Data visibility methods in CPEs
Virtanen, Kimmo (2019)
Virtanen, Kimmo
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019052211383
https://urn.fi/URN:NBN:fi:amk-2019052211383
Tiivistelmä
Flow information is gathered from data packets traversing an observation point. Traditionally, flow information has been used for e.g. billing, capacity planning, and fault finding. Trending technologies such as software defined networking, machine learning and anomaly detection can gain advantage from flow based information.
The task was to search suitable methods to implement flow monitoring in a service provider environment. Customer Premises Equipment was chosen for monitoring points. The objective was to gain more comprehensive visibility into traffic and explore the benefits of flow monitoring. The implementation was a case study where different open source software was evaluated.
It was noticed that the used equipment did not support TLS encryption in flow export. Another observation was that there exists several software for flow data receiving, processing and saving. The best results could be achieved with a message broker that other software uses as a data bus to transfer data. This arrangement decreases the effort in moving from one software to another. It was also noticed that plain flow monitoring did not bring much extra value compared to SNMP monitoring.
Flow data could bring more value to administrators when used in more sophisticated solutions, such as anomaly detection or security evaluations. In any case automation is needed to gain the best benefit from the data.
The task was to search suitable methods to implement flow monitoring in a service provider environment. Customer Premises Equipment was chosen for monitoring points. The objective was to gain more comprehensive visibility into traffic and explore the benefits of flow monitoring. The implementation was a case study where different open source software was evaluated.
It was noticed that the used equipment did not support TLS encryption in flow export. Another observation was that there exists several software for flow data receiving, processing and saving. The best results could be achieved with a message broker that other software uses as a data bus to transfer data. This arrangement decreases the effort in moving from one software to another. It was also noticed that plain flow monitoring did not bring much extra value compared to SNMP monitoring.
Flow data could bring more value to administrators when used in more sophisticated solutions, such as anomaly detection or security evaluations. In any case automation is needed to gain the best benefit from the data.