TNO Presentation
Download
Report
Transcript TNO Presentation
Use cases for LOBSTER
Collaborative network monitoring for NREN’s
Rutger Coolen, TNC 2005
Agenda
• LOBSTER Viewpoints and Actors
• Use cases - Approach
• 2 example use cases for LOBSTER
• Your input
• Current Status
2
Rutger Coolen
TNC 2005
Viewpoints on LOBSTER
• Project viewpoint
• LOBSTER is a “Specific Support Action” project under EU FP6
• Infrastructure viewpoint
• The LOBSTER project realises a pilot infrastructure for advanced
network monitoring
• Community viewpoint
• The owners and users of the LOBSTER infrastructure co-operate
in a community
3
Rutger Coolen
TNC 2005
Overview of the actors
• LOBSTER community
• LOBSTER primarily aims at NREN’s
• and secondarily at ISP’s
• Other potential users
• Customers of NREN’s and ISP’s, including researchers
• Government / policy-makers
4
Rutger Coolen
TNC 2005
• LOBSTER Viewpoints and Actors
• Use cases - Approach
• 2 example use cases for LOBSTER
• Your input & Current Status
5
Rutger Coolen
TNC 2005
Use Cases
• What use-cases are:
• Applications of the LOBSTER infrastructure
• What use-cases are used for:
• To demonstrate the benefits of LOBSTER
• To derive requirements for the LOBSTER infrastructure
• What use-cases are not:
• The (business) case for joining LOBSTER
6
Rutger Coolen
TNC 2005
Use Cases
Inclusion of LOBSTER characteristics
•Beyond state-of-the-art
monitoring capabilities
•Distributed sensors
•Co-operation between NREN’s
•Interdomain problems
•Advanced Hardware
•Useful for advanced
NREN & GN2 networks
•Confidentiality reqs
•Privacy legislation
•Anonymisation
Benefits for users
7
Rutger Coolen
TNC 2005
Use Cases
Approach
USE CASE #
< the name is the goal as a short active verb phrase>
Goal in Context
<a longer statement of the goal in context if needed>
Scope & Level
<what system is being considered black box under design>
Preconditions
<what we expect is already the state of the world>
Success End Condition
<the state of the world upon successful completion>
Failed End Condition
<the state of the world if goal abandoned>
Primary, Secondary Actors
<a role name or description for the primary actor, and other systems relied upon to accomplish use case>
Trigger
<the action upon the system that starts the use case>
DESCRIPTION
Step
Action
1
<put here the steps of the scenario from trigger to goal delivery,and any cleanup afte>
2
<...>
Step
Branching Action
1a
<condition causing branching> :
<action or name of sub.use case>
EXTENSIONS
SUB-VARIATIONS
Branching Action
1
<list of variation s>
Basic Use-Case Template: Structuring Use-Cases with Goals, Alistair Cockburn
• http://alistair.cockburn.us
8
Rutger Coolen
TNC 2005
• LOBSTER Viewpoints and Actors
• Use cases - Approach
• 2 example use cases for LOBSTER
• Your input & Current Status
9
Rutger Coolen
TNC 2005
Use Case 1a - Collaborative Worm Detection
1. On detection of a worm a signature is distributed
NREN 2
NREN 1
MP
MP
MP
MP
MP
MP
NREN x
CSIRT
analysis
MP
MP
MP
MP
10
Rutger Coolen
Measurement Point,
or Monitoring Sensor
TNC 2005
Use Case 1a - Collaborative Worm Detection
2. LOBSTER measurement points collect worm sources
Measurement
Point
Worm list
Source Customer
10.0.0.1 Univ.1
10.0.2.4 R&D.2
10.1.1.2 Univ.2
…
…
copy of traffic
11
Rutger Coolen
TNC 2005
Use Case 1a - Collaborative Worm Detection
3a. Incident Response Team takes actions
(1)
Block sources, or
route to special web-site
10.0.0.1
10.0.2.4
…
Measurement
Point
(2)
E-mail to customers
Worm
Source IP’s
Customer X
Access Router for
Customers
12
Rutger Coolen
TNC 2005
Use Case 1b - Worm Impact Statistics
3b. Anonymous data is combined in an overall picture
NREN 2
NREN 1
MP
MP
MP
MP
13
Rutger Coolen
MP
MP
Anonymous
worm counts
NREN 1
Anonymous
worm counts
NREN 2
TNC 2005
Use Case 2a – Advanced Services Monitoring
1. Inter- and intradomain call set-up and data-streams
NREN 2
NREN 1
NREN x
Intradomain
Voice-over-IP
14
Rutger Coolen
TNC 2005
Use Case 2a – Advanced Services Monitoring
2. A user monitor’s the key parameters
NREN 1
NREN 2
Ingress/ egress
MP
MP
MP
(Partial) raw data from
other NREN
15
Rutger Coolen
Intradomain
TNC 2005
Use Case 2a – Advanced Services Monitoring
3. Summary of advanced services parameters
NREN1
NRENx
NREN1
-
1024 calls/day
1.12 Tb data/day
Avg. MOS = 4.12
NRENx
…
-
NREN 2
NREN 1
MP
MP
MP
MP
16
Rutger Coolen
MP
MP
Advanced
Services
Summary
Advanced
Services
Summary
TNC 2005
Use Cases
Overview of primary actors per case
Case
NREN
ISP
Customers
Policymakers
Security
Collaborative Worm Detection
(case 1a)
•
•
•
Statistical
•
Worm Impact Statistics
Statistics
(case 1b)
•
Performance measurement
Advanced Services Monitoring
Quality Measurement
(case 2b)
•
•
•
•
•
Network Planning
Advanced Services Monitoring
Traffic overview
(case 2a)
17
Rutger Coolen
•
TNC 2005
More use cases…
• Security incident response
• Spyware detection
• Denial-of-Service attack: control traffic detection
• Backdoor detection
• Performance measurement
• Delay sensitive grid computing
• On-line (educational) games
• Network traffic characterisation
• Peer-to-peer applications
• Services with dynamic ports
18
Rutger Coolen
TNC 2005
• LOBSTER Viewpoints and Actors
• Use cases - Approach
• 2 example use cases for LOBSTER
• Your input & Current Status
19
Rutger Coolen
TNC 2005
Your Input: questions or remarks
• Reaction on use cases
• Requirements for the infrastructure or community
20
Rutger Coolen
TNC 2005
Current status
• Implementation of pilot infrastructure by the LOBSTER consortium
• Initial community with Forthnet, Uninett, and Cesnet in 2005
• Establishing relation with Geant2/ JRA-1
• You are invited to join our efforts and become a pilot user!
21
Rutger Coolen
TNC 2005
Thank you
22
Rutger Coolen
TNC 2005