Presentation is loading. Please wait.

Presentation is loading. Please wait.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Published byLouisa Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone."— Presentation transcript:

1 Measurement in Networks & SDN Applications

2 Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone getting DDoS-ed? Who is getting traffic for a naughty website? How many people have downloaded from a naughty site? Which links have the most bytes

3 Port Scan Try to find vulnerability in a host – Idea scan all the ports on the host to see which are open A scan: a small hello packet to see if host responds – After finding the open port you can perform other attacks

4 DDoS Try to attack a host/server – Make sure the server can’t respond to anyone else – Send it a bunch of traffic until out of memory – Send it a bunch of traffic until no more bandwidth DoS: attack the server from one machine DDoS: attack the server from many machines – Harder to defend against.

5 How do we measure things? Switches count bytes/packets – NetFlow/sFlow: # bytes/packets per flow To scale: samples packets and performs calculations based on samples. – 1 in ever n packets Implications: don’t see all packets. – SNMP: # bytes/packets per link

6 Interesting Questions Who is sending a lot to a subnet? Is someone doing a port Scan? Is someone getting DDoS-ed? Who is getting traffic for a naughty website? How many people have downloaded from a naughty site? Which links have the most bytes? Netflow SNMP

7 Why can’t questions be answered? When you sample  you miss packets. – Increasing the sampling rate leads to huge resource overheads. So can’t answer questions: – You miss the packets when you check sampling – Is someone doing a port Scan? Is there a short lived connection from one server to many ports on another server? – Is someone doing a DDoS? Is there a short lived connection from many servers to one?

8 Solution……. – You don’t want to sample because you miss stuff – But you can’t always process everything because it is hard to scale Use online streaming algorithms – See OpenSketch for more…

9 What are SDN Applications?

10 How we use the network Ensuring reachability: routing/forwarding traffic – Bad things: loop-holes, blackholes

11 How do we use the network Network Address Translation – You have a small number of IP address; e.g. 1 – But you want to have many devices; tablet/phone Each one needs it own IP address So you share them External IP 123.12.392.3 Internal IP 10.10.0.1 Internal IP 10.10.0.2

12 How do we use the network Load balancing: make sure servers get equal number of requests

13 How do we use the network Load balancing: make sure servers get equal number of requests

14 L.B. Security NAT Physical View Device State Policy Veriflow|H.A.S.|Libra Network OS Invariant has been violated! There’s a bug. What Next? Hub

15 How are Networks managed

16 In a hierarchical manner – With control delegated from top to bottom – Resource delegated in a similar manner

17 How can SDN support such delegation? Hierarchical capabilities. See more in the PANE paper.

Download ppt "Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.

The VPN-Alyzer When Collecting SNMP and Netflow isnt practical.
Internet Protocol How does information get sent from one device to another across a WAN?

Internet Protocol How does information get sent from one device to another across a WAN?
SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.

SDN Abstractions. In an SDN Ideal World, we want… multiple applications (Composition): – So, need to worry about sharing. – About isolation. Network policies.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.

OpenSketch Slides courtesy of Minlan Yu 1. Management = Measurement + Control Traffic engineering – Identify large traffic aggregates, traffic changes.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
TCP for today’s Web. Connections today Web-page > 300KB but objects are small 7.5KB -2.4KB [25] lots of small objects in a page. Implication: TCP Handshake.

TCP for today’s Web. Connections today Web-page > 300KB but objects are small 7.5KB -2.4KB [25] lots of small objects in a page. Implication: TCP Handshake.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.

Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Anomaly Detection Steven M. Bellovin https://www.cs.columbia.edu/~smb Matsuzaki ‘maz’ Yoshinobu 1.

Anomaly Detection Steven M. Bellovin Matsuzaki ‘maz’ Yoshinobu 1.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.

BotMiner Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee College of Computing, Georgia Institute of Technology.
UNITS meeting September 30, 2004 Network Security Roger Safian

UNITS meeting September 30, 2004 Network Security Roger Safian
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.

Data Plane Verification. Background: What are network policies Alice can talk to Bob Skype traffic must go through a VoIP transcoder All traffic must.
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.

Network Attacks. Network Trust Issues – TCP Congestion control – IP Src Spoofing – Wireless transmission Denial of Service Attacks – TCP-SYN – Name Servers.
Q and A, Ch. 21 IS333, Spring 2015 Victor Norman.

Q and A, Ch. 21 IS333, Spring 2015 Victor Norman.

Similar presentations

Ads by Google