Presentation is loading. Please wait.

Presentation is loading. Please wait.

PlanetFlow The PlanetLab Network Auditing Service Mark Huang

Published bySylvia Marilyn Stevens Modified over 6 years ago

Similar presentations

Presentation on theme: "PlanetFlow The PlanetLab Network Auditing Service Mark Huang"— Presentation transcript:

1 PlanetFlow The PlanetLab Network Auditing Service Mark Huang
Princeton University / PlanetLab Operations

2 Why we need network auditing
Enforces the AUP Isolates responsibility Keeps us on good terms with the Internet community

3 Basic search

4 Search results

5 Feedback

6 PlanetFlow is not… NetFlow™ NetFlow Snort Packet accurate Real time
Suitable for research (yet) Not NetFlow™, Cisco’s proprietary traffic flow monitor. Does not do fancy accounting, billing, protocol analysis, or DoS monitoring, and does not track usage over time. Not NetFlow, the old version 2 service that ended up being mostly unusable. Not Snort or tcpdump. Aggregates outbound packets into daily “flows” (unique source and destination tuples for known protocols). Updates backend every 5 minutes. Flows are aggregated daily. Makes mistakes. Does no protocol analysis. No sensor interface.

7 Requirements Usable Comprehensive Archivable Secure Fast Scalable
Small Secure Run in a slice

8 Implementation Fast Scalable Small Secure
Collector is multi-threaded C MySQL backend Most queries take only seconds Scalable Split table, split database schema One codebase Automated maintenance Small Compressed MyISAM tables 20-50 MB per day per node 240 GB per month Secure Runs in a slice

9 Some interesting statistics
PlanetLab regularly generates 100 M flows and 3-4 TB of traffic per day 60-70% of this traffic is within PlanetLab 55% of an average node’s traffic is generated by a single slice 72% of an average slice’s traffic is to a single destination

Download ppt "PlanetFlow The PlanetLab Network Auditing Service Mark Huang"

Similar presentations

New Directions in Traffic Measurement and Accounting Cristian Estan (joint work with George Varghese)

New Directions in Traffic Measurement and Accounting Cristian Estan (joint work with George Varghese)
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.

The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.
ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net www.icmynet.com.

ICmyNet.Flow Network Traffic Analysis System If You Want to See Your Net
PlanetLab Architecture Larry Peterson Princeton University.

PlanetLab Architecture Larry Peterson Princeton University.
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.

Monitoring a Large-Scale Network: Selecting the Right Tool Sayadur Rahman United International University & Network Manager, Financial Service.
RD-CSY2001-08/09 Distance Vector Routing Protocols.

RD-CSY /09 Distance Vector Routing Protocols.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.

Information Networking Security and Assurance Lab National Chung Cheng University Analysis Console for Intrusion Databases.
Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,

Internet Traffic Analysis for Threat Detection Joshua Thomas, CISSP Thomas Conley, CISSP Ohio University Communication Network Services Joshua Thomas,
Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 

Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 
PlanetLab Software Overview Mark Huang

PlanetLab Software Overview Mark Huang
Networking in a Linux Environment Pete Eby Dan Thomas Robert Zurawski.

Networking in a Linux Environment Pete Eby Dan Thomas Robert Zurawski.
Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.

Experiences in Analyzing Network Traffic Shou-Chuan Lai National Tsing Hua University Computer and Communication Center Nov. 20, 2003.
TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.

TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc.
Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.

Differences between In- and Outbound Internet Backbone Traffic Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Oppenheimer.
Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Session 2 Security Monitoring Identify Device Status Traffic Analysis Routing Protocol Status Configuration & Log Classification.

Similar presentations

Ads by Google