Transcript Functional Requirements

Project Requirements
(NetFlow Generator)
2003. 11. 05.
정승화
분산 처리 및 네트워크 관리 연구실
포항 공과 대학교
[email protected]
Contents
• Introduction & Goal
• Glossary
• Requirements
– System Requirements
– Function Requirements
– Non-Function Requirements
• Testing
2/13
POSTECH
DP&NM Lab.
Introduction
• Monitoring Network
– Packets
– Flows
• Flows
– CISCO Router
• NetFlow
– InMon
• sFlow
• Goal
– Free (or Cheap)
– NetFlow
3/13
POSTECH
DP&NM Lab.
Glossary
UDP message format transmitted from traffic meter
NetFlow V.5
Header
0
Flow
Record
8
Flow
Record
Flow
Record
Flow
Record
16
NetFlow Version
24
Flow
Record
31
Flow Record Count (1-30)
SysUptime of the export device booted
Current count of seconds since 0000 UTC 1970
Residual nanoseconds since 0000 UTC 1970
Sequence counter of total flows seen
engine_type
engine_id
Unused (zero)
Format of NetFlow V.5 Header
4/13
POSTECH
DP&NM Lab.
Glossary
0
8
16
24
31
Source IP address
Destination IP address
IP address of next hop router
Input Interface
Output Interface
Packets in the flow
Bytes in the packets of the flow
SysUptime at start of flow
SysUptime at the last packet of the flow was received
Source Port
Unused (zero)
Destination Port
TCP flag
IP protocol type
Source AS
Src. Mask
ToS
Destination AS
Dst. Mask
Unused (zero)
5/13
POSTECH
DP&NM Lab.
Requirements
• System Requirements
–
–
–
–
Linux
Libpcap Package
Libxml2 Package
C Compiler
• Functional Requirements
–
–
–
–
–
NetFlow Generation
Sampling
Interface Monitoring
NetFlow Exporting
Configuration Reading
• Non-Functional Requirements
– Portability
– Easy to install & use
6/13
POSTECH
DP&NM Lab.
Functional Requirements: NetFlow Generation
Usage
• Packet Count
• Byte Count
• Source IP Address
• Destination IP Address
Time
Stamp
• Start Timestamp
• End Timestamp
• Source TCP/UDP Port
• Destination TCP/UDP Port
QoS
• Type of Service
• TCP Flags
• Protocol Type
• Next Hop Address
• Source AS Number
• Dest. AS Number
• Source Prefix Mask
• Dest. Prefix Mask
• Input Interface
• Output Interface
To show which Interface
captured flows
From/To
Application
These are not going to be
Implemented
7/13
POSTECH
DP&NM Lab.
Functional Requirements: Sampling
NetFlow V.5 Generator
In case of high speed network
Sampling can be the solution of the performance problem.
8/13
POSTECH
DP&NM Lab.
Functional Requirements: Interface Monitoring
Router Interfaces
In/Out
9/13
POSTECH
DP&NM Lab.
Functional Requirements: NetFlow Exporting (1/2)
NetFlow V.5 Generator
in Memory
Exporting NetFlows
T
Every T Second.
T = Time interval
(설정 가능)
10/13
POSTECH
DP&NM Lab.
Functional Requirements: NetFlow Exporting (2/2)
NetFlow V.5 Generator
Exporting NetFlows
Inactive T
Every Second
by searching all Flows
Active T
T = Time interval
(설정 가능)
11/13
POSTECH
DP&NM Lab.
Functional Requirements: Configuration Reading
Flow Generator gets below configure Info. when it starts.

Capturing Interface
Exporting Time Interval
Analyzer IP
Analyzer Port
Sampling Rate

Export Module will send NetFlow Info. to this IP address & Port




12/13

Interface Name, MAC are
required for each Interface.

This exporting time interval
unit is a second unit at least.
POSTECH
DP&NM Lab.
Non-Functional Requirements
• Portability
• Easy to install & use
13/13
POSTECH
DP&NM Lab.
Testing
• CISCO developed a tool named fdget for viewing the data exported
from a NetFlow router.
– We use fdget program to check NetFlow is correctly generated and exported.
fdget
program
Traffic Meter
Testing NetFlow
Receiving Server
Testing NetFlow
Generator
14/13
POSTECH
DP&NM Lab.