be long lasting... … or have a limited lifetime... … … … and packets may belong to more than one flow Typical reported flow information: start time end time #packets #bytes t Periodically reported for long lasting flows IP packets and flows Groups of IP packets sharing common characteristics (e.g IP src/dst address, TOS field, protocol, transport layer ports, etc.) 2

Classification & Flow Recording PAYLOAD HEAD Packet Capturing Filtering Sampling packets Filtering Sampling flow records packets flow records packet reports both steps may be trivial (1:1 sampling, no filtering) The general (passive) IP traffic measurement process Exporting process Observation Point (router, probe, etc.) Metering process 3

… … … … Meter: Filters packets, timestamps them and associates Pkts to flow(s) Flow cache: Creates/Removes/Updates flow records Flow Key Flow start time Flow last update time # Pkts # Bytes …. Collector: Receives export packets, interfaces to applications info Exp HD Database Exporter: Reads Flow cache, prepares and sends export packets info Exp HD Router functionality or dedicated Probe The flow monitoring process 4 IETF IPFIX (Netflow v9)

Flow monitoring issues Flows have very different characteristics long-/short-lived, high/low volume, etc. Creating/updating flow record at high speed links packet sampling fast memory for flow cache, flow sampling Timing out flows ( TCP FIN/RST vs. timeout ) Reporting flow cache reading effort, reporting frequency selective report Reporting format fixed format: Netflow 5 template based: Netflow 9, IPFIX 5

IETF activities on IP traffic measurement Three working groups IPPM: IP Performance Metrics defines metrics for performance measurements (delay, roundtrip time, loss, etc.) IPFIX: IP Flow Information eXport defines protocol for export of flow data PSAMP: Packet Sampling (concluded) defines protocol for export of packet data based on IPFIX 6

IPFIX protocol IP Flow Information eXport Established 2001 Main goal: Develop common IP traffic flow reporting protocol to be available on most future routers meeting requirements of many applications low hardware/software costs simple, Scalable extensible 7

Distinguishing flows by 5-tuple (IP addresses, protocol, port) MPLS label, TOS fields interface & direction Flexible aggregation of flows Metering Process timestamps flow timeouts Further requirements for IPFIX I 8

Extensible information/data model flow properties and statistics many header fields anonymization Reliable and secure data transfer congestion awareness push model reporting Configuration Further requirements for IPFIX II 9

IPFIX architecture Application Flow Record Observation Point Flow Information Export PAYLOAD HEAD Metering Process Exporting Process Collecting Process 10

O M E Probe O M E Simple Router OOOO M E Complex Router OOOO M OOOO M E Multiple Exporters OOOO M E OOO O M E Protocol Converter (Meter MIB) O M E O M E O M E ME Concen- trator CE Proxy C … IPFIX devices 11 C E M O Metering Process Exporting Process Collecting Process Observation Point

IPFIX protocol design Based on NetFlow version 9 Binary-coded flow record arrays Templates for flow record formats first send a template then send data records with the format defined by the template Runs over SCTP, TCP, UDP 12

IPFIX information model A flow record contains header fields (transport, IP, sub-IP) "flow keys" used for distinguishing flows counters for packets, bytes, etc. time stamps further flow properties min/max values, duration, direction next hop IP address BGP source AS, destination AS, next hop AS may also be used as flow keys All defined as "Information Elements" 13

IPFIX normative documents RFC 5101: Specification of the IPFIX Protocol for the Exchange of IP Traffic Flow Information, 2008 RFC 5102: Information Model for IPFIX, 2008 RFC 5103: Bidirectional Flow Export Using IPFIX, 2008 RFC 5473: Reducing Redundancy in IPFIX and PSAMP Reports, 2009 RFC 5610: Exporting Type Information for IPFIX Information Elements, 2009 RFC 5655: Specification of the IPFIX File Format, 2009 RFC 5815: Definitions of Managed Objects for IPFIX, 2010 core protocol specification 14

IPFIX informational documents RFC 3917: Requirements for IPFIX, 2004 RFC 3955: Evaluation of Candidate Protocols for IPFIX, 2004 RFC 5153: IPFIX Implementation Guidelines, 2008 RFC 5470: Architecture for IPFIX, 2009 RFC 5471: Guidelines for IPFIX Testing, 2009 RFC 5472: IPFIX Applicability, 2009 RFC 5982: IPFIX Mediation: Problem Statement,

Current issues in the IPFIX WG Configuration interface for configuring IPFIX devices defined as YANG module Mediation particularly for large networks driven by NTT aggregation anonymization Flow selection Structuring flow records extending IPFIX capabilities Using IPFIX for reporting other information MIB variables, SIP server logs, etc. 16

PSAMP Established in Summer 2002 Focus on sampling and capturing packets and on transferring them to data collectors Target applications traffic profiling monitoring network behavior Extends IPFIX export Defines packet sampling with much more detail packet filtering and sampling information model 17

IPPM "The IPPM WG will produce documents that define specific metrics and procedures for accurately measuring and documenting these metrics:" connectivity one-way delay and loss round-trip delay and loss delay variation loss patterns packet reordering bulk transport capacity (BTC = data_sent / elapsed_time) link bandwidth capacity Refer to WG official page for list of already published RFCs and ID 18

Final remarks The IETF developed IPFIX as standard protocol for reporting IP flow information Technology is mature many implementations several interoperability testing events major router vendors expected to release IPFIX soon as part of standard installation IPFIX is extensible BGP-related flow info can already be reported additional information elements can be added IPFIX can be used to report measurements at peering points appropriate metering hardware required 19