afnog bmo presentation
TRANSCRIPT
-
8/9/2019 Afnog Bmo Presentation
1/83
Bandwidth Management
Chris Wilson
Aptivate Ltd, UK AfNOG 2012
Download this presentation at:
http:www!ws!afno"!or"afno"2012t#torials$%o
-
8/9/2019 Afnog Bmo Presentation
2/83
Ingredients
➢
What is bandwidth management When to %ana"e $andwidth
&ro#$leshootin" an 'nternet (onne(tion
)onitorin" an 'nternet (onne(tion *ettin" poli(+
nfor(in" -oli(+
*o(ial %eas#res &e(hni(al %eas#res
*#%%ar+ and reso#r(es
-
8/9/2019 Afnog Bmo Presentation
3/83
What is Bandwidth Management?
Networ. %ana"e%ent of slow lin.s, and thenetwor.s that #se the%/
Do +o# have a $etter definition/
-arti(#larl+ i%portant to internet #sers
Users often (o%plain that the internet is slow orthe internet is down
o# %a+ need %ore $andwidth, $#t:
Witho#t %ana"e%ent, no a%o#nt of $andwidth iseno#"h
3andwidth is ver+ e4pensive
Good %ana"e%ent (an save +o# a lot of %one+
-
8/9/2019 Afnog Bmo Presentation
4/83
Meeting Expectations
Users have an e4pe(tation of networ. perfor%an(e *et $+ previo#s e4perien(e, e!"! (+$er (af5s, friends,
other e%plo+ers, (onne(tion at ho%e
Users will as. for %ore $andwidth than +o# (ans#ppl+ 6if it doesn7t (ost the% %ore %one+8
'n a (o%%er(ial and a(ade%i( (onte4t, it7si%portant to fa(ilitate peoples7 wor. #se of 'nternet
)a+ %ean red#(in", eli%inatin" or %ovin" non9wor. or #nne(essar+ traffi( to %a.e %ore (apa(it+availa$le
-
8/9/2019 Afnog Bmo Presentation
5/83
Bandwidth Mis-management
'f an internet (onne(tion is not well %ana"ed: -Cs will $e(o%e infe(ted with vir#ses and wor%s
ir#s and wor% traffi( will fill the (onne(tion
-2- #sers and download %ana"ers will fi"ht for the rest
Ordinar+ we$ $rowsin" will $e(o%e i%possi$le
*.+pe, o'- and other intera(tive appli(ations will $e#n#sa$le
Depart%ents %a+ de%and a separate (onne(tion Wastes reso#r(es that (o#ld $e $etter pooled
Appears to wor. for a while, then s#ffers the sa%e fate
-
8/9/2019 Afnog Bmo Presentation
6/83
Next
✔
What is $andwidth %ana"e%ent➢ When to manage bandwidth
&ro#$leshootin" an 'nternet (onne(tion
)onitorin" an 'nternet (onne(tion *ettin" poli(+
nfor(in" -oli(+
*o(ial %eas#res &e(hni(al %eas#res
*#%%ar+ and reso#r(es
-
8/9/2019 Afnog Bmo Presentation
7/83
When to Manage Bandwidth
Do we need $andwidth %ana"e%ent/ 'nternet 6or internal8 lin. overloaded 6and onl+ then;8
Users (o%plainin" a$o#t poor perfor%an(e
Lin. $illed $+ #sa"e
Lin. throttled $+ #sa"e
Co%plaints fro% #pstrea% provider
Need to i%prove
-
8/9/2019 Afnog Bmo Presentation
8/83
Next
✔
What is $andwidth %ana"e%ent✔ When to %ana"e $andwidth
➢ Troubleshooting an Internet connection
)onitorin" an 'nternet (onne(tion *ettin" poli(+
nfor(in" -oli(+
*o(ial %eas#res &e(hni(al %eas#res
*#%%ar+ and reso#r(es
-
8/9/2019 Afnog Bmo Presentation
9/83
The Internet is so slow!
What do we %ean $+ slow/ (o%pletel+ down/
pa(.et loss 6t(p $a(.off8
lon" pin" ti%es 6ro#nd9trip ti%es8
lon" DN* loo.#p ti%es 6or DN* fail#re8
Other related pro$le%s:
=itter 6%ostl+ affe(ts *.+pe and other o'-8
What doesn7t wor./
A((ess to ordinar+ we$ pa"es/ 6>&&-8
3it&orrent and -2- software/
*.+pe and other real9ti%e networ. appli(ations/
-
8/9/2019 Afnog Bmo Presentation
10/83
In Case of Repeated ires
*o%eti%es 6not alwa+s;8 the pro$le% will $e that+o#r (onne(tion is too often f#ll 6#sed to (apa(it+8
o# (an pin" the ro#ter on +o#r side witho#t pro$le%s, $#t pin"in" +o#r '*-7s ro#ter shows:
ver+ hi"h laten(+ 6over 1 se(ond8 to +o#r '*-
Windows reports laten(+ over ? se(onds as re
-
8/9/2019 Afnog Bmo Presentation
11/83
efinitions
Bro% the 3andwidth )ana"e%ent 3oo.,http:$w%o!net:
http://bwmo.net/http://bwmo.net/
-
8/9/2019 Afnog Bmo Presentation
12/83
iagnosing the "ro#lem
Che(. that +o#r (onne(tion wor.s Che(. that +o#r DN* wor.s
&ra(ero#te to the re%ote server, loo.in" for:
s#dden in(rease in pin" ti%es or pa(.et loss itter 6standard deviation (han"es8
identif+ $etween whi(h hops this o((#rs
-in" the re%ote server telnet www.google.com 80
GET / HTTP/1.0 Host: www.google.com
)onitor inter%ittent pro$le%s with trendin" tools
-
8/9/2019 Afnog Bmo Presentation
13/83
"ing
Usef#l for spot (he(.in": rea(ha$ilit+ 6tr+ www.google.com or 4.2.2.28
ro#nd trip ti%e 6&&8, also .nown as laten(+
pa(.et loss 6pin" 9f, pin" 9( 1000 9s 1?00 %a+ help8
itter 6pin" 9( 1000 and (he(. mdev/stddev8
fra"%entation 6pin" 9s 1?E8
-
8/9/2019 Afnog Bmo Presentation
14/83
Matt$s Tracero%te &MTR'
'ntera(tive, repeatin" version of &ra(ero#te sudo -E pkg_add -r mtr 6or mtr-nox118 mtr -r -c10 download.a!a.sun.com HOST: rocio.int.aidworld.org Loss% Snt Last Avg Best Wrst StDev
1. 196.2.21!.2"# .% 1 1.6 1.! 1.6 1.$ .1
2. rtrtedata.&tg.a'nog.org .% 1 2. 2.2 2. (.2 .# (. )ost196.219.22.$1static.t .% 1 "." $.# #. #". 12.9 #. )ost16(.121.16.229.tedata. .% 1 6.! #.$ #.( 6.! .$ ". )ost16(.121.1$9.!(.tedata.n .% 1 #.# 11.( #.# 6(.# 1$.# 6. )ost16(.121.1$6.2"(.tedata. .% 1 #." ".1 #." !.# .9 !. )ost16(.121.1$#.61.tedata.n .% 1 ". ".! #.6 1(." 2.$ $. *al6teleco&eg+*t1eg.*al. .% 1 !2.( 66.# "#." 1.! 1".# 9. as)1new11racc1.as).sea,one .% 1 1".( 1"#.2 1".( 1!".9 !.$ 1. ntt1as)1.as).sea,one.net #.% 1 1"(.! 1"2.! 1#6.! 1"#." (.
11. as(.r2.sn-sca#.s.,,.gin. .% 1 1"(.! 1$2.! 1#6.1 219. (6.$ 12. as(.r2.sn-sca#.s.,,.gin. 1.% 1 21".9 2"".( 21#.( (!. "#.# 1(. ge((.r(.sn-sca#.s.ce.gi 1.% 1 216.9 2"(." 216.2 #2. 6(.! 1#. ,order2.te$1,,net2.s'o2. 1.% 1 216.9 21$.! 21".$ 2(.! ". 1". ,order2.te$1,,net2.s'o2. ".% 1 21".2 21".6 21#.9 216.9 .$ 16. /// 1. 1 . . . . .
-ro$le% is $etween hops F and /
-
8/9/2019 Afnog Bmo Presentation
15/83
Who Controls the Bro(en )in(
ver+ lin. is $etween two hops )a+ $e a$le to identif+ the% fro% reverse DN*, or
loo.in" at +o#r networ. %ap
3oth ends are responsi$le for the lin.
Us#all+ (annot tell whi(h end has the pro$le%e4(ept $+ swappin" it o#t
Who (ontrols the nearest end/
o#/ 6investi"ate the traffi( on the lin.8
o#r '*-/ 6(all +o#r '*-8
&heir (arrier/ 6(all +o#r '*-, and pra+8
-
8/9/2019 Afnog Bmo Presentation
16/83
Next
✔
What is $andwidth %ana"e%ent✔ When to %ana"e $andwidth
✔ &ro#$leshootin" an 'nternet (onne(tion
➢
Monitoring an Internet connection *ettin" poli(+
nfor(in" -oli(+: *o(ial %eas#res
nfor(in" -oli(+: &e(hni(al %eas#res *#%%ar+ and reso#r(es
-
8/9/2019 Afnog Bmo Presentation
17/83
Monitoring an Internet connection
What do we want to %onitor/ &he sa%e fa(tors that we want to #se for tro#$leshootin"
&he sa%e fa(tors that affe(t
-
8/9/2019 Afnog Bmo Presentation
18/83
-
8/9/2019 Afnog Bmo Presentation
19/83
-
8/9/2019 Afnog Bmo Presentation
20/83
+%alit, of er.ice Monitoring
Na"ios to %onitor we$sites, ro#ters and DN*servers 6lo(al and #pstrea%8 and send alerts
Ca(ti to %onitor total $andwidth #se on ea(hinterfa(e, C-U and %e%or+ #se on ro#ters and
swit(hes *%o.epin" to %onitor we$sites, laten(+ and pa(.et
loss on #pstrea% (onne(tions
Nf*en or p%Graph to %onitor traffi( flows on'nternet (onne(tions
-
8/9/2019 Afnog Bmo Presentation
21/83
Installing and Config%ring Nagios &/'
cd 0sr0*orts0www0a*ac)e22
sdo &ae install clean
sdo s) c ec)o a*ac)e223ena,le457S5 88 0etc0rc.con'
sdo 0sr0local0etc0rc.d0a*ac)e22 start
cd 0sr0*orts0net&g&t0nagios
sdo &ae install clean sdo s) c ec)o nagios3ena,le457S5 88 0etc0rc.con'
cd 0sr0*orts0net&g&t0nagios*lgins
sdo &ae install clean
cd 0sr0local0etc0nagios
sdo c* nagios.c'gsa&*le nagios.c'g
sdo c* cgi.c'gsa&*le cgi.c'g
sdo c* resorce.c'gsa&*le resorce.c'g
-
8/9/2019 Afnog Bmo Presentation
22/83
Config%ring Nagios &0'
dit nagios.cfg and (o%%ent o#t this line: c'g3'ile40sr0local0etc0nagios0o,-ects0local)ost.c'g
cd o,-ects
sdo c* co&&ands.c'gsa&*le co&&ands.c'g
sdo c* contacts.c'gsa&*le contacts.c'g dit contacts.cfg and (han"e nagioslocal)ost to
+o#r e%ail address sdo c* ti&e*eriods.c'gsa&*le ti&e*eriods.c'g
sdo c* te&*lates.c'gsa&*le te&*lates.c'g
-
8/9/2019 Afnog Bmo Presentation
23/83
Config%ring Nagios &1'
Create /usr/local/etc/apache22/Includes/nagios.conf with the followin" (ontents: Director+ 0sr0local0www0nagios8
Order den+;allow Allow 'ro& all At)
-
8/9/2019 Afnog Bmo Presentation
24/83
Monitoring Ro%ters with Nagios
dit templates.cfg and add these lines at the end: de'ine )ost E )ost3na&e roterlocal se generic)ost address ,r1.&tg.a'nog.org &a@3c)ec3atte&*ts "F
de'ine )ost E )ost3na&e rotersi&,anet se generic)ost address #1.1$$.16".#9 &a@3c)ec3atte&*ts "Fde'ine )ostgro* E )ostgro*3na&e roters
&e&,ers roterlocal; rotersi&,anetFde'ine service E service3descri*tion *ing se genericservice )ostgro* roters c)ec3co&&and c)ec3*ingG(;1%G1;#%
F
-
8/9/2019 Afnog Bmo Presentation
25/83
Monitoring N er.ers with Nagios
de'ine )ostgro* E )ostgro*3na&e dnsservers
Fde'ine )ost E na&e dnsserver &a@3c)ec3atte&*ts " )ostgro*s dnsservers register Fde'ine )ost E )ost3na&e noc
se dnsserver address 196.2.22(.1Fde'ine )ost E )ost3na&e google se dnsserver address $.$.$.$Fde'ine co&&and E
co&&and3na&e c)ec3dns co&&and3line =S7I10c)ec3dns H www.+a)oo.co& s HOSTADDI7SSFde'ine service E service3descri*tion dns se genericservice )ostgro* dnsservers c)ec3co&&and c)ec3dnsF
-
8/9/2019 Afnog Bmo Presentation
26/83
-
8/9/2019 Afnog Bmo Presentation
27/83
Installing mo(eping &/'
'nstall *%o.epin"Hs dependen(ies 6saves ti%e8: sdo 7 *g3add r *erl rrdtool '*ingec)o*ing *"CSession *"CS*eed+C*"DigestHJA *"S
-
8/9/2019 Afnog Bmo Presentation
28/83
Installing mo(eping &0'
dit /usr/local/etc/smokeping/config and (han"e: send&ail 4 /usr/s"#n/sendma#l
ste* 4 $0
re%ove the Slaves se(tion and slaves I lines
re%ove fro% J &est to end of file
-
8/9/2019 Afnog Bmo Presentation
29/83
Installing mo(eping &1'
Create /usr/local/etc/apache22/Includes/smokeping.conf with the followin" (ontents:
Alias 0s&oe*ing 0sr0local0s&oe*ing0)tdocsLocation 0s&oe*ing8 Director+Cnde@ s&oe*ing.cgi AddHandler cgiscri*t .cgi0Location8Director+ 0sr0local0s&oe*ing0)tdocs8 Allow 'ro& all0Director+8
&ell Apa(he to reload its (onfi"#ration: sdo 0sr0local0etc0rc.d0a*ac)e22 reload
-
8/9/2019 Afnog Bmo Presentation
30/83
Monitoring Ro%ters with mo(eping
dit /usr/local/etc/smokeping/config and append: ?cell
*ro,e 4 >King
)ost 4 196.#6.2(2.11"
ga&tel *ro,e 4 >King
)ost 4 212.6.6#.9
ni?e
*ro,e 4 >King
)ost 4 212.6.6".11$
estart *%o.epin": sdo 0sr0local0etc0rc.d0s&oe*ing reload
i i
-
8/9/2019 Afnog Bmo Presentation
31/83
Monitoring N er.ers
'n the -ro$es se(tion, add: D
-
8/9/2019 Afnog Bmo Presentation
32/83
Monitoring We# er.ers
'n the -ro$es se(tion, add: 7c)oKingHtt*,inar+ 4 0sr0local0,in0ec)o*ing
'n the &ar"ets se(tion, add:
google*ro,e 4 7c)oKingHtt*)ost 4 www.google.co&
+a)oo*ro,e 4 7c)oKingHtt*)ost 4 www.+a)oo.co&
sdo 0sr0local0etc0rc.d0s&oe*ing reload
R di ( i 2 h &/'
-
8/9/2019 Afnog Bmo Presentation
33/83
Reading mo(eping 2raphs &/'
R di ( i 2 h &/'
-
8/9/2019 Afnog Bmo Presentation
34/83
Reading mo(eping 2raphs &/'
Overall laten(+ a little hi"h for first hop ather hi"h itter
No pa(.et loss
R di g ( i g 2 h &0'
-
8/9/2019 Afnog Bmo Presentation
35/83
Reading mo(eping 2raphs &0'
Reading mo(eping 2raphs &0'
-
8/9/2019 Afnog Bmo Presentation
36/83
Reading mo(eping 2raphs &0'
*i"nifi(ant drop in laten(+ and pa(.et loss for ashort period
Con(l#sion: lin. is heavil+ loaded %ost of the ti%e
Installing Cacti on reeB &/'
-
8/9/2019 Afnog Bmo Presentation
37/83
Installing Cacti on reeB &/'
sdo 7 *g3add r &+s?l""server cacti
dit /etc/rc.conf and add the followin" line: &+s?l3ena,le457S5
sdo 0sr0local0etc0rc.d0&+s?lserver start
ec)o 5IA
-
8/9/2019 Afnog Bmo Presentation
38/83
iagnosing B%s, Connections
-
8/9/2019 Afnog Bmo Presentation
39/83
iagnosing B%s, Connections
>eavil+ loaded lin. (o#ld $e d#e to:
in$o#nd traffi(
downloads, $ittorrent, atta(.s, in(o%in" spa%
o#t$o#nd traffi(
#ploads, $ittorrent, vir#s or wor%9infe(ted -Cs, o#t"oin"spa%
$oth at the sa%e ti%e
&otal vol#%e of traffi( is not helpf#l
Need to identif+ the so#r(e of the traffi(
'dentif+in" the destination %a+ not help
-
8/9/2019 Afnog Bmo Presentation
40/83
2oing with the low
-
8/9/2019 Afnog Bmo Presentation
41/83
2oing with the low
Blows are #sef#l tools for traffi( %onitorin"
'dentif+ who is tal.in" to who, and often the proto(ol ort+pe of traffi(
)#(h less ver$ose and easier to #nderstand than pa(.ets
A flow is 6#s#all+8 a #ni
-
8/9/2019 Afnog Bmo Presentation
42/83
What do lows )oo( )i(e
Ena#ling Netflow on Cisco &/'
-
8/9/2019 Afnog Bmo Presentation
43/83
Ena#ling Netflow on Cisco &/'
o# sho#ld ena$le Netflow on all a(tive interfa(es rtrtedata8 s%ow #nter&ace summar'
Cnter'ace CHP CPD OHP OPD IQBS IQKS TQBS TQKS TITL >ast7t)ernet0 M >ast7t)ernet01 1 16$# (69 19## (1" M Serial00 9"! 1#$ !( 16" M Serial001 1(2# 1$2 122( 21
M Serial020 #69 11 $$! 1# rtrtedataR con& t
rtrtedatacon'igR #nter&ace (astEt%ernet0/1rtrtedatacon'igi'R #p route-cac%e &low rtrtedatacon'igi'R ex#trtrtedatacon'igR #nter&ace )er#al0/0/0rtrtedatacon'igi'R #p route-cac%e &lowrtrtedatacon'igi'R ex#t
rtrtedataR s%ow #p &low top-talkersSrcC' SrcCKaddress DstC' DstCKaddress Kr SrcK DstK B+tesSe00 21(.1(6.96.1# >a01M 196.2.216.!! 11 #AA #A# 1"(9USe00 2#.1!.1!.1$ >a01M 196.2.216.12" 6 A67 12A 1"22USe00 1$$.2#.".1!! >a01M 196.2.216.12" 6 7$!A 12A 1#((USe020 2!.1#$.1!$.122 >a01M 196.2.216.12" 6 B79 12A $(#USe001 19".226.22!.1 >a01M 196.2.216.12" 6 77A( 12A 6#!U
Ena#ling Netflow on Cisco &0'
-
8/9/2019 Afnog Bmo Presentation
44/83
Ena#ling Netflow on Cisco &0'
&r+ #st the e4ternal interfa(es: rtrtedata8 s%ow #nter&ace summar'
Cnter'ace CHP CPD OHP OPD IQBS IQKS TQBS TQKS TITL
M >ast7t)ernet0 2# 11(6 162 "$" ""6 (
>ast7t)ernet0.!2
M >ast7t)ernet0.!1 M >ast7t)ernet0.!2
M >ast7t)ernet0.!(
rtrtedata8 ena"le
rtrtedataR con& t
rtrtedatacon'igR #nter&ace (astEt%ernet0/0.*01 rtrtedatacon'igi'R #p &low #ngress
rtrtedatacon'igi'R #p &low egress
rtrtedatacon'igi'R #nter&ace (astEt%ernet0/0.*0+
rtrtedatacon'igi'R #p &low #ngress
rtrtedatacon'igi'R #p &low egress
Installing nfen on reeB
-
8/9/2019 Afnog Bmo Presentation
45/83
Installing nfen on reeB
sdo 7 *g3add r rrdtool *)*"
cd 0sr0*orts0net&g&t0n'sen
sdo 7 &ae install clean
na$le the I7ADKAK option
dit et(r(!(onf and add the followin" line: nfsenena$leI*
*tart nfsen:
s#do #srlo(alet(r(!dnfsen start
Installing pmacct on reeB &/'
-
8/9/2019 Afnog Bmo Presentation
46/83
Installing pmacct on reeB &/'
'nstall pmacct fro% ports:
cd /usr/ports/net-mgmt/pmacct
sudo make install clean
na$le )+*ML s#pport
Add the followin" line to /etc/rc.conf : mysql_enable="YES"
*tart the )+*ML server:
sudo /usr/local/etc/rc.d/mysql-server start
Config%ring pmacct for Netflow
-
8/9/2019 Afnog Bmo Presentation
47/83
Config%ring pmacct for Netflow
Create /usr/local/etc/pmacctd.conf with thefollowin" (ontents:
dae&oniVe: 'alsede,g: tre*id'ile: 0var0rn0n'acctd.*idG log'ile: 0var0log0n'acctd.logG s+slog: dae&on
n'acctd3*ort: #96*lgins: &+s?laggregate: src3)ost; src3*ort; dst3)ost; dst3*ort; *rotos?l3d,: *&accts?l3ta,le: acct3v$s?l3)istor+: 1&s?l3)istor+3rondo'': &
s?l3ta,le3version: $s?l3)ost: 12!...1s?l3ser: *&accts?l3*asswd: QQQQQQQQQs?l3re'res)3ti&e: 6s?l3dont3tr+3*date: tres?l3o*ti&iVe3clases: tres?l3*re*rocess: &in, 4 1
Installing pmacct on reeB &0'
-
8/9/2019 Afnog Bmo Presentation
48/83
Installing pmacct on reeB &0'
Create the )+*ML data$ase for p%a((t:
mysqladmin -u root -p create pmacct
&he password %i"ht $e afnog
mysql -u root -p pmacct <
/usr/local/sare/pmacct/pmacct-create-db_v!.mysql mysql -u root -p pmacct
grant all on pmacct. to pmacct#localost identi$ied by%somepass&ord'
alter table acct_v! drop primary key( add inde)*stamp_inserted+,
R%nning nfacct for Netflow logging
-
8/9/2019 Afnog Bmo Presentation
49/83
g gg g
*tart nfacctd r#nnin" in de$#" %ode:
sudo /usr/local/sbin/n$acctd -$ /usr/local/etc/pmacctd.con$ -d
Loo. for ERROR lines in the o#tp#t
Exporting Netflow ata from Cisco
-
8/9/2019 Afnog Bmo Presentation
50/83
p g
'f +o#r (olle(tor7s '- address is 1!2!E!?:
ss cisco
enable
con$ t
ip $lo&-cace timeout active
ip $lo&-cace timeout inactive
ip $lo&-e)port version 0
ip $lo&-e)port destination ... 12 e)it
&rite
3lternati.e4 Monitoring Box
-
8/9/2019 Afnog Bmo Presentation
51/83
g
Need a Uni4 $o4 that (an sniff the traffi(:
Atta(hed to a %onitorin" port of a %ana"ed swit(h
Atta(hed to a d#%$ h#$
o#tin" traffi( $etween s#$nets
3rid"in" two LANs
Options:
Use an e4istin" Uni4 ro#ter or pro4+
Create a new transparent $rid"e Add a ro#ter o#tside of LAN 6e!"! WAN side8
e(onfi"#re entire LAN
Transparent Bridging with reeB &/'
-
8/9/2019 Afnog Bmo Presentation
52/83
p g g & '
Need a -C with at least two LANLAN interfa(es
Add the followin" lines to /etc/rc.conf :
cloned_inter$aces="bridge"
i$con$ig_bridge="addm em addm em up inet '-"
i$con$ig_em="up"
i$con$ig_em="up"
estart networ.in":
sudo /etc/rc.d/neti$ restart
'nsert $rid"e in front of (lient -C6s8
&est that (lients (an still a((ess the 'nternet;
Config%ring pmacct for niffing
-
8/9/2019 Afnog Bmo Presentation
53/83
g g p g
)odif+ /usr/local/etc/pmacctd.conf as follows
6(han"es hi"hli"hted8: dae&oniVe: 'alse
de,g: tre*id'ile: 0var0rn0 pmacctd.*idG log'ile: 0var0log0 pmacctd.logG s+slog: dae&on
, n'acctd3*ort: #96*lgins: &+s?laggregate: src3)ost; src3*ort; dst3)ost; dst3*ort; *rotos?l3d,: *&accts?l3ta,le: acct3v$s?l3)istor+: 1&s?l3)istor+3rondo'': &s?l3ta,le3version: $s?l3)ost: 12!...1s?l3ser: *&accts?l3*asswd: QQQQQQQQQs?l3re'res)3ti&e: 6s?l3dont3tr+3*date: tres?l3o*ti&iVe3clases: tres?l3*re*rocess: &in, 4 1
R%nning pmacctd for niffing
-
8/9/2019 Afnog Bmo Presentation
54/83
*tart nfacctd r#nnin" in de$#" %ode:
sudo /usr/local/sbin/n$acctd -$ /usr/local/etc/pmacctd.con$ -d
Loo. for ERROR lines in the o#tp#t
Chec(ing the data#ase contents
-
8/9/2019 Afnog Bmo Presentation
55/83
Lo" into the )+*ML data$ase:
mysql pmacct -u root -p
%+s
-
8/9/2019 Afnog Bmo Presentation
56/83
'nstall &o%(at fro% ports:
cd /usr/ports/&&&/tomcat
sudo make install clean
o# %a+ need to follow the instr#(tions to
download the P0 )3 dia$lo9(affe port of =ava Add the followin" lines to /etc/rc.conf :
tomcat_enable=YES
tomcat_4ava_opts='-34ava.a&t.eadless=true' *tart &o%(at now 6for the first ti%e8:
/usr/local/etc/rc.d/tomcat start
Installing pm2raph
-
8/9/2019 Afnog Bmo Presentation
57/83
o# (an read %ore a$o#t p%Graph at
http:p%"raph!so#r(efor"e!net
Download the latest pmgraph.war file fro%:
http:so#r(efor"e!netproe(tsp%"raphfilesp%"raph
&here sho#ld alread+ $e a (op+ in /usr/ports/distfiles on+o#r %a(hine
'nstall it into &o%(atHs we$apps dire(tor+:
cd /usr/local/apace-tomcat./&ebapps
sudo mkdir pmgrap
cd pmgrap
sudo 4ar )$ /usr/ports/dist$iles/pmgrap.&ar
Config%ring pm2raph
http://pmgraph.sourceforge.net/http://sourceforge.net/projects/pmgraph/files/pmgraph/http://sourceforge.net/projects/pmgraph/files/pmgraph/http://pmgraph.sourceforge.net/
-
8/9/2019 Afnog Bmo Presentation
58/83
cd /usr/local/apac%e-
tomcat$.0/we"apps/pmgrap%/E-(/classes sudo !# data"ase.propert#es
Data,ase=IL 4 -d,c:&+s?l:00local%ost/pmacct
Data,aseKass 4
LocalS,net 4 12$.+00.+12.
sudo /usr/local/etc/rc.d/tomcat$ restart
Testing pm2raph
-
8/9/2019 Afnog Bmo Presentation
59/83
&r+: 'etc) )tt*:00196.2.21$.20,ig'ile
Open http:lo(alhost:10p%"raph:
Next
-
8/9/2019 Afnog Bmo Presentation
60/83
✔ What is $andwidth %ana"e%ent
✔ When to %ana"e $andwidth
✔ &ro#$leshootin" an 'nternet (onne(tion
✔ )onitorin" an 'nternet (onne(tion
➢ Setting policy
nfor(in" -oli(+
*o(ial %eas#res
&e(hni(al %eas#res
*#%%ar+ and reso#r(es
What Next?
-
8/9/2019 Afnog Bmo Presentation
61/83
'nternet (onne(tion is so%eti%es f#ll
What (an $e done a$o#t it/
3lo(. traffi( that no$od+ wants 6vir#ses, spa%8
ffi(ien(+ savin"s 6perhaps 109Q0@8
Chan"in" #ser $ehavio#r
Chan"in" $ehavio#r re
-
8/9/2019 Afnog Bmo Presentation
62/83
O#t$o#nd wor% traffi( is the %ost li.el+ (andidate
'dentif+ infe(ted %a(hines 6#sin" %onitorin" tools8
Clean the% and install antivir#s software
Keep antivir#s #p to date
3lo(. ports #sed $+ wor%s *et alar%s to dete(t infe(ted %a(hines in f#t#re
'n(o%in" spa% %a+ waste so%e (apa(it+
)onitorin" will tell +o# how %#(h traffi( is e%ail Good lo(al spa% filterin" (an help, $#t is diffi(#lt;
e%ote e%ail filterin" servi(es (an help 6e!"! 3arra(#da,L3*D8
Efficienc, a.ings
-
8/9/2019 Afnog Bmo Presentation
63/83
#n a lo(al DN* (a(he
#n a lo(al we$ (a(he
'dentif+ (o%%onl+ downloaded files as (andidatesfor lo(al %irrorin"
Che(. for inter9site traffi( d#e to A(tive Dire(tor+and -Ns
Don7t e4pe(t too %#(h i%prove%ent here
What is a "olic,
-
8/9/2019 Afnog Bmo Presentation
64/83
#les on what a networ. 6or 'nternet (onne(tion8
(an or (an7t $e #sed for Also .nown as an A((epta$le Use -oli(+ 6AU-8
ver+ "ood networ. has so%e .ind of A((epta$le
Use -oli(+ Users of a shared (onne(tion are entitled to a"ree on
r#les for sharin" it
#les i%posed fro% a$ove are #s#all+ #npop#lar
>ow (an we set poli(+ fairl+/
Wh, et a "olic,
-
8/9/2019 Afnog Bmo Presentation
65/83
Networ. a$#se is a so(ial pro$le%
*o(ial pro$le%s re
-
8/9/2019 Afnog Bmo Presentation
66/83
&he $est A((epta$le Use -oli(ies wo#ld $e:
3ased on eviden(e
*et $+ (onsens#s
Known $+ all
)onitored nfor(ed
eviewed re"#larl+
Collecting E.idence
-
8/9/2019 Afnog Bmo Presentation
67/83
*how effe(ts of hi"h networ. traffi( on essential
appli(ations 6e!"! $+ (orrelation or %eas#re%ent8 *how how %#(h networ. traffi( is #sed for different
p#rposes 6witho#t pre#d"in"8
*how how %#(h networ. traffi( is #sed $+ the top#sers and depart%ents 6witho#t na%in" the%8
*how the (a#ses of hi"h networ. traffi(6appli(ations, wor.in" pra(ti(es, visi$ilit+8
*how how %#(h (o#ld $e saved $+ effi(ien(+%eas#res 6e!"! (a(hes8
"roposing a "olic,
-
8/9/2019 Afnog Bmo Presentation
68/83
Consider whether (ertain appli(ations have a "ood
(ase for wor. #se Who sa+s -2-, $anner adverts or *.+pe are not $#siness
f#n(tions/
Consider (har"in" for #sa"e 6$+ vol#%e or rate8 Consider
-
8/9/2019 Afnog Bmo Presentation
69/83
'nvolve all sta.eholders 6worth the effort8
-resent the eviden(e, and (reate spa(e for dis(#ssion
4plore all possi$le so(ial and te(hni(al sol#tions
ns#re that all views are ta.en into a((o#nt
&r+ to a((o%%odate dissent, e!"! allow personal #se o#tof ho#rs or within defined li%its
&r+ to avoid desi"n $+ (o%%ittee $loat
)a.e a (ase for si%pli(it+ Don7t $e afraid to leave open to interpretation, e!"!
a(ade%i( #se or $#siness #se
Consens%s ail%re
-
8/9/2019 Afnog Bmo Presentation
70/83
'f (onsens#s (annot $e rea(hed:
Bind o#t wh+ it7s $ein" $lo(.ed
Che(. that all views were ta.en into a((o#nt
)a.e another proposal
Consider dela+in" i%ple%entation &r+ a different de(ision %e(hanis%
Consider i%posin" a te%porar+ poli(+ 6with a ti%eli%it8
"%#lishing "olic,
-
8/9/2019 Afnog Bmo Presentation
71/83
'%portant that all #sers .nows the poli(+
Users won7t follow #nwritten r#les
-ost in the #s#al pla(es 6(o%p#ter roo%s, letters tonew %e%$ers and #sers8
'f possi$le, (olle(t si"nat#res $efore allowin" a((ess6iss#in" #ser identifiers8
-#$lish the (o%plete poli(+
even if so%e of it onl+ applies to so%e #sers %ore reason to .eep it short and si%ple;
Re.iewing "olic,
-
8/9/2019 Afnog Bmo Presentation
72/83
De(ide and p#$lish the review date in the poli(+
Users are %ore li.el+ to a((ept a te%porar+restri(tion than a per%anent one
Users are %ore li.el+ to a"ree if the+ feel that:
&he+ are $ein" listened to &heir views have an infl#en(e on the poli(+
*oli(it (o%%ents in the poli(+ do(#%ent itself
Lo" (o%%ents for review ti%e >elp people to (o%%ent anon+%o#sl+
Next
-
8/9/2019 Afnog Bmo Presentation
73/83
✔ What is $andwidth %ana"e%ent
✔ When to %ana"e $andwidth
✔ &ro#$leshootin" an 'nternet (onne(tion
✔ )onitorin" an 'nternet (onne(tion
✔ *ettin" poli(+
➢ Enforcing Policy
*o(ial %eas#res
&e(hni(al %eas#res
*#%%ar+ and reso#r(es
Monitoring Compliance
-
8/9/2019 Afnog Bmo Presentation
74/83
as+ to set poli(+ and never %onitor (o%plian(e
*o%eti%es onl+ (he(.ed when a $rea(h is s#spe(ted
Data %a+ no lon"er $e availa$le
Users will lose respe(t for poli(+ over ti%e
3etter to at least (olle(t (o%plian(e data(ontin#o#sl+
Good idea to delete data after so%e ti%e
Good idea to infor% #sers 6priva(+ poli(+8
3cco%nta#ilit,
-
8/9/2019 Afnog Bmo Presentation
75/83
)onitorin" often "ives a list of '- addresses
>ow to (onne(t the% to #sers/
NA& pro$le%
'- address spoofin"
)AC address spoofin" *wit(h port se(#rit+
*hared (o%p#ters 6e!"! la$s8
Wireless (lients 02!14 a#thenti(ation solves %an+ pro$le%s
-ro4+ a#thenti(ation (an $e a partial sol#tion
Next
-
8/9/2019 Afnog Bmo Presentation
76/83
✔ What is $andwidth %ana"e%ent
✔ When to %ana"e $andwidth
✔ &ro#$leshootin" an 'nternet (onne(tion
✔ )onitorin" an 'nternet (onne(tion
✔ *ettin" poli(+
➢ nfor(in" -oli(+
Social measures
&e(hni(al %eas#res
*#%%ar+ and reso#r(es
ocial Meas%res
-
8/9/2019 Afnog Bmo Presentation
77/83
Networ. a$#se is a so(ial pro$le%, not te(hni(al
'n %ost (ases, so(ial sol#tions wor. $etter:
Users %a+ not $e aware of their $andwidth #se
Consider ed#(atin" #sers on $andwidth #se and tools
Li.el+ to $e few networ. a$#sers 6a$o#t Q@8 Li.el+ to $e the %ost te(hni(all+ s.illed
Dis(#ss the pro$le% with the% first, in private
Consider p#$lishin" a list of the heaviest #sers Consider dis(iplinar+ a(tion, revo.in" privile"es
'f ne(essar+, te(hni(al options are availa$le
Next
-
8/9/2019 Afnog Bmo Presentation
78/83
✔ What is $andwidth %ana"e%ent
✔ When to %ana"e $andwidth
✔ &ro#$leshootin" an 'nternet (onne(tion
✔ )onitorin" an 'nternet (onne(tion
✔ *ettin" poli(+
➢ nfor(in" -oli(+
✔ *o(ial %eas#res
Technical measures
*#%%ar+ and reso#r(es
Technical Meas%res
-
8/9/2019 Afnog Bmo Presentation
79/83
&raffi( prioritisation 6t(, d#%%+net, alt
-
8/9/2019 Afnog Bmo Presentation
80/83
Need to ena$le pa(.et filterin" on the $rid"e
dit /etc/rc.conf and add these lines:
$ire&all_enable="YES"
$ire&all_type="open"
*tart the firewall: sudo bas /etc/rc.$ire&all
na$le firewall for $rid"ed pa(.ets:
dit /etc/s"sctl.conf and add the followin" line: net.link.bridge.ip$&=
sudo /etc/rc.d/sysctl restart
Traffic "rioritisation &/'
-
8/9/2019 Afnog Bmo Presentation
81/83
On the (lient: *ing #.2.2.2
'etc) )tt*:00196.2.21$.20,ig'ile
On the $andwidth %ana"e%ent $o4:
sdo ldload i*'w d&&+net sdo i*'w add *i*e 1 i* 'ro& an+ to196.2.21$.02#
sdo i*'w add *i*e 2 i* 'ro&
196.2.21$.02# to an+
Traffic "rioritisation &0'
d i ' 1 'i i 1 i )t 1
-
8/9/2019 Afnog Bmo Presentation
82/83
sdo i*'w ?ee 1 con'ig *i*e 1 weig)t 1
sdo i*'w ?ee 2 con'ig *i*e 1 weig)t " sdo i*'w ?ee ( con'ig *i*e 2 weig)t 1
sdo i*'w ?ee # con'ig *i*e 2 weig)t "
sdo i*'w 'ls)
sdo i*'w add ?ee 1 ic&* 'ro& an+ to196.2.21$.02#
sdo i*'w add ?ee 2 i* 'ro& an+ to196.2.21$.02#
sdo i*'w add ?ee ( ic&* 'ro& 196.2.21$.02# toan+
sdo i*'w add ?ee # i* 'ro& 196.2.21$.02# toan+
6ard 7%otas
d $ i f l;
-
8/9/2019 Afnog Bmo Presentation
83/83
p%a((t data$ase (o%es in ver+ #sef#l; ec)o S7L7T i*3dst; s&,+tes AS ,+tes>IOJ acct3v6WH7I7 i*3dst LCU7 5196.2.21$.%5A