45
There’s Plenty of Room at the Bottom: An Invitation to Explore with Network Flows Benjamin Black [email protected]

There's Plenty of Room at the Bottom

Embed Size (px)

DESCRIPTION

A an overview of network flow collection and an invitation to look at the fast_ip network flow platform.http://fastip.com

Citation preview

Page 1: There's Plenty of Room at the Bottom

There’s Plenty of Room at the Bottom:

An Invitation to Explore with Network Flows

Benjamin [email protected]

Page 2: There's Plenty of Room at the Bottom

What are Flows&

Why Should You Care?

Page 3: There's Plenty of Room at the Bottom

You Should CareBecause Visibility Makes

Your Life Easier.

Page 4: There's Plenty of Room at the Bottom

Network Flow DataMeans Great Visibility.

Page 5: There's Plenty of Room at the Bottom

DDoS DetectionCapacity Planning

Traffic ManagementTroubleshooting

Correlation...

Page 6: There's Plenty of Room at the Bottom

The Nature of Flows

Page 7: There's Plenty of Room at the Bottom

[traffic]

Page 8: There's Plenty of Room at the Bottom

[streams]

Page 9: There's Plenty of Room at the Bottom

[packets]

PayloadHeader

Page 10: There's Plenty of Room at the Bottom

[headers]

Source IP Address

Destination IP Address

Source Port

Destination Port

Protocol

Page 11: There's Plenty of Room at the Bottom

[latency]

Page 12: There's Plenty of Room at the Bottom

[jitter]

Page 13: There's Plenty of Room at the Bottom

[packet loss]

Page 14: There's Plenty of Room at the Bottom

The Structure of Flows

Page 15: There's Plenty of Room at the Bottom

Source IP Address

Destination IP Address

Source Port

Destination Port

Protocol

Source IP Address

Destination IP Address

Source Port

Destination Port

Protocol

=

[flow keys]

Page 16: There's Plenty of Room at the Bottom

[templates]

src IPv4 address

dest IPv4 address

src port

dst port

protocol

total packets

start time

end time

total octets

template_id 253

Page 17: There's Plenty of Room at the Bottom

[flow records]

172.16.101.3

192.169.7.200

9801

80

TCP

24 packets

start 28349829023

end 28356729023

27342 octets

template_id 253

Page 18: There's Plenty of Room at the Bottom

The Ecosystem of Flows

Page 19: There's Plenty of Room at the Bottom

[metering process]

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

Page 20: There's Plenty of Room at the Bottom

[observation domain]

eth0

eth1

eth2

Page 21: There's Plenty of Room at the Bottom

[collecting process]172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

172.16.101.3192.169.7.200

980180

TCP

24 packetsstart 28349829023end 28356729023

27342 octets

template_id 253

Page 22: There's Plenty of Room at the Bottom

Storage and Analysis areLeft as an Exercise

for the Reader

Page 23: There's Plenty of Room at the Bottom

Where Do Meters Run?

Page 24: There's Plenty of Room at the Bottom

On Network Switches/Routers[often sampled]

Page 25: There's Plenty of Room at the Bottom

Dedicated Appliances[expensive/limited storage]

Page 26: There's Plenty of Room at the Bottom

On Hosts[where does the data go?]

Page 27: There's Plenty of Room at the Bottom

The Classical View

Page 28: There's Plenty of Room at the Bottom

Where is this coming from?

Where is this going?

Page 29: There's Plenty of Room at the Bottom
Page 30: There's Plenty of Room at the Bottom

The Flow View

Page 31: There's Plenty of Room at the Bottom
Page 32: There's Plenty of Room at the Bottom
Page 33: There's Plenty of Room at the Bottom

TANSTAAFL

Page 34: There's Plenty of Room at the Bottom

Flow Data Takes UpLOTS of Space

Page 35: There's Plenty of Room at the Bottom

[often >1% total traffic]

Page 36: There's Plenty of Room at the Bottom

LOTS of Space Means Storage Expense or Loss of Resolution or

Truncation

Page 37: There's Plenty of Room at the Bottom

LOTS of (Multi-dimensional)Data is

Hard to Analyze

Page 38: There's Plenty of Room at the Bottom

Inflexible and Limitedor

Expensive and Complicated

Page 39: There's Plenty of Room at the Bottom
Page 40: There's Plenty of Room at the Bottom

[apologies]

Page 41: There's Plenty of Room at the Bottom

IPFIX WGhttp://datatracker.ietf.org/wg/ipfix/charter/

nProbehttp://www.ntop.org/nProbe.html

Cisco NetFlow Collection Enginehttp://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/index.html

Arbor Networkshttp://www.arbornetworks.com/

Dartwarehttp://www.intermapper.com/products/intermapper-flows

[resources]

Page 42: There's Plenty of Room at the Bottom

[finally...]

Page 43: There's Plenty of Room at the Bottom

fast_ip is a platform forflow analytics

Page 44: There's Plenty of Room at the Bottom

http://fastip.comSign up for our beta

Page 45: There's Plenty of Room at the Bottom

Homework/Test questions Name: 1.Read the lecture on nanotechnology by R.P. Feynmann, "There's Plenty of Room at the Bottom":

Homework/Test questions Name: 1.Read the lecture on nanotechnology by R.P. Feynmann, "There's Plenty of Room at the Bottom":

Documents
The most Instagram worthy city in the US? From the … · Thousands will gather in San Francisco for the upcoming Super Bowl 50. But besides football, there's plenty for visitors

The most Instagram worthy city in the US? From the … · Thousands will gather in San Francisco for the upcoming Super Bowl 50. But besides football, there's plenty for visitors

Documents
Artificial Neural Networks: Applications in …...Artificial Neural Networks - Application 466 2. Importance of nanotechnology The lecture "There's Plenty of Room at the Bottom" by

Artificial Neural Networks: Applications in …...Artificial Neural Networks - Application 466 2. Importance of nanotechnology The lecture "There's Plenty of Room at the Bottom" by

Documents
Primary Meaningful Math Managementglennatabor.com/wp-content/uploads/2010/05/Primary-Meaningful-M… · octopus on roller skates. There's plenty of movement, but you never know if

Primary Meaningful Math Managementglennatabor.com/wp-content/uploads/2010/05/Primary-Meaningful-M… · octopus on roller skates. There's plenty of movement, but you never know if

Documents
Feynman plenty of room at the bottom speech

Feynman plenty of room at the bottom speech

Technology
…there is still plenty of room at the bottom*

…there is still plenty of room at the bottom*

Documents
There's Plenty of Room at the Bottom - Catch-all siteusers.eecs.northwestern.edu/~kch479/docs/feynman_bottom.pdf · plate again into plastic and we ... all of the information that

There's Plenty of Room at the Bottom - Catch-all siteusers.eecs.northwestern.edu/~kch479/docs/feynman_bottom.pdf · plate again into plastic and we ... all of the information that

Documents
East Midwood Jewish CenterEast Midwood Jewish Center | A ... · Web viewIn Hebrew, there are plenty of words, to say almost everything, in it there's plug and socket, but there's

East Midwood Jewish CenterEast Midwood Jewish Center | A ... · Web viewIn Hebrew, there are plenty of words, to say almost everything, in it there's plug and socket, but there's

Documents
COVID-19 Western Bay of Plenty Social Sector Survey Findings › wp-content › uploads › 2020 › ... · money for foodbanks and similar and (2) there's likely to be less funding

COVID-19 Western Bay of Plenty Social Sector Survey Findings › wp-content › uploads › 2020 › ... · money for foodbanks and similar and (2) there's likely to be less funding

Documents
Ther's STILL plenty of room at the bottom!

Ther's STILL plenty of room at the bottom!

Technology
Nanotecnologia. Evolução histórica da Nanotecnologia Richard Feynman – “There is plenty of the bottom”. "Os princípios da física não falam contra a possibilidade

Nanotecnologia. Evolução histórica da Nanotecnologia Richard Feynman – “There is plenty of the bottom”. "Os princípios da física não falam contra a possibilidade

Documents
The Effect of an Educational Video on the Acceptance of ......physicist Richard Feynman. In December 1959, he gave a speech entitled “There's Plenty of Room at the Bottom” at an

The Effect of an Educational Video on the Acceptance of ......physicist Richard Feynman. In December 1959, he gave a speech entitled “There's Plenty of Room at the Bottom” at an

Documents
There’s Plenty of Room at the Bottom An Invitation to Enter a New Field of Physics

There’s Plenty of Room at the Bottom An Invitation to Enter a New Field of Physics

Documents
There’s Plenty of Room at the Bottom ‐and at the Toptking/presentations/KingLiu_SFBA… · There’s Plenty of Room at the Bottom ‐and at the Top Tsu‐Jae King Liu Department

There’s Plenty of Room at the Bottom ‐and at the Toptking/presentations/KingLiu_SFBA… · There’s Plenty of Room at the Bottom ‐and at the Top Tsu‐Jae King Liu Department

Documents
Where There's Smoke, There's Ire!

Where There's Smoke, There's Ire!

Documents
Wednesday, July 12, 2017 - SCV Computer Club · bottom-right corner of your Taskbar, there's a secret desktop button. Look all the way to the bottom and right, to the side of the

Wednesday, July 12, 2017 - SCV Computer Club · bottom-right corner of your Taskbar, there's a secret desktop button. Look all the way to the bottom and right, to the side of the

Documents
1 THERE’S PLENTY OF ROOM AT THE BOTTOM. M. SanverCS Colloquium – Winter 2002 R.P. Feynman “There’s plenty of room at the bottom” by R.P.Feynman Presented

1 THERE’S PLENTY OF ROOM AT THE BOTTOM. M. SanverCS Colloquium – Winter 2002 R.P. Feynman “There’s plenty of room at the bottom” by R.P.Feynman Presented

Documents
Sustainability is the Keyword - Amazon S3 · The new Money and Pensions Service (MAPS) might raise people's confidence in pension saving. There's plenty to attend to. Trouble is,

Sustainability is the Keyword - Amazon S3 · The new Money and Pensions Service (MAPS) might raise people's confidence in pension saving. There's plenty to attend to. Trouble is,

Documents
Where there's muck, there's money

Where there's muck, there's money

Documents
tnq.aetnq.ae/uploads/documents/timeout_magazine.pdf · the Burj Khalifa and Burj Al Arab, and you'll discover there's plenty more besides... s ornetimes it almost feels like Dubai

tnq.aetnq.ae/uploads/documents/timeout_magazine.pdf · the Burj Khalifa and Burj Al Arab, and you'll discover there's plenty more besides... s ornetimes it almost feels like Dubai

Documents
room at bottom 0 - rsc. · PDF fileThere's plenty of room at the bottom, ... servo motor, and reposition a ... But you can't work directly through a pantograph that makes

room at bottom 0 - rsc. · PDF fileThere's plenty of room at the bottom, ... servo motor, and reposition a ... But you can't work directly through a pantograph that makes

Documents
Hmmm: Home Meaningful Math Management€¦ · octopus on roller skates. There's plenty of movement, but you never know if it's going to be forward, backwards, or sideways."

Hmmm: Home Meaningful Math Management€¦ · octopus on roller skates. There's plenty of movement, but you never know if it's going to be forward, backwards, or sideways."

Documents
lecture 17, 2004 - Indian Institute of Technology Madras Nanomachines Feynman – “There is plenty of room in the bottom” Bottom-Up approach Lecture 17 Ref: M. Gomez-Lopez and

lecture 17, 2004 - Indian Institute of Technology Madras Nanomachines Feynman – “There is plenty of room in the bottom” Bottom-Up approach Lecture 17 Ref: M. Gomez-Lopez and

Documents
Where There's a Spill, There's a Way

Where There's a Spill, There's a Way

Documents
There is Plenty of Room at the Bottom - Richard Feynman

There is Plenty of Room at the Bottom - Richard Feynman

Documents
McGraw-Hill Education IELTS - jangal.com Education IELTS 6... · go to the IELTS website: . There's plenty of interesting data there as well as free There's plenty of interesting

McGraw-Hill Education IELTS - jangal.com Education IELTS 6... · go to the IELTS website: . There's plenty of interesting data there as well as free There's plenty of interesting

Documents
When there's no hope there's you

When there's no hope there's you

Art & Photos
Keeping the kids happy Children love the small train and playgrounds in the Pavilion Gardens and there's plenty more to explore at the Buxton Museum. There's a new indoor play centre,

Keeping the kids happy Children love the small train and playgrounds in the Pavilion Gardens and there's plenty more to explore at the Buxton Museum. There's a new indoor play centre,

Documents
There’s plenty of room at the bottom RICHARD P. FEYNMAN (1953)

There’s plenty of room at the bottom RICHARD P. FEYNMAN (1953)

Documents
THE ELEMENTS PATTERN - Barbour Product Search Web-file080400.pdf · dispensers and accessories for those with sky-high standards but a rather lower budget. There's plenty of choice

THE ELEMENTS PATTERN - Barbour Product Search Web-file080400.pdf · dispensers and accessories for those with sky-high standards but a rather lower budget. There's plenty of choice

Documents