Geneva, 24 March 2011 Flow-based Traffic Accounting at SWITCH Simon Leinen Team Leader LAN, SWITCH ITU-T Workshop on IP Traffic Flow Measurement (Geneva,

Slides:

Advertisements

Similar presentations

Geneva, 24 March 2011 Cisco experiences of IP traffic flow measurement and billing with NetFlow Benoit Claise, Distinguished Engineer, Cisco ITU-T Workshop.

Advertisements

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CS 4700 / CS 5700 Network Fundamentals Lecture 13: Middleboxes and NAT (Duct tape for IPv4) Revised 3/9/2013.

The Netflix Open Connect Network

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Architecting the Network Part 4 Geoff Huston Chief Scientist, Internet

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Mini Introduction to BGP Michalis Faloutsos. What Is BGP?  Border Gateway Protocol BGP-4  The de-facto interdomain routing protocol  BGP enables policy.

Structure of the Internet Update for 1 st H/Wk We will start lab next week Paper presentation at the end of the session Next Class MPLS.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.

On-Demand Media Streaming Over the Internet Mohamed M. Hefeeda, Bharat K. Bhargava Presented by Sam Distributed Computing Systems, FTDCS Proceedings.

Importance and Benefits of IXPs

Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.

1 © 2000, Cisco Systems, Inc _05_2000_c3 Netflow Michael Lin.

Sven Ubik, CESNET TNC2004, Rhodos, 9 June 2004 Performance monitoring of high-speed networks from NREN perspective.

TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

Advanced Computer Networks - IAIK 1 Gsenger, Nindl, Pointner Graz, Secure Anycast Tunneling Protocol.

Coarse-Grained Traffic Analysis in ISP Networks A Router-Based Approach Christian Martin Verizon.

Innovating the commodity Internet Update to CENIC 14-Mar-2007.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

NetfFow Overview SANOG 17 Colombo, Sri Lanka. Agenda Netflow –What it is and how it works –Uses and Applications Vendor Configurations/ Implementation.

© XchangePoint 2001 Economic Differences Between Transit and Peering Exchanges Keith Mitchell Chief Technical Officer NANOG 25 10th June 2002.

Network Components: Assignment Three

Network Flow-Based Anomaly Detection of DDoS Attacks Vassilis Chatzigiannakis National Technical University of Athens, Greece TNC.

Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.

Network Hardware. Where does internet come from?

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System.

Traffic Engineering for ISP Networks Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Networking Components Presented by Jaisson Mailloux LTEC 4550 Network Systems Administration.

NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.

Lecture 4: BGP Presentations Lab information H/W update.

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

workshop eugene, oregon What is network management? System & Service monitoring  Reachability, availability Resource measurement/monitoring.

Putting Intelligence in Internetworking: an Architecture of Two Level Overlay EE228 Project Anshi Liang Ye Zhou.

NWEN 402 – Peering & Exchange T With material from Geoff Huston, Andy Linton & Valerie Schaeffer.

© 2004 AARNet Pty Ltd Measurement in aarnet3 4 July 2004.

April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.

1 Network Measurements and Sampling Nick Duffield, Carsten Lund, and Mikkel Thorup AT&T Labs-Research, Florham Park, NJ.

Hubs A Hub is a hardware device that connects many computers of other devices to each other. Some information that is sent to the hub can be send to other.

NETWORKING COMPONENTS Buddy Steele Assignment 3, Part 1 CECS-5460: Summer 2014.

AIMS Workshop Heidelberg, 9-11 March 1998 P616 - ENHANCED ATM ISSUES Network Layers over ATM Rüdiger Geib Deutsche Telekom Tel Fax +49.

Components of wireless LAN & Its connection to the Internet

July 12th 1999Kits Workshop 1 Active Networking at Washington University Dan Decasper.

Management of the LHCb Online Network Based on SCADA System Guoming Liu * †, Niko Neufeld † * University of Ferrara, Italy † CERN, Geneva, Switzerland.

An Efficient Gigabit Ethernet Switch Model for Large-Scale Simulation Dong (Kevin) Jin.

Networking Components William Isakson LTEC 4550 October 7, 2012 Module 3.

P2P is good news “will force us to look for new solutions architectures in resource manegment”

Benefits and Value of an IXP The IXP Value Proposition.

Company LOGO Network Architecture By Dr. Shadi Masadeh 1.

Inter-domain Routing Outline Border Gateway Protocol.

1 Monitoring: from research to operations Christophe Diot and the IP Sprintlabs ipmon.sprintlabs.com.

1 Netflow Collection and Aggregation in the AT&T Common Backbone Carsten Lund.

System Components Operating System Services System Calls.

Traffic Volume Dependencies between IXPs Thomas King R&D, DE-CIX.

APNIC 20, Hanoi, Vietnam 08 September 2005 npIX Report card 2004/2005 Gaurab Raj Upadhaya CEO / Tech Chair Nepal Internet Exchange

CS 3700 Networks and Distributed Systems

Border Gateway Protocol

CS 3700 Networks and Distributed Systems

Chapter 4: Network Layer

Traffic Volume Dependencies between IXPs

Flow Collection and Analytics

Data collection methodology and NM paradigms

Internet Interconnection

CS 3700 Networks and Distributed Systems

Chapter 8: Monitoring the Network

Tussles for Edge Network Caching

Internet Exchange.

Multicasting Unicast.

Presentation transcript:

Geneva, 24 March 2011 Flow-based Traffic Accounting at SWITCH Simon Leinen Team Leader LAN, SWITCH ITU-T Workshop on IP Traffic Flow Measurement (Geneva, Switzerland, 24 March 2011)

Geneva, 24 March About SWITCH National Research and Education Network (NREN) for Switzerland Provide Internet(1+2) to universities One of the first Swiss ISPs Fiber-based since 2001 Operates C/DWDM, routers, peerings Upstreams in Geneva and Zurich Peerings in Geneva, Zurich, Amsterdam Total ext. traffic levels: Gb/s

Geneva, 24 March How SWITCH uses Netflow data Volume-based charging Traffic planning for peering & transit Security - early warnings, forensics To support research (ETHZ EE-CSG)

Geneva, 24 March Volume-based charging at SWITCH Principle mandated by foundation: Costs recovery must distribute charges according to costs caused! Implementation: Volume charges In addition to fee components based on: Access capacity Access type (redundant/non-redundant) Headcount Value-added services

Volume Charges: First Attempt Early model: count (using SNMP) bytes crossing SWITCHsite i/f only in that direction - outbound is free! Unwanted customer reactions: Reduce cheap local traffic (e.g. USENET) Build back-door connections between universities Fear of new services such as multicast Geneva, 24 March 2011

6 New model (since 1998) Only off-net traffic is charged Still inbound-only, i.e. Internetsite Research traffic (e.g GÉANT) exempt Transit & commercial peerings charged Initially: Only transatlantic traffic Other intricacies Nights (20-08 local) and weekends free IPv6 currently free to encourage use

Geneva, 24 March “Fluxoscope” Accounting System Consume (unsampled) flows from border routers Aggregate off-net flows online by: Customer ID Peer AS Application (guessed from ports etc.) Write statistics to files every 5 min Post-process offline (bills, graphs, …)

Geneva, 24 March Why Unsampled? Because our routers can do it Hardware Netflow implementation And they are bad at sampling Billing might work with sampling As long as sampling is random/unbiased We charge large aggregates Secondary applications are the problem! (security, research)

Geneva, 24 March Issue: Cost/Performance Performance of the underlying measurement even though our platform does Netflow "in hardware” too many flows  occasional acct. loss router CPU overworked with flow export Cost of processing data Servers, licenses, storage, operations

Accounting Flows/s processed by Fluxoscope jobs Geneva, 24 March 2011

Issue: Where does value accrue? No idea who initiated a connection At SWITCH, we charge the receiver Questionable because sender controls “Information creates value for receiver” Not applicable to e.g. commercial content providers Geneva, 24 March 2011

Issue: Asymmetric Routing On IXPs, not sure which neighbor AS traffic really came from Netflow includes “source AS” (peer or origin), but these are derived from local router’s routing tables Geneva, 24 March 2011