Transcript TUNDRA The Ultimate Netflow Data Realtime Analysis

TUNDRA
The Ultimate Netflow Data Realtime Analysis
Jeffrey Papen
Yahoo! Inc.
TUNDRA Features
1.
Source and Destination AS 5.
bandwidth analysis
2.
Transit AS bandwidth
analysis
6.
3.
Custom AS macros:
Bandwidth forecasting,
peering merit analysis
Symmetric Network
Performance Analysis:
latency and packet loss
7.
AS path hop count stats
8.
DOS attack detection
9.
All in Real Time
4. Billing Formulas for cost/
benefit budget analysis
Analyze usage for local
servers or services
- Charge Back Billing
Why should you care about TUNDRA?
1.
Empirical Data
•
•
•
Prove that network performance increases
Prove that network reliability increases as AS hops decrease
Cost/Savings analysis for new peer or transit
2. Know how much bandwidth a peer will use before (or after)
you turn link up – determine private vs. public peering need
3.
Focus and Order peer hit list – who should you go after?
4.
Business case to document support for peers that say No.
Why Call It TUNDRA?
Continuously
exporting flows
Router
49,000 subnets
Zebra Server
processed in
2 – 3 minutes
SNMP
Poller
Collector/
Processor
Polls
Interfaces.
Stores to
local DB
MySQL Database
500Mb/sec in + out in 15
minutes generates approx
5,244,216 flows (288 MB).
Processed in 21 seconds @
248,724 flows/sec
Flow % * SNMP
stored in central DB
Flow Data TUNDRA Displays
Inbound
Outbound
Transit
AS Bandwidth
X
X
X
Port
X
X
Protocol
X
X
Server (IP)
X
X
AS Path
X
Port Out
Protocol Out
Bandwidth Out
Transit Data
All outbound flows have destination IP
Each Destination Subnet learns AS path from Zebra BGP table
- AS padding removed
Zebra BGP table is identical to actual routes used on local router(s)
Local BGP data reflects immediate policy changes with no
performance impact or security threat to production routers
Destination vs. Transit Traffic – UUNet
AS Hop Count Table
AS Path Hop Count
Router #1
Router #2
0 (Yahoo!)
0%
0%
1 (Peering ISP)
0.34715%
0.10148%
2
15.54806%
12.42353%
3
46.64506%
45.17018%
4
27.75107%
31.07077%
5
7.69483%
8.94431%
6
1.88979%
2.18044%
7
0.12290%
0.10870%
8
0.00004%
0.00000%
9
0.00109%
0.00061%
Performance Analysis
•
ICMP Ping vs. TCP packet with bogus SYN/ACK
•
Testing is done from your network’s perspective
•
Route-Maps on collector interface
• Simultaneous testing of multiple paths to same target AS
• No continuous IBGP flapping from /32 updates
• No adding and removing /32 static routes
• No 3rd party remote applications logging onto routers
• Looking Glass server (www) for troubleshooting
TUNDRA Next Steps
1. White Paper – No, I really mean it!
2. I’m looking for help – this is a hobby, not my job
3. Maintainers to finish baking code and configuration
4. Release to Internet community
5. Licensing is GPL + please peer with Yahoo! 
Questions?
Jeffrey Papen
[email protected]
[email protected]