1 / 22

Current Practice for Network Analysis in CSTNet

This article explores the current practices for network analysis in CSTNet, including infrastructure management, traffic analysis, DDoS detection, and IT service management. It also discusses the need for route analysis systems and future work to improve network performance and security.

jaimeh
Download Presentation

Current Practice for Network Analysis in CSTNet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Current Practice for Network Analysis in CSTNet Chunjing Han CSTNET, CNIC chjhan@cstnet.cn

  2. Agenda I Network management infrastructure Traffic and routing analysis II Network management infrastructure DDoS detection, traceback, analysis and mitigation III IT service and IT government in CSTNet

  3. Network management infrastructure Call center Incident Management Problem Management Configuration Management Change Management Network analysis system: traffic analysis route analysis DDos attack analysis The basic network management system by snmp, icmp, tacacs and so on Device and performance data Devices and links Network layer

  4. Trafficanalysis and report system in CSTNet • An integrated and intelligent infrastructure • Aggregated the different routers in multilayer network • The institutes and custom objects are the base analysis elements • Evaluate the network updates plan from the traffic report

  5. The structure of traffic report : traffic matrix Network, interface, router, AS, institute and custom object are the cell elements of the row and column in the traffic matrix. The elements of the row: application, topTalk, protocol and so on The elements of the column: network, interface, router, AS, institute and custom object

  6. Traffic Matrix

  7. Traffic Matrix

  8. Application, protocol, topTalker and abnormal event Matrix

  9. Transit analysis between institutes in CAS

  10. TopTalker institutes traffic analysis between CERNet and CSTNet

  11. Why need the route analysis system • A key component of a complete Network & Application Service Management Solution • Discovered that a major site was being routed to another via an expensive international WAN link

  12. Router misconfiguration: routing to only ISP 2 despite intact links to both ISPs ISP 1 ISP 2 How to find the root cause Despite physical redundant connections to ISP1 and ISP2, no traffic was being sent through ISP1 If the link to ISP2 failed, all internet connectivity would have been lost

  13. Topology and route visualization Reducing time to analyze difficult network problems

  14. Route event analysis History navigator • Historical routing events are easily replayed Route change records

  15. Route event analysis Which AS announce the new routes? • Any recorded time period can be selected and analyzed The root reason we find !

  16. Network simulation Know how changes will affect your network before making them

  17. DDos mitigation Establish a dynamic baseline of typical traffic patterns in different zones of the network Comparing real-time network activity against this dynamic baseline, to flag all anomalies Mitigation detection

  18. What force us to concern the IT service management Dynamic and more complex network environment (link update, change routers, misconfiguration) Serialize the key network application, provide the reliable service for institutes Improve the IT security, strengthen risk-resisting ability Automation Control Visualization

  19. IT Service Management in CSTNet • IT Infrastructure library • A service desk to deal with trouble ticket , service and change request • Event, problem, configuration and change

  20. Service Support basics Configuration Management • Single Point of Contact for users of IT Services Configuration Item • Router, switch, link, card,Server • Software • Related documentation • Relationships between CIs • Managed Elements of a service • CMDB Service Desk in CSTNet Incident Management Problem Management Change Management Release Management Change Release Incident Problem • Proactive • Root cause of related incidents • When understood, becomes a Known Error • Any change to a CI • “standard” or preapproved changes • CAB • Incidents • Reactive • Service Requests • Large or bundled changes planned, designed, built and tested together • Subject to change management 20

  21. Future work Improve the performance of traffic analysis Route-flow fusion A way to mitigate the DDos detection and guarantee the key scientific application traffic Strength the IT government and provide the best management service

More Related