Presentation is loading. Please wait.

Presentation is loading. Please wait.

6MoN plus geographically distributed dual stack network monitoring #TNC16 | #IIT-CNR | #6MoN Speaker: Abraham Gebrehiwot.

Published byBrianne Francis Modified over 8 years ago

Similar presentations

Presentation on theme: "6MoN plus geographically distributed dual stack network monitoring #TNC16 | #IIT-CNR | #6MoN Speaker: Abraham Gebrehiwot."— Presentation transcript:

1 6MoN plus geographically distributed dual stack network monitoring #TNC16 | #IIT-CNR | #6MoN Speaker: Abraham Gebrehiwot

2 Present-day Internet architecture #TNC16 | #IIT-CNR | #6MoN 6MoN plus IPv6 6to4 router 6to4 relay

3 Dual-stack (IPv4/IPv6) networks monitoring #TNC16 | #IIT-CNR | #6MoN ★ Oftentimes, maybe unknown to us, IPv6 is already up and running on our devices. ★ We need a tool to simplify the management and monitoring of dual- stack networks, having three fixed goals: ○understand the networks and hosts behavior; ○resolve any network anomalies; ○monitor the IPv4/IPv6 address utilization. 6MoN plus

4 Geo-distributed network monitoring #TNC16 | #IIT-CNR | #6MoN ★ Managing and monitoring geo-distributed network is not a simple task: ○we need to be physically connected to the remote network in order to gather some traffic; ○present-day Internet architecture does not help: ■Firewalls and NATs might be found! ★ We need to have a distributed monitoring tool accessible from a unique GUI. 6MoN plus

5 6MoN plus - what does it offer? #TNC16 | #IIT-CNR | #6MoN ★ it detects, mitigates and notifies rogue IPv6 Router Advertisments; ★ it allows to monitor network addresses utilization by finding associations between IPv4, IPv6, MAC addresses, DUIDs, Usernames, etc. within a period of time; ★ it inspects routers' IPv6 neighbor caches leveraging SNMP protocol; ★ it detects and notifies the presence of rogue DHCPv4 servers. ★ L2 loop detection ★ IPv4 address collision ★ MacFind ★ remote controling of the probes and the installed modules ★ NAT and Firewall traversal ★ previleged based multi user management ★ efficient and better algorithms 6MoN plus

6 6MoN plus - comparison with other solutions #TNC16 | #IIT-CNR | #6MoN ★ Rogue router advertisment mitigation ○RA-guard: L2 filtering of rogue router advertisment ○SEcure Neighbor Discovery (SEND): Cryptographic method ○Host based packet filtering ○6MoN: previously developed by our team ○NDPMon - dual stack network monitoring tool (remote monitoring modules are not stable for production use) ★ DHCP Monitoring: L2 filtering 6MoN plus

7 6MoN plus - development team Filippo Lauria Claudio PortaAndrea De Vita 6MoN plus Abraham Gebrehiwot #TNC16 | #IIT-CNR | #6MoN

8 6MoN plus - system architecture #TNC16 | #IIT-CNR | #6MoN Probe 1Probe 2Probe N Core GUI DB hybrid architecture: back-end front-end distributed back-end: N Probes A central Core multi-tier front-end. 6MoN plus

9 6MoN plus - backend behavior #TNC16 | #IIT-CNR | #6MoN Probe: a remote application able to gather and extract relevant information from the network traffic; Core: process able to collect and manage data incoming from the probes; Probe 1Probe 2Probe N Core DB Features: NAT and Firewall Traversal Communication: control plane, data plane 6MoN plus

10 6MoN plus - front end behavior #TNC16 | #IIT-CNR | #6MoN Probe 1Probe 2Probe N Core GUI DB Probe: a remote application able to gather and extract relevant information from the network traffic; Core: process able to collect and manage data incoming from the probes; GUI: to easily allow access, configuration and control of the system. 6MoN plus

11 6MoN plus - backend gathering information #TNC16 | #IIT-CNR | #6MoN 6MoN plus ★ In order to synthesize the information a probe performs few simple tasks: ○select only the relevant pieces of information ■e.g. from an ARP packet we need to know only SW_ADDR (IP Address) and HW_ADDR (MAC Address) fields ○reduce transmission of information (to the core), using a caching system

12 Caching System 6MoN plus - probe’s caching system #TNC16 | #IIT-CNR | #6MoN 6MoN plus ★ Threshold-based caching system (simplified version): ○Time-based (default: 30 seconds) ○Based on number of processed packets (default: 30 packets) ARP Processing Unit hit miss send to core thresholds expired erase entry update counting threshold don’t send Packet Sniffer insert new entry

13 6MoN plus - use case #TNC16 | #IIT-CNR | #6MoN 6MoN plus

14 6MoN plus - strengths #TNC16 | #IIT-CNR | #6MoN 6MoN plus Modularity Scalability Efficiency Easy setup Low installation and managing costs

15 6MoN plus - development #TNC16 | #IIT-CNR | #6MoN 6MoN plus ●Probe ○it can execute on a Raspberry Pi, too! ●Core ○it can be installed on a VM, too! ●Open Source ○no additional licence costs ○source code available

16 6MoN plus - future work #TNC16 | #IIT-CNR | #6MoN 6MoN plus ★ extend 6MoN Plus’ functionalities: ○IoT applications (e.g. devices, vehicles, buildings, etc.); ○Smart Cities applications (e.g. traffic monitor, air quality monitor, etc.).

17 Thank you for your attention For further details: abraham.gebrehiwot@iit.cnr.it 6MoN plus

Download ppt "6MoN plus geographically distributed dual stack network monitoring #TNC16 | #IIT-CNR | #6MoN Speaker: Abraham Gebrehiwot."

Similar presentations

CCNA1 v3 Module 9 v3 CCNA 1 Module 9 JEOPARDY K. Martin Galo Valencia.

CCNA1 v3 Module 9 v3 CCNA 1 Module 9 JEOPARDY K. Martin Galo Valencia.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.

IPv6 at NCAR 8/28/2002. Overview What is IPv6? What’s wrong with IPv4? Features of IPv6 IPv6 will soon be available at NCAR How to use IPv6.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.

1 Address Resolution Protocol (ARP) Relates to Lab 2. This module is about the address resolution protocol.
CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.

CCNPv5 Minimizing Service Loss and Data Theft in a Campus Network 1 Minimizing Service Loss and Data Theft in a Switched BCMSN Module 8 – Sec 2.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Subnetting.

Subnetting.
IP Routing: an Introduction. Quiz 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255.

IP Routing: an Introduction. Quiz
Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.

Chapter 23: ARP, ICMP, DHCP IS333 Spring 2015.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)

Section 461.  ARP  Ghostbusters  Grew up in Lexington, KY  Enjoy stargazing, cycling, and mushroom hunting  Met Mario once (long time ago)
1 Firewalls Types of Firewalls  Screening router firewalls  Computer-based firewalls  Firewall appliances  Host firewalls (firewalls on clients and.

1 Firewalls Types of Firewalls  Screening router firewalls  Computer-based firewalls  Firewall appliances  Host firewalls (firewalls on clients and.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.

DYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) BY: SAMHITA KAW IS 373.
Asymmetric Extended Route Optimization (AERO)

Asymmetric Extended Route Optimization (AERO)
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Similar presentations

Ads by Google