Internet2 Global Summit: Open Source Network Tools & DDoS Detection
Summary
In my last post from the Internet2 Global Summit, I covered some of the less techie topics. In this post, I wanted to briefly cover a couple of interesting tidbits related to current open source network visualization and how Kentik can complement Internet2’s forthcoming DDoS scrubbing service offering.
Open Source Projects for Network, Traffic and Performance Visualization
On the second day of the conference, I enjoyed a session called “Pragmatic Network Visualization,” which covered two open source projects presented by Sean Dilda from Duke University and Jennifer Schopf at Indiana University.
Sean shared about the Duke University developed Cartographer tool. They use the tool to visualize their network, in particular how their devices interact with the network. It utilizes information gained from performing SSH connections to campus routers and switches to create maps of device to network interconnections as well as the path a packet takes through the network. They offer this tool from their website to university staff, who can search for devices by IP, MAC Address, subnet name, vrf name, or device name on the Cartographer site. While the tool is built against a Cisco-only network infrastructure, it bridges multiple different switch and router OS. Not yet portable or deployable outside of Duke, but something they’re working on, you can see the presentation slides here.
Another open source project is called NetSage, which Jennifer presented. The NetSage project is led by Schopf at IU, working with folks from UC Davis and the University of Hawaii. Its goal is to understand the behaviors of the NSF-funded international transit circuits using flow data such as sFlow, performance data from deployed instances of perfSonar — which is an open source, distributed network performance system used by science networks. NetSage utilizes open source archiving to store the data, and they’ve built some cool visualizations on top of it to help look at traffic patterns, sources and destinations of traffic, and where transmission issues are occurring on international links. The project is entering year three of a five-year, $5M funding grant from National Science Foundation.
Kentik Highly Complementary to New DDoS Scrubbing Service
Internet2 is launching a new, clean pipe DDoS scrubbing service in conjunction with a partner commercial service provider company. The idea is that an institution will detect attacks, sends an alert to the scrubbing service operations team to start scrubbing a particular prefix. The service provider then redirects the traffic to their scrubbing center, and clean traffic is returned on a VLAN within the institution’s existing Internet2 link.
The service is in a pilot phase through June 30, 2017, and is planned to be available for production use from July 1, 2017. Higher education institutions and research and education network can pass down the service to their downstream networks (universities or K-12 systems). However, there isn’t anything restricting a K-12 system from subscribing to and paying for the service directly.
If an institution doesn’t have on-premises DDoS detection capabilities, that can be procured by sending flow data to the service center, along with providing SNMP access to edge routers. However, the cost of that detection service add-on isn’t trivial.
Kentik offers a highly complementary alternative that covers network operations, peering analytics, network anomaly and DDoS detection and triggered alerting to the scrubbing service, at a lower overall cost. For existing R&E network customers of Kentik, this is a sweet side benefit to an existing investment. For potential R&E network teams who would are considering using Internet2’s scrubbing service but don’t have DDoS detection capabilities, this is an ideal time to evaluate Kentik since you can get a complete network analytics and detection platform for less than detection alone.
If you’d like to learn more about Kentik Detect, visit our product page. To learn more, request a demo, or if you know you’re ready to try big data-powered network visibility out, you can be up and running with a fully functional free trial in fifteen minutes.