《【精品】rorPekflowSP网络流量清洗分析产品精品ppt课件.ppt》由会员分享,可在线阅读,更多相关《【精品】rorPekflowSP网络流量清洗分析产品精品ppt课件.ppt(61页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、rorPekflowSP网络流量清洗分析产品 Proprietary and Company Confidential InformationArbor Peakflow SP CP 异常检测 议程议程Arbor Peakflow SP CP-流量统计分析TR Arbor Peakflow SP TMS 流量清洗 Introduction to ArborIntroduction to Arbor 电信用户需求与产品亮点2 Proprietary and Company Confidential InformationArbor致力于网络流量分析与安全领域致力于网络流量分析与安全领域Solid
2、 Technology Base起源于起源于Cisco在密西根大学投资的实验室在密西根大学投资的实验室16项专利技术项专利技术Solid Financial Base注册资金注册资金3,300万美元万美元 销售额每年成翻倍增长销售额每年成翻倍增长;在在04年达到年达到230%Solid Market BaseArbor 平台平台产品在全球100家以上的客户多数为一级运营商和大型企业多数为一级运营商和大型企业Strategic Partnerships include:3 Proprietary and Company Confidential InformationEducationMSOEn
3、terpriseTier 1Tier 2/ISP/HostingCustomers:AmericasGovernment4 Proprietary and Company Confidential InformationEMEAAsia PacCustomers:EMEA and APAC5 Proprietary and Company Confidential Information Proprietary and Company Confidential Information Proprietary and Company Confidential InformationPeakflo
4、w SP PlatformPeakflow|SP异常检测异常检测DoS/worm detectionTracebackAnalysisMitigation统计分析统计分析 Routing managementTransit/peering mgmtCustomer accountingBackbone mgmtInfrastructure security,intelligent traffic analysis,managed DoS protectionfor service providers8 Proprietary and Company Confidential Informati
5、on议程议程Introduction to Arbor 电信用户需求与产品亮点9 Proprietary and Company Confidential Information用户需求与产品用户需求与产品亮点亮点u骨干网络网管系统 全国骨干/省网/城域网,链路分析/Peer 分析/网络优化与规划u业务网络检测 IDCu网络安全分析 异常流量的发现与清洗uManaged Service 增值化IP服务10 Proprietary and Company Confidential Information针对潜在宽带客户的流量分析针对潜在宽带客户的流量分析-智智能决策的依据能决策的依据u该客户流入
6、网通的流量是多少?u去了哪里?uTop talker 是谁?u流量模型是什么?应用?忙时?u以怎样的优化部署方案去吸引客户?u怎样发挥现有的优势,实现自身网络资源利用最大化?与新客户会面前的家庭作业11 Proprietary and Company Confidential Information针对现有宽带客户的流量分析针对现有宽带客户的流量分析-智智能决策的依据能决策的依据u差异化的服务有那些?u安全服务SLA DDoS流量清洗uManaged Service Portal的实现u分布式部署的优化设计u历史数据的发掘留住老客户的法宝-低价?还是高质!12 Proprietary and
7、Company Confidential InformationService Offering Example:Network-Based DDoS DetectionBenefitsSupport multiple customers on shared Peakflow devicesShare capacity in-the-cloudMultiple attack mitigation optionsCustomizable customer-facing portal for anomaly reportingProductPeakflow SP CPPeakflow SP MS
8、Proprietary and Company Confidential InformationService Offering Example:Intelligent Traffic ReportingBenefitsSupport multiple customers on shared Peakflow devices Customer-facing portal for customer breakdowns,top talkers,&business-centric reportsNetwork-wide reports for scoped customersProductPeak
9、flow SP CPPeakflow SP MS Proprietary and Company Confidential InformationService Offering Example:Worm Detection and ReportingBenefitsWorm detection in-the-cloud and at network bordersTrack known worms on a per-customer basisDownload worm signaturesEnablersPeakflow SP CPPeakflow SP MS Proprietary an
10、d Company Confidential InformationService Level Offering BreakoutWholesaleEnterpriseSilverGoldBronzeOnDemand Proprietary and Company Confidential Information24x7 Address MonitoringPlus 3 additional critical site/resourcesNotification on yellow&red alerts for the specified critical resourcesAvailabil
11、ity SLAOn red alertsBandwidth saturationTreatment in 60 minutesAutomated Traffic&Event Reporting5 per customer in PDF or XMLReport types:Anomalies,Top Talkers,Bandwidth Utilization,Application BreakdownService Level-GoldBronzeSilverGoldOnDemand Proprietary and Company Confidential InformationService
12、 Availability Monitoring for Customers backed by SLAs Proprietary and Company Confidential InformationAutomated Weekly Reports Proprietary and Company Confidential InformationBronzeSilverCustomized Customer PortalEvent Analysis High/Medium/LowBandwidth DistributionWorm TabReal-time report Generation
13、:Top Talkers,Protocol Utilization,Application BreakdownsCustomize Profile Generation:Per site/Application breakdownsACL change request3 per month for Low/Medium AlertsFingerprint GenerationAlert SpecificAutomated Security&Abuse Related ReportsGoldService Level-Silver Proprietary and Company Confiden
14、tial InformationOn-Net Portal and Customized Views Proprietary and Company Confidential InformationBandwidth&Protocol Analysis Proprietary and Company Confidential InformationAutomated Alerting and Notification Proprietary and Company Confidential InformationBronzeSilverGoldCustomer-initiated Mitiga
15、tion Blackhole Infrastructure IntegrationMitigation DeviceCustomer Controlled Alert specific activationLevel 3 expertise not requiredService Provider SLA ensures availability even when the customer is restingService Level-Brone Proprietary and Company Confidential Information议程议程Arbor Peakflow SP CP
16、-流量统计分析TR 25 Proprietary and Company Confidential InformationPeakflow SP PlatformPeakflow|SP异常检测异常检测DoS/worm detectionTracebackAnalysisMitigation统计分析统计分析 Routing managementTransit/peering mgmtCustomer accountingBackbone mgmtInfrastructure security,intelligent traffic analysis,managed DoS protectionf
17、or service providers26 Proprietary and Company Confidential InformationArbor支持流量数据格式支持流量数据格式NetFlow V1、V5、V7、V8、V9格式的流量数据格式的流量数据 Arbor网络公司的网络公司的Peakflow SP系统支持工业标准的系统支持工业标准的Netflow/Cflow/Sflow/Netstream,从而能够对业界主,从而能够对业界主流设备厂商进行良好的支持,包括:流设备厂商进行良好的支持,包括:Cisco(Netflow)Juniper/Alcatel(Cflow)Foundry(Sflo
18、w)Huawei(Netstream)Avici(Netstream)27 Proprietary and Company Confidential InformationP R O V I D E R B A C K B O N EPeering Point#2Peering Point#3CollectorCollectorControllerNetflow/BGP/SNMP网络结构网络结构Peering Point#1Netflow/BGP/SNMPNetflow/BGP/SNMPSSLHTTPS28 Proprietary and Company Confidential Inform
19、ationPeakflow SP 系统的性能系统的性能支持时实性分析全网关联的流量分析。采用分布式处理结构,全网路由器数目无上限。曾经在北美商用网络中存在全网超过150台路由器、实际控制路由器全为GSR等级设备的案例。实际上用网络中存在控制端口为OC-192,40G/slot的 T-640系列路由器的案例。29 Proprietary and Company Confidential Information系统状态监控系统状态监控流量分析设备运行情况各台设备的CPU/Memory/Disk/Flow/Serial Number路由器情况路由器CPU/Memory/Flow路由器端口情况端口描述
20、/端口类型/端口流量(SNMP)系统日志Netflow/SNMP结果对比BGP路由表监控全球路由表条目/稳定性/路由条目/Prefix长度分析30 Proprietary and Company Confidential Information网络中的流量类型网络中的流量类型BackboneOff-netOn-netTransit31 Proprietary and Company Confidential Information流量分析系统的监控范围流量分析系统的监控范围电信运营商全网的整体流量分析电信运营商路由器流量分析电信运营商路由器端口流量分析电信运营商业务流量分析(WWW/IPTV/
21、P2P/IPhone)电信运营商大客户流量分析电信运营商与其他互联运营商流量分析电信运营商网络内部其它特定条件流量分析32 Proprietary and Company Confidential Information数据分析报告数据分析报告基于基于BPS和和PPS 为目标分析对象提供数据报告为目标分析对象提供数据报告基于目标分析对象提供基于目标分析对象提供:IP层协议业务以及应用(TCP,UDP port numbers,ICMP type and IPv6).AS distances and AS paths BGP ASN(peer,all and origin)BGP Communi
22、ty and prefixAS间穿越流量内部和外部的热点信息源Packet Size QosRaw flowEtc.33 Proprietary and Company Confidential Information灵活的自定义过滤条件灵活的自定义过滤条件路由器端口路由器端口协议协议/应用端口应用端口IP地址段地址段cidr_blocks 219.142.78.0/24,219.142.118.0/24AS PATH(与(与Cisco路由器配置相同)路由器配置相同)asregexp(|)4134_(3257|3320|12956|28910|12365)(|$)Communitycommun
23、ity 3250 community 4134:3302Peermatch set peer_as 18245组合条件(与组合条件(与/或或/非)非)community 4:20 and aspath _22400_源源/目的目的dst net 202.108.130.0/2434 Proprietary and Company Confidential Information系统报表系统报表支持实时/平均/最大值/PCT95流量查询三年任意时间段流量查询支持折线图/饼图/柱状图能够按照入/出/总流量等多种方式排序支持EXCEL/CSV/XML/PDF等方式下载报表35 Proprietary
24、 and Company Confidential Information“High light”Feature&Function支持路由表更新及稳定性查询 路由器端口自动分级,减轻操作人员的工作量 支持端口流量准确性比率查询 混合业务应用端口绑定(TCPUDP)允许用户自定义登录缺省菜单 支持MPLS/IPv6/QOSEtc.36 Proprietary and Company Confidential InformationMPLSTraditional NetFlow for IP to MPLS trafficPEPEP PPEPEMPLS 流量流量 业务类型统计业务类型统计Traff
25、ic FlowIPIPEgress MPLS NetFlow Accountingfor MPLS to IP trafficMPLS Aware NetFlow(version 9)业界唯一支持业界唯一支持MPLS的厂家的厂家37 Proprietary and Company Confidential Information支持多类型支持多类型QOS分析分析38 Proprietary and Company Confidential InformationBusiness Benefits to IDC Lower Total Cost of Ownership(TCO)Expensiv
26、e to manage multiple products.Reduction in overall capital expenditures and training costs.Offer“clean pipes”to all customersDetect and stop attacks that affect all customers from the smallest T1/E1 customers to the largest enterprises.Reduce operational costs for customers who suffer outages from a
27、ttacks.Increase customer satisfaction and reduce customer churnAddress hotspots on all circuits before they affect business services.Reduce SLA credits because of outages.Roll out new differentiated managed servicesDifferentiate DDoS Protection and MPLS VPN services for customers.Create new revenue
28、streams.Proprietary and Company Confidential InformationPeakflow SP CP DeploymentPeering Edge&Backbone VisibilityBroadband EdgeIDCProvider CBackboneProvider BProvider APeering EdgeCP-CP Comm.CP DeviceMultiple Value PropositionsTraffic&Routing AnalysisTraffic EngineeringReduce Transit ExpenseInter-Pr
29、ovider Problem Tracking&ResolutionManaged Service Enabler Proprietary and Company Confidential Information Customer:T-Com,a division of Deutsche Telekom(DT)Description:DT was hosting the 2006 World Cup on:FIFADT&T-Com were existing Peakflow SP customers.(products deployed on peering edge and backbon
30、es)Concerned with detection of network attacks originating from within their network.(customer-to-customer attacks)T-COM Partnered with Arbor:Deployed Peakflow SP Flow Sensor products closer to customer edge.ASERT trained members of T-Com CERT on botnet detection and mitigation using Peakflow SP sol
31、ution.Results:No major disruptions of World Cup websites or DT brand.Peakflow Win Case Proprietary and Company Confidential InformationArbor Peakflow SP CP 异常检测 议程议程42 Proprietary and Company Confidential InformationPeakflow SP IS工作原理工作原理Profile/Monitor:Peakflow DoS dynamically profiles traffic patt
32、erns in the network and analyzes traffic for anomalies without disrupting traffic flow to routers Detect:Peakflow DoS Collectors create and forward unique anomaly fingerprints to Peakflow DoS Controllers.Trace:Peakflow DoS Controllers then quickly trace the attack to its source.Filter:Peakflow DoS C
33、ontroller recommends filters(X),which the network engineer can implement to stop the attack before it brings down key routers,firewalls and IDS solutions,or the entire network.CollectorCollectorControllerCustomer Site:Web Servers DNS Servers Database ServersFirewallIDSService Provider AService Provi
34、der CService Provider B43 Proprietary and Company Confidential Information运营商所关心的异常流量类型运营商所关心的异常流量类型电信运营商所关注的异常流量对基础网络的影响主要体现在两个方面:占用带宽资源使网络拥塞,造成网络丢包、时延增大,严重时可导致网络不可用;占用网络设备系统资源(CPU、内存等),使网络不能提供正常的服务。44 Proprietary and Company Confidential Information运营商所关心的异常流量类型运营商所关心的异常流量类型拒绝服务攻击(DoS)分布式拒绝服务攻击(DD
35、oS)网络蠕虫病毒(Worm)其他类型异常流量45 Proprietary and Company Confidential InformationPeakflow SP IS 监测机制监测机制Peakflow SP IS通过以下三种异常类型对网络中的异常流量行为进行监测:Profiled Anomalies deviations from normal traffic levels on the network(基线检测)(基线检测)Misuse Anomalies Traffic towards specific hosts that exceed what should normally
36、 be seen on a network(服务滥用检测)(服务滥用检测)Fingerprint Anomalies Traffic that fits a user specified signature(指纹技术检测)(指纹技术检测)Fingerprint SharingATF(Active Threats Feed)活跃威胁供给数据库活跃威胁供给数据库46 Proprietary and Company Confidential InformationWorm Signatures-Infected Hosts选择蠕虫类型感染主机列表47 Proprietary and Company
37、Confidential Information深入分析深入分析严重程度起/止时间持续时间异常类型出/入网方向源/目的地址协议号源/目的端口TCP flag 信息包大小攻击入/出的设备端口影响的网络设备攻击流量的统计图平均速率最大速率等信息 Peakflow SP IS 基于每一条“异常”能够提供:48 Proprietary and Company Confidential Information异常及攻击分类异常及攻击分类49 Proprietary and Company Confidential Information深入分析深入分析50 Proprietary and Company
38、 Confidential Information攻击缓解方法攻击缓解方法访问控制列表(Access Control List Entries):根据不同的威胁,这些ACLs 能被用于网络范围里任何节点上,从对小型攻击来讲用户汇聚的路由器,到针对路由基础设施攻击的对等路由器接口。速率限制:针对在某些网络节点上相对于攻击不变量关系的流量组别的速率限制。Blackhole:在网络的具体节点上注入无效路由把目的IP 地址或者源IP 地址流量转移到“黑洞”里。与第三方智能过滤设备相配合51 Proprietary and Company Confidential InformationEnterpri
39、se AEnterprise C与智能过滤设备配合与智能过滤设备配合PeeringPointCore RouterPOPHardware Filtering Cluster4 Identify and filter the malicious3 Divert only targets trafficArbor PeakflowArbor Peakflow5 Forward the legitimate:GRE,MPLS,POPPeeringPointCore RouterEnterprise BTargeted52 Proprietary and Company Confidential In
40、formation查询查询53 Proprietary and Company Confidential InformationPeakflow SP IS的功能优势的功能优势智能自动监测整个网络(建立动态基线)。对用户关心特殊区域及流量进行重点监测。利用Fingerprint技术,抓出典型异常流量行为,节省系统资源。发现、检测网络内部异常流量以及攻击,准确定位攻击源头,减轻异常流量对网络的影响。智能的异常流量网络管理平台。对所有对所有已知的已知的或或未知的未知的攻击和病毒攻击和病毒均能准确的进行捕捉均能准确的进行捕捉54 Proprietary and Company Confidentia
41、l Information议程议程Arbor Peakflow SP TMS 流量清洗 55 Proprietary and Company Confidential Information整合流量清洗的需求整合流量清洗的需求深层分析应基于包分析技术深层分析应基于包分析技术适合复杂的网络环境,并提供丰富的应用层流量分析报告监测和防范日益增长的网络威胁提供和基础网络的无缝连接,易于部署更好的为维护部门提供可靠的数据依据 提供基于业务流量的控制功能能够对异常流量进行深层过滤56 Proprietary and Company Confidential InformationPeakflow SP
42、TMS(Threat Management System)网络深层次流量分析和管理设备为大型的电信运营提供应用层流量分析功能为大型的电信运营提供业务应用带宽管理功能为大型的电信运营提供异常流量过滤和防范DDoS攻击等安全功能57 Proprietary and Company Confidential Information通过一个统一的平台,通过分析应用层,提供丰富的、多类型的应用层流量报表。控制和管理多中类型的业务流量:VoIP,web,DNS,P2P,and IM traffic across your network保护基础网络的安全,对流量中的异常成分进行清洗:botnets,DNS
43、 attacks,DDoS,worms,phishing,SPAM,spyware,etc.Peakflow SP TMS(Threat Management System)58 Proprietary and Company Confidential Information部署案例:部署案例:DDoS MitigationProduct:SP CP+SP TM Deployment SummaryDeploy a 1-2 devices in regional scrubbing centers or Internet Data Centers(IDCs)Arbor SolutionSP C
44、PThreat awareness and analysis via network-wide detection leveraging flow from routers,seamless workflow to manage mitigation eventsInitiate and monitor the mitigation event from the SP user interfaceSP TMDDoS mitigation by diverting traffic via BGP route injection and on-ramping traffic via GRE tunnelsInternet Data CenterBackbone-facingInterfacesPeakflow SP TMWeb ServersBGPOFFRAMPFlowPeakflow SP CPGRE ONRAMP59 Proprietary and Company Confidential InformationPeakflow SP TMS的优势的优势“流量分析、控制”“异常流量安全过滤”通过一个统一的平台支持8GB的带宽分析性能支持DNS的攻击监测与防范可与Netflow分析产品相整合60Thank You