Large-scale geolocation for NetFlow

Author

Celeda, Pavel ; Velan, Petr ; Rabek, Martin ; Hofstede, Rick ; Pras, Aiko

Author_Institution

Inst. of Comput. Sci., Masaryk Univ., Brno, Czech Republic

fYear

2013

fDate

27-31 May 2013

Firstpage

1015

Lastpage

1020

Abstract

The importance of IP address geolocation has increased significantly in recent years, due to its applications in business advertisements and security analysis, among others. Current approaches perform geolocation mostly on-demand and in a small-scale fashion. As soon as geolocation needs to be performed in real-time and in high-speed and large-scale networks, these approaches are not scalable anymore. To solve this problem, we propose two approaches to large-scale geolocation. Firstly, we present an exporter-based approach, which adds geolocation data to How records in a way that is transparent to any How collector. Secondly, we present a How collector-based approach, which adds native geolocation to NetFlow data from any How exporter. After presenting prototypes for both approaches, we demonstrate the applicability of large-scale geolocation by means of use cases. Our prototypes have shown to be scalable enough for deployment on the 10 Gbps Internet connection of the Masaryk University.

Keywords

IP networks; Internet; telecommunication traffic; IP address geolocation; Internet connection; NetFlow; bit rate 10 Gbit/s; business advertisements; collector based geolocation; exporter based geolocation; large-scale geolocation; security analysis; Data analysis; Databases; Educational institutions; Geology; Google; IP networks; Prototypes;

fLanguage

English

Publisher

ieee

Conference_Titel

Integrated Network Management (IM 2013), 2013 IFIP/IEEE International Symposium on

Conference_Location

Ghent

Print_ISBN

978-1-4673-5229-1

Type

conf

Filename

6573124