ipfixexport at ixps

Report

Post on 02-Aug-2022

5 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

IPFIX Export at IXPsInsights into Your IXP

Thomas King, CTO, DE-CIX

Swinog #37

3www.de-cix.net

Insights in traffic statistics

Beyond customer‘s rate limit / Access Port capacity

No load on customer‘s router

No router configuration needed

Motivation

2/12

DE-CIX FRA

4www.de-cix.net

IPFIX Protocol

[1] https://tools.ietf.org/html/rfc7011

[2] http://www.iana.org/assignments/ipfix/ipfix.xhtml 3/12

RFC7011[1]

Templates

491 data fields defined[2]

Dead and alive timeout

https://tools.ietf.org/html/rfc7011
http://www.iana.org/assignments/ipfix/ipfix.xhtml

5www.de-cix.net

Architecture

4/12

Packet sampling rate 1:10k

Dead timeout: 15s, alive timeout 60s

6www.de-cix.net

Front-End[3]

5/12

Customers choose

from their MAC

addresses

Enter any target IP

Select start/stop

[3] https://portal-beta.de-cix.net/statistics/ipfix-export

https://portal.de-cix.net/statistics/ipfix-export

7www.de-cix.net

Implementation Challenges

6/12

Incoming:

One large IPFIX stream

Outgoing:

N filtered IPFIX streams

to M target IP addresses

Need for new IPFIX

stream creation

/dev/null

Filter 1

Filter N-1

Filter N

Encrypter 1

Encrypter M

IPFIX Filtered

IPFIX

Encrypted

IPFIX Public

Internet

8www.de-cix.net

Design Space

7/12

1 Vermont[4] instance

Config contains filters for every MAC address

Output redirected to encrypter on demand

[4] https://github.com/tumi8/vermont/

https://github.com/tumi8/vermont/

10www.de-cix.net

Back-End

9/12

Dumping + filtering: Vermont

No interruption upon request

Approx. 1 minute delay

11www.de-cix.net

Receiving Data

10/12

Open-source decrypter[5]

Pmacct[6]

FastNetMon[7]

[5] https://github.com/de-cix/udp-dtls-wrapper/

[6] http://www.pmacct.net/

[7] https://fastnetmon.com/

https://github.com/de-cix/udp-dtls-wrapper/
http://www.pmacct.net/
https://fastnetmon.com/

12www.de-cix.net

02.12.2021The secret of the InternetSlide 12

https://youtu.be/HS-PkYJhT0A

https://youtu.be/HS-PkYJhT0A

13www.de-cix.net

11/12

Configure transport port

Overview of running exports

Export via IPv6

Support other DE-CIX Locations (e.g. MUC, NYC)

Webinar [8] – We already have that! ☺

[8] https://www.de-cix.net/de/about-de-cix/academy

Planned Enhancements

https://www.de-cix.net/de/about-de-cix/academy

14www.de-cix.net

Summary

12/12

Self-Managed IPFIX collection

Sensible data encrypted

Analysis with own tools

Free beta service

15www.de-cix.net

Thank you for your attention!

Any questions?

top related

countries, ixps and ripe atlas
Internet
ca landscape · internet exchange points (ixps) •canadian...
Documents
international cables gateways ixps
Documents
packet clearing house: using ixps: construction, operation,...
Technology
the real cost of public ixps
Internet
interconnecting ixps: pros and cons
Documents
ixp scene - france-ix · => in 32 countries, operating over...
Documents
routeflow & ixps
Technology
digital divide and ixps in west africa
Internet
the real cost of public ixps(pdf)
Documents
scaling ixps
Documents
scaling ixps scalable infrastructure workshop afnog 2009
Documents
isoc: ixps partnerships
Technology
countries, ixps and ripe atlas · raim workshop, 2015-10,...
Documents
new ixps in a post ipv4 world
Documents
internet exchange points (ixps) scalable infrastructure...
Documents
ixps | governance and financial models: best practices...
Documents
euro-ix update - nonog...euro-ix update nix may 2017 oslo,...
Documents
bgp large communities for ixps
Documents
appropriate layer-2 interconnection between ixps · pdf...
Documents