SMARTxAC és una eina desenvolupada pel CCABA (UPC), en col·laboració amb el CSUC (abans CESCA), que permet el monitoratge i l'anàlisi del tràfic de la xarxa, donant diferents vistes als usuaris perquè vegin exclusivament el seu. Des de l'any 2003 ha evolucionat i ha servit, d'una banda, com a catalitzador per a la recerca dins la universitat i, de l'altra, com a potent eina per a la detecció d'anomalies i patrons de tràfic anormals per als seus gestors i usuaris. L'evolució d'SMARTxAC és Network Polygraph. En aquesta presentació s'explica quina ha estat la utilització de la plataforma al CSUC, en el context de l'Anella Científica, la seva evolució, la seva nova imatge i funcionalitats.
4. Network Downtime equals Cost
$42,000/h
avg cost of downtime
$5,600/min
avg cost of downtime
(datacenters)
87 hours
avg downtime per year
200 min
MTTR per medium
outage itpi
5. Network Visibility
• To properly manage a network, you need to
see what happens inside it
• First step to...
– identify congested links
– remove unwanted network traffic
– disconnect bandwidth hogs
– troubleshoot performance issues
– plan for future needs
10. 1999-2003: Inception
Previous monitoring and analysis projects:
• CASTBA
• MEHARI
• MIRA
With the colaboración among several universities
• UPM (Universidad Politécnica de Madrid)
• UC3M (Universidad Carlos III de Madrid)
• UPC (Universitat Politècnica de Catalunya)
And the participation of:
• RedIRIS
• CESCA
• Telefónica Investigación y Desarrollo
• Institut Català de Tecnologia
Focus: monitoring ATM networks
Approach: deep packet inspection with sampling
11. 2003: The Birth of SMARTxAC
Collaboration: CESCA + CCABA/UPC
Objective: monitoring Anella Cientifica-RedIRIS connection
Roles
• CESCA: requirements, testbed
• CCABA/UPC: research, development
Objectives:
• Low-cost platform
• Continuously monitor Anella Científica
• Detect anomalies and irregular usage
• Multi-tenant: accessible by many institutions
– each institution can see their own traffic only
13. 2003: User Interface
Port Number Machine learning
47.39%
0.10%
0.43%
10.34%
19.65%
7.97%
2.48%
0.08%
0.55%
1.84%
2.26%
0.10%
0.53%
6.04%
0.23%
40.07%
2.97%
2.43%
18.47%
8.17% 0.30%
1.52%
0.48%
9.67%
1.22%
0.51%
0.30%
8.48%
5.42%
A_UKNWN
DNS
FTP
GAMES
IRC
MAIL
MULTIMEDIA
NETFS
NETWORK
NEWS
NO_TCPUDP
OTHERS
P2P
T_UKNWN
TELNET
UNIX
WWW
14. 2003-2011: Network Scales Up
More network interfaces monitored at Anella Científica:
• RedIRIS
• Commercial internet connection
• CATNIX
Internal traffic not monitored
Increasing bandwidth usage
Realization: DPI is not cost effective!
Last straw: switching to 10Gbps links
Distributed core with to main nodes (Campus Nord &
Telvent)
Solution: NetFlow
17. 2013: Commercial Stage & Spin-off
• Research group gathers commercial interest
• Received public funding for tech transfer
– SMARTxAC to generalized product
• From a research product to a commercial one
– Talaia Networks, S.L.: a spin-off of UPC
– Network Polygraph: «spin-off of SMARTxAC»
22. Subscription Models
Service (SaaS)
• Monthly or yearly billing
• Includes support
• Externally managed
• Regularly updated
Perpetual License
• Payable upfront
• Support & maintenance
fee
• Not accessible by our
personnel
23. The SaaS Advantage
• No upfront costs for end customer
– Lower barrier of entry (esp. small-mid customers)
– No need to “commit” to our solution
– Simply configure routers to send NetFlow to us
• Managed solution
– Zero maintenance, zero hardware, zero software
– Always upgraded to latest version
24. Main Large-scale Deployments
• CSUC (Anella Científica network)
– Connects ≈90 public institutions in Catalonia
– Offered as value-added service to >80 admins
• Red.es (RedIRIS network)
– Handles all Spanish academic network traffic
– Connects ≈450 public institutions in Spain
– Won as customer in competitive tender
25. Use Cases
• Small-medium companies
– Bandwidth is a precious resource, Polygraph helps
optimize its usage
• “Why is the network so slow? Should we invest in more
bandwidth?”
• Found 1 user constantly downloading files from Mega
• Link was shared with other offices, affecting whole
company
26. Use Cases (2)
• Large companies
– Moving a single “hardware DPI probe” around
• Deploying full DPI was too expensive
• With Polygraph they could cover all branches!
– Realized most attacks come from China
• ISP can block certain IP subnets
• Attacks do not consume customer bandwidth
– Detected covert bitcoin mining operations
• Users were pumping the electricity bill for their
personal gain
27. Use Cases (3)
• ISP & Managed Network Service Providers
– Important customer with an office in North Africa:
• Bandwidth: precious resource
• Wanted to check it is spent wisely – no unwanted traffic
– Receiving large # of copyright violation notices!?
• Traffic analysis reveals P2P traffic
• Particularly, upstream traffic: serving illegal content!
– Use our product to detect network attacks
• Offer product as value-added service to corporate
customers
• Sell anti-virus solutions to their own customers