Monitoring MIPv6 Traffic with IPFIX - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Monitoring MIPv6 Traffic with IPFIX

Description:

Care-of-address is associated with home address. Location update ... T. Zseby, B. Claise, and S. Zander, 'Requirements for IP Flow Information Export ... – PowerPoint PPT presentation

Number of Views:80
Avg rating:3.0/5.0
Slides: 21
Provided by: seongh
Category:

less

Transcript and Presenter's Notes

Title: Monitoring MIPv6 Traffic with IPFIX


1
Monitoring MIPv6 Traffic with IPFIX
  • Youngseok Lee, Soonbyoung Choi, and Jaehwa Lee
  • Dept. of Computer Engineering,
  • Chungnam National University, Korea
  • lee, wakusoon_at_cnu.ac.kr
  • Korea Telecom, Korea
  • jhlee_at_noc.kr.apan.net
  • 25th October 2006

2
Contents
  • Introduction
  • Motivation
  • IPFIX
  • Proposed scheme for monitoring MIPv6 traffic
  • Conclusion

3
Introduction
  • Mobile IPv6 (MIPv6)
  • Mobility with IP layer
  • Uninterruptible communication with MIPv6
  • Handover in MIPv6
  • Movement detection at L2
  • Address configuration
  • Care-of-address is associated with home address
  • Location update
  • Exchanging Binding Update (BU) and Binding
    Acknowledgement (BA)
  • Route optimization (RO)
  • Default in MIPv6

4
Motivation New Challenges of Traffic Measurement
in MIPv6
  • Mobility of nodes ? mobile traffic
  • Traffic to be monitored is moving
  • Monitored at every MIPv6 access routers
  • Multiple addresses with mobile nodes
  • Home address, Care-of-Address
  • Measurement and analysis more complicated
  • Handover traffic
  • Tunneled IPv6 traffic
  • Destination option

5
Flow-level vs. Packet-level Measurement
  • Packet-level measurement
  • Correct results
  • Not easy to support high-speed line rate
  • Expensive for deployment and management in a
    large scale network
  • Flow-level measurement
  • Easy to deployment
  • Generate useful traffic statistics with a
    significantly small amount of measurement data
  • Suitable for a large-scale network

6
IETF IPFIX (IP Flow Information eXport)
  • IPFIX
  • Flow-level traffic measurement
  • Based on Cisco NetFlow v9
  • Flexible and extensible template architecture
  • IPv6 traffic monitoring
  • Intrusion detection
  • QoS measurement

7
MIPv6 Traffic Monitoring with IPFIX
  • Measurement points
  • At MIPv6 access routers
  • Objects to be monitored
  • IPv6 flow
  • Handover events (BU/BA)
  • Tunneled IPv6 traffic
  • Under IPFIX architecture
  • Router exports IPFIX flows
  • IPFIX collector/analyzer receives IPFIX flows
  • IPFIX template and data flow set

8
IPFIX-based Traffic Measurement Architecture
IPv6 Network
CN
IPFIX Flow Collector
IPv6 Router
  • IPv6 flow
  • before handover

IPFIX flow data
MIPv6 Access Router with IPFIX
HA
2. BU/BA
3. Tunneled IPv6 flow
AP
MN
MN
9
IPFIX Template for MIPv6 Traffic
  • IPv6 data traffic ? IPv6 flow template
  • IPv6 src/dst addresses
  • Already used in Cisco NetFlow version 9
  • MIPv6 control traffic ? MIPv6 handover flow
    template
  • Binding Update
  • Binding Acknowledgement
  • Handover IPv6 data traffic ? tunneled IPv6 flow
    template
  • Handover IPv6 traffic without/before RO

10
IPFIX Template for IPv6 Flow
Version10
Length Total Length
Export Time
IPFIX Header
Sequence Number
Source ID
Set ID
Length
Template ID 256
Field Count 10
Src IPv6 addr 27
Field Length 16
0
dst IPv6 addr 28
Field Length 16
0
Src port 7
Field Length 4
0
dst port 11
Field Length 4
0
Next Header 193
Field Length 4
0
IPFIX Template
FlowLabel 31
Field Length 4
0
First time 22
Field Length 4
0
Last time 21
Field Length 4
0
Template ID 256 Plain IPv6 flow
OctetDeltaCount 1
Field Length 4
0
packetDeltaCount 2
Field Length 4
0
11
IPFIX Template for BU/BA Flow
Version10
Length Total Length
Export Time
Sequence Number
Observation Domain ID
Set ID
Length
Template ID 257
Field Count 14
Src IPv6 addr 27
Field Length 16
0
dst IPv6 addr 28
Field Length 16
0
Basic template
L4SrcPort 7
Field Length 4
0
L4DstPort 11
Field Length 4
0
NextHeader 193
Field Length 4
0
FlowLabel 31
Field Length 4
0
First time 22
Field Length 4
0
Last time 21
Field Length 4
0
OctetDeltaCount 1
Field Length 4
0
packetDeltaCount 2
Field Length 4
0
MIPv6messageType 200
Field Length 4
0
Extension Field
MIPv6CareOfAddress 201
Field Length 16
0
MIPv6HomeAgentAddress 202
Field Length 16
0
MIPv6HomeAddress 203
Field Length 16
0
12
IPFIX Template for Tunneled IPv6 Flow
Version10
Length Total Length
Export Time
Sequence Number
Observation Domain ID
Set ID
Length
Template ID 258
Field Count 13
Src IPv6 addr 27
Field Length 16
0
Basic template
dst IPv6 addr 28
Field Length 16
0
L4SrcPort 11
Field Length 4
0
L4DstPort 11
Field Length 4
0
NextHeader 193
Field Length 4
0
FlowLabel 31
Field Length 4
0
First time 22
Field Length 4
0
Last time 21
Field Length 4
0
OctetDeltaCount 1
Field Length 4
0
packetDeltaCount 2
Field Length 4
0
IPv6TunnelSrcAddr 300
Field Length 16
0
Extension Field
IPv6TunnelDstAddr 301
Field Length 16
0
TunnelProto 302
Field Length 4
0
13
Experiments
  • MIPv6 testbed at CNU, Korea
  • HA Linux PC routers with MIPL 2.0
  • MN Linux Laptops with MIPL 2.0
  • Collected flows
  • IPv6 data flow
  • BU/BA MIPv6 handover flow
  • Tunneled IPv6 data flow

14
Experimental Testbed
IPv6 Network
iperf sender
CN
IPFIX Flow Collector
IPv6 Router
IPFIX flow data
iperf tcp connection
MIPv6 Access Router with IPFIX
HA
AP
iperf receiver
MN
15
Time-sequence Graph of TCP Connection with iperf
2nd Handover
Tunneled IPv6 Flow
1st Handover
IPv6 Flow
16
Basic IPv6 Traffic
lt Basic IPv6 packet gt 0000 00 09 5b c5 bd 7f 00
0e 0c a8 62 3e 86 dd 60 00 0010 00 00 05 8c 06
3f 20 01 02 20 08 04 00 20 00 00 0020 00 00 00
00 00 01 20 01 02 20 08 04 01 00 00 00 0030 00
00 00 00 00 04 db d6 13 89 3a 72 73 c1 b7
7e 0040 e8 06 80 10 05 a0 16 cf 00 00 01 01 08
0a 8f dd 0050 8d 99 04 b1 9b f8 gtgt data
lt IPFIX flow for basic IPv6 trafficgt 0000 00 14
85 7b 26 c2 00 03 47 72 9a f0 86 dd 60 00 0010
00 00 00 ac 11 3f 20 01 02 20 08 04 00 20 00
00 0020 00 00 00 00 00 04 20 01 02 20 08 04 00
11 02 14 0030 85 ff fe 7b 26 c2 82 0b 13 ba 00
ac e4 66 00 09 0040 00 04 00 00 00 17 45 38 0c
9f 00 00 00 00 00 00 0050 00 00 00 00 00 30 01
00 00 0a 00 1b 00 10 00 1c 0060 00 10 00 07 00
02 00 0b 00 02 00 04 00 01 00 05 0070 00 01 00
16 00 04 00 15 00 04 00 01 00 04 00 02 0080 00
04 00 01 00 18 01 01 00 04 00 08 00 01 00
00 0090 00 2a 00 04 00 29 00 04 00 00 01 01 00
0c 00 00 00a0 00 00 00 00 00 00 01 00 00 3c 20
01 02 20 08 04 00b0 00 20 00 00 00 00 00 00 00
01 20 01 02 20 08 04 00c0 01 00 00 00 00 00 00
00 00 04 db d6 13 89 06 ff 00d0 fc 7a 3b 58 fc
7a 3f 2b 00 20 62 f8 00 00 08 83 00e0 00 00
IPv6 addrs
ports
Next header
flow label, firt/last time, octets, packets
17
MIPv6 Handover Message
lt Binding Update packet gt 0000 00 0e 0c a8 63 67
00 09 5b c5 bd 7f 86 dd 60 00 0010 00 00 00 38
3c 40 20 01 02 20 08 04 01 20 02 09 0020 5b ff
fe c5 bd 7f 20 01 02 20 08 04 01 00 00 00 0030
00 00 00 00 00 01 87 02 01 02 00 00 c9 10 20
01 0040 02 20 08 04 01 00 00 00 00 00 00 00 00
04 3b 03 0050 05 00 2a ad 29 02 c0 00 0b b3 01
00 03 10 20 01 0060 02 20 08 04 01 20 02 09 5b
ff fe c5 bd 7f
lt Binding Acknowledgement packet gt 0000 00 09 5b
c5 bd 7f 00 0e 0c a8 63 67 86 dd 60 00 0010 00
00 00 28 2b 3f 20 01 02 20 08 04 01 00 00
00 0020 00 00 00 00 00 01 20 01 02 20 08 04 01
20 02 09 0030 5b ff fe c5 bd 7f 87 02 02 01 00
00 00 00 20 01 0040 02 20 08 04 01 00 00 00 00
00 00 00 00 04 3b 01 0050 06 00 32 61 00 00 29
02 0b b3 01 02 00 00
lt IPFIX flow for Handover message (Binding Ack)
gt 00b0 00 00 00 00 00 00 01 01 00 70 20 01 02
20 08 04 00c0 01 20 02 09 5b ff fe c5 bd 7f 20
01 02 20 08 04 00d0 01 00 00 00 00 00 00 00 00
01 00 00 00 00 3c 00 00e0 45 38 08 95 45 38 08
95 00 00 00 6e 00 00 00 01 00f0 00 00 00 01 20
01 02 20 08 04 01 20 02 09 5b ff 0100 fe c5 bd
7f 20 01 02 20 08 04 01 00 00 00 00 00 0110 00
00 00 01 20 01 02 20 08 04 01 00 00 00 00
00 0120 00 00 00 04 f9 b6
BA
BU
HoA
BA/BU, CoA, HAA, HA
18
Tunneled IPv6 Traffic
lt Tunneled IPv6 packet gt 0000 00 09 5b c5 bd 7f
00 0e 0c a8 63 67 86 dd 60 00 0010 00 00 05 b4
29 3f 20 01 02 20 08 04 01 00 00 00 0020 00 00
00 00 00 01 20 01 02 20 08 04 01 20 02 09 0030
5b ff fe c5 bd 7f 60 00 00 00 05 8c 06 3f 20
01 0040 02 20 08 04 00 20 00 00 00 00 00 00 00
01 20 01 0050 02 20 08 04 01 00 00 00 00 00 00
00 00 04 db d6 0060 13 89 3b 28 0e dd b7 7e e8
06 80 10 05 a0 d5 fa 0070 00 00 01 01 08 0a 8f
dd e3 1e 04 b1 f1 7b gtgt gtgt data
lt IPFIX flow for tunneled IPv6 traffic gt 0050 00
00 01 02 00 60 20 01 02 20 08 04 00 20 00
00 0060 00 00 00 00 00 01 20 01 02 20 08 04 01
00 00 00 0070 00 00 00 00 00 04 33 32 35 34 3c
00 45 38 08 9c 0080 45 38 08 ce 00 36 85 b4 00
00 09 d9 20 01 02 20 0090 08 04 01 00 00 00 00
00 00 00 00 01 20 01 02 20 00a0 08 04 01 20 02
09 5b ff fe c5 bd 7f 00 00 00 06 00b0 00 00
Tunnel src Tunnel dst Next header
Tunnel Endpoints
Next header IPv6
19
Conclusion
  • New traffic monitoring method for MIPv6 networks
  • Based on the IPFIX standard
  • Defined new IPFIX templates for handover message
    and tunneled flows
  • Useful for
  • MIPv6 handover pattern analysis
  • MIPv6 handover performance analysis
  • Work in progress
  • MIPv6 traffic analyzer
  • Extension to route optimization
  • Extension to FMIPv6

20
References
  • 1 D. Johnson, C. Perkins, and J. Arkko,
    Mobility Support in IPv6, IETF RFC3775, June
    2004.
  • 2 Cisco NetFlow, http//www.cisco.com/warp/publi
    c/cc/pd/iosw/ioft/netflct/tech/napps_ipfix-charter
    .html
  • 3 J. Quittek, T. Zseby, B. Claise, and S.
    Zander, Requirements for IP Flow Information
    Export (IPFIX), IETF RFC3917, Oct. 2004.
  • 4 nProbe, http//www.ntop.org/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Monitoring MIPv6 Traffic with IPFIX" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!