FlowMon
Encyclopedia
FlowMon probe is an appliance for monitoring and reporting information of IP flows in high-speed computer networks. The probe is being developed by Liberouter team within the scope of CESNET
research plan Optical National Research Network and its New Applications, research activity 602 - Programmable hardware.
FlowMon probe is build upon a pair of programmable network cards, called COMBO, and a host computer with Linux
operating system. The pair of COMBO cards consists of a main card with PCI, PCI-X
or PCI-Express connector for a connection to a motherboard of the host computer and of an add-on card with 2 or 4 network interfaces. Both cards contain programmable chips (FPGAs) which are able to process high amount of data at multi-gigabit speed. The flow monitoring process itself is split between the hardware (acceleration cards) and the application software running on the host computer. Following the principle of hardware/software codesign, all time-critical tasks are implemented in FPGA chips on acceleration cards while more complex operations are carried out by the application software. This concept enables monitoring of modern high-speed (1 Gbps, 10 Gbps) networks
with no packet loss and with no necessity of input sampling. At the same time, a flexible and user-friendly interface is provided by software.
FlowMon probe is a passive monitoring device, i.e. it does not alter passing traffic in any way. Therefore, its detection is hardly possible. When connected to a network, FlowMon probe observes all passing traffic/packets, extracts and aggregates information of IP flows into flow records. FlowMon probe is able to export aggregated data to external collectors in NetFlow
(version 5 and 9) and IPFIX format. Collectors collect incoming flow records and store them for automated or manual and visual analysis (automated malicious traffic detection, filter rules, graphs and statistical schemas). The whole system allows monitoring of actual state of monitored network as well as long-term traffic analysis.
CESNET
CESNET is Czech Republic's National Research and Education Network operator. It has been founded in 1996 by universities and the Academy of Sciences of the Czech Republic. Association is a successor of activity CESNET provided by Czech Technical University, started as FESNET in 1992.CESNET has...
research plan Optical National Research Network and its New Applications, research activity 602 - Programmable hardware.
FlowMon probe is build upon a pair of programmable network cards, called COMBO, and a host computer with Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
operating system. The pair of COMBO cards consists of a main card with PCI, PCI-X
PCI-X
PCI-X, short for PCI-eXtended, is a computer bus and expansion card standard that enhances the 32-bit PCI Local Bus for higher bandwidth demanded by servers. It is a double-wide version of PCI, running at up to four times the clock speed, but is otherwise similar in electrical implementation and...
or PCI-Express connector for a connection to a motherboard of the host computer and of an add-on card with 2 or 4 network interfaces. Both cards contain programmable chips (FPGAs) which are able to process high amount of data at multi-gigabit speed. The flow monitoring process itself is split between the hardware (acceleration cards) and the application software running on the host computer. Following the principle of hardware/software codesign, all time-critical tasks are implemented in FPGA chips on acceleration cards while more complex operations are carried out by the application software. This concept enables monitoring of modern high-speed (1 Gbps, 10 Gbps) networks
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
with no packet loss and with no necessity of input sampling. At the same time, a flexible and user-friendly interface is provided by software.
FlowMon probe is a passive monitoring device, i.e. it does not alter passing traffic in any way. Therefore, its detection is hardly possible. When connected to a network, FlowMon probe observes all passing traffic/packets, extracts and aggregates information of IP flows into flow records. FlowMon probe is able to export aggregated data to external collectors in NetFlow
Netflow
NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported by platforms other than Cisco IOS and NXOS such as Juniper routers, Enterasys Switches, vNetworking in version 5 of...
(version 5 and 9) and IPFIX format. Collectors collect incoming flow records and store them for automated or manual and visual analysis (automated malicious traffic detection, filter rules, graphs and statistical schemas). The whole system allows monitoring of actual state of monitored network as well as long-term traffic analysis.
External sources
- Flexible FlowMon technical report
- User and Test Report on NetFlow Probe (DJ2.2.2,2) from GÉANT2GÉANT2GÉANT2 is the seventh generation of pan-European research and education network, successor to the pan-European multi-gigabit research network GÉANT. The project within which the network is funded began officially on 1 September 2004, and is due to run for four years.The GÉANT2 network provides...
- Liberouter project web page
- CESNET web page