NANOG Meeting Presentation Abstract

The many uses of NetFlow and flow-like data
Meeting:	NANOG65
Date / Time:	2015-10-05 1:30pm - 2:00pm
Room:	Le Grand Salon & Marquette
Presenters:	Speakers: Avi Freedman, Kentik Mr. Avi Freedman founded Kentik, Inc. and serves as its Chief Executive Officer. Mr. Freedman serves as Technical Advisor of ServerCentral, Inc. Mr. Freedman served as the Chief Technology Officer of ServerCentral, Inc. Mr. Freedman had a number of roles at Akamai Technologies from October 1999 to August 2009, including Vice President of Network Architecture and Infrastructure, and Chief Network Scientist. Mr. Freedman was most recently Distinguished Engineer and Chief Network Scientist for Akamai, where he oversaw the development and evolution of Akamai's network and content delivery technologies to new applications. He led the growth and management of Akamai's globally distributed network from 250 networks to more than 1000 networks. Mr. Freedman served as Vice President of Engineering at AboveNet, and in 1992, he founded Netaxs, the first ISP in Philadelphia.
Abstract:	Most operators know that flow (NetFlow, IPFIX, and sFlow) data can be collected from routers and switches, and can be used for network cost and planning analysis, attack detection, and peering analysis. But bulk flow data just shows the traffic to-and-from. With 'augmented' flow from load balancers, servers, and sensors listening on taps and span ports, new questions can be answered around performance and security of the infrastructure and application traffic. In this talk, we'll do a brief review of flow and 'classic' flow analytics and use cases; cover some of the source some sources of flow that are not commonly looked at but may be available (including OSS sensor software and configs, load balancers, IDS sensors, server-side monitoring software, and nginx logs); and will discuss a number of real-world use cases enabled with 'augmented flow': - Detecting application-level attacks - Peer analysis by performance, including 'peering' beyond the first hop AS - 'Lightweight' network-viewed Application Performance Monitoring, to help users understand if they are seeing application or network-layer issues - Detecting and exposing customer security issues (or for web companies, compromised servers or end user devices) - E-commerce bot detection All of the tools we'll cover for gathering the augmented flow data (nprobe, and 3 packages being released by Kentik for flow -> top talkers, nginx logs -> flow, and bro logs -> flow) are free and/or open source. [Going light on demo and configurations, this is a 30-45 minute talk, or with more configurations and demos of some of the functionality, it would be 45-60 minutes.]
Files:	The many uses of NetFlow and flow-like data(PDF) The many uses of NetFlow and flow-like data
Sponsors:	None.

Back to NANOG65 agenda.

NANOG65 Abstracts

• Show All

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• Conference Opening
  Speakers:
  Tony Tauber, Comcast; Christian S. TacitTorIX; .
  Philippe Couture, Videotron; Clinton Work, TELUS;

• NANOG 65 Keynote Address
  Speakers:
  Jack Waters, Level3 Communications;

• Your Bitcoins or Your Site: An Analysis of the DDoS for Bitcoins (DD4BC) DDoS Extortion Campaign.
  Speakers:
  Roland Dobbins, Arbor Networks;

• The many uses of NetFlow and flow-like data
  Speakers:
  Avi Freedman, Kentik;

• NANOG Board Candidates
  Moderators:
  William CharnockPacketFabric; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• Data Center Track
  Moderators:
  Gabe Cole, RTE Group, Inc.;

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• DNS Track
  Speakers:
  Geoff HustonAPNIC; .
  Duane Wessels, VeriSign; Keith MithcellDNS-OARC; .
  Brian SomersOpenDNS ; .
  Ray BellisInternet Systems Consortium; .
  Eddie Winstead.
  Tomas HlavacekCZ.NIC; .
  

• NetDevOps - Ansible 101 to network nirvana
  Speakers:
  Bronwyn Lewis, Packet Clearing House; Matt Peterson, Cumulus Networks;

• NetDevOps - Ansible 101 to network nirvana
  Speakers:
  Bronwyn Lewis, Packet Clearing House; Matt Peterson, Cumulus Networks;

• Demystifying Pros & Cons of large Scale BGP RR deployments
  Speakers:
  rohit bothra, Brocade Communications;

• DDoS Tutorial
  Speakers:
  Krassimir Tzvetanov, A10 Networks, Inc.;

• Security Track
  Speakers:
  Krassimir Tzvetanov, A10 Networks, Inc.;

• Wi-Fi: Fundamentals, Design and Troubleshooting
  Speakers:
  Troy Martin, Aerohive Networks;

• 10 Weird (and Possibly Useful) Things You Didn't Know about International Networks
  Speakers:
  Tim Stronge, TeleGeography;

• Monitor BGP using open source OpenBMP and Apache Kafka
  Speakers:
  Tim Evens, Cisco;

• Building a smallish DC...for the rest of us
  Speakers:
  Karl Brumund, Dyn;

• Running MPLS efficiently in ring networks
  Speakers:
  Ravi Singh, Juniper Networks;

• BGPuma -- Border Gateway Protocol Update Metric Analysis
  Speakers:
  Leigh Metcalf, CERT;

• Whack-a-Mole Routing: The effects of ISP Traffic Engineering on Non-ISP Networks
  Speakers:
  Rick Casarez, Salesforce;

• Distributed Route Aggregation on the Global Network (DRAGON)
  Speakers:
  João Luís Sobrinho, Instituto de Telecomunicações, University of Lisbon;

• Cloudy with a chance of Breach: Forecasting Cyber Security Incidents
  Speakers:
  Manish Karir, QuadMetrics;

• Optimal routing vs. Route Reflector VNF - reconcile the fire with water
  Speakers:
  Rafal Szarecki, Juniper Networks;

• The future of North American Regional BCOP
  Speakers:
  Aaron Hughes6connect; .
  Chris Grundemann.
  

• The future of North American Regional BCOP
  Speakers:
  Aaron Hughes6connect; .
  Chris Grundemann.
  

• Lightning Talks
  Speakers:
  NANOG Lightning TalksNANOG Community; .
  

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Strategies of packet buffering inside Routers
  Speakers:
  Rafal Szarecki, Juniper Networks;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Peering Track
  Moderators:
  Sylvie LaPerriere, Google Inc.; Patrick Gilmore, Markley Group; Panelists:
  David E. Young, Verizon; Hank Hultquist, AT&T; Joseph Cavender, Level 3 Communications; Speakers:
  Jon Nistor, TorIX;

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Proactive Network Configuration Validation with Batfish
  Speakers:
  Todd MillsteinUniversity of California, Los Angeles; .
  ratul mahajanmicrosoft research; .
  Ari Fogel, UCLA; Meg Walraed-SullivanSpace Exploration Technologies; .
  

• Deploying IPv6 at Scale as an ISP
  Speakers:
  Clinton Work, TELUS;

• Closing Remarks
  Speakers:
  Betty Burke, NANOG Executive Director;