Shulou(Shulou.com)06/01 Report--

Rong Teng network shunt is the most important basic equipment of network monitoring front-end in the field of network security! Used in big data collection, IDC monitoring and other fields, today take the time to talk about IDC monitoring traffic collection! Network shunt

When IDC was just springing up in China, the export bandwidth of IDC was still very small. Later, it slowly expanded from 100 m to 1000 m, and has grown rapidly to 10G, even dozens of Gpencil 100G, and the interface type has also developed from ATM to POS,GE.

This section supports 480 10G and 76 100G, especially suitable for big data acquisition and IDC monitoring. ATCA frame network shunt has the characteristics of low cost, high density and high flow.

1. Why traffic analysis is needed

In the daily IT management, network administrators often face the following situations:

Where does external traffic come from?

Is there any unfriendly behavior?

Where is all the traffic on this network?

How to do real-time detail analysis?

What is the traffic usage of each IP in this network?

Which IP addresses or application layer protocols cause network congestion?

What is the proportion of traffic for various application layer protocols in my network?

How to provision traffic between multiple external lines to achieve load balancing?

How to predict the growth of network traffic and how long will it take to expand?

The traffic analysis system is produced to solve these problems!

Collection method of 3.IDC traffic

From the point of view of the collection mode of traffic data, it can be divided into several main methods, such as SNMP, port mirror / probe / bypass, FLOW,RMON and so on. Among them, SNMP is mainly used to collect the traffic data of the device interface, such as collecting the number of bytes and packets flowing in and out of a switch port.

Network shunt, that is, port mirroring / probe / bypass\ traffic filtering\ visualization is mainly used for full traffic collection of ports with different links and different traffic bandwidths. The data collected in this way is filtered through five tuples and analyzed for packet content, that is, the so-called DPI (Deep packet Inspection). This method is currently the most in-depth and comprehensive traffic collection method!

On the other hand, various FLOW technologies carry out the statistics of the network quintuple (source IP+ source port + destination IP+ destination port + protocol type) according to a certain sampling ratio, and then output the statistical flow record.

From the practical application of IDC traffic, these methods all have their application scenarios. For example, the interface traffic of the switch port collected by SNMP technology can reflect the traffic distribution and bandwidth consumption in the network, as well as the working status of the equipment, such as packet loss rate, error packet rate and so on. On the other hand, full-flow collection technologies such as port mirroring / probe / bypass can be combined with deep packet inspection technology to automatically monitor whether various websites and forums hosted by IDC contain illegal and × × content. FLOW technology has unique expansibility in the applications of IDC, such as flow direction analysis, abnormal traffic analysis and so on.

7 key presentation views of 3.IDC traffic

Then from the daily requirements of IDC traffic analysis, in order to help IDC truly and better reflect the traffic in the network, the traffic analysis system needs to have the following seven views, which will provide an intuitive presentation for IDC to accurately analyze traffic from different angles.

3.1 Traffic flow direction view

The traffic flow view is mainly combined with as domain to accurately reflect the flow direction and source of traffic on the local network. In this view, you can directly see which provinces and operators mainly access the IDC network. By analyzing the traffic on the exit of the provincial metropolitan area network, you can also directly see which provinces and operators the provincial traffic is mainly sent to. These analysis data provide a reliable decision-making basis for the development of IDC hosting business.

3.2 Subnet Traffic View

The subnet traffic view can directly show the traffic of different subnets in the local network, and the ranking of subnets can be directly reflected by TOPN analysis.

3.3 customer Traffic View

The customer traffic view presents the network traffic from the point of view of IDC customers, which can directly show the real-time traffic ranking of each IDC customer and the traffic ranking of its application.

3.4 backbone traffic view

The backbone traffic view reflects the traffic distribution and bandwidth usage among the backbone network devices of IDC.

3.5 Application Traffic View

The application traffic view reflects the traffic distribution of IDC-hosted applications, such as WWW,FTP, video, P3P and other applications.

3.6 Topology Traffic View

The topology traffic view reflects the traffic distribution and bandwidth usage between IDC's network topology devices.

3.7 abnormal traffic view

The abnormal traffic view reflects the details of the abnormal network traffic of IDC. Here, you can use image and other full-traffic collection technology to capture and analyze the contents of abnormal traffic to facilitate fault location.

Due to the rapid growth of network traffic in IDC, the common alarm threshold policy configuration is of little significance in practical application, so it is necessary to establish a new traffic early warning model for more effective early warning.

Network shunt

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.