Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch,

Slides:



Advertisements
Similar presentations
Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
Advertisements

Page 1 Title: Traffic Detection Function Extensions for cdma2000 1x and HRPD Networks Sources: Qualcomm Contact: George Cherian
Introduction to IPv6 Presented by: Minal Mishra. Agenda IP Network Addressing IP Network Addressing Classful IP addressing Classful IP addressing Techniques.
IPv6 Victor T. Norman.
IPv4 - The Internet Protocol Version 4
Progress Report: Metering NSLP (M-NSLP) 66th IETF meeting, NSIS WG.
Multi-granular, multi-purpose and multi-Gb/s monitoring on off-the-shelf systems TELE9752 Group 3.
Chapter 20 Network Layer: Internet Protocol Stephen Kim 20.1.
1 PSAMP WGIETF, November 2002PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-01.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:
FLIP : Flexible Interconnection Protocol Ignacio Solis Katia Obraczka.
December 10, Policy Terminology - 01 Report for 49th IETF Preview for AAA Arch RG John Schnizlein.
Transition Mechanisms for Ipv6 Hosts and Routers RFC2893 By Michael Pfeiffer.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
1 PSAMP Protocol Specifications IPFIX IETF-64 November 10th, 2005 Benoit Claise Juergen Quittek Andrew Johnson.
DPNM, POSTECH 1/23 NOMS 2010 Jae Yoon Chung 1, Byungchul Park 1, Young J. Won 1 John Strassner 2, and James W. Hong 1, 2 {dejavu94, fates, yjwon, johns,
December 13, Policy Terminology - 01 Report for 49th IETF Andrea Westerinen.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.
POSTECH DP&NM Lab. Internet Traffic Monitoring and Analysis: Methods and Applications (1) 5. Passive Monitoring Techniques.
1 IPFIX Protocol Specifications IPFIX IETF-59 March 3, 2004 Benoit Claise Mark Fullmer Reinaldo Penno Paul Calato Stewart Bryant Ganesh Sadasivan.
UNIT IP Datagram Fragmentation Figure 20.7 IP datagram.
Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
Topic of Presentation IPv6 Presented by: Mahwish Chaudhary Roll No 08TL01.
Transmission Control Protocol
(Business) Process Centric Exchanges
Jun Li DHCP Option for Access Network Information draft-lijun-dhc-clf-nass-option-01.
QUALCOMM Incorporated 1 Protocol Options for BSN- BSMCS Controller Interface Jun Wang, Kirti Gupta 05/16/2005 Notice: Contributors grant a free, irrevocable.
Multimedia Wireless Networks: Technologies, Standards, and QoS Chapter 3. QoS Mechanisms TTM8100 Slides edited by Steinar Andresen.
Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.
Abierman-psamp-18nov02 1 PSAMP WG 55th IETF Atlanta, Georgia November 18, 2002 Discussion: Admin: (In Body:
Module 7: Advanced Application and Web Filtering.
Institut für Telematik Universität Karlsruhe (TH) Germany IWAN 2005 – November 23th An Extension to Packet Filtering of Programmable Networks Marcus Schöller,
-1- Wise* TrafView Wise * TrafView ETRI’s Content-aware Internet Application Traffic Measurement and Analysis System APAN Network Technology WS January.
4: Network Layer4b-1 IPv6 r Initial motivation: 32-bit address space completely allocated by r Additional motivation: m header format helps speed.
GTP (Generic Tunneling Protocol) Alessio Casati/Lucent Technologies Charles E. Perkins/Nokia Research IETF 47 draft-casati-gtp-00.txt.
Standards Activities on Traffic Measurement. 2 Outline Applications requiring traffic measurement Packet capturing and flow measurement Existing protocols.
Draft-ietf-fecframe-config-signaling-02 1 FEC framework Configuration Signaling draft-ietf-fecframe-config-signaling-02.txt IETF 76 Rajiv Asati.
Evaluation of NetFlow Version 9 Against IPFIX Requirements: changes from version 03 to 04 draft-claise-ipfix-eval-netflow-04.txt Benoit Claise, Cisco Systems.
1 PSAMP Protocol Specifications PSAMP IETF-59 March 2, 2004 Benoit Claise Juergen Quittek.
Net Flow Network Protocol Presented By : Arslan Qamar.
Speaker: Yi-Lei Chang Advisor: Dr. Kai-Wei Ke 2012/05/15 IPv6-based wireless sensor network 1.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
POSTECH DP&NM Lab Detailed Design Document NetFlow Generator 정승화 DPNM Lab. in Postech.
1 PSAMP Protocol Specifications PSAMP IETF-58 November 11, 2003 Benoit Claise Juergen Quittek.
PSAMP Information Model Status Information Model for Packet Sampling A Status Report Thomas Dietz Falko Dressler.
IPFIX MIB Status Managed Object for IP Flow Export A Status Report Thomas Dietz Atsushi Kobayashi
1 Minneapolis‘ IETF IPFIX Aggregation draft-dressler-ipfix-aggregation-00.txt.
CSCI 465 D ata Communications and Networks Lecture 25 Martin van Bommel CSCI 465 Data Communications & Networks 1.
IPFIX Protocol Draft Benoit Claise, Cisco Systems Mark Fullmer, OARnet Reinaldo Penno, Nortel Networks Paul Calato, Riverstone Networks.
IPFIX Requirements: Document Changes and New Issues Raised Jürgen Quittek, NEC Benoit Claise, Cisco Tanja Zseby, Sebstian Zander, FhG FOKUS.
1-D Interleaved Parity FEC draft-begen-fecframe-interleaved-fec-scheme-00 IETF 72 – July 2008 Ali C. Begen
1 PSAMP WGIETF, November 2003PSAMP WG PSAMP Framework Document draft-ietf-psamp-framework-04.txt Duffield, Greenberg, Grossglauser, Rexford: AT&T Chiou:
Flow sampling in IPFIX: Status and suggestion for its support Maurizio Molina,
IETF 64 PSAMP WG1 Path-coupled Meter Configuration Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen Quittek,
Internet Protocol Version 6 Specifications
IPFIX Aggregation draft-dressler-ipfix-aggregation-01.txt.
Managed Objects for Packet Sampling
PANA Issues and Resolutions
Monitoring MIPv6 Traffic with IPFIX
IT443 – Network Security Administration Instructor: Bo Sheng
RMON.
IPv6 / IP Next Generation
Zhenqiang Li Rong Gu China Mobile Jie Dong Huawei Technologies
Network Administration CNET-443
NetFlow Analysis with Elastic Stack
2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.
Chapter 15. Internet Protocol
Presentation transcript:

Per-Packet Record Export Proposal draft-kim-ipfix-ppr-00.txt Chang H. Kim, Taesang Choi {kimch,

Motivation Contents-awareness is getting more important Applicability Application Recognition/Identification User-configurable or dynamic ports, overloaded ports, etc. are big concerns Contents-based Service Differentiation and Accounting Attack/Intrusion Detection Some worms or viruses do not incur flow/packet number increases, esp. at the early stage of dissemination.

Real-world Situation Port/Application Port-based Accounting Contents-based Accounting 80/HTTP67 GB 59.1 GB (11.8% reduced) 21/FTP_CTRL0.29 GB0.28 GB 20/FTP_DATA43 GB42 GB ?/FTP_DATA_PASSIVEn/a 6 GB (14.3% of FTP_DATA, 2% of the total volume) 5003/?692 MB HTTP: 13.2 MB BUGS_MUSIC: MB EDONKEY: MB etc.: 85.7 MB PosTech Traffic Breakdown - PosTech Campus Network (24h sum in May, 304GB total volume)

Exporting Payload Required Contents-awareness requires exporting packet payload Entire/partial payloads can be exported on a per-packet basis our approach in the draft on the existing flow basis might be another decent option

Why per-packet basis? Payload investigation is expensive requires fragmentation, drop, and out-of-order handling O(t*p) or O(t+p) time complexity t = text length, p = pattern length Timely transmission is important can’t wait until a flow terminates

Other Applications of PPR Export QoS Monitoring and Traffic Profiling Understanding per-packet traits required

The Objective of the Draft Incorporating per-packet information export into the existing ipfix proposals providing a generalized version of a ppr export mechanism so that all the required fields of a packet (including payload) can be exported leveraging the existing ipfix protocol, information model, and architecture

Correspondence with the WG Charters ipfix or psamp? When it’s literally grounded on the charters, the draft better matches with psamp than ipfix. Nevertheless, we first brought this up to ipfix because psamp seems to be focusing on sampling and filtering mechanisms and the mibs for configuration Corresponding to the “ipfix-psamp relationship” proposal

Suggested Extensions Information Model Extension The draft includes information elements based on IPv4/TCP/UDP headers and packet payloads Exporting first n bytes of a packet supported Configuration Extension A selection criteria for enabling/disabling per-packet record generation Adding Per-Packet Info Export flag to the existing selection criteria suffices Pattern Specification for packet payload investigation and export (optional)

Extended Architecture Packet Capturing Timestamping Sampling Generating Flow Records Generating Packet Records (A payload is appended only when a specified pattern is found on the payload) Payload Investigation (Null when No pattern or Wildcard pattern) Classifying PPIE flag == on

Data Export Utilizing the existing Data Export mechanism Requires at the most two different record templates Flow Properties record and Packet Properties record In psamp, Flow Properties record merely means shared information element; just for stringent network resource consumption Associating packet records with the corresponding flow record is accomplished on the basis of the order of the two records; a Flow Properties record must be disposed right ahead of the corresponding Packet Properties records Packet record export intervals synchronized with the flow export unsynchronized with the flow export periodic/instant export

A Sample Layout of an Export Packet Containing PPR Packet Header Data FlowSet (Ordinary Flow Records)... Flow Properties FlowSet (Flow Record of flow “X”) Packet Properties FlowSet (Packet Records within “X”)... FlowSet ID = p FlowSet ID = q or p FlowSet ID = r

Issues Discussed Assigning a unique pkt id globally unique? flow-locally unique? what about calculating the unique id at the collecting process? Schemes for associating packet records to the corresponding flow record Incorporating information elements for IPv6 packets

Proposed Next Steps Regarding contents-awareness To supplement the applicability draft with some texts Exporting packet payloads using the existing flow export mechanisms may also be separately documented Regarding per-packet information export Verifying the correctness of utilizing ipfix protocol and information model under ipfix/psamp? Then, building up as a wg document in psamp? Cooperation with another interested group expected

Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.