Upload File

ipfixexport at ixps

13
IPFIX Export at IXPs Insights into Your IXP Thomas King, CTO, DE-CIX Swinog #37

Upload: others

Post on 02-Aug-2022

5 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: IPFIXExport at IXPs

IPFIX Export at IXPsInsights into Your IXP

Thomas King, CTO, DE-CIX

Swinog #37

Page 2: IPFIXExport at IXPs

3www.de-cix.net

Insights in traffic statistics

Beyond customer‘s rate limit / Access Port capacity

No load on customer‘s router

No router configuration needed

Motivation

2/12

DE-CIX FRA

Page 3: IPFIXExport at IXPs

4www.de-cix.net

IPFIX Protocol

[1] https://tools.ietf.org/html/rfc7011

[2] http://www.iana.org/assignments/ipfix/ipfix.xhtml 3/12

RFC7011[1]

Templates

491 data fields defined[2]

Dead and alive timeout

https://tools.ietf.org/html/rfc7011
http://www.iana.org/assignments/ipfix/ipfix.xhtml
Page 4: IPFIXExport at IXPs

5www.de-cix.net

Architecture

4/12

Packet sampling rate 1:10k

Dead timeout: 15s, alive timeout 60s

Page 5: IPFIXExport at IXPs

6www.de-cix.net

Front-End[3]

5/12

Customers choose

from their MAC

addresses

Enter any target IP

Select start/stop

[3] https://portal-beta.de-cix.net/statistics/ipfix-export

https://portal.de-cix.net/statistics/ipfix-export
Page 6: IPFIXExport at IXPs

7www.de-cix.net

Implementation Challenges

6/12

Incoming:

One large IPFIX stream

Outgoing:

N filtered IPFIX streams

to M target IP addresses

Need for new IPFIX

stream creation

/dev/null

Filter 1

Filter N-1

Filter N

Encrypter 1

Encrypter M

IPFIX Filtered

IPFIX

Encrypted

IPFIX Public

Internet

Page 7: IPFIXExport at IXPs

8www.de-cix.net

Design Space

7/12

1 Vermont[4] instance

Config contains filters for every MAC address

Output redirected to encrypter on demand

[4] https://github.com/tumi8/vermont/

https://github.com/tumi8/vermont/
Page 8: IPFIXExport at IXPs

10www.de-cix.net

Back-End

9/12

Dumping + filtering: Vermont

No interruption upon request

Approx. 1 minute delay

Page 9: IPFIXExport at IXPs

11www.de-cix.net

Receiving Data

10/12

Open-source decrypter[5]

Pmacct[6]

FastNetMon[7]

[5] https://github.com/de-cix/udp-dtls-wrapper/

[6] http://www.pmacct.net/

[7] https://fastnetmon.com/

https://github.com/de-cix/udp-dtls-wrapper/
http://www.pmacct.net/
https://fastnetmon.com/
Page 10: IPFIXExport at IXPs

12www.de-cix.net

02.12.2021The secret of the InternetSlide 12

https://youtu.be/HS-PkYJhT0A

https://youtu.be/HS-PkYJhT0A
Page 11: IPFIXExport at IXPs

13www.de-cix.net

11/12

Configure transport port

Overview of running exports

Export via IPv6

Support other DE-CIX Locations (e.g. MUC, NYC)

Webinar [8] – We already have that! ☺

[8] https://www.de-cix.net/de/about-de-cix/academy

Planned Enhancements

https://www.de-cix.net/de/about-de-cix/academy
Page 12: IPFIXExport at IXPs

14www.de-cix.net

Summary

12/12

Self-Managed IPFIX collection

Sensible data encrypted

Analysis with own tools

Free beta service

Page 13: IPFIXExport at IXPs

15www.de-cix.net

Thank you for your attention!

Any questions?


ISOC: IXPs Partnerships

Scaling IXPs

IXP scene - France-IX · => in 32 Countries, operating over 100 IXPs! • 25 IXPs from the rest of the world! • Newest Members:

AfriNIC : Collaboration with IXPs 2

IXPs AIESEC Croatia: Summer'16

Scaling IXPs Scalable Infrastructure Workshop AfNOG 2009

Making Route Servers Aware of Data Link Failure at IXPs Dr. Thomas King Manager R&D Discussion: Internet Draft

List of Ixps

Www.internetsociety.org IXPs Implementation Scenarios: Management, Admin and Technical Models of IXPs

IXPs | Governance and Financial Models: Best Practices … · IXPs | Governance and Financial Models: Best ... • Reduced latency and increased performance and driving demand

CA Landscape · Internet Exchange Points (IXPs) •Canadian IXPs should be; –Community based –Vendor neutral –Non profit organizations –Member driven –Open peering policy

Appropriate Layer-2 Interconnection Between IXPs · 2008-08-13 · Appropriate Layer-2 Interconnection Between IXPs Keith Mitchell NANOG31, San Francisco 24/25th May 2004

ISOC - IXPs in Africa and Beyond

Measuring Countries and IXPs with RIPE Atlas

Rethinking IXPs’ Architecture in the Age of SDNsteve/papers/IXP-JSAC.pdfA NEW SDN FABRIC FOR IXPS We now present Umbrella: a new SDN fabric for IXPs, that focuses on the control-data

BGP Configuration for IXPs

BGP Best Practice at IXPs - Internet Society · BGP Best Practice at IXPs Beirut, March 2017 Nick Hilliard ... What Routers do People Use? 2 5% 14% 16% 30% 34% Cisco Juniper PC

New IXPs in a Post IPv4 World

The RIPE NCC, Internet Measurements and IXPs

The Real Cost of Public IXPs

SDN Applications for IXPs and Service Providers - FRNOGmedia.frnog.org/FRnOG_20/FRnOG_20-8.pdf · SDN Applications for IXPs and Service Providers Jason Kleeh ... Remove, Modify VLAN

Via Africa: Creating local and regional IXPs to save money ... · 2.5 Obstacles to implementing IXPs 2.6 Lessons from outside of Africa 2.7 Future African IXP developments at a national

Countries, IXPs and RIPE Atlas · RAIM workshop, 2015-10, Yokohama, JP Countries, IXPs and RIPE Atlas [email protected]

Operation Models for IXPs - APNIC

AfriNIC : Collaboration with IXPs 1

Internet Exchange Points (IXPs) Scalable Infrastructure Workshop AfNOG 2008

Appropriate Layer-2 Interconnection Between IXPs · PDF fileAppropriate Layer-2 Interconnection Between IXPs Keith Mitchell ... Redbus) different links ... their own infrastructure

IPv6 for IXPs workshop - Manama - January 2016

Euro-IX update - NONOG...Euro-IX update NIX may 2017 Oslo, Norway Kjetil Otter Olsen Euro-IX board member Association of IXPs 82 affiliated IXPs: • 56 IXPs in the Euro-IX Region

Internet Exchange Points (IXPs) Scalable Infrastructure Workshop

International Cables Gateways IXPs

Packet Clearing House: Using IXPs: Construction, Operation, and Measurement

IXPs and the Impact on International Transit in Africa · Against IXPs in Africa • 17 IXPs in 15 African Countries • 12 were considered responsive based on a survey conducted

Jumbo Frame Deployment at IXPs (Internet Exchange Points)...Jumbo Frame Deployment at IXPs (Internet Exchange Points) draft-mlevy-ixp-jumboframes-00.txt Hurricane Electric IPv6 Native

BGP Large Communities for IXPs