network monitoring system in cstnet long chun china science & technology network
TRANSCRIPT
![Page 1: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/1.jpg)
Network Monitoring System In CSTNET
Long Chun
China Science & Technology Network
![Page 2: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/2.jpg)
2
Agenda
Introduction of Peakflow SP1
Basic Traffic Analysis2
BGP Analysis Function3
4
1
44 Role of Peakflow SP in Security Area4
4
![Page 3: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/3.jpg)
3
Peakflow SP Platform
Infrastructure Security DoS/worm detection Traceback Analysis Mitigation
Infrastructure Security DoS/worm detection Traceback Analysis Mitigation
Traffic and Routing Routing management Transit/peering mgmt Customer accounting Backbone mgmt
Traffic and Routing Routing management Transit/peering mgmt Customer accounting Backbone mgmt
Converged Platform Device Infrastructure Security
Traffic and Routing Analysis
Converged Platform Device Infrastructure Security
Traffic and Routing Analysis
Managed Services Device Customer facing DoS detection and mitigation
Managed Services Device Customer facing DoS detection and mitigation
![Page 4: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/4.jpg)
4
Intel 2U Servers
Peakflow Network Appliances
Measurement Collect Netflow, Cflow, Sflow, SNMP and optionally B
GP information from network routers/devices
Deployment Monitor up to 5 routers per Peakflow Device Up to 15 devices managed by controller
Reporting Reports available on controller through CLI or GUI Notifications via email, snmp, or syslog
Collector – collect data from routers, baseline traffic, detect anomalies.
Controller –aggregate data from other devices; create a central network-wide view
![Page 5: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/5.jpg)
5
Netflow
Peakflow examines NetFlow packets that are generated by the router or switch as traffic is forwarded. The NetFlow is analyzed to benchmark network behavior and identify anomalies.
![Page 6: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/6.jpg)
6
Topology
![Page 7: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/7.jpg)
7
Agenda
Introduction of Peakflow SP1
Basic Traffic Analysis2
BGP Analysis Function3
4
1
44 Role of Peakflow SP in Security Area4
4
![Page 8: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/8.jpg)
8
Traffic Analysis
Automatically Configured Analysis Objects:-【 Network 】-【 Router 】-【 Peer 】-【 Interface 】
No Complex Configuration
Objects Customized by User:-【 Customer 】-【 Profile 】 Flexibly customize objects we need
![Page 9: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/9.jpg)
9
Traffic Analysis User define objects:-【 Profile 】Include :
1 、 IP Address ( or Block of IP Addresses )2 、 AS Path Regular Expressions3 、 Local AS/Sub AS4 、 BGP community5 、 Peer ASN6 、 TCP/UDP port
7 、 InterfaceBoolean Operation : AND 、 OR 、 NOTWe can define analysis objects flexibly:
community '2:20'and not 92.2.1.0/25 aspath ‘^23849’ and not aspath ‘^23849_9800’ community ‘2:20’ and aspath ‘^4134’
![Page 10: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/10.jpg)
10
Traffic Summary
![Page 11: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/11.jpg)
11
Traffic Analysis Base on TCP/UDP Port (1)
![Page 12: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/12.jpg)
12
Traffic Analysis Base on TCP/UDP Port(2)
![Page 13: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/13.jpg)
13
Top Talkers
![Page 14: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/14.jpg)
14
Agenda
Introduction of Peakflow SP1
Basic Traffic Analysis2
BGP Analysis Function3
4
1
44 Role of Peakflow SP in Security Area4
4
![Page 15: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/15.jpg)
15
Transit Traffic
Analysis Object :【 Network】 【 Router 】【 Peer 】【 Customer 】【 Profile 】【 Interface 】
Operation : Network BGP Attribute ASxAS
![Page 16: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/16.jpg)
16
Traffic Analysis Base on AS
![Page 17: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/17.jpg)
17
Traffic Analysis Base on AS Path
![Page 18: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/18.jpg)
18
Peering Evaluation and Visualization
![Page 19: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/19.jpg)
19
Agenda
Introduction of Peakflow SP1
Basic Traffic Analysis2
BGP Analysis Function3
4
1
44 Role of Peakflow SP in Security Area4
4
![Page 20: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/20.jpg)
20
Peakflow SP Anomaly Reporting
Profiled Anomalies – deviations from normal traffic levels on the network
Misuse Anomalies – Traffic towards specific hosts that exceed what should normally be seen on a network
Fingerprint/Worm Anomalies – Traffic that fits a user specified signature
![Page 21: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/21.jpg)
21
Detect Attack - Profiled Anomalies
A baseline of normal behavior leveraging flow data available from the routers deployed on the network would be built.
In real-time, the system compares traffic against the baseline.
Detects network-wide anomalies such as DDoS attacks and worm outbreaks in non-intrusive data collection methods.
![Page 22: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/22.jpg)
22
Detection Classes: Misuse Detected independently from the established baselines,
on a set of known attack signatures. Traffic of specific types exceeding what should be
normal for a network. Misuse anomalies cover the following types of traffic:
ICMP Anomaly TCP NULL Flag Anomaly TCP SYN Flag Anomaly TCP RST Flag Anomaly IP NULL (Proto 0) Anomaly IP Fragmentation Anomaly IP Private Address Space Anomaly
![Page 23: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/23.jpg)
23
Misuse Anomalies - Dark IP
![Page 24: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/24.jpg)
24
Fingerprint/Worm Anomalies(1)
![Page 25: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/25.jpg)
25
Tracing Anomalies Automatically trace the source and destination IP/Port,
TCP Flag of abnormal traffic.
Distribution of attack traffic by source and destination IP/Port.
Trace the network device that the abnormal traffic pass through.
![Page 26: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/26.jpg)
26
Prevent/Mitigate Network-wide Anomalies System can recommend appropriate mitigation measure
s to mitigate anomalies such as DoS attack and worm outbreaks. Generate recommended ACLs or rate limit commands. Blackhole routing Sinkhole routing
![Page 27: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/27.jpg)
27
Alert BGP
BGP Instability BGP Route Hijacking
Data Source BGP Down Flow Down SNMP Down
DoS Alert Interface Usage: traffic exceeded configured baseline
Use E-mail, SNMP Traps, Syslog etc to notify network administrators.
![Page 28: Network Monitoring System In CSTNET Long Chun China Science & Technology Network](https://reader033.vdocuments.us/reader033/viewer/2022061306/55148d17550346b2598b50e8/html5/thumbnails/28.jpg)
Thank you !