In order to master and understand the data flows of his IP network, this client wanted to have an IP telemetry system open, flexible and easy to integrate into their product and business logic. Pragma Analytics Software Suite (PASS) was used to collect Netflow, IPFIX, and sFlow tickets, as well as to collect routers’ system statistics and information. The main use cases are:
- Dashboards for engineering and network planning teams,
- Traffic reports for teams in charge of BGP peering,
- Dashboards for security teams,
- Identification of DoS DDoS attacks,
- Intrusion identification,
- Post mortem analysis, Forensic investigation on all flows stored on the PASS system.
Control and understand your peering and your network engineering
Based on this information, it is possible to do analyzes your traffic per ORIGIN ASN AS_PATH, BGP community, BGP Next-Hop … All these statistics are valuable tools for optimizing Internet connection costs and to optimize its network architecture. This information can also help in diagnosing when changing routing of the Internet and understand potential traffic flip-flops.
Post mortem analysis and security
In this example, we can analyze a DDoS attack. This is a TCP SYN flood from the USA to a client server. It is thus possible to place this type of request in a security dashboard and to be able to investigate in real time when a problem of performance or availability occurs without explanation.
We see, on this graph, packets with a TCP flag, all going to the same destination and having the source of the traffic grouped by country. We can see an attack of almost 8 million packets per second.