Title :
Practical experience with IPFIX flow collectors
Author_Institution :
CESNET, z.s.p.o., Prague, Czech Republic
Abstract :
As the number of Internet applications grows, the number of applications that use data encapsulation increases as well. Flow monitoring using NetFlow version 5 or 9 is only able to analyze the encapsulating protocol, therefore it becomes too limited to detect new threats. For this reason, more thorough knowledge of such traffic is needed. The IPFIX protocol can be used in such situations, because it provides enough flexibility for monitoring tools to be extended by new elements. Along with greater flexibility, IPFIX support results in a higher performance footprint on collectors and tools for querying the collected data. Currently, there is a lack of flow collection frameworks with IPFIX support that would allow flow data to be extended. The aim of this paper is to compare open-source flow collectors that provide support for the IPFIX protocol. We focus on evaluating performance of query tools and the level of IPFIX support provided by the collection frameworks.
Keywords :
Internet; computer network security; data encapsulation; protocols; query processing; telecommunication traffic; IPFIX flow collectors; IPFIX protocol; Internet; NetFlow version 5; NetFlow version 9; collected data querying; data encapsulation protocol; flow collection frameworks; flow monitoring; open-source flow collectors; performance evaluation; query tools; IP networks; Indexes; Memory; Ports (Computers); Protocols; Time factors;
Conference_Titel :
Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on
Print_ISBN :
978-1-4673-5229-1
