Rutger Coolen, TNC 2005 Collaborative network monitoring for NREN’s Use cases for LOBSTER.

Rutger Coolen, TNC 2005

Collaborative network monitoring for NREN’s

Use cases for LOBSTER

TNC 2005Rutger Coolen2

Agenda

• LOBSTER Viewpoints and Actors

• Use cases - Approach

• 2 example use cases for LOBSTER

• Your input

• Current Status


Viewpoints on LOBSTER

• Project viewpoint • LOBSTER is a “Specific Support Action” project under EU FP6

• Infrastructure viewpoint• The LOBSTER project realises a pilot infrastructure for

advanced network monitoring

• Community viewpoint• The owners and users of the LOBSTER infrastructure co-

operate in a community


Overview of the actors

• LOBSTER community• LOBSTER primarily aims at NREN’s• and secondarily at ISP’s

• Other potential users• Customers of NREN’s and ISP’s, including researchers• Government / policy-makers





• Your input & Current Status


Use Cases

• What use-cases are:• Applications of the LOBSTER infrastructure

• What use-cases are used for:• To demonstrate the benefits of LOBSTER• To derive requirements for the LOBSTER infrastructure

• What use-cases are not:• The (business) case for joining LOBSTER


Use Cases Inclusion of LOBSTER characteristics

Multiple domains Advanced

monitoring

Hig

h S

peedP

riva

cy

•Co-operation between NREN’s•Interdomain problems

•Beyond state-of-the-art monitoring capabilities•Distributed sensors

•Confidentiality reqs•Privacy legislation

•Anonymisation

•Advanced Hardware•Useful for advancedNREN & GN2 networks

Benefits for users


Use Cases Approach

Basic Use-Case Template: Structuring Use-Cases with Goals, Alistair Cockburn• http://alistair.cockburn.us

USE CASE # < the name is the goal as a short active verb phrase>

Goal in Context <a longer statement of the goal in context if needed>

Scope & Level <what system is being considered black box under design>

Preconditions <what we expect is already the state of the world>

Success End Condition <the state of the world upon successful completion>

Failed End Condition <the state of the world if goal abandoned>

Primary, Secondary Actors <a role name or description for the primary actor, and other systems relied upon to accomplish use case>

Trigger <the action upon the system that starts the use case>

DESCRIPTION Step Action

1 <put here the steps of the scenario from trigger to goal delivery,and any cleanup afte>

2 <...>

EXTENSIONS Step Branching Action

1a <condition causing branching> : <action or name of sub.use case>

SUB-VARIATIONS Branching Action

1 <list of variation s>


CSIRTanalysis

Use Case 1a - Collaborative Worm Detection1. On detection of a worm a signature is distributed

MP

NREN x

NREN 2NREN 1

MP MP

MP

MP

MP

MP

MPMP

MP Measurement Point, or Monitoring Sensor


Use Case 1a - Collaborative Worm Detection2. LOBSTER measurement points collect worm sources

MeasurementPoint

Worm listSource Customer10.0.0.1 Univ.110.0.2.4 R&D.210.1.1.2 Univ.2… …

copy of traffic


Use Case 1a - Collaborative Worm Detection3a. Incident Response Team takes actions

Block sources, or route to special web-site10.0.0.110.0.2.4…

Access Router forCustomers

WormSource IP’sCustomer X

MeasurementPoint

E-mail to customers

(1) (2)


Use Case 1b - Worm Impact Statistics3b. Anonymous data is combined in an overall picture

NREN 2NREN 1

MP MP

MP

MP

MP

MPAnonymousworm counts

NREN 1

Anonymous worm counts

NREN 2


Use Case 2a – Advanced Services Monitoring1. Inter- and intradomain call set-up and data-streams

NREN x

NREN 2NREN 1

Interdomain

Voice-over-IP

IntradomainVoice-over-IP

Interdomain

Video

Conferencin

g


Use Case 2a – Advanced Services Monitoring2. A user monitor’s the key parameters

NREN 2NREN 1

MP MP

Intradomain

MP

Ingress/ egress

(Partial) raw data fromother NREN


Use Case 2a – Advanced Services Monitoring3. Summary of advanced services parameters

NREN 2NREN 1

MP MP

MP

MP

MP

MP

NREN1 NRENx

NREN1 - 1024 calls/day1.12 Tb data/dayAvg. MOS = 4.12

NRENx … -

AdvancedServicesSummary

AdvancedServicesSummary


Use CasesOverview of primary actors per case

Case NREN ISP Customers Policy-makers

Security

Collaborative Worm Detection (case 1a) • • •Statistical

Worm Impact StatisticsStatistics (case 1b)

• •

Performance measurement

Advanced Services MonitoringQuality Measurement(case 2b)

• • •

Network Planning

Advanced Services MonitoringTraffic overview (case 2a)

• • •


More use cases…

• Security incident response• Spyware detection• Denial-of-Service attack: control traffic detection• Backdoor detection

• Performance measurement• Delay sensitive grid computing• On-line (educational) games

• Network traffic characterisation• Peer-to-peer applications• Services with dynamic ports


Your Input: questions or remarks

• Reaction on use cases

• Requirements for the infrastructure or community


Current status

• Implementation of pilot infrastructure by the LOBSTER consortium

• Initial community with Forthnet, Uninett, and Cesnet in 2005

• Establishing relation with Geant2/ JRA-1

• You are invited to join our efforts and become a pilot user!


Thank you

Rutger Coolen, TNC 2005 Collaborative network monitoring for NREN’s Use cases for LOBSTER.

Documents

Transcript of Rutger Coolen, TNC 2005 Collaborative network monitoring for NREN’s Use cases for LOBSTER.