MONICA Research Group Juraj Giertl, Martin Révés [email protected]@cnl.sk, [email protected]@cnl.sk IPFIX Interoperability.

MONICA Research Group

Juraj Giertl, Martin Révés

[email protected], [email protected]

IPFIX Interoperability Event, Prague, 24. – 25. 3. 2011

Outline

• Introduction of Technical University• The BasicMeter Tool• MONICA add-ons

Technical University of Kosice

• Faculty of Mining, Ecology, Process Control and Geotechnology

• Faculty of Metallurgy• Faculty of Mechanical Engineering• Faculty of Electrical Engineering and Informatics• Faculty of Civil Engineering• Faculty of Economics• Faculty of Manufacturing Technologies• Faculty of Arts• Faculty of Aeronautics

Faculty of Electrical Engineering and Informatics

• Department of Computers and Informatics • Department of Cybernetics and Artificial Intelligence • Department of Electrical Drives and Mechatronics • Department of Technologies in Electronics • Department of Mathematics • Department of Physics • Department of Electric Power Engineering • Department of Electronics and Multimedia

Communications • Department of Theoretical Electrotechnics and Electrical

Measurement

Department of Computers and Informatics

• Informatics and Computer Languages Laboratory• Software Engineering Laboratory• Information Systems Laboratory• Computer Networks Laboratory• Computer Architectures and Security Laboratory

Computer Networks Laboratory

Head of the laboratory: Frantisek Jakab

Staff:•2 associate professors•7 assistant professors•7 PhD students•14 students•29 external members•4 honorary members

The BasicMeter Tool

• BEEM BasicmEter Exporting and Metering Process

• JXColl Java XML Collector

• BM Analyzer BasicMeter Analyzer

• ACP Analyzer Collector Protocol

• AEP Analyzer Exporter Protocol

NETWORK

BEEM

SQLdatabase

JXColl

BM Analyzer

NF v5/v9IPFIX

AEP

SQL

SQL

ACP

IP traffic

dataconnection

controlconnection

control + dataconnection

MONICA add-ons (1)

• Modular WebAnalyzer built on Java Wicket framework integrating many potential extensions and applicability-specific modules.

• ECAM (Exporter Collector Analyzer Module) for the centralized management and easy deployment of the monitoring tool.

MONICA add-ons (2)

• ACP (Analyzer Collector Protocol) for the direct communication of collector and analyzer.

• Data WareHouse for data preprocessing and storing for efficient access by the analyzer.

• Adaptive export of flow records from the observation point.

• Measurement of OWD with compensation of observation points’ clock skew.

• Usage-based accounting.• Anomaly based IDS.

MONICA add-ons (3)

• Adaptive anomaly driven traffic engineering.

MONICA add-ons (4)

• Monitoring of information systems.

• Extension of IPFIX protocol specification

Log Processor

SQLdatabase

JXColl

Analyzer

IPFIX-IS

AEP

SQL

SQL

ACP

IS Logentries

dataconnection

controlconnection

control + dataconnection

IS

Future Plans

• Full conformity with IPFIX specifications• Optimization of network monitoring for high-speed

networks• Implementation of adaptive mechanisms• Support for SCTP, TLS• Support for IPv6, MPLS• Further research of add-ons• the most important one:

ESTABLISHMENT OF CLOSER COOPERATION WITH THE COMMUNITY

Links

www.cnl.sk

wiki.cnl.sk/Monica/IPFIXPrague

[email protected]

[email protected]

Thank you for attention

Acknowledgement

This work is the result of the project implementation: Center of Information and Communication Technologies for Knowledge Systems (ITMS project code: 26220120030) supported by the Research & Development Operational Program funded by the ERDF.