Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD.

Published byAmy Henderson Modified over 8 years ago

Similar presentations

Presentation on theme: "Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD."— Presentation transcript:

1 Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany quittek@ccrle.nec.de Georg Carle GMD FOKUS, Berlin, Germany carle@fokus.gmd.de http://www.fokus.gmd.de/usr/carle

2 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 2 Overview 1. Motivation and Objective 2. Packet Merging Fragment Merge (FM), TCP Socket merge (TS), UDP Socket merge (US), Peer Pair merge (PP), Source Merge (SM), Destination Merge (DM), Source Peer merge (SP), Destination Peer merge (DP) 3. Packet Filtering 4. Extended Captured Packet Encapsulation Header, Actions bit field,Number of merged packets, Total length of packets, Time Stamp (last), Filter Identifier 5. Packet Capturing Configuration Record 6. Security Issues 7. Summary

3 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 3 Distributed Metering RTFM Meter RMON Probe Etc. Router rpcap Measurement Application Accounting QoS Auditing Testing,... config

4 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 4 Motivation  Traffic Metering requires some kind of packet capturing  Experiences with existing metering technologies: problems with high-speed links: packet loss  Several interface cards / packet capturing devices have (unused) filtering and merging capabilities  Exploiting these capabilities  simplified meter  increased performance: splitting functionality between capturing (fast path), and more complex (software) RTFM processing

5 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 5 Extended Remote Packet Capturing  Draft for remote packet capturing by Carter Bullard: draft-bullard-pcap-00.txt  Proposed extensions: –additional fields in captured packet encapsulation header  functions for merging of headers with common properties –configuration of packet capturing devices  using a configuration record.  Rationale: Review of draft-bullard-pcap-00.txt –captured packet encapsulation header for transporting parts of captured packet (IP header, transport header, and parts of application layer) –each packet portion transported separately

6 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 6 Goal: Versatile Remote Packet Capturing (1) Allow for packet header pre-processing: –merging of packets –filtering of packets –generation of information on packet aggregation (e.g. aggregated data volume)  defining additional parameter: flow idle time  defining extended captured packet encapsulation header for additional information (2) Support automated remote configuration –Define messages for remote configuration of packet capturing devices:  packet capturing configuration record

7 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 7 Packet Merging Actions Fragment Merge (FM): merge all fragments of same original IP packet TCP Socket merge (TS): merge all packets belonging to same TCP socket UDP Socket merge (US): merge all packets belonging to same UDP socket Peer Pair merge (PP): merge all packets between same pair of IP addresses Source Merge (SM): merge all packets with same source IP address and port number Destination Merge (DM): merge all packets with same destination IP address and port number Source Peer merge (SP): merge all packets with same source IP address Destination Peer merge (DP): merge all packets with same destination IP address

8 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 8 Packet Filtering  Possible requirement: –capture only subset of packets  support filtering functionality –Filtering mechanisms will be provided in packet capturing devices (probably rather simple ones)  Different filter specification techniques exist, e.g.: – Meter MIB [RFC2720] – RMON MIB [RFC2819] – DiffServ MIB [draft-ietf-diffserv-mib-05.txt]  Goal: –Reporting what filter was applied in capturing a packet –Filter spec might be too complex to include in captured packet encapsulation header  include only filter identifier

9 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 9 Extended Captured Packet Encapsulation Header  Extending captured packet encapsulation header of draft-bullard-pcap-00.txt  additional fields  Approach: -set bits to indicate aggregation or filtering actions -further fields specify details of applied actions

10 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 10 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | ifIndex | Interface Type | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Status | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (sec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (nsec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |F B T U P S D S D F| Number of merged packets | |M D S S P M M P P A| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Total length of all packets | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (last) (sec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time Stamp (last) (nsec) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Filter Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Captured Packet Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Extended Captured Packet Encapsulation Header

11 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 11 New Fields  Actions Bit Field (16 bit field): specifies applied merge and applied filter actions –FM flag: Fragment Merge –TS, US, SM, DM, SP and DP flags accordingly –Bi-Directional (BD) bit: bi-directional mode for TS, US, and PP (otherwise: uni-directional mode) –FA flag: Filter Applied  Number of merged packets (16 bit field)  Total length of all packets (32 bit field)  Time Stamp (two 32 bit fields) –first and last merged packet  Filter Identifier (32 bit field)

12 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 12 Packet Capturing Configuration Record  specify functions for merging and filtering  specify parameters –flow idle timeouts for specific flows  specify transport of captured packets: –transport with IP encapsulation –transport with UDP encapsulation –transport with TCP

13 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 13 Packet Capturing Configuration Record 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |F B T U P S D S D | Number of filters specified | |M D S S P M M P P | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Filter Identifier 1 | transport | | | type 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source IP address 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination IP address 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source port 1 | Destination port 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source address| Dest. address | Source address| Dest. address | | mask 1 mask 1 mask 1 mask 1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Filter Identifier 2 | transport | | | type 2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |... | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

14 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 14 Security Issues Security threats: Unauthorized access, modification or disclosure of remotely captured packets –Protecting privacy of captured data being transmitted  protection via IPsec possible –Protecting privacy of captured data against unauthorized initiators of capturing instructions  policy control (authorisation needed to perform remote packet capturing)

15 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 15 Security Issues Authorization control: -Intra-domain scenarios  authorization using SNMPv3 suitable -Inter-domain scenarios –services such as third party measurement, or accounting services –inter-domain authorization control needed  solution with AAA protocol and servers suitable -Authorization schemes -Simple authorization: distinguishing authorized and non-authorized users - Complex authorization schemes: policy-based authorization control e.g. specify which user is allowed to capture which part of the packet (which attributes) depending on flow specifications e.g. unprivileged users may capture remotely only packets with own source or destination address

16 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 16 Summary  Remote packet capturing: key building block for distributed high performance metering  Need for standardized, versatile remote packet capturing with functional extensions for merging, filtering etc.  draft-quittek-pcap-ext-00.txt proposes such extension based on remote packet capturing by Carter Bullard draft-bullard-pcap-00.txt  Proposed extensions: –additional information fields in captured packet encapsulation header  functions for merging of headers with common properties –configuration of packet capturing devices  using a configuration record.

17 14 Dec 2000 IETF49, RTFM2 BOF: draft-quittek-pcap-ext-00.txt 17 Direction of Future Work  Additional work should include –Evaluate structuring of merging functionality:  Options for specifying L4 merging, app. specific merging –Distinguish simple and enhanced instantiations of remote packet capturing. –Develop details for security –Develop usage scenarios: Traffic engineering usage scenario Accounting and QoS validation usage scenario  We hope that RTFM2 WG will be chartered, because we see the need for versatile, configurable, high-performance metering –We believe our requirements can be addressed adequately by enhancements to the RTFM Traffic Measurement Architecture

18 Thank You! Let‘s discuss and work together in the RTFM-2 Working Group

Download ppt "Real-time Flow Management 2 BOF: Remote Packet Capture Extensions Jürgen Quittek NEC Europe Ltd, Heidelberg, Germany Georg Carle GMD."

Similar presentations

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.

Policy-based Accounting Draft Version 01 Policy-based Accounting Draft Version 01 Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National.
Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.

Overview of IETF work on IP traffic flow measurement and current developments Dr. Jürgen Quittek General Manager Network Research Division, NEC Europe.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.

Henric Johnson1 Chapter 6 IP Security. Henric Johnson2 Outline Internetworking and Internet Protocols IP Security Overview IP Security Architecture Authentication.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.

Policy-based Accounting Tanja Zseby, Georg Carle, Sebastian Zander GMD FOKUS - German National Research Institute for Information Technology Competence.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Policy-based Accounting: Accounting Issues Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Center for Information Technology.

Policy-based Accounting: Accounting Issues Georg Carle, Sebastian Zander, Tanja Zseby GMD FOKUS - German National Research Center for Information Technology.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,

Network Layer4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side,
IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.

8: Network Security8-1 Security in the layers. 8: Network Security8-2 Secure sockets layer (SSL) r Transport layer security to any TCP- based app using.
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.

1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Fraunhofer FOKUSCompetence Center NET T. Zseby, CC NET1 IPFIX – IP Flow Information Export Overview Tanja Zseby Fraunhofer FOKUS, Network Research.

Similar presentations

Ads by Google