240 likes | 405 Views
Monitoring JANET: from photons to flows Demands - Architectures - Regulation Steve Williams JANET. Demands: From researchers From NOCs/institutions/’power’ users Layer 1, 2, 3 … metrics Routing (BGP/ISIS) – updates/full feed Packet capture data (up to 40Gbps) Flow data Legal requirements
E N D
Monitoring JANET: from photons to flowsDemands - Architectures - RegulationSteve WilliamsJANET
Demands: • From researchers • From NOCs/institutions/’power’ users • Layer 1, 2, 3 … metrics • Routing (BGP/ISIS) – updates/full feed • Packet capture data (up to 40Gbps) • Flow data • Legal requirements • RIPA, DPA, private data, ethical behaviour • Indivudual vs institutional data & summary vs detail data • Research topics in the UK • Visualization • Signature analysis / DPI • Anomaly processing • Optical networks/switching • Issues: • Standards in measurements • Standard approach across measurement types • Interchange of data between systems • Hard to compare measures directly • What is a ‘good’ link? RequirementsThe SuperJANET55th Objective-Network VisibilitySteve Williamss.williams@ja.net
JANET and Research • Aim to support and encourage research and assist where possible by providing bandwidth and services that help researchers • Assist network research by providing access to the network • Need to balance: • operational vs research requirements… • legal vs research requirements Monitoring is research driven
ESLEA Applications and the Network Towards Next Generation Networks 46PaQ Protocol Innovation Behaviour And Performance For QoS and Control MASTSAnalysis at All Scales in Time & Space Data Acquisition, Storage & Archiving Data Analysis and Traffic Modelling Real-time Monitoring Compression (Model Free & Model Dependant) Front End Enhancements: Advanced Protocols SuperJANET and UKLIGHT UKLIGHT ‘network’ projects Applications Network Science Technology Innovation
Research Activities and Projects Example: Research at ESSEX University • TRIUMPH • Develop switching node for: • - Bit-rate adaptation • Multiwavelength regen LUCIFER Control plane and network resource provisioning for Grid and eScience HIPNET Modelling end to end QoS across heterogeneous nets PROTAGON SONET/SDH Collector ring UPC Networking with ultra-short pulses: -OTDM transmission -OTDM switching -Time-Slot Interchange Edge OPS Optical Transport Network Label Switching Routers OXC Core OPS OBS 40G all-optical burst Rx OPSnet MUFINS OPORON ephoton/ephoton+ UFORIC Hardware based CBR with optical impairments
- LHC • JIVE • DEISA • Layer 0 network • UKLight STM/GE circuits
FaTMAN UHI Glasgow NIRAN Clydenet EaStMAN C&NLMAN AbMAN NorMAN Dublin (HEANET) YHMAN NNW Leeds Warrington EastNet MidMAN EMMAN T-City T-House London Reading TVN LMN WREN Kentish MAN LeNSE SWERN Bristol • Overall Network: • - 5,815km New Dark Fibre • - 112 optical nodes/sites • 746Gbps operationa capacity • 60 x 10G plus 2.5, 1 • Core Network: • - 8 nodes • - 2,290Km fibre • - 20 Terminal systems, 23 Amp/OADM • - Longest un-regen – 554km • - Longest span – 243.6km (51.2db) • Regional Network access: • - 3,561km Fibre • - 24 optical networks • - 73 sites • - 36x10G, 26xSTM16,16GE and an STM1
IP-SLA • Ping • SNMP • Perl • Performance • RTT • OWD • Loss SD/DS • HTTP • DNS • TCP Connect • HTTP transfer • Total time • DNS • Response time • VoIP • MOS • Connect • NTP • Time
Traffic types • Top talkers • Incident tracking • Anomaly detection • Signature analysis • etc • Challenges: • >70k flows/sec at 10:1 sample rate • T640’s not good at sampling
Multicast • AG conference@5mbps Add soton screen shots
Beyond IP JANETLightpath JANET IP Optical Transmission (DWDM)
Optical NE data: Alerts - Light on/off Ciena/VzB - SNMP traps Nortel via SNMP JANET Optical Core DWDM Juniper T640 Flow data: Traffic types Incident detection Packet headers only Sampled SuperJANET5 – Optical monitoring: Feed to Optical Switch and Optical monitoring equipment Packet data to content level: Incident/Anomaly detection, Signature analysis
Production SJ5 fibres Optical layer packet capture 1 – 40Gbps Anomaly detectiion Incident tracking Packet signature analysis Encrypted signatures
What was that about sniffing packets Isn’t that interception?
JANET is a private network • No public/walk in access • Only access to staff/students/bona fide visitors • Breach of RIP by network operations staff is civil case not criminal • Breach by non-operations staff is still criminal (student hackers etc…) • http://www.ja.net/development/legislation/laws.html
Research access to data • Principle of ‘least disclosure’ • No access to data not required • Use anonymisation where possible • Access to full data only in cases where proven case presented • No access to header and payload data • Payload summary data/signatures • Researchers agree to and sign policy • Non-disclosure of data • Maintain privacy • Scope of research work • This policy works only because JANET is a private network.
Key issues • Architecture of monitoring is key • Interchange of data between sytems • Stability and comparability of data between locations and across time • The legal framework cannot be ignored • Some researchers try… • Some countries have less stringent laws