| 리포트 | 기술문서 | 테크-블로그 | 글로벌 블로그 | 원샷 갤러리 | 통신 방송 통계  | 한국 ICT 기업 총람 |

제품 검색

| 네트워크/통신 뉴스 | 기술자료실 | 자유게시판 |  
 
 
섹션 5G 4G LTE C-RAN/Fronthaul Gigabit Internet IPTV/UHD IoT SDN/NFV Wi-Fi Video Streaming KT SK Telecom LG U+ OTT Network Protocol CDN YouTube Data Center
 
스폰서채널 |

 

  스폰서채널 서비스란?
Transformation of the IP Network Architecture and Its Operation: Their Contents Cache, Ours and Traffic
April 13, 2013 | By NTT
코멘트 (0)
10

목차는 다음과 같습니다. What are the issues ? • Today, it is quite difficult to identify where the traffic comes from and goes to, even on our networks • Especially, so called "Hyper Giants" like Akamai, Google and more, are now changing the model of the Internet and traffic patterns • Also, legal framework for the piracy has been changed so that how traffic changed ? • Transparent Cache Technologies are emerging. So…

Thank you for visiting Netmanias! Please leave your comment if you have a question or suggestion.
Transcript
Copyright ⓒ 2012 NTT Communications Corporation. All Rights Reserved.
Transformation of the IP Network
Architecture and Its Operation
- Their Contents Cache, Ours and Traffic -
Dr. Shin Miyakawa
Innovative IP Architecture Center
NTT Communications
2013 Feb.
PLNOGAbout NTT and me
• NTT stands for Nippon Telegraph and Telephone corporation
– http://www.ntt.co.jp/
• Just for your information, we Japanese people call our country as NIPPON in
Japanese language.
– NTT is one of the biggest telecommunication companies in the world and run
AS2914 as a Tier-1 provider
– I will introduce our network footprint later.
• Today, my colleague Robert Raszuk who now belongs to NTT Multimedia
Communications Laboratories (in Silicon Valley, California, USA) give me a chance to
show up here. I really appreciate it !
• I have been working for IP technologies for 18+ years and author of some RFCs
including “Requirement of IPv6 prefix delegation” and so on.
• A WIDE project (http://www.wide.ad.jp/) member, Guest professor of Japan Advanced
Institute of Science and Technology….
Copyright 2012 by NTT Communications, All Rights Reserved 1What are the issues ?
• Today, it is quite difficult to identify where the traffic comes from
and goes to, even on our networks
• Especially, so called “Hyper Giants’” like Akamai, Google and
more, are now changing the model of the Internet and traffic
patterns
• Also, legal framework for the piracy has been changed so that
how traffic changed ?
• Transparent Cache Technologies are emerging. So…
• I’d like to make a quick report on those topics.
Copyright 2012 by NTT Communications, All Rights Reserved 2Copyright 2012 by NTT Communications, All Rights Reserved 3
Internet Traffic Trends in Japan
我が国のインターネットにおけるトラヒックの集計・試算 より
http://www.soumu.go.jp/main_content/000149220.pdf
Total Download Traffic Broadband Users in Japan: approx. 1.7Tbps
(+24.4% growth from 2010-2011)
Total Upload Traffic: shows downward trend since May 2010
Total Broad Band users’
Download Traffic
Now at about1.7Tbps
Total Broad Band users’
Upload Traffic
Now at about 670Gbps Source : MIC’s report 我が国の移動通信トラフィックの現状 より
http://www.soumu.go.jp/johotsusintokei/field/tsuushin06.html
Japanese Internet Traffic Growth (mobile)
2010/6 2010/9 2011/3 2011/6 2011/9
# of end users 111,578,000 113,783,700 119,103,400 121,307,600 123,624,000
Monthly Traffic Up Down Up Down Up Down Up Down Up Down
Average(Gbps) 5.6 57.3 6.6 64.6 9.9 95.2 11.9 111.6 15.3 139.3
Cumulative(TB) 1813.8 18572.1 2151.8 20926.1 3323.7 31884.0 3867.0 36155.8 4959.3 45143.6
0
20
40
60
80
100
120
140
up
down
Gbps
Mobile traffic doubled between 2010-2011 and continues to show upward trendCopyright 2012 by NTT Communications, All Rights Reserved 5
Classic model of the Internet
• Tier1s at the top to exchange (almost) all the traffic
• Traffic trends : HTTP, Video → Music → P2P
• Bottle Neck : Servers
Tier 2 ISP
Tier 1 ISPs
Tier 2 ISP
IXCopyright 2012 by NTT Communications, All Rights Reserved 6
Today’s Internet : Emerging Hyper Giants
• So called “HyperGiants” are now directly connecting to the ISPs
• Server scaling out technologies makes (access) circuits “bottleneck” again !?
• Cache in ISPs
Tier 1 ISPs
IX
HyperGiants
Tier 2 ISP Tier 2 ISP
IX
Cache CacheCopyright 2012 by NTT Communications, All Rights Reserved 7
From Arbor report
7
Access
Provider
Hyper Giant
CDN
All Tier1
Top10 backbone traffic in North America
C. Labovitz, “Internet Traffic 2007 - 2011,”
Global Peering Forum. Santa Monica, CA. April 2011.Copyright 2012 by NTT Communications, All Rights Reserved 8
This graph again
我が国のインターネットにおけるトラヒックの集計・試算 より
http://www.soumu.go.jp/main_content/000149220.pdf
This graph is actually based on the traffic observed at the IXs, between major ISPs only.
Volumes between Hyper Giants’ servers are not counted. How big are the true traffic volume ???Copyright 2012 by NTT Communications, All Rights Reserved 9
Estimation about traffic share of ISPs
Ministry of Internal affairs and Communications of Japanese Government
“Estimation about the Internet Traffic in Japan” 2011 / March
我が国のインターネットにおけるトラヒックの集計・試算 2011/03”
Estimated Share of # of subscribers of 6
major ISPs in Japan
6 major ISPs’ traffic share observed
at the major IXs in Japan
What these mean ?Copyright 2012 by NTT Communications, All Rights Reserved 10
Japanese Legal Framework on Transparent Cache
Modification to Copyright Law effective from Jan.1st 2010, enabled ISPs to deploy
transparent cache system to improve information and telecommunication network.Japanese Legal Framework against Piracy
• It had been no punishment for “download” (but “upload”) before
Oct.1st , 2012
• Last week, as of Oct 1st, 2012, “Download” of the pirate contents
from the Internet could cause not just only fine but also custody.
• Now many operators are observing effects on this legal
changes.
Copyright 2012 by NTT Communications, All Rights Reserved 11From our research
• We installed measurement system into various
Japanese networks
• Also we used survey company to measure many
network statistics
Copyright 2012 by NTT Communications, All Rights Reserved 12Copyright 2012 by NTT Communications, All Rights Reserved 13
ISPs installing GGC (Google Global Cache) in Japan
• 【 GGC Installed ISP】 32.9% (26AS/79AS).
• 【Total Traffic 】 From GGC: 36.0%, From Google main site 61.2%, Unknown:2.8%
• GGC never relays so that 36% is about equal to GGC installed AS ratio
AS GGC User Share AS GGC User Share AS GGC User Share
OCN × 22.95% STNet × 0.68% HiNet × 0.08%
KDDI ○ 8.28% DTI ○ 0.67% SpaceLAN × 0.08%
SoftbankBB ○ 8.05% KCN ○ 0.64% AMIGO × 0.06%
InfoWeb × 5.28% GlobalMediaOnline × 0.53% BBTower × 0.06%
IIJ × 3.72% Mopera × 0.52% CC9 × 0.06%
UCOM × 3.59% SANET ○ 0.52% D-CRUISENET × 0.06%
So-net ○ 3.56% NTTsmc × 0.35% KITANET × 0.06%
K-Opticom × 3.41% SINET ○ 0.33% LCV-Net × 0.06%
Biglobe ○ 3.35% DEODEO ○ 0.32% MCNET × 0.06%
VECTANT × 3.35% SonyTelecom × 0.26% SNI-JP ○ 0.06%
AsahiNet ○ 3.00% iTEC × 0.18% SoftbankIDC × 0.06%
CTCX × 2.43% E-CATV × 0.15% TOPIC ○ 0.06%
NetHome × 2.32% NSK × 0.15% Verio × 0.05%
SoftbankTelecom × 2.15% Synapse ○ 0.15% InterVia × 0.03%
Freebit × 1.84% ZLAN × 0.15% TelecomMalaysia ○ 0.03%
QTNet ○ 1.58% KMN ○ 0.14% CoxCom ○ 0.02%
Tokai × 1.58% SAKURA × 0.14% HTCN × 0.02%
NTTPCCom ○ 1.35% KCT × 0.12% JPNIC × 0.02%
ZAQ ○ 1.23% CCV × 0.11% KVH × 0.02%
eMobile × 1.08% Coral ○ 0.11% MicrosoftGlobal × 0.02%
CNCI ○ 0.88% Mitene × 0.11% NRIIndex × 0.02%
eAccess × 0.83% MCTV × 0.09% Pacnet × 0.02%
EnergiaCom × 0.79% UCATV × 0.09% Proxad × 0.02%
JCN ○ 0.73% WBS × 0.09% SecomTrust × 0.02%
PowerdCOM ○ 0.70% C-able ○ 0.08% WIDE × 0.02%
Xephion × 0.70% CABLENET ○ 0.08% Uknown 2.78%
iTSCOM × 0.68% Comcast ○ 0.08%Copyright 2012 by NTT Communications, All Rights Reserved 14
• 【Akamai Cache installed ISPs】 39.2% (31AS/79AS)
• 【Traffic 】Cache within AS: 35.0%, other AS:28.3%, Akamai sites:33.9%, Unknown:2.8%.
• Akamai Cache relays so that sometime a cache in next AS would respond to the request
AS Akamai User Share AS Akamai User Share AS Akamai User Share
OCN ○ 22.95% STNet ○ 0.68% HiNet ○ 0.08%
KDDI ○ 8.28% DTI × 0.67% SpaceLAN × 0.08%
SoftbankBB ○ 8.05% KCN ○ 0.64% AMIGO × 0.06%
InfoWeb × 5.28% GlobalMediaOnline × 0.53% BBTower × 0.06%
IIJ ○ 3.72% Mopera × 0.52% CC9 × 0.06%
UCOM × 3.59% SANET ○ 0.52% D-CRUISENET × 0.06%
So-net ○ 3.56% NTTsmc × 0.35% KITANET × 0.06%
K-Opticom ○ 3.41% SINET × 0.33% LCV-Net × 0.06%
Biglobe × 3.35% DEODEO × 0.32% MCNET × 0.06%
VECTANT ○ 3.35% SonyTelecom ○ 0.26% SNI-JP ○ 0.06%
AsahiNet × 3.00% iTEC ○ 0.18% SoftbankIDC × 0.06%
CTCX ○ 2.43% E-CATV ○ 0.15% TOPIC × 0.06%
NetHome ○ 2.32% NSK × 0.15% Verio ○ 0.05%
SoftbankTelecom ○ 2.15% Synapse ○ 0.15% InterVia × 0.03%
Freebit ○ 1.84% ZLAN ○ 0.15% TelecomMalaysia ○ 0.03%
QTNet ○ 1.58% KMN × 0.14% CoxCom ○ 0.02%
Tokai × 1.58% SAKURA × 0.14% HTCN × 0.02%
NTTPCCom ○ 1.35% KCT × 0.12% JPNIC × 0.02%
ZAQ × 1.23% CCV × 0.11% KVH × 0.02%
eMobile × 1.08% Coral ○ 0.11% MicrosoftGlobal × 0.02%
CNCI ○ 0.88% Mitene × 0.11% NRIIndex × 0.02%
eAccess × 0.83% MCTV × 0.09% Pacnet × 0.02%
EnergiaCom × 0.79% UCATV × 0.09% Proxad × 0.02%
JCN ○ 0.73% WBS × 0.09% SecomTrust × 0.02%
PowerdCOM × 0.70% C-able × 0.08% WIDE × 0.02%
Xephion × 0.70% CABLENET × 0.08% Uknown 2.78%
iTSCOM ○ 0.68% Comcast ○ 0.08%
ISPs installing Akamai Cache in JapanIssues around Hyper Giant’s cache
• Some ISPs are already afraid of Hyper Giant’s machines.
• Who has responsibility on those machines ?
• An ISP (not us  ) said to us last year as follows ;
– Is Google paying any fee for such GGC installation and
usage?
• No line fee, No space fee, No power usage fee ?
• No intervention and No regulation against Any
Google Service from GGC ?
• Instead of Hyper Giant’s cache, now certain ISPs are seeking
for cache technologies under their own control.
Copyright 2012 by NTT Communications, All Rights Reserved 15Transparent Contents Cache
Copyright 2012 by NTT Communications, All Rights Reserved 16Copyright 2012 by NTT Communications, All Rights Reserved 17
Network Configuration
Internet
End Users
L4
Switch
Port 80
Transparent Cache
Customer ISP NW
Traffic Redirection Method:
-Insert L4 Switches b/w BB and edge
routers, inline.
-Forward all TCP port 80 traffic at L4-
SW
Pros:
-No need to touch the configurations
on BB and/or edge routers
Cons:
-Requires physical network layout
change
-limited scalability
-single point of failure
Content Origins
Port 80
L4
Switch
BB Router A BB Router B
Edge Router
C
Edge Router
DCopyright 2012 by NTT Communications, All Rights Reserved 18
トラヒック削減率(トータル)
26.1%
0%
10%
20%
30%
40%
50%
1/17
1/18
1/19
1/20
1/21
1/22
1/23
1/24
1/25
1/26
1/27
1/28
1/29
1/30
1/31
2/1
2/2
瞬間
平均
Real Example : Cache Out
•Testing Period: 2 weeks
•Cache Out Traffic: 26% average
Total Traffic Reduction
AVERAGECopyright 2012 by NTT Communications, All Rights Reserved 19
Real Example : Cache-able Contents
P2P
HTTP
CGM
(Youtube etc.)
Cache-able
upload
download
HTTP+Consumer Generated Media (youtube): these accumulate to around 80% of traffic Copyright 2012 by NTT Communications, All Rights Reserved 20
Real Example : Popular Sites
domain Traffic Volume Cache Productivity Number of
Requests
youtube.com 24.4% 34.0% 0.89%
nicovideo.jp 5.0% 23.9% 0.77%
yahoo-streaming.jp 3.8% 0.0% 0.03%
fc2.com 3.6% 14.2% 1.72%
hotfile.com 2.4% 4.1% 0.03%
apple.com 2.2% 39.5% 0.50%
fileserve.com 2.0% 1.4% 0.03%
xvideos.com 2.0% 16.0% 0.39%
megaupload.com 1.9% 8.8% 0.10%
googlevideo.com 1.7% 25.4% 0.13%
yimg.jp 1.5% 83.7% 5.58%
dmm.co.jp 1.4% 3.8% 0.34%
dailymotion.com 0.9% 25.5% 0.05%
asg.to 0.9% 5.7% 0.33%
llnwd.net 0.9% 16.6% 0.06%
Streaming
Adults
File Sharing
OthersCopyright 2012 by NTT Communications, All Rights Reserved 21
Transparent Cache : Operational Considerations 1/2
- Issues associated with unexpected Transaction
ex. non http transaction over port 80
- Following up on changes to delivery methods
ex. recent change on YouTube
http://o-o---preferred---nrt19s03---v23---lscache4.c.youtube.com/videoplayback?algorithm=throttlefactor&burst=40&cp=U0hTS1lMUV9LS0NOM19RRlVKOllIMU1MQmtzRExG&expire=1346913961&factor=1.25&fexp=922401%2C9
20704%2C912806%2C924412%2C913558%2C913556%2C912706&gcr=jp&id=43253e65a20b9bc0&ip=2402%3Ac800%3Aff06%3
A0%3A8249%3A71ff%3Afe10%3A9bd7&ipbits=48&itag=34&keepalive=yes&key=yt1&ms=au&mv=u&newshard=yes&range=13-
1781759&signature=27EDE46835C687EF24657592F2D826BE00BF5C84.733EC26B4AF8A1D795F18EB53584EDCB603969B0&s
ource=youtube&sparams=algorithm%2Cburst%2Ccp%2Cfactor%2Cgcr%2Cid%2Cip%2Cipbits%2Citag%2Csource%2Cupn%2Cexp
ire&sver=3&upn=SmMO7NqYKeQ
- Following up Popular Content Sites
- We do need well maintained “White List” to operate it efficiently
- IPv6 compatibility. It’s a bit hard to keep Path MTU Discovery
works well through transparent cache. (some products are quite
nice ! But some products does not support PMTUD… sigh…)Copyright 2012 by NTT Communications, All Rights Reserved 22
Transparent Cache Operational Considerations 2/2
- Asymmetric Routing
Will cause end user transaction to break
End Users
ISP A
ISP B ISP C ISP D
ISP
Uplink ISPs
Contents OriginNow we’re testing and evaluating
• Now we NTT Communications are testing and evaluating
various contents cache technologies.
• We have not yet implemented those to our network but some
our transit customer ISPs have already done this.
Copyright 2012 by NTT Communications, All Rights Reserved 23Copyright 2012 by NTT Communications, All Rights Reserved 24
Traffic shift on Oct.1st 2012 in Japan
A Japanese domestic ISP Traffic
About 10%Traffic
drop down due to
legal situation
change
• Traffic from overseas to Japan dropped down about 10% on Oct.1st due to new
rule implemented.
• Typically, about 30% of the total traffic of Japanese ISP are coming from overseas
that means now International traffic is dropping down to 2/3 maybe ??So,
• Recently, we do need to study about Hyper Giants’ activities.
– There are certain pros and also cons.
• Also legal situation around the Internet has been changing year
by year.
• Still new technology innovations are keep on going.
• So, applicable technologies varies year by year and also place
by place.
• We have to choose those available technologies carefully but
aggressively to improve our performance but it’s not easy.
• We’ve just started. Still our research is going on.
Copyright 2012 by NTT Communications, All Rights Reserved 25SAMURAI
– Traffic Analysis and Anti-DDoS system -
Copyright 2012 by NTT Communications, All Rights Reserved 26First of all, from wikipedia
27
Samurai (侍) is the term for the military
nobility of pre-industrial JapanFlow based traffic analysis and DDoS mitigation
by SAMURAI
28Watching an IP network… and do what needed, but how ?
• Watching the IP network…then…
– How we recognize the status of the whole network in real time manner ?
– How to monitor the traffic on a line or a point in the network ?
– Where we should watch ? And how to check packets ?
– What tool & software ?
• Even if we could get the enough (raw) information about the network…
– How should we analyze it ?
– How we utilize the analysis ?
• How should we react against the results (of analysis) ?
– For example, if we identified a cyber attack in the network, can we modify the
configurations on the network equipments such as routers and switches on the
fly ?
• If we took mistake to set proper configuration on the machine in such a period
of short time with poor verification, we might lost the network connectivity or
much worse results could be expected… it’s really scary.
– Can we combine the analysis with any of anti-DDoS system and so on ???
29NTT Communications’ two large networks
AS2914 : ntt.net Global Tier-1 backbone
AS4713 : OCN (for Japanese domestic)
Korea
NTT Korea
Hong Kong
NTT Com Asia
Malaysia
NTT MSC Australia
NTT Australia
Europe
NTT Europe
U.S.
Verio
AS2914
AS
4713
Taiwan
NTT Taiwan ntt.net
NTT Com
ThailandPoints of Presence
~1TbpsOur Global IP Backbone
NTT Com now provides a high-speed and large-volume IP
communication service using a network that boasts broad
bandwidths of 600Gbps between the US and Japan, 482Gbps
between Asia and Oceania, 97Gbps between Europe and Japan,
and 100Gbps between the US and Europe.
http://www.ntt.net/about/network-map.cfmActual links in the large network and use of “Flow”
• Today, the standard speed of the interface is 10Gbps
• We’ve just started Internet connection service at 100Gbps.
• 40G is now emerging and 100G is rising. But as you see, many of our links need
more than 100Gbps already…mmm
• Full Packet Inspection is just impossible on over 100G link today.
– Even if we could do full packet dump, large storage is required and that is too
costly.
• We should use “sampling” method first and will bring a specific traffic on focus
afterwards
– “Flow” technologies are usuful
– Implementations: Netflow, sflow, ipfix…
• Standard flow implementation is just a random sampling like 1/10000. There are
extended version such as Flexible netflow, ACL Based sFlow, and so on which are
enables us to define conditions to specify appropriate packets to be examined.
• We can capture the trend in the middle of the super high-speed backbone by this.
33Flow identification by sampling
• Sample packets at the interfaces on the routers and/or switches who have been
implemented flow mechanism. Flow information contains src and dst address,
protocol types, etc. of the packet especially in the header. A flow collector receives
those flow information to utilize.
34
Node A Node B
link
Flow Collector
flow information
I/F i/f-a-1
i/f-a-2
i/f-a-3 i/f-b-1 i/f-b-2
i/f-b-3Utilize flow information
• A flow collector can recognize the “trend” of the network traffic by the received flow
information
• For example, if the sampling rate at one interface on a switch is 1/10000, the
information of one packet out of 10000 will send to the collector
• In this case, if the link is 100Gbps, any of stream which is over 10Mbps will be
reported.
• We can do something using this flow analysis for
– Traffic reporting
• Hourly, Daily, Weekly, Monthly and Annual fluctuation, volume by application,
volume by destination etc…
– Failure warnings
• In the case of some flow is recognized an interface but its peer interface does
not received the flow, we should think that interface or link is down…
– Cyber attack alert
• If some flow is rapidly increased, it could be a cyber attack now on going. Of
course, somebody might start an on-line live stream like Olympic game
ceremony or something so that we have to confirm if it is truly an attack or not
before we stop it
3536
DDoS trend
Not important protocol
(eg ICMP,UDP)
Little resource
(eg 1-100 PC)
Small traffic
(eg 10Ks pps)
Size of Attack
Becomes larger & larger
Attack network
infrastructure
VoIP server, VPN
More than 1000k pps
100K zombie PC
New techniques
Important application
Address spoofing
Huge resource
(eg 10000 zombie PC)
Large traffic
(eg 100Ks pps)
Composite techniques
Time
From host to network
Stronger
Wider
More complex
Destroy
infrastructure
Money
Making
Just joke
36Recent Distribute Denial of Service we observed
2006 Jun “2 channel” (a Japanese popular bulletin board) got huge DDoS
2007 Feb Root DNS servers received DDoS
2007 Feb “Nico Nico Douga” (a Japanese video site –like You-Tube) DDoSed
2007 Apr DDoS caused troubles on “mixi” (SNS like facebook) & “Find Job”
2007 May DDoS made Estonia country wide confusion
2008 Apr 2ch attacked by a botnet consits of 5000hosts
2009 Jul Korea / USA received massive DDoS by a botnet
2009 Apr Twitter/Facebook got DDoS
2010 Sep Japanese governmental sites are affected by DDoS
2010 Oct Myanmar ‘s network is gridlocked by DDoS when they had an election
2010 Dec Cyber attacks related to wiki-leaks
France got attack
2011 Mar Korea received attack
37Anti-DDoS system by flow-analysis
38Multi layer protection of the network - Defense in Depth -
• How to protect our site and host from a massive attack coming from the Internet ?
• “Defense in Depth” should be introduced into the network.
• ISP should recognize attacks for own assets but also for customers
– “Freedom of Speech” must be carefully treated at the same time. It’s important.
– ISPs should get approval from customers before they start detection
– Attacks for not customers ? It is quite hard to do something…
• Goal of the defense in the ISP section is not to kill all the attack but reduce. Do not
expect perfect 
– Do something roughly first ⇒We can utilize flow
• Firewalls in front of the site comes next
– IDS, Firewall, application GW
• Lastly, tools on the host protects itself
– Anti-Virus software, Anti-malware
• If we could, it is better to kill or reduce the attack near the attacker. Not near the victim
39When Massive DDoS occurs・・・
• It will be useless just a firewall in front of the server
– If the link to the network will be occupied by the huge numbers of packets, they
are nothing else but just a loser of the game.
40
Internet FW Host
If the link in front of the firewall was occupied by
the huge volume of the traffic, we lose the game
If attacker(s) sends so many packets to the victim,
What ever this firewalls does,
becomes meaninglessDefense in Depth
41
Other ISP’s
NW
Our NW
Border Router(EBGP Router)
Customer Edge
Customer’s link
Customer\'s FW Server
Other ISP’s
NW
Attack!
Defense
Still the link is occupied the packet:still LOSE
Defense
Still other guest is effected by the src address
spoofing, some more needed to win the game
Defense
The attack will be limited,
it looks good
Final protections on the hostSAMURAI in the network
42
Other ISP’s
NW
Our NW
Border Router)
Provider Edge
Customer’s link
Customer’s FW Server
Other ISP’s
NW
Defense
Defense
SAMURAI will provide
customers with Analysis
and Protection in the
networkDoS Mitigation technologies
• For example, if attacker spoofs the src address of the other’s, it becomes difficult to
identify whether a packet is good or bad.
• Packets which do not “looks good” will be filtered out so that it could reduce the
amount of DDoS traffic. Or just cleaner the communication.
• There are DoS Mitigation Devices
– Cisco terminated its own popular implementation … (please think again  )
• Which is the packets that does not looks good ?
– Only TCP SYN comes after and after
– Sequence number in the TCP header is just faked
– etc, etc.
• It is more difficult to tell which UDP is bad and which UDP is good
Copyright ⓒ 2011 NTT Communications Corporation. All Rights Reserved. 43Protection with Dos Mitigation device
Copyright ⓒ 2011 NTT Communications Corporation. All Rights Reserved. 44
Other ISP’s
NW
Our NW
Border router (EBGP router)
Customer Edge
Customer’s link
Customer’s FW Server
Other ISP’s
NW
Attack !
Dos Mitigation
Redirect
Filter outConfiguration of DDoS detection and mitigation
45
Monitoring (Netflow)
Control the Device
(ACL, Blackhole, Mitigation Device)
Network configuration Image
Network Device
Mitigation Device
Data Collector Device ContolerNW
DDoS Detection
2) ポータルで確認
Test a
Other
Other
Test a
10.4.204.69/32
Yes ! Mitigate the attack !
FLOW INFO
OPERATOR
SAMURAI
DDoS Attack
Anti-DDoS operation with SAMURAI
DoS Mitigation
Notice: You might be attacked..
Configure to redirect /
mitigate by MAIKO
46Inter-AS traffic Traffic per port number
Traffic Visualization
47Current DDoS Status
Details of DDoS
At the user portal web page, you can see the status of DDoS in real time manner. Also you can
retrieve information about specific traffic from repository as a report
Detection abnormal traffic
Summary of
DDoS
DDoS
Mitifation
invoke switch
Detected
DDoS
Details
information
48By victim based
Time based
You can create a report by specifying period, destination address, attack type, duration of the
attack, and/or any parameters
Abnormal traffic analysis report
Attack type based Seriousness
Duration based
4950
Dropped
Traffic
Passed by
Traffic
Anti-DDoS Mitigation (with Maiko)
Attack report
DDoS
Mitigation
Invoking switch
DDoS Mitigation could be invoked with Maiko
50Issues on Flow Traffic Analysis of IPv6
• IPv6 transport to carry flow information
– Limited vender support
– If the machine is IPv4/IPv6Dual Stack compatible, sometime, both IPv4 transport
and IPv6 transport report traffic information so that “double count” may happen
– If we separate IPv4 and IPv6, we also have to group exporter addresses together
– In SAMURAI, different UDP ports must be used, one for IPv4, one for IPv6
• Capability of flow information of IPv6 traffic
– To send IPv6 flow information, Netflow v9 or IPFIX can be used
– Address field expansion is needed to make flow collector compatible with IPv6
– Netflow V9 and IPFIX look like each other but surely different. Especially SampleRate field. Samurai can handle both format.
• Amount of IPv6 traffic is still quite little comparing with v4
– It is hard to see how IPv6 traffic goes with huge IPv4 traffic
• The function to select IPv6 is needed
• ACL based sampling is useful to distinguish the traffics
■Preferable implementation
• Use only one single transport, v4 only (or v6 only) with Netflow v9 (IPFIX is not so
popular yet)
• Traffic analysis must be per protocol basis (v4 and v6 independently)
• Use different sample-rate for IPv4 and IPv6 (For example, IPv4:1/4000,IPv6:/100)Anomaly report of IPv6 traffic
• As same as IPv4 traffic, we can identify irregular
IPv6 traffic like DDoS and so on, by analising of
IPv6 flow information
– It’s easer than DPI to deploy in the network
– Same function as IPv4
• TCP SYN flooding, UDP flooding, Port Null,
– IPv6 specific
• Link local Address (leaking traffic) finding
• IPv4/IPv6 mixed attackConclusion
• We are now working on
– a flow based traffic analyzer – SAMURAI – that can co-operate with DDoS
mitigation system
• SAMURAI based flow analysis / DDoS Mitigation service in our and our customers’
networks with IPv4 and IPv6 simultaneously has been already commercialized.
• Thanks !
• We’re looking forward to hearing from you.
53
View All (819)
4G (2) 4G Evolution (1) 5G (36) 5g (1) 802.11 (1) 802.1X (1) ALTO (1) ANDSF (1) AT&T (2) Acceleration (1) Adobe HDS (3) Akamai (6) Amazon (3) Apple HLS (4) Authentication (1) BRAS (2) BT (1) Backbone (4) Backhaul (12) BitTorrent (1) Broadcasting (3) C-RAN (13) C-RAN/Fronthaul (12) CCN (4) CDN (52) CDNi (1) COLT (1) CORD (1) CPRI (2) Cache Control (1) Caching (5) Carrier Cloud (2) Carrier Ethernet (9) Channel Zapping (4) China Mobile (1) China Telecom (1) Cloud (10) Cloudfront (1) DASH (2) DCA (1) DHCP (3) DNS (1) DSA (1) Data Center (7) Dynamic Web Acceleration (1) EDGE (1) EPC (5) Energy (1) Ericsson (5) Ethernet (8) FEO (2) Fairness (1) Fronthaul (5) GiGAtopia (1) Gigabit Internet (2) Global CDN (1) Google (5) HLS (1) HTTP (1) HTTP Adaptive Streaming (18) HTTP Progressive Download (3) HTTP Streaming (1) HetNet (1) Hot-Lining (1) Hotspot 2.0 (2) Huawei (3) ICN (4) IP (1) IP Allocation (1) IP Routing (8) IPTV (15) Intel (1) Internet (1) Interoperability (2) IoST (1) IoT (14) KT (22) LG U+ (3) LTE (70) LTE MAC (1) LTE-A (2) Licensed CDN (1) M2M (3) MEC (3) MPLS (25) MVNO (1) Market (4) Metro Ethernet (7) Microsoft (2) Migration (1) Mobile (4) Mobile Backhaul (1) Mobile Broadcasting (1) Mobile CDN (2) Mobile IP (1) Mobile IPTV (3) Mobile Video (1) Mobile Web Perormance (1) Mobility (1) Multi-Screen (7) Multicast (7) NFC (1) NFV (2) NTT Docomo (2) Netflix (6) Network Protocol (31) Network Recovery (3) OAM (6) OTT (31) Ofcom (1) Offloading (2) OpenFlow (1) Operator CDN (14) Orange (1) P2P (4) PCC (1) Page Speed (1) Programmable (1) Protocol (7) Pseudowire (1) QoS (5) Router (1) SCAN (1) SD-WAN (1) SDN (15) SDN/NFV (15) SK Telecom (22) SON (1) SaMOG (1) Samsung (2) Security (6) Service Overlay (1) Silverlight (4) Small Cell (3) Smart Cell (1) Smart Grid (2) Smart Network (2) Supper Cell (1) Telefonica (1) Telstra (1) Terms (1) Traffic (2) Traffic Engineering (1) Transcoding (3) Transparent Cache (2) Transparent Caching (14) VLAN (2) VPLS (2) VPN (9) VRF (2) Vendor Product (2) Verizon (2) Video Optimization (4) Video Pacing (1) Video Streaming (14) Virtual Private Cloud (1) Virtualization (3) White Box (1) Wholesale CDN (4) Wi-Fi (13) WiBro(WiMAX) (4) Wireless Operator (5) YouTube (4) eMBMS (4) eNB (1) 망이용대가 (1) 망중립성 (1) 스마트 노드 (1)

 

 

     
         
     

 

     
     

넷매니아즈 회원 가입 하기

2020년 1월 현재 넷매니아즈 회원은 49,000+분입니다.

 

넷매니아즈 회원 가입을 하시면,

► 넷매니아즈 신규 컨텐츠 발행 소식 등의 정보를

   이메일 뉴스레터로 발송해드립니다.

► 넷매니아즈의 모든 컨텐츠를 pdf 파일로 다운로드

   받으실 수 있습니다. 

     
     

 

     
         
     

 

 

비밀번호 확인
코멘트 작성시 등록하신 비밀번호를 입력하여주세요.
비밀번호