Speaker
A. Bobyshev
(FERMILAB)
Description
Network flow data gathered on border routers and core network switch/routers is used
at Fermilab for statistical analysis of traffic patterns, passive network monitoring,
and estimation of network performance characteristics. Flow data is also a critical
tool in the investigation of computer security incidents. Development and enhancement
of flow- based tools is on-going effort. The current state of flow analysis is based
on the open source Flow-Tools package. This paper describes the most recent
developments in flow analysis at Fermilab. Our goal is to provide a multidimensional
view of network traffic patterns, with a detailed breakdown based on site,
experiment, domain, subnet, hosts, protocol, or application. The latest analysis
tool provides a descriptive and graphical representation of network traffic broken
down by combinations of experiment and DNS domain. The tool can be utilized in
real-time mode, as well as to provide a historical view. Another tool analyzes flow
data to provide performance characteristics of completed multistream GridFTP data
transfers. The current prototype provides a web interface for dynamic administration
of the flow reports. We will describe and discuss the new features that we plan on
developing in future enhancements to our flow analysis tool set.
Primary authors
A. Bobyshev
(FERMILAB)
M. Grigoriev
(Fermilab)
