Literature Database Entry

hupfauf2013ipfix

Benedikt Hupfauf, "IPFIX Flow Filtering in Vermont," Master's Thesis, Institute of Computer Science, University of Innsbruck, September 2013. (Advisors: Felix Erlacher and Falko Dressler)

Abstract

The IPFIX protocol has become a standard for the exchange of network monitoring data – so called flows – which is crucial to many applications in computer networks, such as billing, traffic engineering, and for security. Especially in high-speed networks, monitoring produces an enormous amount of data, which is hard to process. To reduce the overhead, while maintaining rich and useful information, data is often preselected by the means of filtering and sampling, which most monitoring tools support very well on a packet level, but only rudimentary on a flow level. Our main objective is to address this deficiency, and implement flexible selection of IPFIX flows in the open source monitoring toolkit Vermont. We introduce the ipfixFilter module, which can filter arbitrary flow fields, and also supports sampling. In a number of experiments, we compare its performance (CPU load, memory, packet drops) to filtering at different stages (at packet capture, during aggregation, after aggregation). It is shown, that unlike packet filtering, flow filtering does not increase the performance significantly, because of limitations in the packet capturing process, and the aggregation overhead. To overcome this, we propose an optimization strategy, which tries to extract filter criteria from the flow level, and apply them already on a packet level. It is shown that, given the filter criteria can be extracted, the optimized version performs significantly better than before. We draw the conclusion, that filtering is more effective in early stages of the monitoring process, and should therefore be implemented in the process where packets are capturing.

Quick access

BibTeX BibTeX

Contact

Benedikt Hupfauf

BibTeX reference

@phdthesis{hupfauf2013ipfix,
    author = {Hupfauf, Benedikt},
    title = {{IPFIX Flow Filtering in Vermont}},
    advisor = {Erlacher, Felix and Dressler, Falko},
    institution = {Institute of Computer Science},
    location = {Innsbruck, Austria},
    month = {9},
    school = {University of Innsbruck},
    type = {Master's Thesis},
    year = {2013},
   }
   
   

Copyright notice

Links to final or draft versions of papers are presented here to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted or distributed for commercial purposes without the explicit permission of the copyright holder.

The following applies to all papers listed above that have IEEE copyrights: Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.

The following applies to all papers listed above that are in submission to IEEE conference/workshop proceedings or journals: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

The following applies to all papers listed above that have ACM copyrights: ACM COPYRIGHT NOTICE. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, to republish, to post on servers, or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Publications Dept., ACM, Inc., fax +1 (212) 869-0481, or permissions@acm.org.

The following applies to all SpringerLink papers listed above that have Springer Science+Business Media copyrights: The original publication is available at www.springerlink.com.

This page was automatically generated using BibDB and bib2web.