Presentation is loading. Please wait.

Presentation is loading. Please wait.

Panel on Network Data and Monitoring - The Abilene Network

Published byLionel Beasley Modified over 6 years ago

Similar presentations

Presentation on theme: "Panel on Network Data and Monitoring - The Abilene Network"— Presentation transcript:

1 Panel on Network Data and Monitoring - The Abilene Network
Rick Summerhill Director, Network Research, Architecture, and Technologies, Internet2 Tempe, AZ 8 December 2018

2 The Abilene Network Abilene Network - national backbone connecting most of the research universities across the united states Original design included measurement capabilities to support operations. We realized there was tremendous research potential, leading to the Abilene Observatory. The Abilene Observatory A correlated database consisting of datasets, including utilization data, routing data, throughput data, latency data, netflow data, etc. Some of the data is sensitive - neflow data and passive measurement data - IP addresses and port numbers - the potential to understand what individuals are doing. 12/8/2018

3 Sensitive Datasets Netflow data - sampled at 1%
Collected from all 11 backbone routers in Abilene and saved for approximately 3 months. Current dataset is anonymized by zeroing the low order 11 bits before it ever touches a disk. There is interest in having more detailed data. Passive monitoring data - sampled at 100% A router clamp around the Indianapolis router. Can look at headers from all packets in and out of the router! IP addresses are hashed, but there are potential exploits that could weaken privacy. 12/8/2018

4 The Issues Privacy Network Research and Operations
We have an ethical responsibility to assure the individual privacy of our members' students, faculty, and staff using the Abilene Network. Datasets given to others, no matter how well intentioned, could be vulnerable to mistakes, errors in access, etc. However, Network Research and Operations The network is under threat. Unfortunately, if someone wants to take a host off the network, one that has limited resources associated with it, it can be done. We need to insure researchers have access to data - understand fundamental problems and propose solutions. Similarly, for operational reasons, keeping data for reasonable periods of time is essential for understanding operational problems. 12/8/2018

5 Policy Issues Considering changes in policy to allow additional collections of data and its access. Need to build a process for approval of expanded data access We’re interested in reactions from the community. It would be nice to reach consensus on what is appropriate and the process involved. Some examples: Could allow access to data that is hashed, with reasonable persistence for keys. Might require agreements with universities Could allow access to data that, after a reasonable period of time, is anonymized using existing techniques. Would require agreements with universities. 12/8/2018

Download ppt "Panel on Network Data and Monitoring - The Abilene Network"

Similar presentations

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.

Routing Routing in an internetwork is the process of directing the transmission of data across two connected networks. Bridges seem to do this function.
IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.

IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
Collecting and Managing Network Traffic Data February 8, 2005

Collecting and Managing Network Traffic Data February 8, 2005
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
IP: The Internet Protocol

IP: The Internet Protocol
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
What Data Do We Need and Why Do We Need It? Jim Pepin Chief Technology Officer University of Southern California.

What Data Do We Need and Why Do We Need It? Jim Pepin Chief Technology Officer University of Southern California.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.

Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Types of Addresses in IPv4 Network Range

Types of Addresses in IPv4 Network Range
The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.

The Network Layer. Network Projects Must utilize sockets programming –Client and Server –Any platform Please submit one page proposal Can work individually.
13 September 2015 The Abilene Observatory and Network Research Rick Summerhill, Director Network Research, Architecture, and Technology, Internet2 Joint.

13 September 2015 The Abilene Observatory and Network Research Rick Summerhill, Director Network Research, Architecture, and Technology, Internet2 Joint.
Network Component's and terms.. Hubs  An Ethernet hub, active hub, network hub, repeater hub, multiport repeater or hub is a device for connecting multiple.

Network Component's and terms.. Hubs  An Ethernet hub, active hub, network hub, repeater hub, multiport repeater or hub is a device for connecting multiple.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
IP Tutorial 1. 2 An IP address is a unique number used to identify your computer on the internet. Every system has it’s own unique IP address. IP addresses.

IP Tutorial 1. 2 An IP address is a unique number used to identify your computer on the internet. Every system has it’s own unique IP address. IP addresses.
Module 4: Designing Routing and Switching Requirements.

Module 4: Designing Routing and Switching Requirements.
Client/Server Model.

Client/Server Model.

Similar presentations

Ads by Google