terena networking conference 2009

IPFIX Based Virtual Network Monitoring

Radek Krejčí, Pavel Čeleda, Vojtěch Krmíček, Jiří Novotný (CESNET)

The poster presents usability of the flow data with precise time stamps for the network discovery and monitoring purposes. Flow information is widely used as a source of long time statistics for network planning and accounting or for detection of security incidents and security forensics. We want to show that detection of link behavior properties or exploring data paths as well as exploring whole physical and virtual network structure is another useful applicability of the IP flow monitoring. To be able to distinguish the ordering of physically closed network nodes the time resolution should be at least in microseconds. Today most widely used NetFlow protocol use only milliseconds as its time stamps. Therefore we propose to use IPFIX protocol enabling time stamps with nanoseconds precision. The whole discovery process is based on the precise time stamps. Marking monitored flow by the precise time stamp in every observation point where it appears provides enough information for the flow path reconstruction performed by data analysis center. The data analysis center is also able to acquire another useful information about link behavior like time delay, jitter or latency that provides more complex view to the monitored network. The proposed framework is based on FlowMon probes generating IPFIX data and NfSen/NFDUMP collector. We added IPFIX support to NfSen/NFDUMP tool set to be able to handle precise timestamps. The virtual network monitoring is being done within the FEDERICA project.

Download poster (PDF)