There's Plenty of Room at the Bottom

There’s Plenty of Room at the Bottom:

An Invitation to Explore with Network Flows

Benjamin Blackb@fastip.com

What are Flows&

Why Should You Care?

You Should CareBecause Visibility Makes

Your Life Easier.

Network Flow DataMeans Great Visibility.

DDoS DetectionCapacity Planning

Traffic ManagementTroubleshooting

Correlation...

The Nature of Flows

[traffic]

[streams]

[packets]

PayloadHeader

[headers]

Source IP Address

Destination IP Address

Source Port

Destination Port

Protocol

[latency]

[jitter]

[packet loss]

The Structure of Flows

Source IP Address

Source Port

Destination Port

Protocol

Source IP Address

Source Port

Destination Port

Protocol

[flow keys]

[templates]

src IPv4 address

dest IPv4 address

src port

dst port

protocol

total packets

start time

end time

total octets

template_id 253

[flow records]

172.16.101.3

192.169.7.200

24 packets

start 28349829023

end 28356729023

27342 octets

template_id 253

The Ecosystem of Flows

[metering process]

172.16.101.3192.169.7.200

980180

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

[observation domain]

[collecting process]172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

27342 octets

template_id 253

Storage and Analysis areLeft as an Exercise

for the Reader

Where Do Meters Run?

On Network Switches/Routers[often sampled]

Dedicated Appliances[expensive/limited storage]

On Hosts[where does the data go?]

The Classical View

Where is this coming from?

Where is this going?

The Flow View

TANSTAAFL

Flow Data Takes UpLOTS of Space

[often >1% total traffic]

LOTS of Space Means Storage Expense or Loss of Resolution or

Truncation

LOTS of (Multi-dimensional)Data is

Hard to Analyze

Inflexible and Limitedor

Expensive and Complicated

[apologies]

IPFIX WGhttp://datatracker.ietf.org/wg/ipfix/charter/

nProbehttp://www.ntop.org/nProbe.html

Cisco NetFlow Collection Enginehttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/index.html

Arbor Networkshttp://www.arbornetworks.com/

Dartwarehttp://www.intermapper.com/products/intermapper-flows

[resources]

[finally...]

fast_ip is a platform forflow analytics

http://fastip.comSign up for our beta

There's Plenty of Room at the Bottom

Documents

Homework/Test questions Name: 1.Read the lecture on nanotechnology by R.P. Feynmann, "There's Plenty of Room at the Bottom":

Adrian Conner · raiser to cover the costs of DaveTV's produc- tion fees, against the wishes of Prewitt, who avoids asking for handouts. Turns out there's plenty of homegrown artists

There’s plenty of room at the bottom RICHARD P. FEYNMAN (1953)

There’s Plenty of Room at the Bottom An Invitation to Enter a New Field of Physics

By Julia Donaldson. · 2020-05-21 · Don’t forget the song! There's a worm at the bottom of the garden And his name is Wiggly Woo There's a worm at the bottom of the garden and

tnq.aetnq.ae/uploads/documents/timeout_magazine.pdf · the Burj Khalifa and Burj Al Arab, and you'll discover there's plenty more besides... s ornetimes it almost feels like Dubai

1 THERE’S PLENTY OF ROOM AT THE BOTTOM. M. SanverCS Colloquium – Winter 2002 R.P. Feynman “There’s plenty of room at the bottom” by R.P.Feynman Presented

Sustainability is the Keyword - Amazon S3 · The new Money and Pensions Service (MAPS) might raise people's conﬁdence in pension saving. There's plenty to attend to. Trouble is,

Where there's community, there's home

The Effect of an Educational Video on the Acceptance of ......physicist Richard Feynman. In December 1959, he gave a speech entitled “There's Plenty of Room at the Bottom” at an

McGraw-Hill Education IELTS - jangal.com Education IELTS 6... · go to the IELTS website: . There's plenty of interesting data there as well as free There's plenty of interesting

Artificial Neural Networks: Applications in …...Artificial Neural Networks - Application 466 2. Importance of nanotechnology The lecture "There's Plenty of Room at the Bottom" by

Ealing NCT · The Grosvenor: Our favourite, of course, with Bumps & Babies held upstairs every Tuesday afternoon. There's plenty of space for buggies, comfy sofas, a kids menu and

There's Plenty of Room at the Bottom - Catch-all siteusers.eecs.northwestern.edu/~kch479/docs/feynman_bottom.pdf · plate again into plastic and we ... all of the information that

Where There's a Will, There's a Way

KEY PEOPLE IN OUR STOREyour525newsletter.yolasite.com/resources/Store_Newsletter...service to flowers, CDs, DVDs and more, there's plenty to pick from and save money. Check out this

East Midwood Jewish CenterEast Midwood Jewish Center | A ... · Web viewIn Hebrew, there are plenty of words, to say almost everything, in it there's plug and socket, but there's

The most Instagram worthy city in the US? From the … · Thousands will gather in San Francisco for the upcoming Super Bowl 50. But besides football, there's plenty for visitors

Федеральное государственное бюджетное … · Plenty of Room at the Bottom» – «Там внизу полно места» [1]. В этой лекции

COVID-19 Western Bay of Plenty Social Sector Survey Findings › wp-content › uploads › 2020 › ... · money for foodbanks and similar and (2) there's likely to be less funding