Upload File

jflowlib dr. thomas king manager r&d a java library to parse and generate sflow and ipfix data

  • Home
  • Documents
  • JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data
12
jFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

Upload: jonah-gray

Post on 19-Dec-2015

223 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

jFlowLib

Dr. Thomas KingManager R&D

A Java Library to Parse and Generate sFlow and IPFIX Data

Page 2: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

2

jFLowLib

• jsFlow:– Java library for sFlow (v5): Counter and Sampling– Supports sFlow from Force10 E-series and Alcatel

Lucent 7750 (at least)• jIPFIX:

– Java library for IPFIX: L2IP Template– Supports IPFIX Alcatel Lucent 7750 (at least)

Page 3: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

3

Motivation

DE-CIX Switch/Rou

terDE-CIX

Switch/Router

DE-CIX Switch/Rou

ter

IPFIX/sFlow

IPFIX/sFlow Multiplexer

Internal monitoring

External monitoring

IPFIX/sFlow

Exporter

Collector

Exporter

Page 4: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

4

Main Use Case

Multiplexing IPFIX/sFlow:• 5000+ pkt/s IPFIX• 1000+ pkt/s sFlow• Without packet loss• Many exporters (routers/switches) (up to 10)• Many (changing) collectors (up to 10)• IP spoofing (using RAWSockets)• Configuration

Page 5: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

5

Main Use CaseSnippet:<?xml version="1.0"?><jflowlib-muxer><jipfix-muxer> <listen> <ip>10.102.200.5</ip> <port>2055</port> <startmissingdatarecorddetector>false</startmissingdatarecorddetector> </listen> <ping> <collectors>true</collectors> <ip>10.102.0.19</ip> </ping><!-- DX sflow-counter-dev --> <muxer type="plain"> <collector> <ip>192.168.63.19</ip> <port>2056</port> </collector> </muxer></jipfix-muxer></jflowlib-muxer>

java -XX:+UseConcMarkSweepGC -Xmx1024m -Djava.library.path=/opt/jFlowLib/lib -jar jFlowLib.jar-cfg /opt/jFlowLib/etc

Page 6: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

6

Use Cases

Reading data from network:Snippet:

DatagramSocket ds = new DatagramSocket(2055);while (true) {

byte[] data = new byte[65536];DatagramPacket dp = new DatagramPacket(data, data.length);ds.receive(dp);MessageHeader mh = MessageHeader.parse(dp.getData());System.out.println(mh);

}

Reading data from pcap files (using pcap4j):Snippet:

PcapHandle handleRead = Pcaps.openOffline(“test.pcap”);PacketListener listener = new PacketListener() {

public void gotPacket(Packet fullPacket) {UdpPacket udpPacket = fullPacket.get(UdpPacket.class);

byte[] onlyIPFIX = new byte[udpPacket.getRawData().length - 8];System.arraycopy(udpPacket.getRawData(), 8, onlyIPFIX, 0,

bytes.length - 8);MessageHeader mh = MessageHeader.parse(onlyIPFIX);…

Page 7: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

7

Use Cases II

Writing data to network:Snippet:

DatagramSocket ds = new DatagramSocket(2055);MessageHeader mh = new MessageHeader();mh.setVersionNumber(10);mh.setObservationDomainID(67108864);mh.setSequenceNumber(seqNumber);…mh.setExportTime(new Date());DatagramPacket dp = new DatagramPacket(mh.getBytes(), mh.getBytes().length,collectorIPv4Value, collectorPortValue);datagramSocket.send(dp);

Page 8: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

8

Use Cases III

Writing data to pcap file (using pcap4j):Snippet:

PcapDumper dumper = handleRead.dumpOpen(“test.pcap”);MessageHeader mh = new MessageHeader();mh.setVersionNumber(10);mh.setObservationDomainID(67108864);mh.setSequenceNumber(seqNumber);…UnknownPacket.Builder upB = new UnknownPacket.Builder();upB.rawData(mh.getBytes());udpB.payloadBuilder(upB);Packet.Builder ipB = fullPacket.get(IpV4Packet.class).getBuilder();ipB.payloadBuilder(udpB);Packet.Builder etherB = fullPacket.get(EthernetPacket.class).getBuilder();etherB.payloadBuilder(ipB);Packet newPacket = etherB.build();dumper.dump(newPacket, 0l, 0);

Page 9: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

9

Use Cases IV

Anonymising IP addresses:Random (IPA -> IPRandom):

Snippet:IPv4AddressRandomizer ipV4randomizer = new IPv4AddressRandomizer();IPv6AddressRandomizer ipV6randomizer = new IPv6AddressRandomizer();Inet4Address fakeDestIpv4 = (Inet4Address)

ipV4randomizer.randomize(realDestIpv4);Inet6Address fakeDestIpv6 = (Inet6Address)

ipV6randomizer.randomize(realDestIpv6);

Pseudo-Random (IPA -> IPB):Snippet:

IPv4AddressRandomizer ipV4randomizer = new IPv4AddressRandomizer(true);IPv6AddressRandomizer ipV6randomizer = new IPv6AddressRandomizer(true);Inet4Address fakeDestIpv4 = (Inet4Address)

ipV4randomizer.randomize(realDestIpv4);Inet6Address fakeDestIpv6 = (Inet6Address)

ipV6randomizer.randomize(realDestIpv6);

Page 10: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

10

Status

• License: Apache 2.0• Source code: https://github.com/de-cix/jFlowLib• 47 commits, 4 contributors• Major parts are covered by software tests

• All relevant use cases for DE-CIX are implemented• jFlowLib is actively used by DE-CIX• DE-CIX will maintains jFlowLib in the future

• Your contribution is highly appreciated

https://github.com/de-cix/jFlowLib
Page 11: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

11

Questions, Comments, Feedback?

Page 12: JFlowLib Dr. Thomas King Manager R&D A Java Library to Parse and Generate sFlow and IPFIX Data

DE-CIX Management GmbHLindleystr. 1260314 FrankfurtGermanyPhone +49 69 1730 902 0

[email protected]

Thank you!


Parse introduction

Traffic visibility and control with sFlow - Open vSwitchopenvswitch.org/support/ovscon2014/17/1400-ovs-sflow.pdf · Traffic visibility and control with sFlow ... very few ACLs needed

sFlow / NetFlow InMon TrafficSentinelのご紹介

Listening to the Network-v7 - FIRST · – Netflow v5/v7/v8/v9, sFlow v4/v5, Jflow, cflow, Netstream v5/v9, IPFix, Flexible Netflow – Routers and switches support different versions

Applying(IPFIX - Internet Engineering Task Force · Whatis(IPFIX?(• “IP(Flow(Informaon( eXport” • aunidirecTonal( protocol(for(dataexport;(• a dataformat providing(efficientrecordLlevel(selfL

Configuring sFLOW - cisco.com · Configuring sFLOW Thischaptercontainsthefollowingsections: • InformationAboutsFlow,page1 • LicensingRequirements,page2 • Prerequisites,page2

READ VERIFY PARSE AUTOMATE READ VERIFY PARSE AUTOMATE READ VERIFY PARSE AUTOMATE Presented by: Todd Liebman SVP Marketing & Operations

Alternative as Competitors to Facebook Parse: If not Parse Then What?

NetFlow, IPFIX and sFlow Analyzer - Plixer - Network Traffic

Parse intro

How to Export sFlow from a Cisco ASR 9k - LiveAction...1-5 | How to Export sFlow from a Cisco ASR 9k What is sFlow sFlow, short for "sampled flow", is an industry standard for packet

Laplas Parse

THE BIG BOOK OF NETWORK FLOWS FOR SECURITY4 Cisco’s NetFlow is just one of the many network flow protocols out there. Others include: • J-Flow • Cflow • IPFIX • sFlow® Flow

Namami Parse

M. Li Huawei October 19, 2015 IPFIX IE Extensions for … October 19, 2015 IPFIX IE Extensions for DDoS Attack Detection draft-fu-dots-ipfix-extension-00.txt Status of this Memo This

IPFI conversations, QoS, AS; IPFI · NetVizura NetFlow Analyzer enables you to collect, store and analyze network traffic data by utilizing Cisco® NetFlow, IPFIX, NSEL, sFlow and

R. M. Balzer and D. J, Färber · The parse-elements can either be a parse-group or a parse-atom. A parse-group is simply a named or un-named parse-alternative list enclosed in brackets

Network Monitoring using sFlow®

Flexible NetFlow IPFIX Export Format · How to Configure Flexible NetFlow IPFIX Export Format Configuring the Flow Exporter Performthisrequiredtasktoconfiguretheflowexporter.

What's Parse

Monitoring Network Traffic Using sFlow Technology on EX Series

BW PARSE | PARSE ACTIVITIES | WISHTREE TECHNOLOGIES | LEARNING | TIBCO TRAINING |CORPORATE | TRAININ

NetFlow Optimizer™ · o Cisco ASA o Cisco devices generating AVC ... NetFlow v5/v9, Flexible NetFlow, NetFlow Options, IPFIX, sFlow (both data records and counter records), J-Flow,

SFlow Swithes Procurve

Palestra parse

SNMPc OnLine - Castle RockSNMPc OnLine includes support for a broad suite of application monitoring technologies including NetFlow, SFlow, JFlow and IPFIX. An intuitive front end delivers

> IPFIX Technical Configuration Guide

Justin Pettit Eric Lopez 07 November 2013...2 Overview ! Visibility (NetFlow, IPFIX, sFlow, SPAN/RSPAN) ! Fine-grained ACLs and QoS policies ! Centralized control through OpenFlow

Network visibility and control using industry standard sFlow telemetry

Présentation - Netflow / Sflow Version Nov 2011 Orsenna 20111

MAKALAH IPfix

Documentation utilisateur de SmartReport · 1.2.2. Netflow/sFlow/IPFIX Netflow, sFlow et IPFIX sont différents protocoles mis au point par Cisco, HP, ExtremeNetworks, l'IETF et d'autres

1H01: Network Traffic Monitoring mit sFlow

SharkFest ’18 Europe - WiresharksFlow, Wireshark and ntop • Wireshark can be used with sFlow traffic to • Dissect sFlow packets • Dissect packets in sFlow flow samples •

RFC 5101 IPFIX Protocol Specification January 2008 · RFC 5101 IPFIX Protocol Specification January 2008 4.2. The Metering Process Reliability Statistics Option Template