NetFlow - PowerPoint PPT Presentation

About This Presentation
Title:

NetFlow

Description:

NetFlow Very useful for traffic analysis Standard sampler: Cisco Netflow Juniper Traffic Sampling Parameters: Flow export timer (Determines when current flow info is ... – PowerPoint PPT presentation

Number of Views:52
Avg rating:3.0/5.0
Slides: 5
Provided by: prof9
Learn more at: http://yuba.stanford.edu
Category:
Tags: netflow

less

Transcript and Presenter's Notes

Title: NetFlow


1
NetFlow
  • Very useful for traffic analysis
  • Standard sampler
  • Cisco Netflow
  • Juniper Traffic Sampling
  • Parameters
  • Flow export timer (Determines when current flow
    info is written to disk)
  • Sampling scheme (Deterministic, Stratified,
    Simple random)
  • Sampling rate
  • Available resources
  • GEANT network routers in Europe 1/1000
    deterministic Unanonymized
  • Abilene (Internet2) routers in US 1/100
    deterministic Anonymized
  • GT ingress/egress (Dr.Russ Clark) Unsampled
    Anonymized

2
NetFlow (contd.)
  • Netflow format
  • unix_secs, unix_nsecs, sysuptime, exaddr, dpkts,
    doctets, first, last, engine_type, engi ne_id,
    srcaddr, dstaddr, nexthop, input, output,
    srcport, dstport, prot, tos, tcp_flags, sr
    c_mask, dst_mask, src_as, dst_as
  • NetFlow data Example1070236831,0,3175466240,198.
    32.11.5,1,1500,3175436989,3175436989,0,0,130.74.20
    8.0,169.232.72.0,198.32.11.4,33,35,1373,4753,6,0,1
    6,16,16,25656,52 1070236831,0,3175466240,198.32.11
    .5,3,1884,3175408565,3175433201,0,0,130.74.208.0,1
    69.232.72.0,198.32.11.4,33,35,1373,4753,6,0,24,16,
    16,25656,52 1070236831,0,3175466240,198.32.11.5,1,
    628,3175448463,3175448463,0,0,130.74.208.0,169.232
    .112.0,198.32.11.4,33,35,1373,3855,6,0,24,16,16,25
    656,52 1070236831,0,3175466240,198.32.11.5,1,1500,
    3175442525,3175442525,0,0,130.74.208.0,169.232.112
    .0,198.32.11.4,33,35,1373,3864,6,0,16,16,16,25656,
    52 1070236831,0,3175466240,198.32.11.5,1,1500,3175
    451974,3175451974,0,0,130.74.208.0,169.232.112.0,1
    98.32.11.4,33,35,1373,3831,6,0,16,16,16,25656,52
    1070236831,0,3175466240,198.32.11.5,6,3768,3175398
    562,3175449061,0,0,130.74.208.0,169.232.112.0,198.
    32.11.4,33,35,1373,3831,6,0,24,16,16,25656,52
    1070236836,0,3175471250,198.32.11.5,1,92,317545457
    7,3175454577,0,0,130.18.248.0,202.28.48.0,198.32.1
    1.4,18,35,0,0,1,0,0,16,24,10546,4621
    1070236836,0,3175471250,198.32.11.5,1,92,317541420
    2,3175414202,0,0,130.18.248.0,165.132.224.0,198.32
    .11.4,18,35,0,0,1,0,0,16,16,10546,4665
    1070236836,0,3175471250,198.32.11.5,1,92,317543320
    2,3175433202,0,0,130.18.248.0,210.103.24.0,198.32.
    11.4,18,35,0,0,1,0,0,16,17,10546,9768
    1070236836,0,3175471250,198.32.11.5,1,92,317540303
    3,3175403033,0,0,130.18.248.0,211.248.144.0,198.32
    .11.4,18,35,0,0,1,0,0,16,17,10546,9768
  • TCPDump data Example1144154983.524877 IP
    220.135.232.0.61606 gt 130.207.208.0.32459 . ack
    2904096123 win 655351144154983.524950 IP
    140.247.56.0.443 gt 199.77.128.0.39948 .
    14482896(1448) ack 1 win 13228
    ltnop,nop,timestamp 2864050384 2258273448gt11441549
    83.524985 IP 216.77.184.0.37169 gt
    130.207.240.0.119 . 29204380(1460) ack 1 win
    496401144154983.525037 IP 64.215.168.0.80 gt
    199.77.200.0.50643 . 747182892747184340(1448)
    ack 742379073 win 14416 ltnop,nop,timestamp
    4096146186 3508922431gt1144154983.525039 IP
    217.129.248.0.2585 gt 130.207.160.0.443 . ack
    4289220173 win 652011144154983.525064 IP
    64.215.168.0.80 gt 199.77.200.0.50643 .
    14482896(1448) ack 1 win 14416
    ltnop,nop,timestamp 4096146186 3508922431gt11441549
    83.525066 IP 65.196.176.0.80 gt 199.77.200.0.64548
    R 00(0) ack 1 win 01144154983.525079 IP
    140.247.56.0.443 gt 199.77.128.0.39948 .
    28964344(1448) ack 1 win 13228
    ltnop,nop,timestamp 2864050384 2258273448gt11441549
    83.525092 IP 64.215.168.0.80 gt 199.77.200.0.50643
    . 28964344(1448) ack 1 win 14416
    ltnop,nop,timestamp 4096146186 3508922431gt11441549
    83.525105 IP 64.215.168.0.80 gt 199.77.200.0.50643
    . 57927240(1448) ack

3
ns2
  • Important components
  • Basic ns2 code downloaded from http//www.isi.edu/
    nsnam
  • TCL script to setup and simulate the test
    environment
  • Topology generator (Ex GT-ITM)
  • Example TCL script

Create links between the nodes ns duplex-link
n0 n2 1Mb 10ms DropTail ns duplex-link n1 n2
1Mb 10ms DropTail ns duplex-link n3 n2 1Mb
10ms SFQ ns duplex-link-op n0 n2 orient
right-down ns duplex-link-op n1 n2 orient
right-up ns duplex-link-op n2 n3 orient
right Monitor the queue for link between node 2
and 3 ns duplex-link-op n2 n3 queuePos
0.5 Create a UDP agent and attach it to node
n0 set udp0 new Agent/UDP udp0 set class_
1 ns attach-agent n0 udp0 Create a CBR
traffic source and attach it to udp0 set cbr0
new Application/Traffic/CBR cbr0 set
packetSize_ 500 cbr0 set interval_ 0.005 cbr0
attach-agent udp0 Create a UDP agent and
attach it to node n1 set udp1 new
Agent/UDP udp1 set class_ 2 ns attach-agent
n1 udp1
Create a CBR traffic source and attach it to
udp1 set cbr1 new Application/Traffic/CBR cbr1
set packetSize_ 500 cbr1 set interval_
0.005 cbr1 attach-agent udp1 Create a Null
agent (a traffic sink) and attach it to node
n3 set null0 new Agent/Null ns attach-agent
n3 null0 Connect the traffic sources with
the traffic sink ns connect udp0 null0 ns
connect udp1 null0 Schedule events for the
CBR agents ns at 0.5 "cbr0 start" ns at 1.0
"cbr1 start" ns at 4.0 "cbr1 stop" ns at 4.5
"cbr0 stop" Call the finish procedure after
5 seconds of simulation time ns at 5.0
"finish" Run the simulation ns run
Create a simulator object set ns new
Simulator Define different colors for
flows ns color 1 Blue ns color 2 Red Open the
nam trace file set nf open out.nam w ns
namtrace-all nf Define a 'finish'
procedure proc finish global ns nf ns
flush-trace Close the trace file close
nf exit 0 Create four nodes set n0 ns
node set n1 ns node set n2 ns node set n3
ns node
4
ns2 (contd.)
  • Topology
  • Create Spec file (Geo is used for Intra-domain
    topologies. Use ts for inter-domain
    transit-stub topologies)
  • Comments ltmethod keywordgt ltnumber of
    graphsgt ltinitial seedgt
  • ltstubs/xitgt ltt-s edgesgt lts-s edgesgt
    ltngt ltscalegt ltedgemethodgt ltalphagt ltbetagt
    ltgammagt number of nodes 18 (1 46)
    200 geo 5 100 10 3 0.5
  • Execute command itm ltspec filegt
  • Generates topology in Stanford Graph Base format
  • GraphBase graph (util_types ZZZIIZIZIZZZZZ,9V,10
    2A)
  • "geo(0,5,10,3,1.000,0.000,0.000)",5,20,10
  • Vertices
  • "0",A6,3,2
  • "1",A12,9,9
  • "2",A16,2,4
  • "3",A18,8,4
  • "4",A19,2,1
  • "",0,0,0
  • "",0,0,0
  • "",0,0,0
  • "",0,0,0

Arcs V1,0,9,0 V0,0,9,0 V2,A0,2,0 V0,0,2,0
V3,A2,5,0 V0,0,5,0 V4,A4,1,0 V0,0,1,0
V2,A1,9,0 V1,A3,9,0
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NetFlow" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!