Presentation is loading. Please wait.

Presentation is loading. Please wait.

SURFnet6 Network Monitoring and Reporting Hans Trompert, SURFnet.

Published byMelina Powell Modified over 9 years ago

Similar presentations

Presentation on theme: "SURFnet6 Network Monitoring and Reporting Hans Trompert, SURFnet."— Presentation transcript:

1 SURFnet6 Network Monitoring and Reporting Hans Trompert, SURFnet

2 Information needs Connected organizations NOC / SURFnet / research Annual report Information detail

3 Monitoring versus Reporting -Monitoring -real-time -status -alarms -Reporting -afterwards -over a specific time period (day, week, month, year)

4 Information source and destination Avici SSR Nortel ERS8600 Nortel OM5200 Nortel OME6500 Nortel OME1060 SURFnet6 operations Real-time customer reporting Security

5 Equipment and interface Optical devicesCPLTL1 OM5200TL1 (+ SNMP) OME6500TL1 (+ SNMP) OME1060SNMP Data devicesERS8600SNMP Avici SSRSNMP + Netflow

6 Reporting: SNMP metrics SNMP metrics: -Interface in/out octet counters -Interface in/out packet counters (unicast/broadcast/multicast) -Interface input/output errors -Interface availability -Temperature -Memory -CPU -Device uptime -and more …

7 Reporting: TL1 metrics TL1 metrics: -Input/Output Frames -Errored frames -Discarded frames -Transmit and receive power levels -Errored Seconds - number of seconds that have had CRC errors -Severely Errored Seconds - after 10 seconds of ES we start counting SES -UnAvailable Seconds - Seconds where we had no sync -and more …

8 Monitoring: SNMP traps SNMP traps -Fan -Temperature -Voltage -Link Up/Down -Bay Controller -Module -PIM + MSDP -BGP -VRRP -ISIS -and more …

9 Monitoring: TL1 events TL1 Events -Equipment -Circuit pack missing/mismatch/failed -Fan failed/missing -Power failure A or B -High temperature -Shelf -Software upgrade failed/mismatch/…. -Database integrity fail/restore in progress/… -Amplifier -input/output loss of signal -automatic shutoff -and many, many more

10 SNMP based volume reporting Internet Connected organizations Border router Amsterdam1 (SARA) Border router Amsterdam2 (TeleCity II) Core router Amsterdam2 (TeleCity II) Core router Amsterdam1 (SARA) -Total external traffic -Per traffic class (AMS-IX, Global, privat peers) -Per provider/peer -Total SURFnet internal traffic -Per connected organization

11 SURFnet external traffic volume -SURFnet external traffic volume -Ams-IX -Private peers (via Ams-IX), including: -Chello, Tiscali, @Home, Planet, XS4all -Garnier Projects, Abovenet, UUnet, Cogent -NREN -Geant2 -SINET -Abilene -Global -Global Crossing -Cable & Wireless

12 SURFnet external traffic volume

13 SURFstat: Real-time connected organization traffic volume reporting -Software -Net-SNMP -Python -RRDtool -Features -Easy administration by labeling connections with keywords in interface description on router -Different graph resolutions: day, week, month, year, decade -1 minute measurement interval -Reports on -volume (bits in/out) -packets (unicast/multicast/broadcast)

14 SURFstat: UvA (many users)

15 SURFstat: CWI (few users)

16 Netflow – flow information -Netflow uses the common 5-tuple definition, where a flow is defined as a unidirectional sequence of packets all sharing all of the following 5 values: 1.Source IP address 2.Destination IP address 3.Source TCP port 4.Destination TCP port 5.IP protocol -Most common fields in Netflow record: -5-tuple information -Input and output SNMP interface index -Timestamps for the flow start and finish time -Number of bytes and packets observed in the flow

17 Netflow – versions v1 First try v5 Most used version v6 Encapsulation information v7 Switch information v8 Several aggregation forms v9 Template Based, allowing many combinations, supports IPv6 IPFIX aka v10; IETF Standardized NetFlow 9 with Enterprise fields and other community input

18 Netflow setup Internet Connected organizations Border router Amsterdam1 (SARA) Border router Amsterdam2 (TeleCity II) Core router Amsterdam2 (TeleCity II) Core router Amsterdam1 (SARA) FLOWmon perfSONAR test NFSEN PeakFlow Fan out

19 Netflow applications -connected organizations: -FLOWmon detailed traffic reporting -SURFflow (Arbor Peakflow / NFSEN) suspicious traffic pattern reporting -SURFnet-CERT: -NFSEN suspicious traffic pattern reporting historical flow data queries profiles for custom reports -Geant2 JRA1 perfSONAR probes -Flow Subscription Measurement Point -Flow Selection and Aggregation Measurement Archive

20 FLOWmon Detailed traffic reporting: -total traffic -prefix-based flow grouping -reports on: -IP version (v4/v6) -IP protocol (TCP, UDP, ICMP, GRE, …) -TCP port (HTTP, SMTP, NNTP, FTP, SSH, …) -UDP port (domain, RTSP, VPN, …) -top N connected organizations -destination AS traffic

21 UvA traffic by IP protocol

22 Connected organization to world traffic by TCP destination port

23 SURFflow Reports on suspicious traffic patterns like: -Unusual amount of flows  DOS attack -Flows from one host to many ports on other host  portscan -From 1 host to same port on many hosts  break- in attempt making use of known bug -From many hosts to specific (set of) port(s) to many other hosts  virus/worm -etc …

24 Active measurements: RTTPL Round Trip Time and Packet Loss monitoring -measurement probes throughout the network -central storage of results -active measurements by injecting ICMP echo request packets -measuring min/max/avg RTT and jitter -both IPv4 and IPv6 -both unicast and multicast (under development) -measuring packet loss -20 pings per minute -report matrices per minute/hour/day/month -results between two probes in graphs

25 RTTPL report matrices

26 RTTPL Nijmegen - Amsterdam

27 Active measurements: Connected organization availability -measuring availability by sending ICMP Echo Requests to connected organization router -measurement includes last mile to connected organization plus connected organization router port (unlike commercial providers) -Cisco routers with Service Assurance Agent software on both Amsterdam1 and Amsterdam2 -results stored in database and reported monthly -redundancy in measurements by ORing results from Amsterdam1 and Amsterdam2

28 Thank you

Download ppt "SURFnet6 Network Monitoring and Reporting Hans Trompert, SURFnet."

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
CCNA1 v3 Module 9 v3 CCNA 1 Module 9 JEOPARDY K. Martin Galo Valencia.

CCNA1 v3 Module 9 v3 CCNA 1 Module 9 JEOPARDY K. Martin Galo Valencia.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Internet Multicast Routing  group addressing  class D IP addresses  link layer multicast  two protocol functions  group management –IGMP  route establishment.

Internet Multicast Routing  group addressing  class D IP addresses  link layer multicast  two protocol functions  group management –IGMP  route establishment.
Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.

Spring 2000CS 4611 Introduction Outline Statistical Multiplexing Inter-Process Communication Network Architecture Performance Metrics.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Network Operations and Network Management.
Implementing a Highly Available Network

Implementing a Highly Available Network
QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.

QoS Solutions Confidential 2010 NetQuality Analyzer and QPerf.
5/12/011 eircom net IP Network Karl Jeacle

5/12/011 eircom net IP Network Karl Jeacle
COS 338 Day 16. 2 DAY 16 Agenda Capstone Proposals Overdue 3 accepted, 3 in mediation Capstone progress reports still overdue I forgot to mark in calendar.

COS 338 Day DAY 16 Agenda Capstone Proposals Overdue 3 accepted, 3 in mediation Capstone progress reports still overdue I forgot to mark in calendar.
Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.

Introduction. 2 What Is SmartFlow? SmartFlow is the first application to test QoS and analyze the performance and behavior of the new breed of policy-based.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.

1 Version 3.0 Module 9 TCP/IP Protocol and IP Addressing.
Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.

Monitoring System Monitors Basics Monitor Types Alarms Actions RRD Charts Reports.

Similar presentations

Ads by Google