Cloud-Aware Network Management

Alex Henthorn-IwaneVP MarketingKentik Technologiesalex@kentik.com

The Cloud is a Digital Supply Chain

• SaaS,PaaS,IaaS aremajorsuppliersforyourusers

• Enterprisesareofferingmorecloud-basedservices• Mobileapps• E-commerce

• WhichfunctionanddependonWebAPIs• Maps,Search,Ads,etc.

• TheInternetistheglobalfreightroutingsystem• Mustbehighperforming

Cloud-Aware Net Mgmt: Strategic Considerations

• Assuresdeliveryofperformanceanduserexperience• DealswithrealityofInternetsecurity

• ParticularlyDDoSbecauseitisasmuchanoperationalavailabilityissueasasecuritychallenge

• Leveragesredundancyviamulti-homingandCDNinfrastructure

Cloud-Aware Net Mgmt: Tactics

• Collectdetailedtrafficflowinformation

• Instrumentkeynexusserverswithperformancemetricscollection

• Utilizeadvancedanalytics• Deploysynthetictestingto

understandavailability• Limitedrelianceontraditional

deeppacketcapturetechniques,whicharecumbersomeforcloudnetworking

Elements of Cloud Network Management

• NetFlow,sFlow,IPFIXtrafficflowdataexport• Sampledflowsarefine

• PassiveBGPpeering• Cost-effectiveserver-side

networkinstrumentation• Granular,tune-ablealertsfor

anomalies&attacks• Deepanalyticalvisibility• Automatedremediation

Monitoring Considerations

• Globalvisibility• Top-downvisibility• Fulldetailsfordrill-downs

• Morethanjustsummaries

• Notsiloed• Integratewithothertools,

dashboards,etc.• Data/viewseasilysharedwithmany

functionalteams

• Supportsfullyhybridenvironments

Alerting Considerations

• Network-wide• Scalablewithdetail• Host-levelcapable• Dynamicanomalydetection

(self-learningwhatisnormalbehavior)

• Flexibleintegrationwithyourchoiceofnotificationaswellasautomatedremediation• E.g.DDoSscrubbers,load

balancers,networkorchestration• Alerting&detectionneedstobe

complementedbydeepanalytics

Reality of Network Big Data

• Networkdataisbigdata• Commonplacetogeneratehundreds

ofmillionsofdatarecordsperday• Traditionalapproachesverylimited

• Onlyproducedroll-upsummaries• Okayfortop-levelviews• Useless forrealaction

• Compute/storagescalemeansbigdataanalyticsarenowrelevant

• RecentannouncementbyCiscoonTetrationAnalyticsismajorsignal

• KeyistogopastBIandhaveoperationalspeed

Big Data Challenges for Network Analytics

• Ingestspeed• Latencytoquery• Timetoqueryresponse

• Pre-computedcubes• Onthefly

Advanced (Big Data) Network Analytics

• Needtoenableengineerstoleveragetheirtechnicalandinstitutionalknowledgeeffectively

• Ad-hocqueriesacrossmassivedatasetsinatimelymanner

• Multi-dimensionalanalytics• Combineandvisualizemultiplefields• Likeamassivepivottable

• Complementedbyautomatedanalysesthatrevealcomplexrelationships• Practicallyspeaking,turninginsightful

ad-hocqueries intodashboards

Cloud-Based Analytics

• SaaSnetworkmanagementisnowbecomingmorecommon• Bigdataapproaches:DIYorSaaS• Veryeasytoadopt,fasttimetovalue,butnotfeasibleforall

ACaseStudy:AdvancedAnalyticsofaDDoSAttack

Starting from Top-Level View

• SeeminglyNormalVariationsoverSeveralDays….?

Geo-Based Analytics

• LookingatonlySRC=CN(China)

A Closer Look

• ZoomingintimerangeonSecondSpike

Checking Another Dimension

• NumberofUniqueSourceIPAddresses

Where is the Traffic Going?

• Flipto:DestinationAddresses

Pulling Back to Gauge the Situation

• LookingatallinboundtraffictothetargetvictimDest IP

Narrowing in on the Actual Attack

• Attackdetailsbyprotocol

The Finding: Multi-Layer Attack

• Multiplesimultaneousvectorsathand

The Mitigation Plan

• FindingtheNecessaryDetailsforSettingFilterPolicies

Case Example: Summary

- UnusualtrafficpatternsfromsuspectGeo- TurnedouttobeDNSAmplificationtargetingaspecificdest IP- Butmainattackwashidingotherattacks/exploits- Dataharvestedformitigation

- Timerequiredtocompletethisanalysis:3minutes!

Closing Thoughts

• Cloudisn’tjustanexternalresource,it’sawayofbusiness

• Internettrafficshouldbemoretopofmind

• Summarylevelviewsareinsufficientandbehindthecurve

• BigdataanalyticsandSaaSnetworkmanagementtoolsarenow

WE HAVE MET THE CLOUD AND

HE IS US

www.kentik.com

ThankYou!