TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey
- Slides: 15
TUNDRA The Ultimate Netflow Data Realtime Analysis Jeffrey Papen Yahoo! Inc. Confidential
TUNDRA Features 1. Source and Destination AS 5. Analyze usage for local servers or services bandwidth analysis Charge Back Billing 2. Transit AS bandwidth 6. Symmetric Network analysis Performance Analysis: latency and packet loss 3. Custom AS macros: Bandwidth forecasting, 7. AS path hop count stats peering merit analysis 8. DOS attack detection 4. Billing Formulas for cost/ 9. All in Real Time benefit budget analysis Yahoo! Inc. Confidential - 2
Why should you care about TUNDRA? 1. Empirical Data • • • Prove that network performance increases Prove that network reliability increases as AS hops decrease Cost/Savings analysis for new peer or transit 2. Know how much bandwidth a peer will use before (or after) you turn link up – determine private vs. public peering need 3. Focus and Order peer hit list – who should you go after? 4. Business case to document support for peers that say No. Yahoo! Inc. Confidential 3
Why Call It TUNDRA? Yahoo! Inc. Confidential 4
Continuously exporting flows Router 49, 000 subnets Zebra Server processed in 2 – 3 minutes SNMP Poller Collector/ Processor Polls Interfaces. Stores to local DB My. SQL Database 500 Mb/sec in + out in 15 minutes generates approx 5, 244, 216 flows (288 MB). Processed in 21 seconds @ 248, 724 flows/sec Flow % * SNMP stored in central DB Yahoo! Inc. Confidential 5
Flow Data TUNDRA Displays Inbound Outbound Transit AS Bandwidth X X X Port X X Protocol X X Server (IP) X X AS Path X Yahoo! Inc. Confidential 6
Port Out Yahoo! Inc. Confidential 7
Protocol Out Yahoo! Inc. Confidential 8
Bandwidth Out Yahoo! Inc. Confidential 9
Transit Data All outbound flows have destination IP Each Destination Subnet learns AS path from Zebra BGP table - AS padding removed Zebra BGP table is identical to actual routes used on local router(s) Local BGP data reflects immediate policy changes with no performance impact or security threat to production routers Yahoo! Inc. Confidential 10
Destination vs. Transit Traffic – UUNet Yahoo! Inc. Confidential 11
AS Hop Count Table AS Path Hop Count Router #1 Router #2 0 (Yahoo!) 0% 0% 1 (Peering ISP) 0. 34715% 0. 10148% 2 15. 54806% 12. 42353% 3 46. 64506% 45. 17018% 4 27. 75107% 31. 07077% 5 7. 69483% 8. 94431% 6 1. 88979% 2. 18044% 7 0. 12290% 0. 10870% 8 0. 00004% 0. 00000% 9 0. 00109% 0. 00061% Yahoo! Inc. Confidential 12
Performance Analysis • ICMP Ping vs. TCP packet with bogus SYN/ACK • Testing is done from your network’s perspective • Route-Maps on collector interface • Simultaneous testing of multiple paths to same target AS • No continuous IBGP flapping from /32 updates • No adding and removing /32 static routes • No 3 rd party remote applications logging onto routers • Looking Glass server (www) for troubleshooting Yahoo! Inc. Confidential 13
TUNDRA Next Steps 1. White Paper – No, I really mean it! 2. I’m looking for help – this is a hobby, not my job 3. Maintainers to finish baking code and configuration 4. Release to Internet community 5. Licensing is GPL + please peer with Yahoo! Inc. Confidential 14
Questions? Jeffrey Papen jpapen@yahoo-inc. com jeffrey@papen. com Yahoo! Inc. Confidential 15
Cisco top talkers
Netflow probe appliance
Netflow probe hardware
Hadoop netflow
Mathias jourdan
Traffic accounting
Moloch netflow
Cisco netflow to xml
Realtime big data
Dulong's formula
Realtime system
Gullistan carpet
Firebase push notification android
Realtime streaming protocol
Paul viskovich
Real time interaction management
